Exploit for Missing Authentication for Critical Function in Nginxui Nginx_Ui

HTB-Snapped-Writeup HTB Snapped — Hard Linux machine writeup...

Exploit for Missing Authentication for Critical Function in Nginxui Nginx_Ui

CVE-2026-27944 + CVE-2026-33032 — nginx-ui Zero-Credential RCE...

Exploit for Missing Encryption of Sensitive Data in Nginxui Nginx_Ui

CVE-2026-27944 POC: Nginx UI Unauthenticated Backup Download +...

GO-2026-4614 Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure in github.com/0xJacky/Nginx-UI

Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure in github.com/0xJacky/Nginx-UI. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

Exploit for CVE-2026-27944

CVE-2026-27944 - Nginx-UI Unauthenticated Backup Download !...

GHSA-G9W5-QFFC-6762 Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure

Summary The /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data user credentials,...

Exploit for CVE-2025-11380

CVE-2025-11380 Proof of conc...

CVE-2023-53739 Tinycontrol LAN Controller v3 LK3 1.58a Unauthenticated Configuration Backup Disclosure

Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3settings.bin file and extract base64-encoded user and admin passwords witho...

PT-2025-48194

Name of the Vulnerable Software and Affected Versions Astak CM-818T3 2.4GHz wireless security surveillance cameras affected versions not specified Description The cameras have an unauthenticated configuration disclosure issue in the /web/cgi-bin/hi3510/backup.cgi endpoint. This endpoint allows...

CVE-2025-34329

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an unauthenticated backup upload endpoint at AudioCodesfiles/ajaxBackupUploadFile.php in the F2MAdmin web interface. The script derives a backup folder path from application configuration, creates t...

CVE-2025-34329 AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated Backup Upload RCE via ajaxBackupUploadFile.php

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an unauthenticated backup upload endpoint at AudioCodesfiles/ajaxBackupUploadFile.php in the F2MAdmin web interface. The script derives a backup folder path from application configuration, creates t...

CVE-2021-4468

PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup interface over HTTP that does not require authentication. A remote, unauthenticated attacker can directly retrieve a compressed configuration backup file from the device. The backup contains sensitive configuration information,...

CVE-2025-46348 YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated...

CVE-2025-46348 YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated...

YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download

Summary The request to commence a site backup can be performed without authentication. Then these backups can also be downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create an archive and then download the archive without being...

YesWiki 安全漏洞

YesWiki is a wiki system written in PHP by the French organization YesWiki. It is used to create and manage websites in a collaborative manner. A security vulnerability exists in versions of YesWiki prior to 4.5.4, which stems from a backup request that does not require authentication, which coul...

WordPress BackWPup plugin < 4.0.4 - Unauthenticated Backup Download vulnerability

Unauthenticated Backup Download vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin BackWPup versions 4.0.4...

WP Staging (Free < 3.1.3, Pro < 5.1.3) - Unauthenticated Backup Download

Description The plugin does not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later. PoC The plugin creates temporary cache files when backing up sites, which are publicly accessible to anyone. Said cache...

PT-2022-25280 · Delta Electronics · Infrasuite Device Master

Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master versions 00.00.01a and prior Description: The database backup function in the software lacks proper authentication, allowing an attacker to provide malicious serialized objects. When deserialized,...

WordPress All-in-One WP Migration 7.64 plugin - Unauthenticated Backup Download Exploit

Title: All-in-One-WP-Migration-7.64 low-protection-file-disclosure - Unauthenticated Backup Download Author: nu11secur1ty Date: 09.01.2022 Vendor: https://servmask.com/ Software: https://wordpress.org/plugins/all-in-one-wp-migration/ Reference:...