Lucene search
K

7 matches found

OSV
OSV
added 2026/03/23 8:25 p.m.2 views

CVE-2026-23482 Blinko: Unauthorized Arbitrary File Read - /api/file/temp

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the file server endpoint does not perform permission checks on the temp/ path and does not filter path traversal sequences, allowing unauthorized attackers to read arbitrary files on the server. When scheduled backup tasks...

8.2CVSS6AI score0.01523EPSS
Exploits0References5
NVD
NVD
added 2025/12/10 9:16 p.m.6 views

CVE-2020-36887

SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information...

8.7CVSS0.00352EPSS
Exploits1References4
CVE
CVE
added 2025/12/10 8:49 p.m.14 views

CVE-2020-36887

SpinetiX Fusion Digital Signage 3.4.8 has an unauthenticated information disclosure vulnerability in the database backup directory. The /content/files/backups/ endpoint can be accessed to download sensitive backup files containing user credentials and system information. Exploitation details are ...

8.7CVSS6AI score0.00352EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-26939

Malicious code in bioql PyPI...

6.8CVSS6.6AI score0.00411EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/01 12:0 a.m.5 views

Replify-Messenger 安全漏洞

Replify-Messenger is a text messenger with tons of features by Vidit Gupta Personal Developer. A security vulnerability exists in Replify-Messenger version 1.0, which stems from some unknown handling in the presence of androidmanifest.xml in the component Backup File Handler, leading to the...

2.4CVSS4.3AI score0.00267EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/03/17 12:0 a.m.4 views

Weather app security breach

Weather app is a weather forecasting app. A security vulnerability exists in Weather app version 1.0.0. An attacker exploited the vulnerability to cause backup files to be exposed to unauthorized control...

1.8CVSS6.6AI score0.00213EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/09/04 12:0 a.m.23 views

PT-2023-29736 · Zkteco · Zkteco Zem800

Name of the Vulnerable Software and Affected Versions: ZKTeco ZEM800 version 6.60 Description: An IDOR vulnerability has been found in the ZKTeco ZEM800 product. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or...

8.3CVSS6.7AI score0.00209EPSS
Exploits0References7
Rows per page
Query Builder