CVE-2026-40543 Missing Authorization in SOPlanning

SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases with usernames and password hashes, as well as the config.csv file, which includes additional...

Incus 代码问题漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained code vulnerabilities. These vulnerabilities stemmed from a lack of validation logic in the volume import process. As a result, authenticated users could exploit this vulnerability ...

PT-2026-37001

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

CVE-2026-33133

WeGIA web manager (versions 3.6.5–3.6.6) is vulnerable due to loadBackupDB() importing SQL from uploaded backup archives without validating content. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator accounts, modify existing passwords, or p...

PT-2026-26604

WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator...

CVE-2025-34331

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. The endpoint exposes a file download mechanism that lacks access control, allowing remote, unauthenticated users to request...

CVE-2025-34331

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. The endpoint exposes a file download mechanism that lacks access control, allowing remote, unauthenticated users to request...

PT-2025-47480

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. The endpoint exposes a file download mechanism that lacks access control, allowing remote, unauthenticated users to request...

EUVD-2017-3007

Malware in sbrugna...

EUVD-2017-8944

Malware in sbrugna...

CVE-2025-48860

A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated low privileged attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup archive, the attacker may have been able to acce...

CVE-2025-48860

CVE-2025-48860 affects the web application of the ctrlX OS setup mechanism. An authenticated, low-privilege attacker could remotely access backup archives created by a user with elevated permissions, potentially exposing sensitive data depending on archive contents. The advisory sources describe ...

CVE-2024-50377

A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The vulnerability is associated to the backup configuration functionality that by default encrypts the...

Rockwell Automation FactoryTalk Services Platform 授权问题漏洞

Rockwell Automation FactoryTalk Services Platform is a suite of services platforms from Rockwell Automation, Inc. that consists of multiple products that provide applications with routine services such as diagnostic information, health monitoring, and real-time data access. A security vulnerabili...

CVE-2014-10076

The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack...

Information disclosure

Information Disclosure vulnerability in creerfichierzip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv1.zip name aka an 8.3 filename...

CVE-2017-17793

Information Disclosure vulnerability in creerfichierzip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv1.zip name aka an 8.3 filename...

CVE-2017-17793

Information Disclosure vulnerability in creerfichierzip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv1.zip name aka an 8.3 filename...

BlogoText 'creer_fichier_zip' function information disclosure vulnerability

BlogoText is a lightweight SQLite blogging engine. An information disclosure vulnerability exists in the 'creerfichierzip' function in the admin/maintenance.php file in BlogoText 3.7.6 and earlier versions. A remote attacker can exploit this vulnerability by providing the name archiv1.zip to brea...

CVE-2017-7133

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "MobileBackup" component. It allows remote attackers to obtain sensitive cleartext information in opportunistic circumstances by leveraging read access to a backup archive that was supposed to hav...