Lucene search
K

70 matches found

Nuclei
Nuclei
added 10 hours ago9 views

WordPress BackWPup < 4.0.4 - Backup File Disclosure

BackWPup WordPress plugin 4.0.4 contains a directory listing vulnerability caused by lack of access restrictions in its temporary backup folder, letting unauthenticated attackers download site backups, exploit requires no authentication. id: CVE-2023-7164 info: name: WordPress BackWPup 4.0.4 -...

7.5CVSS6AI score0.02261EPSS
Exploits2References3
CVE
CVE
added 2026/06/28 11:15 p.m.20 views

CVE-2026-13514

The affected software is the Chess Play and Learn App for Android (com.chess), with impact up to version 4.9.42. The issue stems from a weakness in processing AndroidManifest.xml that can cause a backup file to be exposed to an unauthorized control sphere. Exploitation is feasible on a physical d...

2.4CVSS5.4AI score0.00133EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/28 11:15 p.m.40 views

CVE-2026-13514 Chess Play and Learn App com.chess AndroidManifest.xml backup

A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform...

2.4CVSS0.00133EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/18 2:31 p.m.12 views

Grav: Admin Backup Zip File Exposes Account Credentials and Configuration Secrets

Summary An authenticated administrator with backup permissions can download a ZIP archive containing the full Grav installation root, including user/accounts/admin.yaml with the admin's bcrypt password hash and email, plus user/config/ with all site configuration. The download endpoint requires...

6.8CVSS6.1AI score0.00174EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.20 views

PT-2026-50744

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.7.53 Description An authenticated administrator with backup permissions can download a ZIP archive containing the full installation root. This archive includes sensitive files such as user/accounts/admin.yaml, which...

6.8CVSS6AI score0.00174EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.15 views

PT-2026-49224

WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the download backup.php endpoint. Attackers can directly access the download backup.php script in the admin/data management...

8.7CVSS5.2AI score0.00287EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-5753

The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmveSchedulesController::save' handler for 'adminpostai1wmscheduleeventsave' not verifying user capabilities before saving...

6.5CVSS5.3AI score0.00266EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.8 views

CVE-2026-9508

Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...

10CVSS5.5AI score0.00341EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.8 views

CVE-2026-40543

SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases with usernames and password hashes, as well as the config.csv file, which includes additional...

8.8CVSS5.4AI score0.00273EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/02 8:36 a.m.95 views

multi-layered-security-assessment

Advanced Network Attack and Defense: Multi-Layered Assessment...

7.2CVSS7.2AI score0.83524EPSS
Exploits82
Cvelist
Cvelist
added 2026/05/29 12:9 p.m.34 views

CVE-2026-9508 Incorrect Permission Assignment for Critical Resource vulnerability in Suprema's BioStar

Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...

10CVSS0.00341EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.17 views

PT-2026-44832

Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...

10CVSS5.8AI score0.00341EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

WordPress plugin Database Backup for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.5CVSS5.8AI score0.00488EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-37342

The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmve Schedules Controller::save' handler for 'admin post ai1wm schedule event save' not verifying user capabilities before...

6.5CVSS5.7AI score0.00266EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2026/04/29 12:0 a.m.97 views

phpMyFAQ 4.0.16 - Improper Authorization

Exploit Title: phpMyFAQ = 4.0.16 - Improper Authorization Google Dork: N/A Date: 2026-01-23 Exploit Author: GUIA BRAHIM FOUAD Vendor Homepage: https://www.phpmyfaq.de/ Software Link: https://www.phpmyfaq.de/download/ Version: = 4.0.16 REQUIRED Tested on: Ubuntu 22.04, Apache 2.4.52, PHP 8.2.x,...

6.5CVSS5.2AI score0.01734EPSS
Exploits3
Vulnrichment
Vulnrichment
added 2026/04/14 3:38 p.m.7 views

CVE-2024-23104

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at...

5.4CVSS5.8AI score0.00255EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/06 6:0 p.m.5 views

Incorrect Authorization

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Incorrect Authorization due to improper decorator ordering in route registration. An attacker can gain unauthorized access to sensitive backup files, exfiltrate...

9.8CVSS5.7AI score0.00536EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.3 views

CVE-2026-23482

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the file server endpoint does not perform permission checks on the temp/ path and does not filter path traversal sequences, allowing unauthorized attackers to read arbitrary files on the server. When scheduled backup tasks...

8.2CVSS5.8AI score0.01523EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/23 8:25 p.m.4 views

CVE-2026-23482

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the file server endpoint does not perform permission checks on the temp/ path and does not filter path traversal sequences, allowing unauthorized attackers to read arbitrary files on the server. When scheduled backup tasks...

8.2CVSS5.8AI score0.01523EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2026/03/23 3:20 p.m.12 views

Sensitive Information Exposure

Nginx UI is vulnerable to Sensitive Information Exposure. The vulnerability is due to missing authentication on the /api/backup endpoint and exposure of decryption keys in the response header, which allows an attacker to download and decrypt sensitive backup data...

9.8CVSS6.8AI score0.22162EPSS
Exploits13References6Affected Software1
Rows per page
Query Builder