CVE-2023-54346

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

CVE-2023-54346 WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

CVE-2023-54346

WordPress Plugin Backup Migration 1.2.8 suffers information-disclosure: unauthenticated attackers can download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories via configuration files and logs to construct direct download URLs. No remediati...

CVE-2023-54346 WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

EUVD-2026-27233

An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...

CVE-2026-6418

PaperCut MF (version 25.0.4) Shared Account Synchronization contains a path traversal in which an authenticated administrator can specify arbitrary local file paths for account data synchronization due to insufficient path validation and sanitization. When the synchronization runs, the system par...

CVE-2026-6418

An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...

CVE-2026-6418 PaperCut NG/MF: Path Traversal in Shared Account Synchronization

An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.9 contained security vulnerabilities. These vulnerabilities were caused by environmental variable injection, allowing malicious workarea.env files to set runtime control...

Firmware Distribution As Attack Surface: A Security Study of ASIC Cryptocurrency Miners

ASIC cryptocurrency miners are a core component of blockchain infrastructures, directly converting computation and energy into monetary value. Despite their economic im- portance, their security is rarely evaluated in a structured manner. In this paper, we show that the firmware distribution...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.3.22 to 2026.4.5 contained a security vulnerability. This vulnerability stemmed from the handling of symbolic link traversal in remote market repository paths, which could allow...

WordPress plugin Backup Migration 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-37001

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

WordPress plugin EmailKit 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-37303

Name of the Vulnerable Software and Affected Versions exiftool-vendored versions prior to 35.19.0 Description Certain strings provided by the caller are interpolated into ExifTool arguments without rejecting line delimiters. A newline or carriage return within these strings can split a single...

Linux Distros Unpatched Vulnerability : CVE-2026-31710

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: fix dir separator in SMB1 UNIX mounts When calling cifsmountgettcon with SMB1 UNIX mounts, @cifssb-mntcifsflags needs to be read or updated only...

PT-2026-36983

Name of the Vulnerable Software and Affected Versions PaperCut MF version 25.0.4 Description An issue in the Shared Account Synchronization component allows authenticated administrative users to specify arbitrary file paths on the local file system due to insufficient path validation and...

CVE-2026-6321

fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize and equal functions. Encoded path data was treated like real slashes and parent-directory references, so distinct URIs could collapse onto the same normalized path. Applications...

GHSA-W76P-3CGP-QFCM Apache Polaris has an Improper Input Validation issue

In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. write.metadata.path is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a...

CVE-2026-43616

Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive...