7267 matches found
EUVD-2025-208363
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...
CVE-2025-41758
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...
CVE-2025-41756
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...
CVE-2025-41757
A low-privileged remote attacker can abuse the backup restore functionality of UBR ubr-restore which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system...
CVE-2025-41756
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...
CVE-2025-41758
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...
CVE-2025-41758 Arbitrary Write with wwwupload.cgi
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...
CVE-2025-41758 Arbitrary Write with wwwupload.cgi
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...
CVE-2025-41758
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...
CVE-2025-41757
The CVE-2025-41757 entry concerns the backup restore functionality of UBR (ubr-restore) . The vulnerability arises because this component runs with elevated privileges and does not validate the contents of the backup archive, enabling a low-privileged remote attacker to create or overwrite arbitr...
CVE-2025-41757 Arbitrary Write with ubr-restore
A low-privileged remote attacker can abuse the backup restore functionality of UBR ubr-restore which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system...
CVE-2025-41756
CVE-2025-41756 describes an arbitrary-file-write flaw exploitable by a low-privileged remote attacker via the ubr-editfile method of the undocumented wwwubr.cgi API endpoint. The vulnerability enables writing arbitrary files on the affected system, with CVSSv3.1 metrics indicating Network attack,...
CVE-2025-41756 Arbitrary Write with ubr-editfile
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...
Arbitrary File Write via Path Traversal in Malicious NLTK Downloader Index (nltk.downloader.Package.fromxml)
NLTK relies on the nltk.downloader.Downloader class to securely fetch corpora and models. It fetches an index.xml file to map package ids to payload URLs. A critical Arbitrary File Write vulnerability exists in nltk.downloader.Package.fromxml due to a lack of sanitization on the id field. When...
PT-2026-24028
Name of the Vulnerable Software and Affected Versions Versions affected versions not specified Description A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi API endpoint. This is due to path traversal, which can lead to overwriting arbitrary...
MBS多款产品 安全漏洞
MBS UBR-01 Mk II, etc., are products of the German MBS company. MBS UBR-01 Mk II is a remote base station device. MBS UBR-02 is also a remote base station device. MBS UBR-LON is a communication interface device for industrial automation systems. Several MBS products have security vulnerabilities;...
CVE-2026-29780
emlparser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to version 2.0.1, the official example script examples/recursivelyextractattachments.py contains a path traversal vulnerability that allows...
CVE-2026-29778
pyLoad: Arbitrary File Write via Path Traversal in edit_package() is confirmed. Affected range: 0.5.0b3.dev13–0.5.0b3.dev96; fix patched in 0.5.0b3.dev97. The issue stems from insufficient sanitization of pack_folder, relying on a single-pass "../" replacement, which can be bypassed by crafted re...
CVE-2026-29778 pyLoad: Arbitrary File Write via Path Traversal in edit_package()
pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...
CVE-2026-29778 pyLoad: Arbitrary File Write via Path Traversal in edit_package()
pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...