EUVD-2026-33613

SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files previously added through the backup functionality. Critically, due to CVE-2026-40543 Missing...

CVE-2026-40547 Path Traversal in SOPlanning

SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files previously added through the backup functionality. Critically, due to CVE-2026-40543 Missing...

Exploit for Code Injection in Craftcms Craft_Cms

CVE-2025-23209 For authorized security testing and research e...

CVE-2020-37157

DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by...

CVE-2020-37082 webERP 4.15.1 - Unauthenticated Backup File Access

webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backuptimestamp.sql.gz file...

CVE-2026-24421 phpMyFAQ missing authorization exposes /api/setup/backup to any authenticated user

phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated but does not verify that the requester has...

CVE-2021-27616

Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in...

EUVD-2025-201596

A weakness has been identified in UGREEN DH2100+ up to 5.3.0.251125. This affects the function handlerfilebackupcreate of the file /v1/file/backup/create of the component nassvr. Executing manipulation of the argument path can lead to buffer overflow. The attack can be executed remotely. The...

CVE-2020-36871

Summary: CVE-2020-36871 affects ESCAM QD-900 WIFI HD cameras. An unauthenticated GET/download on /web/cgi-bin/hi3510/backup.cgi allows remote retrieval of a compressed configuration backup, which can contain administrative credentials and other sensitive device settings. This information disclosu...

CVE-2025-12394 Backup Migration < 2.0.0 - Unauthenticated Backup Download

The Backup Migration WordPress plugin before 2.0.0 does not properly generate its backup path in certain server configurations, allowing unauthenticated users to fetch a log that discloses the backup filename. The backup archive is then downloadable without authentication...

WordPress plugin Backup Migration 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2021-14363

Malware in sbrugna...

EUVD-2023-32485

Malicious code in bioql PyPI...

CVE-2023-5121

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings the backup path parameter in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2021-25392

Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path...

CVE-2024-48248

NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials...

VulnCheck KEV: CVE-2025-23209

Craft CMS contains a code injection vulnerability caused by improper validation of the database backup path, ultimately enabling remote code execution...

ZKTeco ZKBio WDMS Security Vulnerability

ZKTeco ZKBio WDMS is a web-based data system from ZKTeco, China. A security vulnerability exists in ZKTeco ZKBio WDMS version v.8.0.5. An attacker can exploit this vulnerability to execute arbitrary code via the /files/backup/ component...

CVE-2023-5121

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings the backup path parameter in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

PT-2023-31777 · WordPress · Wpvivid

Name of the Vulnerable Software and Affected Versions: Migration, Backup, Staging – WPvivid plugin for WordPress versions up to, and including, 0.9.89 Description: The issue is related to Stored Cross-Site Scripting via admin settings, specifically the backup path parameter, due to insufficient...