1285 matches found
EUVD-2023-58616
Malicious code in bioql PyPI...
EUVD-2022-1606
Malicious code in bioql PyPI...
EUVD-2022-2476
Malicious code in bioql PyPI...
EUVD-2023-27427
Malicious code in bioql PyPI...
EUVD-2025-24681
Malicious code in bioql PyPI...
CVE-2025-10306
The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the processbackupbatch function. This makes it possible for authenticated attackers, with Administrator-level access and above, to download...
PT-2025-40471
The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the process backup batch function. This makes it possible for authenticated attackers, with Administrator-level access and above, to download...
CVE-2025-59337 Discourse: Cross-Site Data Exposure via Backup Restore Metacommand Injection in Multisite Deployments
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixe...
Migration to Unified Veeam Data Cloud FAQ
Below are the most commonly asked questions. What is changing with my Veeam Data Cloud for Microsoft 365 experience? Veeam is transitioning customers to the Veeam Data Cloud Platform, a unified multi-workload interface. This new experience allows you to manage Microsoft 365, Entra ID, Salesforce,...
Arbitrary Code Injection
Craft CMS is vulnerable to Arbitrary Code Injection. The vulnerability is due to inadequate protection of restore functionality because, with a compromised security key and the ability to place an arbitrary file in storage/backups, an attacker can craft a request to /updater/restore-db that...
CVE-2025-10360
In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled t...
CVE-2025-10360
In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled t...
CVE-2025-10360 Insufficiently Protected Credentials in Puppet Enterprise 2025.4 and 2025.5
In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled t...
CVE-2025-10360 Insufficiently Protected Credentials in Puppet Enterprise 2025.4 and 2025.5
In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled t...
CVE-2025-10360
In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled t...
CVE-2025-10360
CVE-2025-10360 affects Puppet Enterprise 2025.4.0 and 2025.5, where the encryption key for the Infra Assistant database was not excluded from files collected by Puppet backup. The key is present only for users with an Infra Assistant license and feature enabled, and it protects the API key for th...
How One Bad Password Ended a 158-Year-Old Business
Most businesses don't make it past their fifth birthday - studies show that roughly 50% of small businesses fail within the first five years. So when KNP Logistics Group formerly Knights of Old celebrated more than a century and a half of operations, it had mastered the art of survival. For 158...
Puppet Enterprise Administration Module(PEADM) 安全漏洞
Puppet Enterprise Administration Module PEADM is an open source Puppet module from Puppet that defines the Bolt program. It is used to automate Puppet Enterprise deployments. A security vulnerability exists in Puppet Enterprise Administration Module PEADM versions 2025.4.0 and 2025.5, which stems...
PT-2025-39287
Name of the Vulnerable Software and Affected Versions Puppet Enterprise versions 2025.4.0 through 2025.5 Description The encryption key for the Infra Assistant database was not excluded from Puppet backups in Puppet Enterprise. This key is only present if a Puppet Enterprise Advanced license is...
Akira Ransomware Group Utilizing SonicWall Devices for Initial Access
Latest update – September 18, 2025 On September 17, 2025, SonicWall disclosed a security breach affecting all SonicWall customers with MySonicWall.com cloud backups enabled. The firm detected suspicious activity targeting MySonicWall.com, through which threat actors were able to access backup...