CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1285 matches found

CNNVD•added 2025/01/14 12:0 a.m.•2 views

Microsoft Windows BitLocker 安全漏洞

Microsoft Windows BitLocker is a Microsoft USA BitLocker ensures secure backup of recovery keys before activating the protection. A security vulnerability exists in Microsoft Windows BitLocker. An attacker could exploit the vulnerability to obtain sensitive information...

4.2CVSS6.4AI score0.01117EPSS

Exploits0References2

CNNVD•added 2025/01/10 12:0 a.m.•7 views

Arista NG Firewall 安全漏洞

Arista NG Firewall is a WEB firewall from Arista Corporation. A security vulnerability exists in Arista NG Firewall, which stems from the vulnerability of backups uploaded to ETM to be intercepted by a man-in-the-middle...

8.3CVSS6.7AI score0.00331EPSS

Exploits0References1

Positive Technologies•added 2025/01/09 12:0 a.m.•2 views

PT-2025-1819 · WordPress · Wp Database Backup

Name of the Vulnerable Software and Affected Versions: WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress versions up to, and including, 7.3 Description: The issue allows unauthenticated attackers to extract sensitive data, including all information store...

7.5CVSS6.9AI score0.00492EPSS

Exploits0References7

CNNVD•added 2024/12/23 12:0 a.m.•4 views

Sharp多款产品安全漏洞

Sharp HR02 and others are products of Sharp Corporation Japan.Sharp HR02 is a home router.Sharp SH-52B is a wireless LAN connectivity station.Sharp SH-54C is a wireless LAN connectivity station. A security vulnerability exists in various Sharp products that stems from improper authentication in t...

5.9CVSS6.2AI score0.00493EPSS

Exploits0References2

NVD•added 2024/12/19 8:15 p.m.•14 views

CVE-2024-53991

Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore::LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...

7.5CVSS0.25431EPSS

Exploits0References1

OSV•added 2024/12/19 7:11 p.m.•2 views

CVE-2024-53991 Potential Backup file leaked via Nginx in Discourse

7.5CVSS6.1AI score0.25431EPSS

Exploits0References3

CNNVD•added 2024/12/12 12:0 a.m.•4 views

Image Access Scan2Net 安全漏洞

Image Access Scan2Net is a scanning software from Image Access, Germany. A security vulnerability exists in Image Access Scan2Net versions 7.40 and earlier, 7.42 and earlier, and 7.42B and earlier, which stems from the application's use of multiple hard-coded credentials to encrypt configuration...

8.4CVSS6.8AI score0.00262EPSS

Exploits0References2

BDU FSTEC•added 2024/12/11 12:0 a.m.•3 views

Vulnerability of the WP Umbrella plugin: Updates, backup restoration, and monitoring of the WordPress content management system, allowing attackers to gain unauthorized access to confidential information or execute arbitrary code.

WP Umbrella plugin’s vulnerability: Updates for backup, restore, and monitoring functions of the WordPress content management system are related to improper handling of file names used by PHP functions like include or require. Exploiting this vulnerability can allow an attacker to gain unauthoriz...

10CVSS8.3AI score0.15043EPSS

Exploits1References4Affected Software1

CNNVD•added 2024/12/10 12:0 a.m.•3 views

Dell Avamar SQL注入漏洞

Dell Avamar is a purpose-built backup application from Dell, Inc. It is designed to provide a conveniently sized, turnkey, affordable, deduplicated backup solution. Dell Avamar suffers from a SQL injection vulnerability that arises from an improper neutralization of special elements used in SQL...

8.8CVSS8.2AI score0.00421EPSS

Exploits0References1

BDU FSTEC•added 2024/12/09 12:0 a.m.•1 views

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series systems arises from improper validation of certain types of input data. This allows attackers to gain access to the project’s backup copies.

The vulnerability of microprogrammed software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series buildings is related to improper validation of certain types of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain...

7.8CVSS7.2AI score0.01468EPSS

Exploits3References2Affected Software4

Veracode•added 2024/12/04 6:32 a.m.•12 views

Local File Inclusion (LFI)

moodle/moodle is vulnerable to Local File Inclusion LFI. The vulnerability is due to inadequate input validation when restoring block backups, which allows an attacker to manipulate the process and potentially include local files, which can lead to exploitation of the system...

7.5CVSS6.4AI score0.00638EPSS

Exploits0References4Affected Software1

Veeam•added 2024/12/03 12:0 a.m.•13 views

How to Update Location Profile Endpoint Details and Preserve Access to an Existing Kopia Storage Repository

Purpose This article documents the correct procedure to update the Endpoint details in the Location Profile for an existing Kopia storage repository in S3-compatible stores and ensure the existing associated repositories remain accessible. Customers may wish to update the Endpoint details e.g.,...

7.2AI score

Exploits0

BDU FSTEC•added 2024/11/25 12:0 a.m.•3 views

The vulnerability in the virtual learning environment Moodle, related to improper restrictions on the path name to a limited catalog, allows a intruder to gain access to confidential data.

The vulnerability in the virtual training environment Moodle is related to the local loading of files during the restoration of incorrect backup copies of modules. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to confidential data...

7.8CVSS5.4AI score0.00638EPSS

Exploits0References3Affected Software2

CNNVD•added 2024/11/15 12:0 a.m.•2 views

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from a security vulnerability that stems from the fact that OAuth2 client secrets are stored in a recoverable manner so that an attacker...

8.2CVSS6.4AI score0.00491EPSS

Exploits0References3

Akamai Blog•added 2024/11/14 2:0 p.m.•4 views

Akamai Managed Database Services: Powered by Aiven

Akamai has partnered with Aiven, a leading global managed database provider, to offer customers a streamlined way to offload the complexities of database setup, configuration, patching, backups, and scaling...

7AI score

Exploits0

OSV•added 2024/11/12 1:15 p.m.•1 views

CVE-2024-46889

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the applicati...

6.9CVSS5.8AI score0.00285EPSS

Exploits0References1

Snyk•added 2024/11/11 12:47 p.m.•2 views

Cross-site Scripting (XSS)

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient sanitization of data during the restore process, from malicious backup files. Details Cross-site scripting or XSS is a code vulnerability that occurs whe...

6.1CVSS5.3AI score0.00338EPSS

Exploits0References2

OSV•added 2024/11/07 5:59 p.m.•7 views

CVE-2024-51993 Password is stored in clear in the database in Combodo iTop

Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their...

3.4CVSS4.4AI score0.0011EPSS

Exploits0References3