CVE-2026-40548 Unrestricted Upload of File with Dangerous Type in SOPlanning

SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 Path...

CVE-2026-40548

SOPlanning (versions ≤ 1.55) allows unrestricted file uploads through the backup function. An authenticated attacker can upload a crafted ZIP containing a legitimate user.csv and a malicious file; on extraction the malicious file is placed on the server. When combined with CVE-2026-40547 (Path Tr...

CVE-2026-32238

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 contain a Command injection vulnerability in the backup functionality that can be exploited by authenticated attackers. The vulnerability exists due to insufficient...

CVE-2026-23592

Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

CVE-2026-23592

Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

CVE-2026-23592

CVE-2026-23592 affects HPE Aruba Networking Fabric Composer. Insecure file operations in the backup functionality could allow authenticated attackers to achieve remote code execution and run arbitrary commands on the underlying OS. No remediation details are provided in the supplied documents.

EUVD-2008-3909

Malware in sbrugna...

EUVD-2017-15789

Malware in sbrugna...

EUVD-2016-5253

Malware in sbrugna...

EUVD-2020-16782

Malware in sbrugna...

EUVD-2020-3437

Malware in sbrugna...

EUVD-2023-50696

Malicious code in bioql PyPI...

EUVD-2022-15438

Malicious code in bioql PyPI...

CVE-2020-29556

The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection...

CVE-2024-31144

For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...

Microweber CMS 1.2.10 Local File Inclusion (Authenticated)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microweber CMS v1.2.10 Local File Inclusion Authenticated', 'Description' = %q Microweber CMS v1.2.10 has a backup functionality. Upload and...

CVE-2021-38120

A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1...

CVE-2021-38120 Remote Code Execution using Bash command Injection in backup scheduling functionality in NetIQ Advance Authentication

A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1...

PT-2024-10988 · Netiq · Netiq Advance Authentication

Name of the Vulnerable Software and Affected Versions: NetIQ Advance Authentication versions prior to 6.3.5.1 Description: A vulnerability identified in Advance Authentication allows bash command injection in administrative controlled functionality of backup due to improper handling in provided...

Hewlett Packard Enterprise OneView Backup Hard-coded Cryptographic Key Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise OneView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Backu...