CVE-2026-23535 wlc Path traversal: Unsanitized API slugs in download command

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2...

EUVD-2026-2864

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2...

CVE-2026-23535 wlc Path traversal: Unsanitized API slugs in download command

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2...

CVE-2026-23535 wlc Path traversal: Unsanitized API slugs in download command

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2...

GHSA-MMWX-79F6-67JG Weblate wlc path traversal vulnerability: Unsanitized API slugs in download command

Impact Multi-translation download could write to an arbitrary location when instructed by a crafted server. Patches https://github.com/WeblateOrg/wlc/pull/1128 Workarounds Do not use wlc download with untrusted servers. References This issue was reported to us by wh1zee via HackerOne...

Weblate wlc path traversal vulnerability: Unsanitized API slugs in download command

Impact Multi-translation download could write to an arbitrary location when instructed by a crafted server. Patches https://github.com/WeblateOrg/wlc/pull/1128 Workarounds Do not use wlc download with untrusted servers. References This issue was reported to us by wh1zee via HackerOne...

CVE-2024-24731

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the httpdownload command. The issue results from t...

CVE-2023-3489

The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS...

Silicon Gecko OS 安全漏洞

Silicon Gecko OS is a highly optimized but feature-rich IoT operating system from Silicon, Inc. A security vulnerability exists in Silicon Gecko OS that stems from a missing data length validation of the httpdownload command...

CVE-2022-42492

Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is...

DEBIAN-CVE-2010-3439

It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command...

CVE-2010-3439

It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command...

CVE-2010-3439

It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command...

CVE-2018-9086

In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users...

CVE-2017-6034

An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download...

CVE-2017-6034

An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download...

CVE-2014-0490

The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package...

DEBIAN-CVE-2006-2875

Stack-based buffer overflow in the CLParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svcdownload command with compressed data that triggers the overflow during expansion...