Lucene search
K

14505 matches found

BDU FSTEC
BDU FSTEC
added 4 hours ago14 views

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the lack of a mechanism for verifying input data during backup scenarios. This allows a malicious actor to execute arbitrary code with SYSTEM privileges.

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager is related to deficiencies in the mechanism for verifying input data during backup scenario execution. Exploiting this vulnerability could allow an attacker, operating...

9.1CVSS6.1AI score0.00648EPSS
Exploits0References2Affected Software1
Nuclei
Nuclei
added 12 hours ago32 views

Export WP Page to Static HTML <= 4.3.4 - Cookie Exposure

Export WP Page to Static HTML & PDF WordPress plugin = 4.3.4 contains a sensitive information exposure caused by publicly exposed cookies.txt files with authentication cookies, letting unauthenticated attackers access sensitive authentication data, exploit requires site administrator to trigger...

9.8CVSS6AI score0.01954EPSS
Exploits0References2
Nuclei
Nuclei
added 12 hours ago22 views

JetBackup <= 2.0.9.7 - Sensitive Information Exposure via Directory Listing

JetBackup WordPress plugin = 2.0.9.9 does not use index files to prevent directory listing in certain configurations, letting malicious actors leak backup files, exploit requires access to the web server. id: CVE-2023-7165 info: name: JetBackup = 2.0.9.7 - Sensitive Information Exposure via...

7.5CVSS7AI score0.01915EPSS
Exploits2References3
Nuclei
Nuclei
added 12 hours ago41 views

WordPress WP Clone <= 2.4.2 - Database Backup Exposure

Clone WordPress plugin 2.4.3 contains a buffer overflow caused by storing in-progress backup information in publicly accessible buffer files at a static file path, letting attackers access sensitive backup data, exploit requires no special privileges id: CVE-2023-6750 info: name: WordPress WP Clo...

7.5CVSS7.1AI score0.01961EPSS
Exploits2References3
Nuclei
Nuclei
added 12 hours ago16 views

Emlog 2.1.9 - SQL Injection

emlog v2.1.9 contains a SQL injection caused by unsanitized input in the data backup/restore functionality, allowing attackers to execute arbitrary SQL commands through crafted backup files. id: CVE-2023-39121 info: name: Emlog 2.1.9 - SQL Injection author: wjch611 severity: high description: |...

7.2CVSS7.2AI score0.02258EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago16 views

WordPress Backup Migration <= 1.3.6 - Path Traversal

WordPress Backup Migration plugin versions up to 1.3.6 contain a path traversal and file validation issue in handledownloading function, letting unauthenticated attackers download backup files containing sensitive information. id: CVE-2023-6266 info: name: WordPress Backup Migration = 1.3.6 - Pat...

7.5CVSS7AI score0.02072EPSS
Exploits0References4
Nuclei
Nuclei
added 12 hours ago64 views

ZKTeco BioTime <= 9.0.1 - Privilege Escalation

BioTime default employee credentials password 123456 allow login. Sessions are not role-validated, enabling privilege escalation to perform admin actions and enumerate backup files. id: CVE-2023-38952 info: name: ZKTeco BioTime = 9.0.1 - Privilege Escalation author: riteshs4hu severity: high...

9.8CVSS6.9AI score0.03258EPSS
Exploits2References3
Nuclei
Nuclei
added 12 hours ago9 views

WordPress BackWPup < 4.0.4 - Backup File Disclosure

BackWPup WordPress plugin 4.0.4 contains a directory listing vulnerability caused by lack of access restrictions in its temporary backup folder, letting unauthenticated attackers download site backups, exploit requires no authentication. id: CVE-2023-7164 info: name: WordPress BackWPup 4.0.4 -...

