CVE-2023-50916

Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a...

CVE-2017-18383

cPanel before 68.0.15 writes home-directory backups to an incorrect location SEC-309...

WordPress Backup Bolt plugin Arbitrary File Download Vulnerability

WordPress Backup Bolt plugin is a backup plugin for WordPress websites, mainly used to automate the backup of website data including files, databases, etc., and support the recovery function. WordPress Backup Bolt plugin has an arbitrary file download vulnerability, which stems from a flaw in the...

EUVD-2023-43943

Malicious code in bioql PyPI...

CVE-2025-10306

CVE-2025-10306 – Backup Bolt (WordPress) is a vulnerability in the Backup Bolt plugin affecting all versions up to and including 1.4.1. The flaw, located in process_backup_batch(), allows authenticated attackers with Administrator-level access to download directories outside the webroot and write...

CVE-2025-10306 Backup Bolt <= 1.4.1 - Authenticated (Admin+) Arbitrary File Download

The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the processbackupbatch function. This makes it possible for authenticated attackers, with Administrator-level access and above, to download...

EUVD-2025-32271

The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the processbackupbatch function. This makes it possible for authenticated attackers, with Administrator-level access and above, to download...

CVE-2023-3267

When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with...

CVE-2020-36667

The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backupguardclouddropbox, backupguardcloudgdrive, and backupguardcloudoneDrive function...

CVE-2024-53991

Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore::LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...

CVE-2023-50916

Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a...

CVE-2023-50916

Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a...

Path traversal

Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a...

PT-2023-8650 · Kyocera · Kyocera Device Manager

Name of the Vulnerable Software and Affected Versions: Kyocera Device Manager versions prior to 3.1.1213.0 Description: The issue is related to incorrect restriction of a directory path with limited access. Exploitation may allow a remote attacker to bypass the authentication process. The...

CVE-2023-5982

The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instanceid on the 'updraftmethod-googledrive-auth' acti...

CVE-2023-3267

When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with...

CVE-2023-3267

CVE-2023-3267 affects CyberPower PowerPanel Enterprise DCIM. The vulnerability is an OS command injection where an authenticated user can place arbitrary commands in the username field, which is passed un-sanitized into CMD running with SYSTEM privileges. This yields authenticated remote code exe...

CVE-2020-36667

The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backupguardclouddropbox, backupguardcloudgdrive, and backupguardcloudoneDrive function...

CVE-2020-36667

The CVE affects the JetBackup – WP Backup, Migrate & Restore WordPress plugin (versions up to and including 1.4.1). Root cause: insufficient capability checks on backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive, allowing authenticated users with minimal privi...

WordPress plugin JetBackup – WP Backup, Migrate & Restore 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...