BIT-MOODLE-2024-43440 Moodle: lfi vulnerability when restoring malformed block backups

A flaw was found in moodle. A local file may include risks when restoring block backups...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization through the archives API endpoint. Site backups can be initiated and subsequently downloaded without any authentication. Since these archives are generated with easily guessable filenames, an unauthenticated attack...

Lazywarden - Automatic Bitwarden Backup

Secure, Automated, and Multi-Cloud Bitwarden Backup and Import System Lazywarden is a Python automation tool designed to Backup and Restore data from your vault, including Bitwarden attachments. It allows you to upload backups to multiple cloud storage services and receive notifications across...

CVE-2025-24221

This issue was addressed with improved data access restriction. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6. Sensitive keychain data may be accessible from an iOS backup...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS and Apple iPadOS that stems from insufficiently restricted data access, which...

Oops! Google accidentally deletes some users’ Maps Timeline data

Google has admitted it accidentally deleted some users' Google Maps Timeline data after a "technical issue". As reported by Forbes on March 11, users started noticing that their Google Maps Timelines had completely disappeared. At the time, we didn't know anything about the cause of this issue...

CVE-2024-12810

The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. This makes it possible for authenticated attackers, wit...

WordPress plugin JobCareer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-9134 · Pwndoc · Pwndoc

Name of the Vulnerable Software and Affected Versions: PwnDoc versions prior to 1.2.0 Description: The issue concerns the backup restore functionality, which is vulnerable to path traversal in the TAR entry's name. This allows an attacker to overwrite any file on the system with their content,...

PT-2025-7672 · Sourcecodester · Sourcecodester Best Employee Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Employee Management System version 1.0 Description: A vulnerability was found in the SourceCodester Best Employee Management System, affecting unknown code of the file /admin/backup/backups.php. This leads to information...

CVE-2024-13555

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the cancelactions function. This makes it possible for...

GatesAir Maxiva 安全漏洞

GatesAir Maxiva is a series of transmitters from GatesAir USA. A security vulnerability exists in the GatesAir Maxiva UAXT, VAXT that stems from incorrect access control, resulting in a serious information disclosure vulnerability in the web-based management interface. An unauthenticated attacker...

CVE-2025-24960 Missing Input validation for filename in backups endpoint in Jellystat

Jellystat is a free and open source Statistics App for Jellyfin. In affected versions Jellystat is directly using a user input in the routes. This can lead to Path Traversal Vulnerabilities. Since this functionality is only for admins, there is very little scope for abuse. However, the DELETE...

CVE-2025-24960 Missing Input validation for filename in backups endpoint in Jellystat

Jellystat is a free and open source Statistics App for Jellyfin. In affected versions Jellystat is directly using a user input in the routes. This can lead to Path Traversal Vulnerabilities. Since this functionality is only for admins, there is very little scope for abuse. However, the DELETE...

CVE-2025-0745

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain the backups of the database by requesting the "/embedai/app/uploads/database/" endpoint...

CVE-2025-0745

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain the backups of the database by requesting the "/embedai/app/uploads/database/" endpoint...

CVE-2025-0745 Improper Access Control vulnerability in EmbedAI

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain the backups of the database by requesting the "/embedai/app/uploads/database/" endpoint...

CVE-2025-0745 Improper Access Control vulnerability in EmbedAI

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain the backups of the database by requesting the "/embedai/app/uploads/database/" endpoint...

CVE-2025-0745

CVE-2025-0745 affects EmbedAI 2.1 and earlier. The issue is inadequate access control that allows an authenticated attacker to retrieve database backups by requesting the endpoint /embedai/app/uploads/database/. This can lead to exposure of sensitive data stored in backups. The connected PT-2025-...

PT-2025-4034 · Embedai · Embedai

Name of the Vulnerable Software and Affected Versions: EmbedAI versions 2.1 and earlier Description: An issue with inadequate access control has been identified, allowing an authenticated attacker to obtain database backups by requesting the "/embedai/app/uploads/database/" endpoint. This endpoin...