Lucene search
K

14413 matches found

EUVD
EUVD
added 2026/06/26 2:52 p.m.3 views

EUVD-2026-39681

Unauthenticated Sensitive Data Exposure in Trinity Backup Backup, Migrate, Restore, Clone & Schedule Backups = 2.0.9 versions...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.30 views

CVE-2026-54839 WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin <= 2.0.9 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Trinity Backup Backup, Migrate, Restore, Clone & Schedule Backups = 2.0.9 versions...

7.5CVSS0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.11 views

CVE-2026-54839

The CVE concerns the WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin, affected

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-53014

Summary Improper validation of user-provided backup compression algorithm leads to argument injection in the constructed command line. This leads to an arbitrary file write on the host, possibly leading to arbitrary command execution. Details Incus validates compression algorithm by parsing it in...

9.9CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.6 views

PT-2026-52843

Name of the Vulnerable Software and Affected Versions LXD versions prior to 6.9 LXD version 5.21 Description A nil-pointer dereference occurs in the CreateCustomVolumeFromBackup function when processing a specially crafted custom-volume backup tarball that omits the expires at snapshot field. An...

6.5CVSS6AI score0.00389EPSS
Exploits1References5
NVD
NVD
added 2026/06/25 5:16 p.m.20 views

CVE-2026-55439

Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint GET...

5.5CVSS0.00337EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 5:16 p.m.13 views

CVE-2026-54040

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can...

7.1CVSS0.0015EPSS
Exploits1References1
NVD
NVD
added 2026/06/25 4:16 p.m.10 views

CVE-2026-54036

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user or attacker with a stolen session even when 2FA is already fully enabled on the account. This endpoint overwrites the existi...

8.1CVSS0.00213EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 3:57 p.m.4 views

EUVD-2026-39465

Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint GET...

5.5CVSS6AI score0.00337EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/25 3:57 p.m.5 views

CVE-2026-55439 Halo: Path Traversal in Backup Download Leads to Arbitrary File Read

Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint GET...

5.5CVSS6AI score0.00337EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 3:57 p.m.29 views

CVE-2026-55439 Halo: Path Traversal in Backup Download Leads to Arbitrary File Read

Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint GET...

5.5CVSS0.00337EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:57 p.m.6 views

CVE-2026-55439

Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint GET...

5.5CVSS6AI score0.00337EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/25 3:57 p.m.8 views

CVE-2026-55439

Halo: Path traversal vulnerability (CVE-2026-55439) in the backup download endpoint allows authenticated administrators to read arbitrary files from the server when upgrading before 2.24.3. The issue arises because the backup filename in GET /apis/console.api.migration.halo.run/v1alpha1/backups/{...

5.5CVSS6AI score0.00337EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:45 p.m.5 views

CVE-2026-54040

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can...

5.9CVSS6AI score0.0015EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/25 3:45 p.m.6 views

EUVD-2026-39456

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can...

5.9CVSS6AI score0.0015EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/25 3:45 p.m.29 views

CVE-2026-54040 LibreChat: 2FA Backup Code Regeneration Without OTP Verification Allows 2FA Bypass

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can...

5.9CVSS0.0015EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 3:45 p.m.13 views

CVE-2026-54040

Summary of CVE-2026-54040 (LibreChat): Before version 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring a valid TOTP token or existing backup code verification. An attacker with a stolen session token can silently replace a victim’s 2F...

7.1CVSS6AI score0.0015EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:39 p.m.7 views

CVE-2026-54036

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user or attacker with a stolen session even when 2FA is already fully enabled on the account. This endpoint overwrites the existi...

5.3CVSS6AI score0.00213EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/25 3:39 p.m.5 views

EUVD-2026-39454

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user or attacker with a stolen session even when 2FA is already fully enabled on the account. This endpoint overwrites the existi...

5.3CVSS6AI score0.00213EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/06/25 8:18 a.m.20 views

Important: Red Hat Security Advisory: Red Hat OpenShift API for Data Protection

A new version of OpenShift API for Data Protection OADP is now available. OpenShift API for Data Protection OADP enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and...

10CVSS6.7AI score0.01557EPSS
Exploits2References13
Rows per page
Query Builder