PT-2026-1803

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.2 iPadOS versions prior to 26.2 Description A logic issue exists related to validation. Restoring from a backup may prevent a passcode from being required immediately after Face ID enrollment. Recommendations Update to...

CVE-2025-46359

A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator may execute arbitrary code by restoring a crafted backup file...

CVE-2025-27413 PwnDoc Arbitrary File Write to RCE using Path Traversal in template update from backup templates.json

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template update functionality as it uses the path from the...

CVE-2025-27410 PwnDoc Arbitrary File Write to RCE using Path Traversal in backup restore as admin

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality is vulnerable to path traversal in the TAR entry's name, allowing an attacker to overwrite any file on the system with their content. By overwriting an included .js file and restarting the...

CVE-2025-27410

PwnDoc prior to version 1.2.0 is affected by a path traversal in the backup restore TAR entry name, allowing an attacker with backups:create and backups:update (typically admins) to overwrite arbitrary files and induce Remote Code Execution after restarting the container. The issue is fixed in ve...

PT-2022-14058 · Inductive Automation · Ignition

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue arises from an XML external entity reference, where the software fails to use XML security flags when parsing XML in the backup/restore functionality. This oversight may lead to ...