CVE-2025-15546

The CVE-2025-15546 entry concerns the Iptanus File Upload WordPress plugin (pre-5.1.7). A TOCTOU race condition between the file existence check and the actual write operation, when the duplicatepolicy is set to “maintain both,” allows an authenticated attacker to overwrite files uploaded by othe...

CVE-2026-39819

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

Schneider Electric PowerChute Serial Shutdown < 1.5 Multiple Vulnerabilities (SEVD-2026-104-01)

The version of Schneider Electric PowerChute Serial Shutdown installed on the remote host is prior to 1.5. It is, therefore, affected by multiple vulnerabilities, including: - An improper limitation of a pathname to a restricted directory vulnerability exists that could cause critical files to be...

CVE-2026-35488

CVE-2026-35488 affects Tandoor Recipes where RecipeBookViewSet and RecipeBookEntryViewSet exposed a flawed CustomIsShared permission: has_object_permission() returns True for all HTTP methods, letting shared (read-only) users delete or overwrite a RecipeBook. The root cause is the permission chec...

CVE-2019-25681

CVE-2019-25681 affects Xlight FTP Server 3.9.1. The issue is a structured exception handler (SEH) overwrite that allows a local attacker to crash the application and overwrite SEH pointers by sending a crafted buffer. Specifically, a 428-byte payload injected via the program execution field in th...

CVE-2026-30285

An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn Crypto v2.60.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

CVE-2026-31801 zot create-only policy allows overwrite attempts of existing latest tag (update permission not required)

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot’s dist-spec authorization middleware infers the required action for PUT /v2/name/manifests/reference as create by default, and only switches to update when the t...

CVE-2026-31801 zot create-only policy allows overwrite attempts of existing latest tag (update permission not required)

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot’s dist-spec authorization middleware infers the required action for PUT /v2/name/manifests/reference as create by default, and only switches to update when the t...

GHSA-GGXW-G3CP-MGF8 FUXA Unauthenticated Remote Arbitrary Device Tag Write

Summary Description An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10. Impact This affects all deployments, including those...

EUVD-2025-206818

An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information...

PT-2026-5157

docPrint Pro 8.0 contains a local buffer overflow vulnerability in the 'Add URL' input field that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload that triggers a structured exception handler SEH overwrite to execute shellcode and gain remo...

CVE-2023-49788

Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server richdocumentscode is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attac...

PT-2025-47808

Name of the Vulnerable Software and Affected Versions PJSIP versions prior to 2.16 Description PJSIP is a multimedia communication library. Versions before 2.16 may experience a memory overwrite issue when using the Opus audio codec in receiving direction. This occurs because Opus PLC may zero-fi...

EUVD-2013-1869

Malware in sbrugna...

EUVD-2008-3344

Malware in sbrugna...

EUVD-2018-9696

Malware in sbrugna...

EUVD-2020-25733

Malware in sbrugna...

EUVD-1999-1280

Malware in sbrugna...

EUVD-2016-9236

Malware in sbrugna...