File-Overwrite

CVE-2025-51480 is a path traversal vulnerability in ONNX 1.17.0 that allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences.

Multiple vulnerabilities in Joplin allow an attacker to perform a denial of service attack, disclose sensitive information, or overwrite arbitrary files, potentially leading to arbitrary code execution.

A path traversal vulnerability exists in the OneNote importer of Joplin versions 3.5.6 and earlier. By importing a crafted .one file, an attacker can overwrite arbitrary files on the disk, potentially leading to privilege escalation and remote code execution. The vulnerability stems from the lack of sanitization of embedded file names within the OneNote converter, allowing filenames containing directory traversal sequences like `../../`.

Crabbox versions before 0.9.0 contain a path traversal vulnerability (CVE-2026-45224) in the Islo provider's workspace path resolution, allowing attackers to cause arbitrary file deletion and overwrite by crafting malicious .crabbox.yaml files with traversal sequences when sync.delete is enabled.

The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal, allowing authenticated attackers with subscriber-level access to overwrite arbitrary files on the server with a fixed PHP docblock content, potentially causing denial of service.