Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

80 matches found

RedhatCVE
RedhatCVEadded 2025/05/23 7:1 a.m.4 views

CVE-2024-33298

Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=adminbackup...

6.1CVSS7.2AI score0.01761EPSS
Exploits4References1
RedhatCVE
RedhatCVEadded 2025/05/22 9:52 p.m.4 views

CVE-2022-36557

Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a crafted html file...

9.8CVSS8.2AI score0.01444EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 3:19 p.m.4 views

CVE-2020-21527

There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directory traversal...

8.5CVSS6.9AI score0.00509EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2025/05/22 10:8 a.m.3 views

CVE-2019-19105

The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration's credentials in plaintext...

6.2CVSS7AI score0.00057EPSS
Exploits0References1
CNNVD
CNNVDadded 2025/05/19 12:0 a.m.2 views

appleple a-blog cms 路径遍历漏洞

appleple a-blog cms is a content management system from appleple. A path traversal vulnerability exists in appleple a-blog cms versions prior to 3.1.43, which stems from insufficient path validation of the backup function, and could lead to a path traversal attack...

7.2CVSS8.3AI score0.00468EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/04/18 2:6 a.m.17 views

CVE-2024-55371

Wallos = 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an authenticated attacker being an administrator is not...

9.8CVSS6.9AI score0.00478EPSS
Exploits1References1
CVE
CVEadded 2025/04/16 12:0 a.m.48 views

CVE-2024-55371

CVE-2024-55371 concerns Wallos

9.8CVSS7.3AI score0.00478EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2025/04/03 2:4 p.m.4 views

BIT-DOLIBARR-2020-35136

Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilenametemplate parameter to admin/tools/dolibarrexport.php...

9CVSS7.3AI score0.06993EPSS
Exploits1References5
Github Security Blog
Github Security Blogadded 2025/01/10 9:31 p.m.9 views

Microweber Cross-site Scripting vulnerability

Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=adminbackup...

6.1CVSS7.3AI score0.01761EPSS
Exploits4References3Affected Software1
OSV
OSVadded 2025/01/10 9:31 p.m.6 views

GHSA-W5G5-4JJ3-8F6V Microweber Cross-site Scripting vulnerability

Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=adminbackup...

6.9CVSS6.3AI score0.01761EPSS
Exploits4References3
NVD
NVDadded 2025/01/10 8:15 p.m.6 views

CVE-2024-33298

Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=adminbackup...

6.1CVSS0.01761EPSS
Exploits4References1
CVE
CVEadded 2025/01/10 12:0 a.m.49 views

CVE-2024-33298

Microweber

6.1CVSS7.2AI score0.01761EPSS
Exploits4References1Affected Software1
Positive Technologies
Positive Technologiesadded 2025/01/10 12:0 a.m.3 views

PT-2025-2413 · Unknown · Microweber

Name of the Vulnerable Software and Affected Versions: Microweber versions prior to 2.0.9 Description: The issue allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint "/admin/module/view?type=admin backup", exploiting a Stored Cross Site Scripting X...

6.1CVSS6.1AI score0.01761EPSS
Exploits4References11
Vulnrichment
Vulnrichmentadded 2025/01/10 12:0 a.m.6 views

CVE-2024-33298

Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=adminbackup...

7.3AI score0.01761EPSS
Exploits4References1
Cvelist
Cvelistadded 2025/01/10 12:0 a.m.11 views

CVE-2024-33298

Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=adminbackup...

0.01761EPSS
Exploits4References1
Positive Technologies
Positive Technologiesadded 2025/01/07 12:0 a.m.2 views

PT-2025-1781 · WordPress · Backup/Restore Wordpress – Backup Plugin

Name of the Vulnerable Software and Affected Versions: Backup and Restore WordPress – Backup Plugin versions up to 1.50 Description: The issue is related to Cross-Site Request Forgery, which is possible due to missing or incorrect nonce validation in the ajax queue manual backup function. This...

4.3CVSS6.7AI score
Exploits0References6
Positive Technologies
Positive Technologiesadded 2024/12/11 12:0 a.m.2 views

PT-2024-17615 · Unknown · Wetech-Cms

Name of the Vulnerable Software and Affected Versions: cjbi wetech-cms versions 1.0 through 1.2 Description: A problem was found in the backup function of the Database Backup Handler component, specifically in the file BackupFileUtil.java. This issue allows for path traversal, such as '../filedir...

5.3CVSS4.8AI score0.01149EPSS
Exploits1References8
OSV
OSVadded 2024/11/04 2:15 p.m.2 views

CVE-2024-51251

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function...

8CVSS6AI score0.00149EPSS
Exploits0References1
NVD
NVDadded 2024/11/04 2:15 p.m.16 views

CVE-2024-51251

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function...

8CVSS0.00149EPSS
Exploits0References1
CNNVD
CNNVDadded 2024/11/04 12:0 a.m.1 views

DrayTek Vigor 3900 安全漏洞

DrayTek Vigor 3900 is a high performance router for enterprise networks from China DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3. An attacker can exploit this vulnerability to inject malicious commands into mainfunction.cgi and execute arbitrary commands by...

8CVSS7.4AI score0.00149EPSS
Exploits0References1
Rows per page
Query Builder