1620 matches found
Frontend File Manager < 21.3 - Unauthenticated File Renaming
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server id:...
CVE-2026-45264
Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before 21.0.4, a user with READ and CREATE permission, but no UPDATE permission for a team folder can...
CVE-2026-40893
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...
samba: vfs_worm does not block directory modification
A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...
CVE-2026-45264
Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before 21.0.4, a user with READ and CREATE permission, but no UPDATE permission for a team folder can...
CVE-2026-45264 Nextcloud: ACL Rename Permission Bypass in Team Folders Allows Unauthorized File Renames
Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before 21.0.4, a user with READ and CREATE permission, but no UPDATE permission for a team folder can...
CVE-2026-45264
Nextcloud shows an ACL-based permission bypass affecting Team Folders. A user with READ and CREATE (but not UPDATE) permission could rename files within a Team Folder in multiple branches: 17.0.0–17.0.14, 18.0.0–18.1.11, 19.0.0–19.1.15, 20.0.0–20.1.10, and 21.0.0–21.0.3. The issue has been patche...
CVE-2026-45264 Nextcloud: ACL Rename Permission Bypass in Team Folders Allows Unauthorized File Renames
Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before 21.0.4, a user with READ and CREATE permission, but no UPDATE permission for a team folder can...
Team folders access control vulnerability
Team Folders is an open-source file sharing software developed by Nextcloud. Versions of Team Folders from 17.0.0 to 17.0.15, from 18.0.0 to 18.1.12, from 19.0.0 to 19.1.16, from 20.0.0 to 20.1.11, and from 21.0.0 to 21.0.4 contain an access control vulnerability. This vulnerability stems from a...
CVE-2026-44796
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints for example, /dcim/interfaces/rename/ were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in...
Incorrect Authorization
Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Incorrect Authorization through insufficient authorization checks in the renameFile process. An attacker can modify file names and...
Admidio: IDOR in documents-files.php allows cross-folder file rename and description changes by unauthorized uploaders
Summary modules/documents-files.php mode filerenamesave shares the same root-cause shape as the cross-folder move bug 05-documents-cross-folder-move-idor.md: the top-level rights check at lines 79-89 validates hasUploadRight on the URL parameter folderuuid, but the rename operation acts on fileuu...
PT-2026-45040
Summary modules/documents-files.php mode file rename save shares the same root-cause shape as the cross-folder move bug 05-documents-cross-folder-move-idor.md: the top-level rights check at lines 79-89 validates hasUploadRight on the URL parameter folder uuid, but the rename operation acts on fil...
CVE-2026-44796
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints for example, /dcim/interfaces/rename/ were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in...
CVE-2026-44796 Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regular expression (REDoS)
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints for example, /dcim/interfaces/rename/ were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in...
EUVD-2026-32975
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints for example, /dcim/interfaces/rename/ were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in...
CVE-2026-44796
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints for example, /dcim/interfaces/rename/ were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in...
CVE-2026-44796
Nautobot contains a DoS vulnerability in UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) where maliciously crafted regular expressions in the find field, when used with the use_regex flag, can cause an application-wide denial of service. The issue affects pre-fix versions ...
CVE-2026-44796 Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regular expression (REDoS)
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints for example, /dcim/interfaces/rename/ were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in...
SUSE CVE-2026-46002
In the Linux kernel, the following vulnerability has been resolved: ext2: reject inodes with zero inlink and valid mode in ext2iget ext2iget already rejects inodes with inlink == 0 when imode is zero or idtime is set, treating them as deleted. However, the case of inlink == 0 with a non-zero mode...