CVE-2026-42609 Grav: Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that alread...

Grav Vulnerable to Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic

Summary A business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that already exists, the system updates the existing account'...

EUVD-2018-12027

Malware in sbrugna...

EUVD-2004-1273

Malware in sbrugna...

EUVD-2018-12030

Malware in sbrugna...

EUVD-2024-2500

Malicious code in bioql PyPI...

CVE-2019-13142

The RzSurroundVADStreamingService RzSurroundVADStreamingService.exe in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver\. The DACL on this folder allows any user to overwrite contents of files in this folder,...

SUSE CVE-2005-2672

pwmconfig in LMsensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file...

CVE-2010-5105

The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103...

DEBIAN-CVE-2012-5530

The 1 pcmd and 2 pmlogger init scripts in Performance Co-Pilot PCP before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/ temporary file...

Gentoo Security Advisory GLSA 200412-05 (mirrorselect)

The remote host is missing updates announced in advisory GLSA 200412-05. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200703-20 (lsat)

The remote host is missing updates announced in advisory GLSA 200703-20. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200510-01 (gtkdiskfree)

The remote host is missing updates announced in advisory GLSA 200510-01. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

DEBIAN-CVE-2006-0512

PADL MigrationTools 46 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the temporary files, which are not properly created by 1 migrateallonline.sh, 2 migratealloffline.sh, 3 migrateallnetinfoonline.sh, 4 migrateallnetinfooffline.s...

CVE-2000-0934

Glint in Red Hat Linux 5.2 is affected. The vulnerability allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack. Root cause is a symlink-related flaw in Glint that enables path manipulation leading to file overwrites and service disruption. No explicit...

CVE-2000-1134

Multiple shell programs on various Unix systems, including 1 tcsh, 2 csh, 3 sh, and 4 bash, follow symlinks when processing redirects aka here-documents or in-here documents, which allows local users to overwrite files of other users via a symlink attack...