K000161622: NGINX UI vulnerability CVE-2026-42238

Security Advisory Description Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An...

Collibra Agent contains improper authentication and path traversal vulnerabilities

Overview The Collibra Platform Agent contains vulnerabilities that can be chained by a remote, unauthenticated attacker to achieve remote code execution. An attacker can exploit these issues by uploading a crafted ZIP archive that writes attacker-controlled files to arbitrary locations on the...

EUVD-2026-27141

Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore...

CVE-2026-7833 EFM ipTIME C200 ApplyRestore Endpoint iux_set.cgi sub_408F90 command injection

A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub408F90 of the file /cgi/iuxset.cgi of the component ApplyRestore Endpoint. This manipulation of the argument RestoreFile causes command injection. The attack can be initiated remotely. The...

CVE-2026-7833

CVE-2026-7833 affects EFM ipTIME C200 firmware up to 1.092. The vulnerability lies in the function sub_408F90 of /cgi/iux_set.cgi (ApplyRestore Endpoint), where improper handling of the RestoreFile argument enables remote command injection. Impact includes high risk to confidentiality, integrity,...

PT-2026-37039

A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub 408F90 of the file /cgi/iux set.cgi of the component ApplyRestore Endpoint. This manipulation of the argument RestoreFile causes command injection. The attack can be initiated remotely. The...

CVE-2026-42238

Nginx UI (nginx-ui) prior to version 2.3.8 exposes an unauthenticated backup restore endpoint (POST /api/restore) during the first 10 minutes after startup. An unauthenticated remote attacker can upload a crafted backup archive that overwrites app.ini and the SQLite database, allowing injection o...

Nginx UI 代码注入漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.8 had a code injection vulnerability. This vulnerability stemmed from the backup restoration endpoint POST /api/restore, which operates without authentication within the first 10 minutes after the process...

CVE-2026-41170 Squidex has SSRF via Backup Restore Endpoint — Admin-Controlled URL Download Allows Internal and External Requests

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the RestoreController.PostRestoreJob endpoint allows an administrator to supply an arbitrary URL for downloading backup archives. This URL is fetched using the "Backup" HttpClient...

CVE-2026-41170 Squidex has SSRF via Backup Restore Endpoint — Admin-Controlled URL Download Allows Internal and External Requests

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the RestoreController.PostRestoreJob endpoint allows an administrator to supply an arbitrary URL for downloading backup archives. This URL is fetched using the "Backup" HttpClient...

CVE-2026-41170

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the RestoreController.PostRestoreJob endpoint allows an administrator to supply an arbitrary URL for downloading backup archives. This URL is fetched using the "Backup" HttpClient...

CVE-2026-40608

CVE-2026-40608 affects Next AI Draw.io (a Next.js app). Before version 0.4.15, the embedded HTTP sidecar’s three POST handlers (/api/state, /api/restore, /api/history-svg) accumulate entire request bodies into a JavaScript string without size limits. Node.js buffers the full payload in the V8 hea...

CVE-2026-40484

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ directory into the web-accessible document root using recursiveCopyDirectory, which performs no file...

PT-2026-28564

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.7.0 Description Ella Core is a 5G core designed for private networks. The NetworkManager role had backup and restore permissions. The restore endpoint accepted any valid SQLite file without content verification...

PT-2026-24100

Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-privileged authenticated user to restore deleted users and roles via crafted API requests...

Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)

Summary An unauthenticated attacker can pollute the internal state restoreFilePath of the server via the /skServer/validateBackup endpoint. This allows the attacker to hijack the administrator's "Restore" functionality to overwrite critical server configuration files e.g., security.json,...

CVE-2025-66398 Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state restoreFilePath of the server via the /skServer/validateBackup endpoint. This allows the attacker to hijack the administrator's "Restor...

CVE-2025-66398 Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state restoreFilePath of the server via the /skServer/validateBackup endpoint. This allows the attacker to hijack the administrator's "Restor...

EUVD-2025-25420

Malicious code in bioql PyPI...

EUVD-2025-25195

Malicious code in bioql PyPI...