CVE-2026-33026 nginx-ui Backup Restore Allows Tampering with Encrypted Backups

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. This issue has been patched in version 2.3.4...

CVE-2026-33026

The connected advisory GHSA-FHH2-GG7W-GWPQ describes a vulnerability in nginx-ui (application version v2.3.3 ) where the backup/restore mechanism is vulnerable to tampering. The backup format encrypts files and stores hashes encrypted with the same key given to the client, creating a circular tru...

EUVD-2026-17194

nginx-ui Backup Restore Allows Tampering with Encrypted Backups...

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value through the Restore process in internal/backup/restore.go and internal/backup/manifest.go. An attacker can inject malicious configuration and gain arbitrary command execution by tampering wit...

GHSA-FHH2-GG7W-GWPQ nginx-ui Backup Restore Allows Tampering with Encrypted Backups

Summary The nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. Details The backup format lacks a trusted integrity root. Although files are encrypted, the encryption key and IV are provided to the clie...

Nginx UI 安全漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.4 contained security vulnerabilities. These vulnerabilities stemmed from the backup and restoration mechanism, which allowed attackers to tamper with encrypted backup archives and inject malicious...

PT-2026-29103

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.4 Description Nginx UI, a web user interface for the Nginx web server, contains a flaw in its backup restore mechanism. Prior to version 2.3.4, attackers can manipulate encrypted backup archives and inject...

nginx-ui Backup Restore Allows Tampering with Encrypted Backups

The nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration...

ShinyHunters Walk Away from BreachForums, Leak 300,000-User Database

ShinyHunters leaves BreachForums, leaks data of 300,000 users, warns all active domains are fake, and threatens more leaks from forum backups...

CVE-2026-33743

A flaw was found in Incus, a system container and virtual machine manager. A user with access to Incus' storage bucket feature can exploit this vulnerability by using a specially crafted storage bucket backup. This can cause the Incus daemon to crash, leading to a denial of service of the control...

CVE-2026-31850

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other...

CVE-2026-22203

wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. Attackers can obtain exported files containing plaintext API secrets like fbAppSecret, googleClientSecret, twitterAppSecret...

CVE-2026-33133

WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator...

Incus 安全漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 6.23.0 contained security vulnerabilities; these vulnerabilities stemmed from the exploitation of specially crafted bucket backups, which could lead to denial-of-service attacks...

Exploit for CVE-2026-3584

CVE-2026-3584 – WordPress Kali Forms 10000 e 'PHP Version'...

EUVD-2026-14533

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the file server endpoint does not perform permission checks on the temp/ path and does not filter path traversal sequences, allowing unauthorized attackers to read arbitrary files on the server. When scheduled backup tasks...

EUVD-2026-14419

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files...

CVE-2026-31850

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other...

CVE-2026-31850 Plaintext Storage of Credentials in Configuration Backup in Nexxt Nebula 300+

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other...

CVE-2026-31850 Plaintext Storage of Credentials in Configuration Backup in Nexxt Nebula 300+

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other...