PT-2026-24467

Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.11.2 Description OliveTin provides access to predefined shell commands through a web interface. When the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename for these logs ...

EUVD-2025-208362

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...

EUVD-2025-208359

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...

EUVD-2025-208363

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...

CVE-2025-41758

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...

CVE-2025-41756

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...

CVE-2025-41757

A low-privileged remote attacker can abuse the backup restore functionality of UBR ubr-restore which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system...

CVE-2025-41756

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...

CVE-2025-41758

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...

CVE-2025-41758 Arbitrary Write with wwwupload.cgi

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...

CVE-2025-41758 Arbitrary Write with wwwupload.cgi

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...

CVE-2025-41758

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...

CVE-2025-41757

The CVE-2025-41757 entry concerns the backup restore functionality of UBR (ubr-restore) . The vulnerability arises because this component runs with elevated privileges and does not validate the contents of the backup archive, enabling a low-privileged remote attacker to create or overwrite arbitr...

CVE-2025-41757 Arbitrary Write with ubr-restore

A low-privileged remote attacker can abuse the backup restore functionality of UBR ubr-restore which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system...

CVE-2025-41756 Arbitrary Write with ubr-editfile

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...

CVE-2025-41756

CVE-2025-41756 describes an arbitrary-file-write flaw exploitable by a low-privileged remote attacker via the ubr-editfile method of the undocumented wwwubr.cgi API endpoint. The vulnerability enables writing arbitrary files on the affected system, with CVSSv3.1 metrics indicating Network attack,...

Arbitrary File Write via Path Traversal in Malicious NLTK Downloader Index (nltk.downloader.Package.fromxml)

NLTK relies on the nltk.downloader.Downloader class to securely fetch corpora and models. It fetches an index.xml file to map package ids to payload URLs. A critical Arbitrary File Write vulnerability exists in nltk.downloader.Package.fromxml due to a lack of sanitization on the id field. When...

PT-2026-24028

Name of the Vulnerable Software and Affected Versions Versions affected versions not specified Description A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi API endpoint. This is due to path traversal, which can lead to overwriting arbitrary...

MBS多款产品 安全漏洞

MBS UBR-01 Mk II, etc., are products of the German MBS company. MBS UBR-01 Mk II is a remote base station device. MBS UBR-02 is also a remote base station device. MBS UBR-LON is a communication interface device for industrial automation systems. Several MBS products have security vulnerabilities;...

CVE-2026-29780

emlparser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to version 2.0.1, the official example script examples/recursivelyextractattachments.py contains a path traversal vulnerability that allows...