CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

774 matches found

Github Security Blog•added 2026/01/05 6:49 p.m.•8 views

Unauthenticated Craft CMS users can trigger a database backup

Unauthenticated users can trigger database backup operations the updater/backup action, potentially leading to resource exhaustion or information disclosure. Users should update to the patched versions 5.8.21 and 4.16.17 to mitigate the issue. Craft 3 users should update to the latest Craft 4 and...

9.1CVSS6.7AI score0.00471EPSS

Exploits1References5Affected Software1

Patchstack•added 2025/12/31 12:0 a.m.•6 views

WordPress WP Database Backup plugin < 5.2 - Unauthenticated OS Command Injection vulnerability

Unauthenticated OS Command Injection vulnerability discovered by WordFence in WordPress Plugin WP Database Backup versions 5.2...

9.8CVSS5.6AI score0.16682EPSS

Exploits1References1Affected Software1

RedhatCVE•added 2025/12/24 10:29 p.m.•3 views

CVE-2025-66209

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Backup functionality allows users with application/service management permissions to execute...

9.9CVSS8.8AI score0.0376EPSS

Exploits1References1

NVD•added 2025/12/23 10:15 p.m.•8 views

CVE-2025-66209

9.9CVSS0.0376EPSS

Exploits1References4

Cvelist•added 2025/12/23 9:42 p.m.•23 views

CVE-2025-66209 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Backup

9.9CVSS0.0376EPSS

Exploits1References4

Vulnrichment•added 2025/12/23 9:42 p.m.•3 views

CVE-2025-66209 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Backup

9.9CVSS8.7AI score0.0376EPSS

Exploits1References4

EUVD•added 2025/12/23 9:42 p.m.•2 views

EUVD-2025-204961

9.4CVSS8.5AI score0.0376EPSS

Exploits1References3

CVE•added 2025/12/23 9:42 p.m.•11 views

CVE-2025-66209

CVE-2025-66209 affects Coolify (open‑source self‑hosted platform for managing servers, apps, and databases). The authenticated command injection vulnerability exists prior to 4.0.0-beta.451 in the Database Backup functionality, where database names are passed to shell commands without sanitizatio...

9.9CVSS8.7AI score0.0376EPSS

Exploits1References4Affected Software1

OSV•added 2025/12/23 9:42 p.m.•2 views

CVE-2025-66209 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Backup

9.9CVSS9AI score0.0376EPSS

Exploits1References6

CNNVD•added 2025/12/23 12:0 a.m.•3 views

Coolify 操作系统命令注入漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. An operating system command injection vulnerability exists in versions prior to Coolify 4.0.0-beta.451, which stems from an uncleaned database name in the Database Backup feature and could lead ...

9.9CVSS7.2AI score0.0376EPSS

Exploits1References4

Positive Technologies•added 2025/12/23 12:0 a.m.•3 views

PT-2025-52851

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.451 Description Coolify is a self-hostable tool for managing servers, applications, and databases. A command injection issue exists in the Database Backup functionality for authenticated users with...

9.9CVSS7.5AI score0.0376EPSS

Exploits1References21

CNNVD•added 2025/12/10 12:0 a.m.•2 views

SpinetiX Fusion Digital Signage 安全漏洞

SpinetiX Fusion Digital Signage is a digital signage software from SpinetiX Switzerland. A security vulnerability exists in SpinetiX Fusion Digital Signage version 3.4.8, which originates from unauthorized access to the database backup directory and could lead to information disclosure...

8.7CVSS6.4AI score0.00352EPSS

Exploits1References4

Positive Technologies•added 2025/12/10 12:0 a.m.•5 views

PT-2025-50511

SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information...

8.7CVSS6.4AI score0.00352EPSS

Exploits1References6

CNNVD•added 2025/11/14 12:0 a.m.•3 views

SourceCodester Simple Online Book Store System 安全漏洞

SourceCodester Simple Online Book Store System is a SourceCodester open source simple online bookstore system. A security vulnerability exists in SourceCodester Simple Online Book Store System, which originates from an unauthenticated HTTP GET request to access a database backup file, potentially...

7.5CVSS6.9AI score0.00484EPSS

Exploits1References4

EUVD•added 2025/10/29 9:30 p.m.•4 views

EUVD-2025-36705

Allegra DatabaseBackupBL Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

4.9CVSS5.7AI score0.01743EPSS

Exploits0References3

NVD•added 2025/10/29 8:15 p.m.•7 views

CVE-2025-11466

4.9CVSS0.01743EPSS

Exploits0References2

CNNVD•added 2025/10/29 12:0 a.m.•3 views

Allegra 路径遍历漏洞

Allegra is a project management software for mid-sized organizations from Allegra. A path traversal vulnerability exists in Allegra that stems from a failure to properly validate a user-supplied path in the DatabaseBackupBL class, which could lead to information disclosure in a service account...

4.9CVSS4.8AI score0.01743EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-17250

Malware in sbrugna...

8.1CVSS8.2AI score0.01013EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-10212

Malware in sbrugna...

7.5CVSS7.6AI score0.01208EPSS

Exploits1References2