11 matches found
CVE-2026-43891
changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application...
CVE-2026-40251
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The backup restore subsystem contains an...
EUVD-2026-19771
ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenticated administrators to upload arbitrary files and achieve remote code execution by overwriting Apache .htaccess configuration files. The...
CVE-2025-15545
The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attack...
EUVD-2023-50482
Malicious code in bioql PyPI...
CVE-2025-59337
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixe...
CVE-2025-20344
A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. This vulnerability is due to insufficient validation of the contents of a backup file. An attacker with valid...
Apple iOS和Apple iPadOS 安全漏洞
Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 18.1 and Apple iPadOS version 18.1, which stems from the fact that...
PT-2024-3072 · Cisco · Cisco Ftd +1
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the restore functionality of Cisco ASA and Cisco Firepower Threat Defense Software could all...
Moodle 输入验证错误漏洞
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. a security vulnerability exists in Moodle, which stems from a problem when the software restores backup files. an attacker could...
Dell EMC PowerScale OneFS Backup/Restore Privileges Improperly Implemented Vulnerability
Dell EMC PowerScale OneFS is an API-powered file system. A backup/restore privilege improperly implemented vulnerability exists in Dell EMC PowerScale OneFS 8.1.0-9.1.0. An attacker with the BackupAdmin role could exploit this vulnerability to write data outside of the expected file system...