Directory Traversal

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Directory Traversal via the restorebackup function. An attacker can overwrite arbitrary files outside the intended extraction directory by uploading a specially...

EUVD-2025-11492

Malicious code in bioql PyPI...

Path Traversal

qbitmanage is vulnerable to Path Traversal. The vulnerability is due to improper validation of the backupid parameter in the restoreconfigfrombackup endpoint, which allows an attacker to bypass directory restrictions and read arbitrary files from the server filesystem...

CVE-2022-36557

Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a crafted html file...

CVE-2024-55371

Wallos = 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an authenticated attacker being an administrator is not...

PT-2025-16885 · Wallos · Wallos

Name of the Vulnerable Software and Affected Versions: Wallos versions 2.38.2 and earlier Description: The issue allows authenticated users to upload malicious files to the server through the restore backup function by uploading a ZIP file. The contents of the ZIP file are extracted on the server...

Wallos 安全漏洞

Wallos is an open source personal subscription tracker by the individual developer Miguel Ribeiro. A security vulnerability exists in Wallos 2.38.2 and earlier versions, which stems from the Restore Backup feature allowing the uploading of malicious files, which could lead to the execution of...

WordPress plugin Royal Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-1759 · WordPress · Royal Core

Name of the Vulnerable Software and Affected Versions: Royal Core plugin for WordPress versions up to, and including, 2.9.2 Description: The issue allows authenticated attackers with Subscriber-level access and above to update arbitrary options on the WordPress site due to a missing capability...

CVE-2022-36557

Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a crafted html file...

CVE-2022-36557

Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a crafted html file...

Security Bulletin: A vulnerabbility exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager (CVE-2019-2601).

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2, which was disclosed in the Oracle January 2020 Critical Patch Update, but deferred until the release associated with the Oracle Oct 2020...