7.5CVSS6AI score0.02261EPSS
Exploits2References3
Nuclei
Nuclei
added 12 hours ago13 views

phpMyFAQ - Configuration Backup Disclosure

phpMyFAQ = 4.0.16 contains an information disclosure vulnerability caused by unauthenticated access to configuration backup ZIP generation and download, letting remote attackers access sensitive configuration files, exploit requires no authentication. id: CVE-2025-69200 info: name: phpMyFAQ -...

7.5CVSS6.1AI score0.02005EPSS
Exploits1References3
Nuclei
Nuclei
added 12 hours ago39 views

Nginx UI < 2.3.3 - Information Disclosure

Nginx UI 2.3.3 contains an information disclosure vulnerability caused by unauthenticated access to /api/backup endpoint exposing encryption keys in X-Backup-Security header, letting unauthenticated attackers download and decrypt full system backups. id: CVE-2026-27944 info: name: Nginx UI 2.3.3 ...

9.8CVSS6.9AI score0.22162EPSS
Exploits13References3
Nuclei
Nuclei
added 12 hours ago17 views

WeGIA <= 3.6.4 - Remote Code Execution

WeGIA = 3.6.5 contains a remote code execution caused by improper validation of backup file names in the database restoration functionality, letting attackers with administrative access execute arbitrary OS commands id: CVE-2026-28409 info: name: WeGIA = 3.6.4 - Remote Code Execution author:...

10CVSS6.6AI score0.03315EPSS
Exploits1References3
Nuclei
Nuclei
added 12 hours ago22 views

WordPress WPvivid Backup & Migration Plugin <= 0.9.116 - Authenticated Arbitrary File Upload

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpvividuploadimportfiles' function in all versions up to, and including, 0.9.116. id: CVE-2025-5961 info: name: WordPress WPvivid...

7.2CVSS6.2AI score0.06479EPSS
Exploits3References2
Nuclei
Nuclei
added 12 hours ago53 views

WordPress DB Backup <=4.5 - Local File Inclusion

WordPress Plugin DB Backup 4.5 and possibly prior versions are prone to a local file inclusion vulnerability because they fail to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. id:...

5CVSS7AI score0.16117EPSS
Exploits1References5
Nuclei
Nuclei
added 12 hours ago86 views

WordPress WPvivid Backup <0.9.76 - Local File Inclusion

WordPress WPvivid Backup version 0.9.76 is vulnerable to local file inclusion because the plugin does not sanitize and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server. id: CVE-2022-2863 info: name: WordPress...

4.9CVSS6.1AI score0.18147EPSS
Exploits3References5
NVD
NVD
added yesterday2 views

CVE-2026-50406

Use after free in Windows Backup Engine allows an authorized attacker to elevate privileges locally...

7CVSS
Exploits0References1
NVD
NVD
added yesterday2 views

CVE-2026-50364

Improper link resolution before file access 'link following' in Windows Server Backup allows an authorized attacker to elevate privileges locally...

7.3CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday15 views

CVE-2026-50406 Windows Backup Engine Elevation of Privilege Vulnerability

...

7CVSS
Exploits0References1
CVE
CVE
added yesterday3 views

CVE-2026-50406

CVE-2026-50406 affects Windows Backup Engine with a use-after-free vulnerability that enables a locally authenticated attacker to elevate privileges. Connected sources confirm the issue exists in Windows Backup Engine and describe local privilege escalation as the impact, with Microsoft issuing u...

7CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday3 views

CVE-2026-60114

SIP 5.x (up to 5.2.16) contains a path traversal flaw in the Backup/Restore function. Unvalidated keys in the JSON backup enable attackers with restore access to craft file paths and write JSON files outside the data directory. The issue is worse when the optional passphrase is not enabled (facto...

8.7CVSS6.2AI score
Exploits1References2
Microsoft CVE
Microsoft CVE
added yesterday3 views

Windows Backup Engine Elevation of Privilege Vulnerability

Use after free in Windows Backup Engine allows an authorized attacker to elevate privileges locally...

7CVSS6.1AI score
Exploits0
Rows per page
Query Builder