Lucene search
+L

444 matches found

Vulnrichment
Vulnrichment
added 2026/04/10 1:25 a.m.3 views

CVE-2026-4305 Royal WordPress Backup & Restore Plugin <= 1.0.16 - Reflected Cross-Site Scripting via 'wpr_pending_template' Parameter

The Royal WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wprpendingtemplate' parameter in all versions up to, and including, 1.0.16 due to insufficient input validation. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.9AI score0.00277EPSS
Exploits0References4
CVE
CVE
added 2026/04/10 1:25 a.m.10 views

CVE-2026-4305

The Royal WordPress Backup & Restore Plugin for WordPress is affected (versions up to and including 1.0.16). The issue is a Reflected Cross-Site Scripting vulnerability via the wpr_pending_template parameter caused by insufficient input validation. Unauthenticated attackers could inject arbitrary...

6.1CVSS6.1AI score0.00277EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/08 7:34 p.m.7 views

CVE-2026-35573

ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenticated administrators to upload arbitrary files and achieve remote code execution by overwriting Apache .htaccess configuration files. The...

9.1CVSS6.6AI score0.00765EPSS
Exploits1References1
NVD
NVD
added 2026/04/07 6:16 p.m.9 views

CVE-2026-35573

ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenticated administrators to upload arbitrary files and achieve remote code execution by overwriting Apache .htaccess configuration files. The...

9.1CVSS0.00765EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/07 5:6 p.m.1 views

CVE-2026-35573 ChurchCRM has a Path traversal leads to RCE

ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenticated administrators to upload arbitrary files and achieve remote code execution by overwriting Apache .htaccess configuration files. The...

9.1CVSS6.6AI score0.00765EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/07 5:6 p.m.3 views

CVE-2026-35573

ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenticated administrators to upload arbitrary files and achieve remote code execution by overwriting Apache .htaccess configuration files. The...

9.1CVSS6.6AI score0.00765EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/07 5:6 p.m.7 views

EUVD-2026-19771

ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenticated administrators to upload arbitrary files and achieve remote code execution by overwriting Apache .htaccess configuration files. The...

9.1CVSS6.6AI score0.00765EPSS
Exploits1References1
CVE
CVE
added 2026/04/07 5:6 p.m.18 views

CVE-2026-35573

ChurchCRM contains a path traversal vulnerability in its backup restore functionality (src/ChurchCRM/Backup/RestoreJob.php) that affects versions prior to 6.5.3. The vulnerability arises because the $rawUploadedFile['name'] parameter is user-controlled, allowing authenticated administrators to up...

9.1CVSS6.6AI score0.00765EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/07 5:6 p.m.19 views

CVE-2026-35573 ChurchCRM has a Path traversal leads to RCE

ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenticated administrators to upload arbitrary files and achieve remote code execution by overwriting Apache .htaccess configuration files. The...

9.1CVSS0.00765EPSS
Exploits1References1
OSV
OSV
added 2026/04/07 5:6 p.m.2 views

CVE-2026-35573 ChurchCRM has a Path traversal leads to RCE

ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenticated administrators to upload arbitrary files and achieve remote code execution by overwriting Apache .htaccess configuration files. The...

9.1CVSS6.7AI score0.00765EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.8 views

PT-2026-30940

ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenticated administrators to upload arbitrary files and achieve remote code execution by overwriting Apache .htaccess configuration files. The...

9.1CVSS6.6AI score0.00765EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/04/06 11:24 p.m.7 views

SUSE CVE-2026-33906

Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. A NetworkManager could replace the production database with a tamper...

7.2CVSS5.8AI score0.00388EPSS
Exploits0References3
OSV
OSV
added 2026/04/02 8:44 p.m.4 views

GHSA-P5RH-VMHP-GVCW Dgraph: Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization

The restoreTenant admin mutation is missing from the authorization middleware config admin.go:499-522, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication, restoreTenant executes with zero middleware. This mutation accepts...

10CVSS6AI score0.00452EPSS
Exploits1References5
OSV
OSV
added 2026/04/02 6:42 p.m.6 views

GO-2026-4903 nginx-ui Backup Restore Allows Tampering with Encrypted Backups in github.com/0xJacky/Nginx-UI

nginx-ui Backup Restore Allows Tampering with Encrypted Backups in github.com/0xJacky/Nginx-UI...

9.4CVSS5.9AI score0.00328EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.4 views

PT-2026-29946

nginx-ui Backup Restore Allows Tampering with Encrypted Backups in github.com/0xJacky/Nginx-UI...

5.8AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/31 10:58 p.m.6 views

CVE-2026-33026

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. This issue has been patched in version 2.3.4...

9.4CVSS5.8AI score0.00328EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/03/31 7:30 a.m.6 views

Important: Red Hat Security Advisory: Red Hat OpenShift API for Data Protection

A new version of OpenShift API for Data Protection OADP is now available. OpenShift API for Data Protection OADP enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and...

7.5CVSS7.1AI score0.01945EPSS
Exploits1References4
NVD
NVD
added 2026/03/30 8:16 p.m.12 views

CVE-2026-33026

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. This issue has been patched in version 2.3.4...

9.4CVSS0.00328EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/30 7:26 p.m.2 views

CVE-2026-33026 nginx-ui Backup Restore Allows Tampering with Encrypted Backups

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. This issue has been patched in version 2.3.4...

9.4CVSS5.8AI score0.00328EPSS
Exploits1References2
CVE
CVE
added 2026/03/30 7:26 p.m.18 views

CVE-2026-33026

The connected advisory GHSA-FHH2-GG7W-GWPQ describes a vulnerability in nginx-ui (application version v2.3.3 ) where the backup/restore mechanism is vulnerable to tampering. The backup format encrypts files and stores hashes encrypted with the same key given to the client, creating a circular tru...

9.4CVSS5.8AI score0.00328EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder