36 matches found
EUVD-2026-18262
Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in the remove ARCHIVE parameter to /cgi-bin/backup.cgi. The remove ARCHIVE parameter value is used to construct a file path without sanitization of directory traversal sequences,...
CVE-2026-34790 Endian Firewall /cgi-bin/backup.cgi remove ARCHIVE Directory Traversal
Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in the remove ARCHIVE parameter to /cgi-bin/backup.cgi. The remove ARCHIVE parameter value is used to construct a file path without sanitization of directory traversal sequences,...
CVE-2026-34790
Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in the remove ARCHIVE parameter to /cgi-bin/backup.cgi. The remove ARCHIVE parameter value is used to construct a file path without sanitization of directory traversal sequences,...
Endian Firewall 路径遍历漏洞
Endian Firewall is a network security firewall system developed by Endian Corporation. Versions of Endian Firewall 3.3.25 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the lack of cleaning of the directory traversal sequences for the remove ARCHIVE paramete...
EUVD-2026-12264
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This impacts the function...
CVE-2025-40746
A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V3.2. Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT...
EUVD-2025-24244
Malicious code in bioql PyPI...
EUVD-2025-14021
Malicious code in bioql PyPI...
CVE-2025-40746
A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V3.2. Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT...
CVE-2025-40746
A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V3.2. Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT...
CVE-2025-40746
A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V3.2. Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT...
CVE-2025-40746
A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V3.2. Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT...
CVE-2025-40746
SIMATIC RTLS Locating Manager (versions prior to V3.2) contains an input validation issue in the backup script path that can be exploited by an authenticated remote attacker with high privileges to execute arbitrary code with SYSTEM privileges. Multiple connected sources (Red Hat CVE page, NVD en...
PT-2025-32653 · Siemens · Simatic Rtls Locating Manager
Name of the Vulnerable Software and Affected Versions: SIMATIC RTLS Locating Manager versions prior to V3.2 Description: A vulnerability exists in SIMATIC RTLS Locating Manager that allows an authenticated remote attacker with high privileges to execute arbitrary code with 'NT Authority/SYSTEM'...
CVE-2025-26845
An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script...
CVE-2025-26845
An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script...
UBUNTU-CVE-2025-26845
An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script...
CVE-2025-26845
An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script...
CVE-2025-26845
CVE-2025-26845 describes an Eval Injection vulnerability in Znuny up to version 7.1.3. A user with write access to the configuration file can cause code execution via the command that runs the backup.pl script, effectively allowing escalation to the user running that script. The primary affected ...
PT-2025-7618 · Znuny +1 · Znuny +1
Name of the Vulnerable Software and Affected Versions: znuny affected versions not specified Description: The issue is related to a privilege escalation in the backup script of znuny. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...