CVE-2025-51818

MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an attacker to execute arbitrary commands...

PT-2025-34217 · Mccms · Mccms

Name of the Vulnerable Software and Affected Versions: MCCMS version 2.7.0 Description: MCCMS version 2.7.0 is susceptible to arbitrary file deletion via the Backups.php component. This allows an attacker to execute arbitrary commands. Recommendations: At the moment, there is no information about...

PT-2025-34192 · Undefined · Undefined

New vulnerabilities in Workhorse Software threaten sensitive data in cities and towns across Wisconsin. Key Points: - Two serious vulnerabilities discovered in Workhorse Software's accounting application. - Vulnerabilities expose sensitive personally identifiable information PII stored in the...

File-Level Recovery (FLR) in Veeam Kasten for Kubernetes

Purpose This article documents how to perform enterprise-grade protection and granular recovery of Kubernetes workloads using Veeam Kasten for Kubernetes integrated with Veeam Backup & Replication VBR. It provides step-by-step guidance on creating backup policies, exporting backups to VBR, and...

Workhorse Software Services, Inc. software prior to version 1.9.4.48019, default deployment is vulnerable to multiple issues.

Overview Workhorse Software Services, Inc municipal accounting software prior to version 1.9.4.48019 contains design flaws that could allow unauthorized access to sensitive data and facilitate data exfiltration. Specifically, database connection information is stored in plaintext alongside the...

CVE-2025-48862

Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if available in the backup - is encrypted, while the backup file itself remains unencrypted...

CVE-2025-48860

A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated low privileged attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup archive, the attacker may have been able to acce...

CVE-2025-50862

The Lotus Cars Android app com.lotus.carsdomestic.intl 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a risk of user data exposure...

Malicious code in @clickhouse-team/clickhouse-backups-plugin (npm)

The package @clickhouse-team/clickhouse-backups-plugin was found to contain malicious code...

MAL-2025-7129 Malicious code in @clickhouse-team/clickhouse-backups-plugin (npm)

The package @clickhouse-team/clickhouse-backups-plugin was found to contain malicious code...

CVE-2025-38745

Dell OpenManage Enterprise (versions 3.10, 4.0, 4.1, 4.2) contains an Insertion of Sensitive Information into Log File vulnerability in the Backup and Restore functionality. A low-privileged attacker with remote access could potentially exploit this to cause Information exposure. Connected source...

CVE-2025-48860

A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated low privileged attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup archive, the attacker may have been able to acce...

CVE-2025-48860

A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated low privileged attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup archive, the attacker may have been able to acce...

PT-2025-33138 · Ctrlx Os · Ctrlx Os

Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the web application of the ctrlX OS setup mechanism allowed an authenticated attacker with low privileges to gain remote access to backup archives created by a user with...

CVE-2025-50862

The Lotus Cars Android app com.lotus.carsdomestic.intl 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a risk of user data exposure...

PT-2025-33410 · Lotus Cars · Lotus Cars Android App

Name of the Vulnerable Software and Affected Versions: Lotus Cars Android app com.lotus.carsdomestic.intl version 1.2.8 Description: The Lotus Cars Android app allows data exfiltration via ADB backup on rooted or debug-enabled devices due to the allowBackup=true flag being set in its manifest. Th...

CVE-2025-54417

Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerability, the project must meet these...

CVE-2025-54417

Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerability, the project must meet these...

CVE-2025-54417

CVE-2025-54417 affects Craft CMS: versions 4.13.8–4.16.2 and 5.5.8–5.8.3 contain a bypass of CVE-2025-23209, requiring a compromised security key and ability to create a file under Craft’s /storage/backups. Under these conditions, a crafted request to /updater/restore-db could trigger remote code...

CVE-2025-54417 Craft contains a theoretical bypass for CVE-2025-23209

Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerability, the project must meet these...