CVE-2025-66171 Apache CloudStack: Any user can create a new VM from backups they should not have access to

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can create new VMs using backups of any other user of the...

Apache CloudStack 安全漏洞

Apache CloudStack is an IaaS cloud computing platform developed by the Apache Foundation in the United States. This platform is primarily used for deploying and managing large-scale virtual machine networks. Versions 4.21.0.0 and 4.22.0.0 of Apache CloudStack contain security vulnerabilities. The...

CVE-2025-21078

Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications...

CVE-2025-21078

CVE-2025-21078 affects Samsung Smart Switch prior to version 3.7.68.6. The root cause is the use of an insufficiently random value for the secretKey, which could allow adjacent attackers to access application backups. Public sources in the connected documents consistently describe this impact and...

CVE-2025-21060

CVE-2025-21060 affects Samsung Smart Switch prior to version 3.7.67.2, where cleartext storage of sensitive information in backups allows local attackers to access application backup data after user interaction triggers the vulnerability. The underlying issue is the storage of backup data in clea...

EUVD-2023-58616

Malicious code in bioql PyPI...

Thales Luna EFT 安全漏洞

Thales Luna EFT is a high-security hardware security module from Thales France designed specifically for financial transactions and payment processing. A security vulnerability exists in Thales Luna EFT version 2.1, which stems from a network transport using AES KHT that allows a user to access...

CVE-2023-5808

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative...

Vulnerability fixed in Veritas NetBackup Snapshot Manager

Veritas has fixed a vulnerability in NetBackup Snapshot Manager. Due to a flaw in the way client certificates are processed, it is possible for a malicious party to access backups and restores for which the malicious party is not authorized. This allows the malicious party to gain access to...

CVE-2022-32929

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 15.7 and iPadOS 15.7, iOS 16.1 and iPadOS 16. An app may be able to access iOS backups...

PT-2022-21587 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 15.7.1 iPadOS versions prior to 15.7.1 iOS versions prior to 16.1 iPadOS versions prior to 16.1 Description: A permissions issue was addressed with additional restrictions. This issue allows an app to access iOS backups...

X-STREAM enhanced XEGP Authorization Issues Vulnerability

The Emerson Rosemount X-STREAM Gas Analyzer is an Emerson gas analyzer for industrial environments. The device supports up to five component gas analyzers and features NDIR/UV/VIS photometry, paramagnetic and electrochemical O2, thermal conductivity and humidity sensors. X-STREAM enhanced XEGP Al...

CVE-2020-7912

In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups...

Reddit Hacked – Emails, Passwords, Private Messages Stolen

Another day, another significant data breach. This time the victim is Reddit... seems someone is really pissed off with Reddit's account ban policy or bias moderators. Reddit social media network today announced that it suffered a security breach in June that exposed some of its users' data,...

CVE-2017-7079

An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups written by iTunes via a crafted app...

Eaton xComfort Ethernet Communication Interface (ECI) Information Disclosure Vulnerability

The xComfort Ethernet Communication Interface ECI is a building automation system. An information disclosure vulnerability exists in Eaton xComfort Ethernet Communication Interface ECI versions 1.07 and earlier, which can be exploited by remote attackers to access backup files and system logs...

DEBIAN-CVE-2009-3041

SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for 1 ecrire/exec/install.php and 2 ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009...