CVE-2022-49036

Synology Active Backup for Business Recovery Media Creator (before version 2.5.0-2081) is affected by an OpenSSL configuration vulnerability described as an inclusion of functionality from untrusted control sphere, enabling local users to execute arbitrary code via unspecified vectors. Affected c...

Signal users targeted in backup-stealing phishing attacks

A new phishing campaign is targeting Signal users by attempting to steal their backup recovery keys to access encrypted message archives. The attack is initiated by a text message pretending to come from Signal Support. “Action Required: Data Recovery Needed Your Signal account data message and...

CVE-2026-40309

CVE-2026-40309 : Masa CMS (fork of Mura CMS) contains a CSRF flaw in the trash management path. In versions up to 7.5.2, cTrash.empty does not validate anti-CSRF tokens, allowing an authenticated administrator to be tricked into submitting a forged request that permanently deletes all trashed con...

EUVD-2026-28156

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.empty function does not validate anti-CSRF tokens for trash management requests. An attacker can induce a logged-in administrator to submit a forged request that empties the trash and permanent...

CVE-2025-32991

In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution...

PT-2026-27778

Name of the Vulnerable Software and Affected Versions N2WS Backup & Recovery versions prior to 4.4.0 Description A two-step attack against the RESTful API can lead to remote code execution. The attack targets the API, potentially allowing an attacker to execute arbitrary code on the system. The A...

Veeam Backup And Recovery 安全漏洞

Veeam Backup and Recovery is a data backup, recovery, and replication software developed by the American company Veeam. Veeam Backup and Recovery has a security vulnerability that stems from allowing local privilege escalation on Windows-based servers...

CVE-2023-45498

VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain a command injection vulnerability...

CVE-2023-45499

VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain hardcoded credentials...

CVE-2023-40377

Backup, Recovery, and Media Services BRMS for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263583...

EUVD-2024-20425

Malicious code in bioql PyPI...

CVE-2025-53473

Server-side request forgery SSRF vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers...

CVE-2025-53473

CVE-2025-53473 is a server-side request forgery (SSRF) vulnerability reported in Nimesa Backup and Recovery. Public sources identify multiple affected branches and versions, including: - prior to v3.0.2025062305, - v2.3, and - v2.4, with the risk of unintended requests being sent to internal serv...

PT-2025-28128 · Nimesa · Nimesa Backup/Recovery

Name of the Vulnerable Software and Affected Versions: Nimesa Backup and Recovery versions 2.3 through 2.4 Description: An OS command injection issue exists, allowing arbitrary OS commands to be executed on the server where the product is running if exploited. Recommendations: For versions 2.3 an...

Nimesa Backup and Recovery 代码问题漏洞

Nimesa Backup and Recovery is a data backup and recovery software from Nimesa India. Nimesa Backup and Recovery suffers from a code issue vulnerability that stems from vulnerability to a server-side request forgery attack that could send unexpected requests to an internal server...

Security Bulletin: IBM Backup, Recovery and Media Services for i is vulnerable to a user gaining elevated privileges due to an unqualified library call [CVE-2025-33108]

Summary IBM Backup, Recovery, and Media Services is vulnerable to allowing a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call. A malicious actor could cause user-controlled code to run with component access to the host operatin...

CVE-2025-33108

IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call made by a BRMS program. A malicious actor could cause user-controlled code to run with component access to...

CVE-2025-33108

CVE-2025-33108 affects IBM Backup, Recovery and Media Services for i versions 7.4 and 7.5. A BRMS program calling an unqualified library can allow a user with the capability to compile or restore a program to execute user-controlled code with host OS component access, enabling elevated privileges...

CVE-2025-33108 IBM Backup Recovery and Media Services for i code execution

IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call made by a BRMS program. A malicious actor could cause user-controlled code to run with component access to...

CVE-2025-33108 IBM Backup Recovery and Media Services for i code execution

IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call made by a BRMS program. A malicious actor could cause user-controlled code to run with component access to...