CVE-2026-11784

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.6. This is due to missing or incorrect nonce validation on the replacefile function. This makes it...

EUVD-2026-37848

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.6. This is due to missing or incorrect nonce validation on the replacefile function. This makes it...

CVE-2026-11784 Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization <= 4.2.6 - Cross-Site Request Forgery via 'optml_replace_file' AJAX Action

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.6. This is due to missing or incorrect nonce validation on the replacefile function. This makes it...

CVE-2026-11784

The CVE describes a Cross‑Site Request Forgery in the WordPress plugin Optimole – Optimize Images (

Arbitrary File Upload

Overview @strapi/upload is a Makes it easy to upload images and files to your Strapi Application. Affected versions of this package are vulnerable to Arbitrary File Upload via the Content API uploadFiles and replaceFile handlers, which bypass administrator-configured MIME type restrictions. An...

CVE-2024-30117

A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances...

CVE-2024-0949

CVE-2024-0949 affects Talya Informatics’ Elektraweb prior to 17.0.68. The issue is described as Missing Authentication and Use of Hard-coded Credentials that enables Authentication Bypass due to improper access control, potentially exposing files/directories externally and impacting confidentiali...

SUSE CVE-2021-47433

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix abort logic in btrfsreplacefileextents Error injection testing uncovered a case where we'd end up with a corrupt file system with a missing extent in the middle of a file. This occurs because the if statement to decide...

DEBIAN-CVE-2021-47433

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix abort logic in btrfsreplacefileextents Error injection testing uncovered a case where we'd end up with a corrupt file system with a missing extent in the middle of a file. This occurs because the if statement to decide...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from an abort logic error in btrfsreplacefileextents...

PT-2024-26273 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.113 Description: The issue is related to Cross Site Scripting XSS and can be exploited via the sys data replace.php file. Recommendations: For DedeCMS version 5.7.113, at the moment, there is no information about a newer...

CVE-2020-23834

Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\bd\bd.exe file. When the computer next starts, the new bd.exe will be run as LocalSystem...

The vulnerability of the node-tar module in the Node.js library allows a hacker to replace the existing content of a file.

The vulnerability of the node-tar module in the Node.js library is related to an incorrect definition of the reference before accessing the file. Exploiting this vulnerability could allow a remote attacker to replace the existing content of the file...

RubyGems < 2.6.13 - Arbitrary File Overwrite Exploit

Exploit for linux platform in category local exploits There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file...

CVE-2013-5725

The Metaclassy Byword app 2.x before 2.1 for iOS does not require confirmation of Replace file actions, which allows remote attackers to overwrite arbitrary files via the name and text parameters in a byword://replace URL...