2 matches found
CVE-2026-14480
CVE-2026-14480 affects OpenPLC Runtime v3. An authenticated user can write arbitrary files via the legacy web UI program-upload workflow by storing a attacker-controlled filename (prog_file) that is later used as the destination path. Python os.path.join() honors absolute paths, enabling writes a...
GHSA-X36G-4629-XP9V TeamPass External Control of File Name or Path vulnerability
External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22...