7 matches found
CVE-2026-23482 Blinko: Unauthorized Arbitrary File Read - /api/file/temp
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the file server endpoint does not perform permission checks on the temp/ path and does not filter path traversal sequences, allowing unauthorized attackers to read arbitrary files on the server. When scheduled backup tasks...
CVE-2020-36887
SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information...
CVE-2020-36887
SpinetiX Fusion Digital Signage 3.4.8 has an unauthenticated information disclosure vulnerability in the database backup directory. The /content/files/backups/ endpoint can be accessed to download sensitive backup files containing user credentials and system information. Exploitation details are ...
EUVD-2024-26939
Malicious code in bioql PyPI...
Replify-Messenger 安全漏洞
Replify-Messenger is a text messenger with tons of features by Vidit Gupta Personal Developer. A security vulnerability exists in Replify-Messenger version 1.0, which stems from some unknown handling in the presence of androidmanifest.xml in the component Backup File Handler, leading to the...
Weather app security breach
Weather app is a weather forecasting app. A security vulnerability exists in Weather app version 1.0.0. An attacker exploited the vulnerability to cause backup files to be exposed to unauthorized control...
PT-2023-29736 · Zkteco · Zkteco Zem800
Name of the Vulnerable Software and Affected Versions: ZKTeco ZEM800 version 6.60 Description: An IDOR vulnerability has been found in the ZKTeco ZEM800 product. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or...