Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/04/22 10:16 p.m.2 views

CVE-2026-41170

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the RestoreController.PostRestoreJob endpoint allows an administrator to supply an arbitrary URL for downloading backup archives. This URL is fetched using the "Backup" HttpClient...

8.5CVSS0.00051EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2025/12/30 3:31 p.m.5 views

phpMyFAQ has unauthenticated config backup download via /api/setup/backup

Summary An unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST /api/setup/backup and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive configuration files e.g., database.php with database credentials, leading to...

7.5CVSS6.8AI score0.02773EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVEadded 2025/05/22 10:32 p.m.12 views

CVE-2022-2551

The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating...

7.5CVSS6.6AI score0.59708EPSS
Exploits5References1
Packet Storm
Packet Stormadded 2024/08/31 12:0 a.m.335 views

Cambium EPMP 1000 SNMP Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cambium ePMP 1000 SNMP Enumeration', 'Description' = % Cambium devices ePMP, PMP, Force, & others can be administered using SNMP. The device...

7.6CVSS7AI score0.42228EPSS
Exploits2
ATTACKERKB
ATTACKERKBadded 2022/08/22 3:15 p.m.1 views

CVE-2022-2551

The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating...

7.5CVSS6.8AI score0.59708EPSS
Exploits5References4
OSV
OSVadded 2022/08/22 3:15 p.m.2 views

CVE-2022-2551

The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating...

7.5CVSS5.5AI score0.59708EPSS
Exploits5References2
Metasploit
Metasploitadded 2018/05/30 12:0 a.m.15 views

Cambium ePMP SNMP Enumeration

Cambium devices ePMP, PMP, Force, & others can be administered using SNMP. The device configuration contains IP addresses, keys, and passwords, amongst other information. This module uses SNMP to extract Cambium ePMP device configuration. On certain software versions, specific device configuratio...

3.3AI score
Exploits0
Rows per page
Query Builder