Lucene search
K

782 matches found

Nuclei
Nuclei
added 18 hours ago41 views

WordPress WP Clone <= 2.4.2 - Database Backup Exposure

Clone WordPress plugin 2.4.3 contains a buffer overflow caused by storing in-progress backup information in publicly accessible buffer files at a static file path, letting attackers access sensitive backup data, exploit requires no special privileges id: CVE-2023-6750 info: name: WordPress WP Clo...

7.5CVSS7.1AI score0.01961EPSS
Exploits2References3
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42527

The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.22.26 via the downloadrecentdecryptedfilewptc. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-8996

The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.22.26 via the downloadrecentdecryptedfilewptc. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References9
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-42145 Coolify: File Upload Without Type or Size Validation in Database Backup Restore

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the file upload endpoint app/Http/Controllers/UploadController.php for database backup restore uploads did not enforce file type or size validation, allowing an authenticat...

3.1CVSS0.0025EPSS
Exploits0References4
CVE
CVE
added 6 days ago17 views

CVE-2026-42145

CVE-2026-42145 —Coolify prior to 4.0.0-beta.474 has a vulnerable file upload endpoint (app/Http/Controllers/UploadController.php) for database backup restores that did not enforce file type or size validation. An authenticated user could upload unexpected or oversized files, potentially impacting...

3.1CVSS5.9AI score0.0025EPSS
Exploits0References4
OSV
OSV
added 6 days ago3 views

CVE-2026-42145 Coolify: File Upload Without Type or Size Validation in Database Backup Restore

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the file upload endpoint app/Http/Controllers/UploadController.php for database backup restore uploads did not enforce file type or size validation, allowing an authenticat...

3.1CVSS5.9AI score0.0025EPSS
Exploits0References6
NVD
NVD
added 2026/07/02 10:16 a.m.7 views

CVE-2026-9834

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...

7.2CVSS0.01588EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/02 8:33 a.m.6 views

EUVD-2026-41262

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...

7.2CVSS6.3AI score0.01588EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/07/01 12:0 a.m.5 views

WordPress WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin <= 7.11 - Authenticated (Administrator+) OS Command Injection vulnerability

Authenticated Administrator+ OS Command Injection vulnerability discovered by Irwan Kusuma - wanjay in WordPress Plugin WP Database Backup versions = 7.11...

7.2CVSS5.8AI score0.01588EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/15 9:30 p.m.9 views

EUVD-2026-36792

Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality by exploiting a shared cryptographic key between UCenter integration and the databa...

9.3CVSS5.6AI score0.0135EPSS
Exploits3References5
NVD
NVD
added 2026/06/15 8:16 p.m.10 views

CVE-2026-49952

Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality by exploiting a shared cryptographic key between UCenter integration and the databa...

9.3CVSS0.0135EPSS
Exploits3References5
Vulnrichment
Vulnrichment
added 2026/06/15 6:43 p.m.8 views

CVE-2026-49952 Discuz! X5.0 Authentication Bypass via dbbak.php Encryption Oracle

Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality by exploiting a shared cryptographic key between UCenter integration and the databa...

9.3CVSS5.6AI score0.0135EPSS
Exploits3References4
Cvelist
Cvelist
added 2026/06/15 6:43 p.m.47 views

CVE-2026-49952 Discuz! X5.0 Authentication Bypass via dbbak.php Encryption Oracle

Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality by exploiting a shared cryptographic key between UCenter integration and the databa...

9.3CVSS0.0135EPSS
Exploits3References4
CVE
CVE
added 2026/06/15 6:43 p.m.28 views

CVE-2026-49952

Discuz! X5.0 (versions 20260320–20260501) contains an authentication bypass vulnerability in which an attacker can abuse a shared cryptographic key between UCenter integration and the dbbak.php database backup API. By injecting a crafted payload via the login username, an encryption-oracle path i...

9.3CVSS5.6AI score0.0135EPSS
Exploits3References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.20 views

PT-2026-49307

Name of the Vulnerable Software and Affected Versions Discuz! X5.0 versions 20260320 through 20260501 Description An authentication bypass allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality. This is possible due to a shared cryptograph...

9.3CVSS5.5AI score0.0135EPSS
Exploits3References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.16 views

CVE-2026-6000

A vulnerability was found in code-projects Online Library Management System 1.0. Affected is an unknown function of the file /sql/library.sql of the component SQL Database Backup File Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The...

5.3CVSS5.2AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.12 views

CVE-2026-4029

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to...

7.5CVSS5.5AI score0.0041EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.13 views

CVE-2026-4030

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...

8.1CVSS5.5AI score0.00464EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.12 views

CVE-2026-4031

The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.5.2. This is due to the plugin not restricting access to the wpdbtempdir parameter, which controls where database backups are written. This makes it possible for...

7.5CVSS5.4AI score0.00488EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 1:16 p.m.12 views

CVE-2026-4030

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...

8.1CVSS0.00464EPSS
Exploits0References6
Rows per page
Query Builder