CVE-2026-21876 OWASP CRS has multipart bypass using multiple content-type parts

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a...

CVE-2026-21876 OWASP CRS has multipart bypass using multiple content-type parts

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a...

CVE-2019-25295

The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a whitelisted type on an affected site...

CVE-2019-25295 WP Cost Estimation < 9.660 - Upload Directory Traversal

The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a whitelisted type on an affected site...

CVE-2019-25295 WP Cost Estimation < 9.660 - Upload Directory Traversal

The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a whitelisted type on an affected site...

CVE-2019-25295

CVE-2019-25295 affects the WP Cost Estimation plugin for WordPress. Versions prior to 9.660 are vulnerable to a directory traversal in the uploadFormFiles function, allowing an attacker to overwrite any file with a whitelisted type on the site. This results in potential partial impact to integrit...

WordPress plugin WP Cost Estimation 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path traversal...

PT-2026-1684

Name of the Vulnerable Software and Affected Versions WP Cost Estimation versions prior to 9.660 Description The WP Cost Estimation plugin for WordPress is susceptible to a directory traversal issue in versions before 9.660. This flaw resides within the uploadFormFiles function and permits...

CVE-2026-21695 Titra API Contains Mass Assignment Vulnerability

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

CVE-2026-21695

CVE-2026-21695 affects the open source time tracking software Titra. In versions ≤ 0.99.49, the API suffers a Mass Assignment vulnerability: the endpoint merges user-supplied input via the JavaScript spread operator into the database document (customfields), without validating which keys are perm...

CVE-1999-0133

fmfls license server for Adobe Framemaker allows local users to overwrite arbitrary files and gain root access...

CVE-1999-0081

wu-ftp allows files to be overwritten via the rnfr command...

CVE-1999-0730

The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack...

CVE-1999-0424

talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes...

CVE-1999-0743

Trn allows local users to overwrite other users' files via symlinks...

CVE-2019-16155

A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more...

CVE-2019-12806

UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote attacker to execute arbitrary code via crafted https packets...

CVE-2019-12551

In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the Memcpy function provided by the scripting engine allows an attacker to overwrite arbitrary memory, which could lead to code execution...

CVE-2019-12571

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v0.9.8 beta build 02099 for macOS could allow an authenticated, local attacker to overwrite arbitrary files. When the client initiates a connection, the XML /tmp/pia-watcher.plist file is created. If the file exists,...

CVE-2024-2214

In Eclipse ThreadX before version 6.4.0, the Mtxinit function in the Xtensa port was missing an array size check causing a memory overwrite. The affected file was ports/xtensa/xcc/src/txcliblock.c...