EUVD-2025-208376

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...

CVE-2025-41765

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...

CVE-2025-41765 Unchecked role in wwwupload.cgi

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...

CVE-2025-41765 Unchecked role in wwwupload.cgi

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...

CVE-2025-41765

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...

CVE-2025-41765

The CVE-2025-41765 issue centers on an unchecked authorization enforcement in the wwwupload.cgi endpoint, enabling an unauthorized remote attacker to upload and apply arbitrary data. The known impact includes the ability to introduce contact images, HTTPS certificates, system backups for restorat...

PT-2026-24035

Name of the Vulnerable Software and Affected Versions Versions prior to 2025-41765 Description Insufficient authorization enforcement allows a remote attacker to upload and apply arbitrary data through the wwwupload.cgi endpoint. This includes contact images, HTTPS certificates, system backups,...

CVE-2019-25503

CVE-2019-25503 affects PHPads 2.0. The vulnerability is an SQL injection in the bannerID parameter of click.php3, allowing unauthenticated attackers to craft values (e.g., SQL comments, extractvalue) to execute arbitrary queries and reveal data such as the current database name. The impact is hig...

CVE-2026-1602

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...

CVE-2020-37170

TapinRadio 2.12.3 is affected by a local, denial-of-service vulnerability in the application proxy address configuration. The issue arises when an attacker overwrites the address field with 3000 bytes of arbitrary data, causing the application to crash and fail normal operation. Affected componen...

CVE-2020-37170

TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field with 3000 bytes of arbitrary data to trigger an application crash and prevent normal program...

CVE-2024-5986 Remote Arbitrary File Write with Arbitrary Data in h2oai/h2o-3

A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...

EulerOS Virtualization 2.10.1 : rsync (EulerOS-SA-2026-1145)

According to the versions of the rsync package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destinati...

PT-2026-4530

Name of the Vulnerable Software and Affected Versions Aptsys gemscms POS Platform versions prior to 2025-05-29 Description An SQL Injection issue exists in the backend of the Aptsys gemscms POS Platform. The issue is due to the direct insertion of user-supplied input into a dynamic SQL query...

CVE-2025-59022

Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website...

PT-2026-2913

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading...

TYPO3 CMS Allows Broken Access Control in Recycler Module

Problem Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the websit...

CVE-2025-59022

Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website...

TYPO3 CMS 安全漏洞

TYPO3 CMS is a content management system from TYPO3 open source. A security vulnerability exists in TYPO3 CMS that stems from the utilization of the defVals parameter that can bypass field-level access checks and may result in the insertion of arbitrary data into exclusion fields prohibited by a...

PT-2026-2476

Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website...