PT-2026-29946

nginx-ui Backup Restore Allows Tampering with Encrypted Backups in github.com/0xJacky/Nginx-UI...

GHSA-FHH2-GG7W-GWPQ nginx-ui Backup Restore Allows Tampering with Encrypted Backups

Summary The nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. Details The backup format lacks a trusted integrity root. Although files are encrypted, the encryption key and IV are provided to the clie...

EUVD-2026-17194

nginx-ui Backup Restore Allows Tampering with Encrypted Backups...

nginx-ui Backup Restore Allows Tampering with Encrypted Backups

The nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration...

CVE-2026-25701

CVE-2026-25701 affects sdbootutil and is described as an Insecure Temporary File vulnerability allowing a local user to pre-create directories to access data in /var/lib/pcrlock.d, influence backups under /tmp/pcrlock.d.bak, and potentially overwrite protected files by placing symlinks in the /tm...

CVE-2026-25701

An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: gain access to possible private information found in /var/lib/pcrlock.d manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the...

CVE-2026-25701

An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: gain access to possible private information found in /var/lib/pcrlock.d manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the...

EUVD-2021-9634

Malicious code in bioql PyPI...

EUVD-2023-41119

Malicious code in bioql PyPI...

CVE-2023-37199

A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored...

CVE-2020-35658

SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted...

Schneider Electric StruxureWare Data Center Expert 代码注入漏洞

Schneider Electric StruxureWare Data Center Expert StruxureWare Data Center Management Expert is a monitoring software from the French company Schneider Electric Schneider Electric. Suitable for a variety of organizations to monitor their company-wide power, cooling, security, environment. A code...

Huawei Smartphone 安全漏洞

Huawei Emui is a mobile operating system developed based on Android.Magic Ui is a mobile operating system developed based on Android. An unauthorized file access vulnerability exists in Huawei Emui and Magic UI that originates from a network system or product that does not properly validate...

UBUNTU-CVE-2020-35136

Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilenametemplate parameter to admin/tools/dolibarrexport.php...

Design/Logic Flaw

SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted...

DEBIAN-CVE-2009-3611

common/snapshots.py in Back In Time aka backintime 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared...