PT-2026-36800

Name of the Vulnerable Software and Affected Versions Norton Secure VPN affected versions not specified Description A privilege escalation issue occurs during the installation of the software via the Microsoft Store. A low-privilege user can replace files during the installation process,...

CVE-2026-32262

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, the AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before...

CVE-2026-32262

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, the AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before...

CVE-2026-32262 Craft CMS has a Path Traversal Vulnerability in AssetsController

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, the AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before...

CVE-2026-32262

Craft CMS is affected by a path traversal vulnerability (CVE-2026-32262) where AssetsController->replaceFile() uses an unsanitized targetFilename in deleteFile() before Assets::prepareAssetName() on save. An authenticated user with replaceFiles permission can delete arbitrary files on the same...

CVE-2026-32262 Craft CMS has a Path Traversal Vulnerability in AssetsController

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, the AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before...

CVE-2026-32262 Craft CMS has a Path Traversal Vulnerability in AssetsController

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, the AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before...

Craft CMS has a Path Traversal Vulnerability in AssetsController

The AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before Assets::prepareAssetName is applied on save. This allows an authenticated user with replaceFiles permission to delete arbitrary files within the same filesystem root by...

GHSA-472V-J2G4-G9H2 Craft CMS has a Path Traversal Vulnerability in AssetsController

The AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before Assets::prepareAssetName is applied on save. This allows an authenticated user with replaceFiles permission to delete arbitrary files within the same filesystem root by...

Directory Traversal

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Directory Traversal via the replaceFile process. An attacker can delete arbitrary files within the same filesystem root by injecting path traversal sequences into the targetFilename parameter...

PT-2026-25803

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, the AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before...

SUSE CVE-2011-1011

The seunsharemount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux RHEL 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to...

CVE-2021-38485

The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk...

CVE-2019-5469

An IDOR vulnerability exists in GitLab v12.1.2, v12.0.4, and v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets...

Information Disclosure

ansible is vulnerable to Information Disclosure. An unsafe template evaluation of returned module data exists, allowing an attacker to read and replace files...

Microsoft Windows Subsystem for Linux Security Bypass Vulnerability

Microsoft Windows 10 and Windows Server Version 1803 are both operating systems released by Microsoft Corporation in the U.S. Microsoft Windows 10 is an operating system for personal computers.Windows Server Version 1709 is a server operating system.Windows Subsystem for Linux is one of the Linux...

SMBetray - SMB MiTM Tool With A Focus On Attacking Clients Through File Content Swapping, Lnk Swapping, As Well As Compromising Any Data Passed Over The Wire In Cleartext

Version 1.0.0. This tool is a PoC to demonstrate the ability of an attacker to intercept and modify insecure SMB connections, as well as compromise some secured SMB connections if credentials are known. Background Released at Defcon26 at "SMBetray - Backdooring and Breaking Signatures" In SMB...

Security Bulletin: Public disclosed vulnerability from Apache Struts affects IBM Spectrum LSF Explorer

Summary Public disclosed vulnerability from Apache Struts affects IBM Spectrum LSF Explorer. Vulnerability Details CVEID: CVE-2018-1327 DESCRIPTION: Apache Struts is vulnerable to a denial of service. By sending a specially crafted XML request using the XStream handler with the Struts REST plugin...

CVE-2017-1233

IBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local System or root privileges. IBM X-Force ID: 123912...

Avast Antivirus Arbitrary File Deletion Vulnerability

Avast Antivirus is a suite of antivirus software from the Czech company Avast. An arbitrary file deletion vulnerability exists in versions prior to Avast Antivirus 17. An attacker can exploit this vulnerability to replace or delete arbitrary files...