Lucene search
K

15 matches found

OSV
OSV
added 2026/06/19 9:42 p.m.10 views

GHSA-2FMP-9RVW-HC96 Network-AI: Poisoned environment backup manifest allows arbitrary recursive deletion during backup pruning

Summary EnvironmentManager.listBackups reads each backup's manifest.json and trusts the manifest's path field. EnvironmentManager.pruneBackups later passes that trusted entry.path directly to rmSyncentry.path, recursive: true, force: true . An attacker who can place or modify a manifest inside...

7.1CVSS6.1AI score
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.5 views

SUSE CVE-2026-27969

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest - which may be files that they have also...

9.3CVSS6AI score0.00402EPSS
Exploits0References3
OSV
OSV
added 2026/02/27 4:3 p.m.3 views

GHSA-R492-HJGH-C9GW Vitess users with backup storage access can write to arbitrary file paths on restore

Impact Anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also added to the manifest and backup contents — are written to any accessible location on restore. This is ...

9.3CVSS6.1AI score0.00402EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.5 views

CVE-2026-27969

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also...

9.3CVSS5.6AI score0.00402EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/26 6:18 a.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fullPath function in the builtinbackupengine.go file. An attacker can write files to arbitrary locations on the file system by manipulating backup manifest files if they have read/write access to the backup...

9.3CVSS7.7AI score0.00402EPSS
Exploits0References2
OSV
OSV
added 2026/02/26 2:16 a.m.10 views

AZL-78359 CVE-2026-27969 affecting package vitess 19.0.4-7

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also...

9.3CVSS7.5AI score0.00402EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 2:16 a.m.6 views

AZL-78516 CVE-2026-27969 affecting package vitess 17.0.7-14

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also...

9.3CVSS7.5AI score0.00402EPSS
Exploits0References1
NVD
NVD
added 2026/02/26 2:16 a.m.9 views

CVE-2026-27969

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also...

9.3CVSS0.00402EPSS
Exploits0References3
OSV
OSV
added 2026/02/26 2:16 a.m.10 views

AZL-78356 CVE-2026-27965 affecting package vitess 19.0.4-7

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...

9.9CVSS6AI score0.00417EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 2:16 a.m.5 views

AZL-78593 CVE-2026-27965 affecting package vitess 17.0.7-14

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...

9.9CVSS6AI score0.00417EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/26 1:52 a.m.27 views

CVE-2026-27969 Vitess users with backup storage access can write to arbitrary file paths on restore

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also...

9.3CVSS0.00402EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/26 1:52 a.m.4 views

CVE-2026-27969

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also...

9.3CVSS5.7AI score0.00402EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/26 1:49 a.m.3 views

CVE-2026-27965

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...

9.9CVSS5.8AI score0.00417EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.9 views

PT-2026-22109

Name of the Vulnerable Software and Affected Versions Vitess versions prior to 23.0.3 and versions prior to 22.0.4 Description Vitess, a database clustering system for horizontal scaling of MySQL, contains a path traversal issue in the builtinbackupengine component during the backup restoration...

9.9CVSS6AI score0.22162EPSS
Exploits70References150
RedhatCVE
RedhatCVE
added 2025/08/16 12:16 a.m.21 views

CVE-2025-50862

The Lotus Cars Android app com.lotus.carsdomestic.intl 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a risk of user data exposure...

5.9CVSS7.2AI score0.00129EPSS
Exploits0References1
Rows per page
Query Builder