PT-2026-41377

Name of the Vulnerable Software and Affected Versions Crypt::DSA versions prior to 1.20 Description Crypt::DSA for Perl uses a 2-args open function, which can allow existing files to be modified. Recommendations Update to a version later than 1.19...

uutils coreutils allows unauthorized modification of permissions on existing files

A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up...

CVE-2026-35341

The CVE-2026-35341 entry concerns uutils coreutils mkfifo. The vulnerability arises when mkfifo tries to create a FIFO but a file already exists at the target path; the operation for that path does not terminate and a follow-up set_permissions call executes, changing the existing file’s permissio...

CVE-2026-35341

A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up...

CVE-2026-35341 uutils coreutils mkfifo Unauthorized Permission Change on Existing Files

A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up...

SUSE SLES12 Security Update : python-requests (SUSE-SU-2026:1218-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1218-1 advisory. - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already...

EUVD-2026-9248

In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2026-24765

PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage method, which deserialize...

SUSE CVE-2024-39722

An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which it is deployed via path traversal in the api/push route...

PaperCut NG/MF 安全漏洞

PaperCut NG/MF is a print management system from PaperCut, Inc. A security vulnerability exists in PaperCut NG/MF that originates from incorrectly creating non-existing files, which can flood disk space and cause a denial of service...

Path Traversal

Whoogle Search is vulnerable to Path Traversal. The vulnerability is caused due to a lack of validation for the name variable in the config function within app/routes.py. This allows an attacker to perform a limited file write, overwriting existing files or creating new ones...

Arbitrary File Deletion

github.com/pterodactyl/wingso is vulnerable to Arbitrary File Deletion. A remote authenticated attacker is able to delete files and directories recursively on the host system via the vulnerable Delete function of filesystem.go. This vulnerability can further be exploited to overwrite existing fil...

CVE-2019-10773

In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set...

Arbitrary File Overwrite

github.com/containers/libpod is vulnerable to arbitrary file overwrite. The vulnerability exists as it does not properly perform symlink processing and wild-card characters parsing, allowing for overwriting of existing files when an undesired glob operation occurs...

CVE-2018-19046

keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name e.g., /tmp/keepalived.data or /tmp/keepalived.stats, with read access for the attacker and...

CVE-2018-12713

GIMP through 2.10.2 makes ggettmpdir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimpwriteandreadfile function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was...

JVN#88862608: Joyful Note vulnerability in handling files

Joyful Note from KENT-WEB is a bulletin board software that allows users to upload binary files such as image files. Joyful Note contains a vulnerability in handling files. Impact A remote attacker may create arbitrary files or delete existing files on the server. As a result, arbitrary code may ...