15 matches found
GHSA-67WX-R9XR-X75X Incus has Unbounded YAML Metadata Decode via Parsing
Summary User provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for an authenticated user to provide a crafted image or backup tarball that when parsed by Incus would lead to a very large YAML document being loaded int...
PT-2026-37138
Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Incus is a system container and virtual machine manager. An authenticated user can provide a specially crafted image or backup tarball containing a very large YAML document. Because the software unpack...
CVE-2026-34563
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when handling backup uploads and processing backup metadata. An...
EUVD-2026-18075
CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS...
CVE-2026-34563
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when handling backup uploads and processing backup metadata. An...
CI4MS 跨站脚本漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of backup uploads and backup metadata, which led to incorrect cleaning of user input. As a...
PT-2026-29628
Name of the Vulnerable Software and Affected Versions: CI4MS versions prior to 0.31.0.0 Description: The application does not properly sanitize user-controlled input when handling backup uploads and processing backup metadata. An attacker can inject a malicious JavaScript payload into the backup...
CVE-2026-33133
WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator...
PT-2026-22121
Name of the Vulnerable Software and Affected Versions Worry Proof Backup versions up to and including 0.2.4 Description The Worry Proof Backup plugin for WordPress is susceptible to a path traversal issue in all versions up to and including 0.2.4 through the backup upload functionality...
EUVD-2024-42723
Malicious code in bioql PyPI...
CVE-2024-47519
Backup uploads to ETM subject to man-in-the-middle interception...
CVE-2024-47519 Backup uploads to ETM subject to man-in-the-middle interception
Backup uploads to ETM subject to man-in-the-middle interception...
CVE-2024-47519
CVE-2024-47519 is tied to Arista Edge Threat Management – Arista NG Firewall: backup uploads to ETM can be intercepted via a man-in-the-middle. The advisory details the affected product family and versions (NGFW/ETM, 17.1.1 and prior) and provides explicit remediation guidance. The root cause is ...
PT-2025-2770
Name of the Vulnerable Software and Affected Versions: ETM affected versions not specified Description: The issue concerns a man-in-the-middle vulnerability in ETM backup uploads. This allows an attacker to intercept backup uploads to ETM. Recommendations: At the moment, there is no information...
PT-2024-5088 · Siemens · Sinema Remote Connect Server
Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.2 SP1 Description: A vulnerability has been identified that allows an attacker to create a user with administrative privileges. This issue is related to insecure privilege management and the...