CVE-2025-54417

CVE-2025-54417 affects Craft CMS: versions 4.13.8–4.16.2 and 5.5.8–5.8.3 contain a bypass of CVE-2025-23209, requiring a compromised security key and ability to create a file under Craft’s /storage/backups. Under these conditions, a crafted request to /updater/restore-db could trigger remote code...

CVE-2025-54417 Craft contains a theoretical bypass for CVE-2025-23209

Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerability, the project must meet these...

Arbitrary Code Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Arbitrary Code Injection via the /updater/restore-db endpoint. An attacker can execute arbitrary code by crafting a malicious request after obtaining a compromised security key and creating a...

Craft CMS has a theoretical bypass for CVE-2025-23209

Pre-requisites: Have a compromised security key https://craftcms.com/knowledge-base/securing-craftkeep-your-secrets-secret Somehow, manage to create an arbitrary file in Craft’s /storage/backups folder. With those two pieces in place, you could create a specific, malicious request to the...

GHSA-2VCF-QXV3-2MGW Craft CMS has a theoretical bypass for CVE-2025-23209

Pre-requisites: Have a compromised security key https://craftcms.com/knowledge-base/securing-craftkeep-your-secrets-secret Somehow, manage to create an arbitrary file in Craft’s /storage/backups folder. With those two pieces in place, you could create a specific, malicious request to the...

PT-2025-32419 · Craft · Craft

Name of the Vulnerable Software and Affected Versions: Craft versions 4.13.8 through 4.16.2 Craft versions 5.5.8 through 5.8.3 Description: Craft is a platform for creating digital experiences. A vulnerability exists that allows bypassing security measures, potentially leading to remote code...

SharePoint Sites May Not Be Displayed When Browsing Backups

Challenge When browsing backups or backup copies, SharePoint root sites and their subsites may not be visible. Cause If a backed-up SharePoint subsite is moved between repositories using the Move-VBOEntityData cmdlet, or removed from a repository using the Remove-VBOEntityData cmdlet, the metadat...

CVE-2025-51651

An authenticated arbitrary file download vulnerability in the component /admin/Backups.php of Mccms v2.7.0 allows attackers to download arbitrary files via a crafted GET request...

mccms 安全漏洞

mccms Man City CMS is a rapid website builder system by the individual developer of China Smokey River South chshcms. A security vulnerability exists in mccms version v2.7.0, which originates from the presence of an authenticated arbitrary file download in component /admin/Backups.php, which may...

CVE-2025-3771

A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin local user to overwrite system files with SIR backup files, which can potentially cause a system crash. This was achieved by adding a malicious entry to the registry under the...

Search Best Practices in Veeam Data Cloud for Microsoft 365

New Search Experience for Veeam Data Cloud for Microsoft 365 We are excited to announce the initial rollout of our new search feature, designed to significantly improve the speed and efficiency of your search experience. The new search supports deleted item recovery and restore point search witho...

CVE-2025-49200 Unencrypted backup contains sensitive information

The created backup files are unencrypted, making the application vulnerable for gathering sensitive information by downloading and decompressing the backup files...

SICK Field Analytics和SICK Media Server 信息泄露漏洞

SICK Field Analytics and SICK Media Server are both products of SICK GmbH, Germany.SICK Field Analytics is software for evaluating manufacturing data.SICK Media Server is a media server. A security vulnerability exists in SICK Field Analytics and SICK Media Server that stems from unencrypted back...

Updated Guidance on Play Ransomware

CISA, the Federal Bureau of Investigation FBI, and the Australian Signals Directorate’s Australian Cyber Security Centre ASD’s ACSC have issued an updated advisory on Play ransomware, also known as Playcrypt. This advisory highlights new tactics, techniques, and procedures used by the Play...

CVE-2025-5328

A vulnerability was found in chshcms mccms 2.7. It has been declared as critical. This vulnerability affects the function restoredel of the file /sys/apps/controllers/admin/Backups.php. The manipulation of the argument dirs leads to path traversal. The attack can be initiated remotely. The exploi...

CVE-2025-5328 chshcms mccms Backups.php restore_del path traversal

A vulnerability was found in chshcms mccms 2.7. It has been declared as critical. This vulnerability affects the function restoredel of the file /sys/apps/controllers/admin/Backups.php. The manipulation of the argument dirs leads to path traversal. The attack can be initiated remotely. The exploi...

mccms 路径遍历漏洞

mccms diffuse city CMS is a rapid website building system for individual developers of China Smokey River South chshcms. A path traversal vulnerability exists in version 2.7 of mccms, which stems from a path traversal caused by incorrect operation of the parameter dirs in the file...

The vulnerability of the Backup Plus (ns_backup) extension of the TYPO3 content management system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Backup Plus nsbackup extension of the TYPO3 content management system is related to errors in the access control for saved backup files and configurations. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

Strengthening Cybersecurity Resilience in Agriculture through Educational Interventions: a Case Study of the Ponca Tribe of Nebraska

The increasing digitization of agricultural operations has introduced new cybersecurity challenges for the farming community. This paper introduces an educational intervention called Cybersecurity Improvement Initiative for Agriculture CIIA, which aims to strengthen cybersecurity awareness and...

CVE-2024-47948

In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups...