143 matches found
EUVD-2026-29377
UNSUPPORTED WHEN ASSIGNED An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration file...
CVE-2026-7257
UNSUPPORTED WHEN ASSIGNED An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration file...
PT-2026-39934
UNSUPPORTED WHEN ASSIGNED An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration file...
Zyxel WRE6505 安全漏洞
The Zyxel WRE6505 is a wireless signal expansion device produced by the Chinese company Zyxel. The Zyxel WRE6505 v2 V1.00ABDV.3C0 version contains a security vulnerability. This vulnerability stems from the insecure storage of sensitive information in the configuration file, which may allow local...
PT-2026-37101
Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Missing validation logic in the storage bucket import process allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The issue occurs in the backup...
CVE-2026-2035 Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability
Deciso OPNsense diagbackup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw...
Deciso OPNsense 操作系统命令注入漏洞
Deciso OPNsense is a firewall and router operating system developed by the Dutch company Deciso. Decivo OPNsense has a vulnerability related to operating system command injection. This vulnerability arises from insufficient validation of strings provided to users during the processing of backup...
CVE-2026-0805
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
CVE-2026-0805
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
CVE-2026-0805 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
CVE-2026-0805 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
CVE-2026-0805 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
CVE-2026-0805
CVE-2026-0805 affects Crafty Controller’s Backup Configuration component. The vulnerability is described as an input neutralization/path traversal weakness that could allow a remote, authenticated attacker to tamper files and achieve remote code execution. Reported CVSS v3.1 base score is 8.2 (HI...
EUVD-2026-5043
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
Crafty Controller path traversal vulnerability
Crafty Controller is a Minecraft server control panel/launcher for Arcadia. Crafty Controller has a path traversal vulnerability, which stems from an input validation issue in the Backup Configuration component. This vulnerability could allow authenticated remote attackers to manipulate files and...
PT-2026-5380
Name of the Vulnerable Software and Affected Versions Crafty Controller affected versions not specified Description An input neutralization weakness exists in the Backup Configuration component of Crafty Controller. A remote, authenticated attacker can exploit this to tamper with files and execut...
CVE-2025-55125
This vulnerability allows a Backup or Tape Operator to perform remote code execution RCE as root by creating a malicious backup configuration file...
CVE-2025-55125
This vulnerability allows a Backup or Tape Operator to perform remote code execution RCE as root by creating a malicious backup configuration file...
CVE-2025-55125
This vulnerability allows a Backup or Tape Operator to perform remote code execution RCE as root by creating a malicious backup configuration file...
CVE-2025-55125
This vulnerability allows a Backup or Tape Operator to perform remote code execution RCE as root by creating a malicious backup configuration file...