CVE-2026-23482

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the file server endpoint does not perform permission checks on the temp/ path and does not filter path traversal sequences, allowing unauthorized attackers to read arbitrary files on the server. When scheduled backup tasks...

PT-2026-6820

Name of the Vulnerable Software and Affected Versions ACE Security WiP-90113 HD Camera affected versions not specified Description An unauthenticated attacker can retrieve sensitive configuration files from the camera. Accessing the camera’s configuration backup is possible by sending a GET reque...

webERP 安全漏洞

webERP is an open-source ERP system developed by Tim Schofield. It supports inventory management, permission role management, order management, and financial management. Version 4.15.1 of webERP contains a security vulnerability caused by an unverified file access flaw. Attackers can directly...

PT-2025-50266

Name of the Vulnerable Software and Affected Versions Tinycontrol LAN Controller v3 LK3 version 1.58a Description The Tinycontrol LAN Controller v3 LK3 version 1.58a has an issue that allows remote attackers to download configuration backup files containing sensitive credentials without...

CVE-2025-63891

Information Disclosure in web-accessible backup file in SourceCodester Simple Online Book Store System allows a remote unauthenticated attacker to disclose full database contents including schema and credential hashes via an unauthenticated HTTP GET request to /obs/database/obsdb.sql...

EUVD-2024-32017

Malicious code in bioql PyPI...

EUVD-2024-27516

Malicious code in bioql PyPI...

EUVD-2024-27317

Malicious code in bioql PyPI...

ebram_web_scanner

EBRAM Web Scanner EBRAM Web Scanner is a powerful Python-ba...

PT-2025-29319 · Boldgrid +1 · The Total Upkeep – Wordpress Backup Plugin Plus Restore & Migrate +1

Name of the Vulnerable Software and Affected Versions: Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid versions through 1.14.9 Description: The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is susceptible to sensitive...

CVE-2024-23335

MyBB is a free and open source forum software. The backup management module of the Admin CP may accept .htaccess as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There...

WordPress File Manager Plugin < 6.5 Information Disclosure Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...

CVE-2024-56353

In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. An information disclosure vulnerability exists in...

CVE-2020-11918

An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created through the web interface, information on all users, including passwords, can be found in cleartext in the backup file. An attacker capable of accessing the web interface can create the backup file...

CVE-2024-3430

A vulnerability was found in QKSMS up to 3.9.4 on Android. It has been classified as problematic. This affects an unknown part of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible ...

CVE-2024-2567

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as problematic, was found in jurecapuder AndroidWeatherApp 1.0.0 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to a...

CVE-2023-36144

An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration...

TerraMaster F2-210 Information Disclosure Vulnerability (CNVD-2019-38804)

The Terramaster F2-210 is an entry-level two-drive NAS. An information disclosure vulnerability exists in the TerraMaster F2-210. An attacker can exploit this vulnerability to download backup files from terramasterTNAS-00E43Aconfigbackup.bin without permission...

Joomla FPSS Art Frontpage Slideshow 1.6.0 Database Disclose / SQL Injection

Exploit Title : Joomla FPSS Art Frontpage Slideshow Components 1.6.0 Database Disclosure / Open Redirection / SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 19/01/2019 Vendor Homepage : artetics.com Software Information Link :...