Linux Distros Unpatched Vulnerability : CVE-2016-3759

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to read backup data via a crafted application th...

Linux Distros Unpatched Vulnerability : CVE-2024-43437

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting XSS risk from malicious backup file...

Linux Distros Unpatched Vulnerability : CVE-2022-40314

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. CVE-2022-40314 Note that Nessus relies on the presence of t...

CVE-2025-53118

An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM...

WordPress Nifty Backups plugin <= 1.08 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Nifty Backups versions = 1.08...

CVE-2025-58049 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki...

CVE-2025-58049 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki...

CVE-2024-13807

The Xagio SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.1.0.5 via the backup functionality due to weak filename structure and lack of protection in the directory. This makes it possible for unauthenticated attackers to extract...

Linux Distros Unpatched Vulnerability : CVE-2023-41335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be...

SUSE CVE-2023-41335

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities-it already learns the users' passwords as...

CVE-2025-53118

An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM...

CVE-2025-53118 Securden Unified PAM Authentication Bypass

An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM...

CVE-2025-53118

CVE-2025-53118 affects Securden Unified PAM. An unauthenticated attacker can bypass authentication to manipulate administrator backups, risking exposure of passwords, secrets, and session tokens stored by Unified PAM. The issue has been observed in the wild (CIRCL sighting/export data) and was di...

CVE-2025-53118 Securden Unified PAM Authentication Bypass

An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM...

PT-2025-34675 · Unknown · Unified Pam

Name of the Vulnerable Software and Affected Versions: Unified PAM affected versions not specified Description: An authentication bypass allows unauthenticated attackers to control administrator backup functions. Successful exploitation can lead to the compromise of passwords, secrets, and...

CVE-2025-51818

MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an attacker to execute arbitrary commands...

CVE-2025-51818

MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an attacker to execute arbitrary commands...

PT-2025-34193 · Undefined · Undefined

New vulnerabilities in Workhorse Software threaten sensitive data in cities and towns across Wisconsin. Key Points: - Two serious vulnerabilities discovered in Workhorse Software's accounting application. - Vulnerabilities expose sensitive personally identifiable information PII stored in the...

CVE-2025-51818

CVE-2025-51818 affects MCCMS 2.7.0; Backups.php allows arbitrary file deletion and can enable arbitrary command execution. Root cause and affected component are described across multiple sources (e.g., Red Hat, PT Security, NVD). No remediation/version fix details are provided in the connected do...

CVE-2025-51818

MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an attacker to execute arbitrary commands...