CVE-2025-68456

CVE-2025-68456 affects Craft CMS versions 5.0.0-RC1–5.8.20 and 3.0.0–4.16.16, where unauthenticated users can trigger database backup operations via the admin action path updater/backup. The underlying issue is exposed across all updater actions configured for anonymous access, enabling a backup ...

CVE-2025-68456 Unauthenticated Craft CMS users can trigger a database backup

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger database backup operations via specific admin actions, potentially leading to resource exhaustion or information disclosure. Users should update ...

Allocation of Resources Without Limits or Throttling

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling over the /admin/actions/updater/backup endpoint. An unauthenticated user can cause resource exhaustion or access sensitive backup files by...

GHSA-V64R-7WG9-23PR Unauthenticated Craft CMS users can trigger a database backup

Unauthenticated users can trigger database backup operations the updater/backup action, potentially leading to resource exhaustion or information disclosure. Users should update to the patched versions 5.8.21 and 4.16.17 to mitigate the issue. Craft 3 users should update to the latest Craft 4 and...

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for resources such as networks, systems and applications. A security vulnerability exists in Centreon versions prior to 25.10.2, prior to 24.10.15, and prior to...

PT-2026-1193

Name of the Vulnerable Software and Affected Versions Craft versions 5.0.0-RC1 through 5.8.20 Craft versions 3.0.0 through 4.16.16 Description Unauthenticated users can initiate database backup operations through certain administrative actions. This could lead to resource exhaustion or informatio...

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ versions prior to 4.0.16, which originates from an unauthenticated attacker who can trigger the generation of configuration backups, potentially...

CVE-2025-36192

IBM DS8A00 R10.1 10.10.106.0 and IBM DS8A00 R10.0 10.1.3.010.2.45.0 and IBM DS8900F R9.4 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW update permissions to delete or corrupt backups due to missing authorization in IBM Safeguarded Copy / GDPS...

CVE-2025-36192

IBM DS8A00 R10.1 10.10.106.0 and IBM DS8A00 R10.0 10.1.3.010.2.45.0 and IBM DS8900F R9.4 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW update permissions to delete or corrupt backups due to missing authorization in IBM Safeguarded Copy / GDPS...

CVE-2025-36192 Missing Authorization with the DS8900F and DS8A00 Hardware Management Console

IBM DS8A00 R10.1 10.10.106.0 and IBM DS8A00 R10.0 10.1.3.010.2.45.0 and IBM DS8900F R9.4 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW update permissions to delete or corrupt backups due to missing authorization in IBM Safeguarded Copy / GDPS...

PT-2025-53585

Name of the Vulnerable Software and Affected Versions IBM DS8A00 versions 10.10.106.0 IBM DS8A00 versions 10.1.3.010.2.45.0 IBM DS8900F versions 89.40.83.089.42.18.089.44.5.0 Description IBM System Storage DS8000 may allow a local user with authorized CCW update permissions to delete or corrupt...

IBM DS8A00和IBM DS8900F 安全漏洞

The IBM DS8A00 and IBM DS8900F are both an enterprise storage system from International Business Machines IBM. A security vulnerability exists in IBM DS8A00 version R10.1 10.10.106.0 and IBM DS8900F version R9.4 89.40.83.089.42.18.089.44.5.0, which stems from a vulnerability in the IBM Safeguarde...

LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds

The encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master passwords to crack them open and drain cryptocurrency assets as recently as late 2025, according to new findings from TRM Labs. The blockchain intelligence firm said...

CVE-2025-68462

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...

EUVD-2025-204034

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...

CVE-2025-68462

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...

CVE-2025-68462

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...

UBUNTU-CVE-2025-68462

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...

CVE-2025-68462

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...

CVE-2025-68462

CVE-2025-68462 affects Freedombox prior to 25.17.1. The vulnerability arises from improper permissions on the backups-data directory, which can allow reading of database dump files stored there. The CVSS baseline indicates a local attack with high complexity and no privileges required, yielding a...