PT-2026-29298

An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

CVE-2026-30282

An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure...

CVE-2026-30282

CVE-2026-30282 concerns UXGROUP LLC’s Cast to TV Screen Mirroring v2.2.77, where an arbitrary file overwrite vulnerability via the file import process could overwrite critical internal files, potentially enabling arbitrary code execution or information exposure. According to the connected records...

PEAKSEL Animal Sounds and Ringtones 安全漏洞

PEAKSEL Animal Sounds and Ringtones is a mobile application developed by the Serbian company PEAKSEL. It offers downloads of animal sounds and ringtones, along with personalized settings. Version 1.3.0 of PEAKSEL Animal Sounds and Ringtones contains a security vulnerability. This vulnerability...

CVE-2026-30280

An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure...

Zora 安全漏洞

Zora is a blockchain platform developed by Zora Company, designed for the issuance and trading of digital assets. Version 2.60.0 of Zora contains a security vulnerability. This vulnerability stems from an issue with arbitrary file overwriting during the file import process, which could lead to...

TA Triumph-Adler TA/UTAX Mobile Print 安全漏洞

TA Triumph-Adler TA/UTAX Mobile Print is a business application developed by TA Triumph-Adler that allows document printing and scanning via mobile devices. Version v3.7.2.251001 of TA Triumph-Adler TA/UTAX Mobile Print contains a security vulnerability. This vulnerability stems from an issue whe...

@tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files

Summary A Path Traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. The impact includes the ability to replace critical server...

CVE-2025-15036

A flaw was found in mlflow. A path traversal vulnerability exists in the extractarchivetodir function, which is responsible for extracting archives. An attacker who can control the input tar.gz file can exploit this vulnerability due to insufficient validation of paths within the archive. This...

EUVD-2026-16717

AVideo: IDOR in uploadPoster.php Allows Any Authenticated User to Overwrite Scheduled Live Stream Posters and Trigger False Socket Notifications...

GHSA-G3HJ-MF85-679G AVideo: IDOR in uploadPoster.php Allows Any Authenticated User to Overwrite Scheduled Live Stream Posters and Trigger False Socket Notifications

Summary The plugin/Live/uploadPoster.php endpoint allows any authenticated user to overwrite the poster image for any scheduled live stream by supplying an arbitrary livescheduleid. The endpoint only checks User::isLogged but never verifies that the authenticated user owns the targeted schedule...

AVideo: IDOR in uploadPoster.php Allows Any Authenticated User to Overwrite Scheduled Live Stream Posters and Trigger False Socket Notifications

Summary The plugin/Live/uploadPoster.php endpoint allows any authenticated user to overwrite the poster image for any scheduled live stream by supplying an arbitrary livescheduleid. The endpoint only checks User::isLogged but never verifies that the authenticated user owns the targeted schedule...

CVE-2026-34247

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the plugin/Live/uploadPoster.php endpoint allows any authenticated user to overwrite the poster image for any scheduled live stream by supplying an arbitrary livescheduleid. The endpoint only checks User::isLogged...

EUVD-2016-10837

Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers can invoke yasr with a crafted payload containing junk data, shellcode, and a return address to...

EUVD-2016-10829

xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying overly long input strings that exceed buffer boundaries. Attackers can craft malicious command-line arguments with 262 bytes of junk data followed by...

EUVD-2016-10852

JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 8150 bytes to overflow the stack, overwrite return...

CVE-2016-20044

PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to overwrite the...

UBUNTU-CVE-2016-20043

NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value to overwrite the...

CVE-2016-20041

Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers can invoke yasr with a crafted payload containing junk data, shellcode, and a return address to...

CVE-2016-20049 JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow Remote Code Execution

JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 8150 bytes to overflow the stack, overwrite return...