PT-2026-45930

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive informati...

CVE-2024-47267

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vecto...

CVE-2026-34358 CtrlPanel: Missing Authorization on Admin Write Endpoints Allows RBAC Bypass

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

CVE-2026-34358 CtrlPanel: Missing Authorization on Admin Write Endpoints Allows RBAC Bypass

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

CVE-2026-34358

CtrlPanel (open-source billing software) exposes a broken access control in versions 1.1.1 and earlier due to missing authorization on admin write endpoints. Several controllers (ApplicationApiController admin.api.write; CouponController admin.coupons.write; PartnerController admin.partners.write...

CVE-2021-25877

AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php...

CVE-2021-21070

Adobe Robohelp version 2020.0.3 and earlier is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with admin permissions to write to the file system could leverage this vulnerability to escalate privileges...

CVE-2020-5792

Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user...

Catfish CMS Cross-Site Scripting Vulnerability (CNVD-2018-13273)

Catfish CMS is an open source content management system CMS written in PHP. A cross-site scripting vulnerability exists in Catfish CMS version 4.7.9. A remote attacker can inject arbitrary web script or HTML by sending the 'editorValue' parameter to the admin/Index/write.html page...

Typecho Cross-Site Scripting Vulnerability

Typecho is an open source blogging platform written in PHP. A cross-site scripting vulnerability exists in the admin/write-post.php file in Typecho 1.1 and earlier versions. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...