CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

37 matches found

CVE-2026-40543

SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases with usernames and password hashes, as well as the config.csv file, which includes additional...

8.8CVSS0.00067EPSS

Exploits0References2

SUSE CVE•added 2026/04/16 11:28 p.m.•2 views

SUSE CVE-2026-33435

Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...

8CVSS6.4AI score0.00114EPSS

Exploits0References3

ATTACKERKB•added 2026/04/15 6:13 p.m.•0 views

CVE-2026-33435

8CVSS6.4AI score0.00114EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/04/15 6:13 p.m.•1 views

CVE-2026-33435 Weblate: Remote code execution during backup restoration

8CVSS6.4AI score0.00114EPSS

Exploits0References2

OSV•added 2026/03/10 6:28 p.m.•2 views

GO-2026-4567 Vitess users can gain unauthorized access to production deployment environments in vitess.io/vitess

Vitess users with backup storage access can gain unauthorized access to production deployment environments in vitess.io/vitess...

9.9CVSS5.8AI score0.00079EPSS

Exploits0References4

OSV•added 2026/02/26 10:50 p.m.•2 views

GHSA-8G8J-R87H-P36X Vitess users with backup storage access can gain unauthorized access to production deployment environments

Impact Any user with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored. This can be used to provide that attacker with unintended/unauthorized access to the production...

8.4CVSS5.9AI score0.00079EPSS

Exploits0References6

OSV•added 2026/02/26 1:49 a.m.•3 views

CVE-2026-27965 Vitess users with backup storage access can gain unauthorized access to production deployment environments

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...

8.4CVSS6.2AI score0.00079EPSS

Exploits0References6

RedhatCVE•added 2026/01/09 10:44 a.m.•13 views

CVE-2022-0633

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download the most recent site & database...

6.5CVSS6.6AI score0.01358EPSS

Exploits3References1

RedhatCVE•added 2026/01/07 9:27 a.m.•4 views

CVE-2019-12564

In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames...

9.8CVSS7.1AI score0.00381EPSS

Exploits1References1

Vulnrichment•added 2025/11/05 5:41 a.m.•2 views

CVE-2025-21078

Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications...

8.8CVSS6.4AI score0.00024EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-3136

Malware in sbrugna...

6.6CVSS6.5AI score0.00015EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2014-4558

Malware in sbrugna...

4.3CVSS6.1AI score0.00143EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2023-58769

Malicious code in bioql PyPI...

7.6CVSS6.7AI score0.05301EPSS

Exploits5References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-1034

Malicious code in bioql PyPI...

4.4CVSS4.9AI score0.00133EPSS

Exploits1References4

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2023-54440

Malicious code in bioql PyPI...

8.3CVSS5.8AI score0.00012EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•10 views

EUVD-2022-15730

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.01358EPSS

Exploits3References4

Tenable Nessus•added 2025/09/10 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2024-6384

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hot backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise...

5.3CVSS6.9AI score0.00213EPSS

Exploits0References2

CNNVD•added 2025/08/14 12:0 a.m.•3 views

Bosch Rexroth ctrlX OS 安全漏洞

Bosch Rexroth ctrlX OS is a Linux-based real-time operating system from Bosch Rexroth, an open control platform designed for industrial automation equipment. A security vulnerability exists in Bosch Rexroth ctrlX OS, which stems from an improperly controlled privilege of the backup mechanism and...

8CVSS6.5AI score0.00057EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:59 p.m.•3 views

CVE-2022-32929

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 15.7 and iPadOS 15.7, iOS 16.1 and iPadOS 16. An app may be able to access iOS backups...

5.5CVSS5.8AI score0.00181EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 7:24 p.m.•6 views

CVE-2021-25059

The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download a full copy of the website...

5.4CVSS6.6AI score0.00409EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by