Lucene search
K

3220 matches found

CVE
CVE
added yesterday5 views

CVE-2026-55410

NocoBase (with the @nocobase/plugin-backups) prior to version 2.1.19 is vulnerable. The backups restoration flow interpolates database.schema from _metadata.json into Node.js child_process.exec() shell commands, enabling a backup-management user to execute arbitrary commands with the NocoBase ser...

6.7CVSS6.2AI score
Exploits0References3
Nuclei
Nuclei
added yesterday16 views

Emlog 2.1.9 - SQL Injection

emlog v2.1.9 contains a SQL injection caused by unsanitized input in the data backup/restore functionality, allowing attackers to execute arbitrary SQL commands through crafted backup files. id: CVE-2023-39121 info: name: Emlog 2.1.9 - SQL Injection author: wjch611 severity: high description: |...

7.2CVSS7.2AI score0.02258EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday7 views

Gorse < 0.5.10 - Unauthenticated Database Dump

Gorse 0.5.10 contains an authentication bypass caused by empty adminapikey in /api/dump and /api/restore endpoints, letting unauthenticated remote attackers access and modify protected data, exploit requires default empty adminapikey configuration. id: CVE-2026-56782 info: name: Gorse 0.5.10 -...

9.8CVSS6.1AI score0.03016EPSS
Exploits2References2
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-39512

K3s: ZIP Archive Path Traversal Vulnerability in etcd Snapshot Decompression...

5.8CVSS6.1AI score0.00122EPSS
Exploits0References2
Zero Science Lab
Zero Science Lab
added 2 days ago32 views

SIP Sustainable Irrigation Platform 5.x Path Traversal in Backup/Restore

Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...

8.7CVSS6.1AI score0.00303EPSS
Exploits1
NVD
NVD
added 4 days ago9 views

CVE-2026-15473

A vulnerability was identified in Eleveo Call Recording Software 9.7.0. This issue affects some unknown processing of the file /callrec/restoreCallAction.do of the component Recorded Calls Page. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. T...

6.5CVSS0.00201EPSS
Exploits0References5
CVE
CVE
added 4 days ago14 views

CVE-2026-15473

The CVE-2026-15473 entry concerns Eleveo Call Recording Software 9.7.0. The issue affects the Recorded Calls Page’s file handling at /callrec/restoreCallAction.do, where processing leads to improper authorization. The vulnerability is exploitable remotely, with exploit code described as PROOF-OF-...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/08 7:43 p.m.5 views

EUVD-2026-42374

Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesController that allows authenticated sellers to manipulate purchase access for other sellers' products by sending PUT requests to the revokeaccess and undorevokeaccess actions without seller ownership...

7.1CVSS6.1AI score0.0022EPSS
Exploits0References5
NVD
NVD
added 2026/07/08 4:16 p.m.13 views

CVE-2026-55761

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization...

7.1CVSS0.00272EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/07/08 3:3 p.m.35 views

CVE-2026-55761 Portainer: Unauthenticated Restore Endpoint Allows Admin Takeover on Uninitialised Portainer Instances

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization...

7.1CVSS0.00272EPSS
Exploits1References6
EUVD
EUVD
added 2026/07/08 3:3 p.m.5 views

EUVD-2026-42297

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization...

7.1CVSS5.9AI score0.00272EPSS
Exploits1References6
OSV
OSV
added 2026/07/08 3:3 p.m.2 views

CVE-2026-55761 Portainer: Unauthenticated Restore Endpoint Allows Admin Takeover on Uninitialised Portainer Instances

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization...

7.1CVSS6.1AI score0.00272EPSS
Exploits1References8
CVE
CVE
added 2026/07/08 3:3 p.m.9 views

CVE-2026-55761

Portainer Community Edition contains a vulnerability where, in versions 2.39.0–2.39.3 and 2.40.0–2.43.0, unauthenticated restore and administrator initialization endpoints (/api/restore and /api/users/admin/init) remain accessible during the five-minute setup window for uninitialized instances. A...

7.1CVSS5.9AI score0.00272EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.6 views

PT-2026-56567

Name of the Vulnerable Software and Affected Versions Gumroad versions prior to 2026.07.06.2 Description Broken access control in the PurchasesController allows authenticated sellers to manipulate purchase access for products belonging to other sellers. By sending PUT requests to the revoke acces...

7.1CVSS6.2AI score0.0022EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/07 3:3 a.m.32 views

CVE-2026-42145 Coolify: File Upload Without Type or Size Validation in Database Backup Restore

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the file upload endpoint app/Http/Controllers/UploadController.php for database backup restore uploads did not enforce file type or size validation, allowing an authenticat...

3.1CVSS0.0025EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/07 3:3 a.m.7 views

CVE-2026-42145

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the file upload endpoint app/Http/Controllers/UploadController.php for database backup restore uploads did not enforce file type or size validation, allowing an authenticat...

3.1CVSS5.9AI score0.0025EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/07/07 3:3 a.m.19 views

CVE-2026-42145

CVE-2026-42145 —Coolify prior to 4.0.0-beta.474 has a vulnerable file upload endpoint (app/Http/Controllers/UploadController.php) for database backup restores that did not enforce file type or size validation. An authenticated user could upload unexpected or oversized files, potentially impacting...

3.1CVSS5.9AI score0.0025EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 3:3 a.m.4 views

CVE-2026-42145 Coolify: File Upload Without Type or Size Validation in Database Backup Restore

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the file upload endpoint app/Http/Controllers/UploadController.php for database backup restore uploads did not enforce file type or size validation, allowing an authenticat...

3.1CVSS5.9AI score0.0025EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/06 6:0 a.m.34 views

CVE-2026-12083 Admin and Site Enhancements < 8.8.4 - Unauthenticated Administrator-Role Restoration via reset-for Parameter

The Admin and Site Enhancements ASE WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted...

0.00295EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/03 12:31 a.m.8 views

EUVD-2026-41455

WatchGuard Fireware OS contains a firmware validation bypass when processing a backup image via the backup/restore feature. An authenticated administrator can exploit this vulnerability to install a tampered firmware image.This vulnerability affects Fireware OS 11.0 up to and including...

8.6CVSS5.7AI score0.00232EPSS
Exploits0References2
Rows per page
Query Builder