9 matches found
EUVD-2026-37848
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.6. This is due to missing or incorrect nonce validation on the replacefile function. This makes it...
CVE-2026-11784
The CVE describes a Cross‑Site Request Forgery in the WordPress plugin Optimole – Optimize Images (
CVE-2026-34213
Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated user to overwrite another page's attachment within the same workspace by supplying a victim...
EUVD-2026-22756
Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated user to overwrite another page's attachment within the same workspace by supplying a victim...
CVE-2026-34213
Docmost (open-source wiki/docs) is affected from v0.3.0 up to v0.70.x. The vulnerability is an improper authorization flaw that allows a low-privileged authenticated user to overwrite another page’s attachment in the same workspace by supplying attachmentId to POST /api/files/upload. Impact is a ...
CVE-2026-34213 Docmost has cross-page attachment overwrite via flawed attachmentId overwrite validation
Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated user to overwrite another page's attachment within the same workspace by supplying a victim...
CVE-2026-34213
Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated user to overwrite another page's attachment within the same workspace by supplying a victim...
PT-2026-32931
Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated user to overwrite another page's attachment within the same workspace by supplying a victim...
CVE-1999-1263
CVE-1999-1263 affects Metamail prior to 2.7-7.2. A remote attacker can overwrite arbitrary files via an e-mail with a uuencoded attachment that specifies a full pathname, processed by Metamail scripts such as sun-audio-file. Root cause is the handling of uuencode in Metamail scripts, enabling arb...