48 matches found
CVE-2022-4991
Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an...
EUVD-2026-29935
ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file...
CVE-2026-30814
A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow...
Use of Less Trusted Source
Overview Affected versions of this package are vulnerable to Use of Less Trusted Source via the nspawn process. An attacker can gain unauthorized access to the host system by supplying a crafted optional configuration file. Remediation A fix was pushed into the master branch but not yet published...
CVE-2026-40226
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file...
EUVD-2026-20542
A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow...
CVE-2026-30814
Affects TP-Link Archer AX53 v1.0. The vulnerability is a stack-based buffer overflow in the tmpServer module, allowing an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a crafted configuration file. Exploitation may crash the device and ...
CVE-2026-0654
Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command. An authenticated adjacent attacker may execute arbitrary commands via crafted configuration file, impacting confidentiality, integrity and availabili...
CVE-2026-0654 Command injection on TP-Link Deco BE25
Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command. An authenticated adjacent attacker may execute arbitrary commands via crafted configuration file, impacting confidentiality, integrity and availabili...
CVE-2025-13176
Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL...
CVE-2025-62630
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions...
CVE-2025-12200
No description is available for this CVE. Mitigation No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability. To reduce the risk, restrict write access to the dnsmasq.conf file and related configuration directorie...
CVE-2025-60536
An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service DoS via uploading a crafted configuration file...
CVE-2025-60536
An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service DoS via uploading a crafted configuration file...
CVE-2025-60536
An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service DoS via uploading a crafted configuration file...
CVE-2025-60536
An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service DoS via uploading a crafted configuration file...
CVE-2025-60536
The CVE-2025-60536 entry affects kafka-ui, specifically the Configure New Cluster interface in versions v0.6.0 through v0.7.2. The issue allows an attacker to trigger a Denial of Service by uploading a crafted configuration file. The available connected documents confirm the affected product/vers...
CVE-2024-51366
An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file...
CVE-2023-22917
A buffer overflow vulnerability in the “sdwanifaceipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50W firmware versions 5.10 through 5.32, USG20W-VPN firmware versions 5.10 through 5.32, and VPN series firmware...
CVE-2025-1732
An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable...