257 matches found
CVE-2025-66170
The CVE affects the CloudStack Backup plugin (versions 4.21.0.0 and 4.22.0.0). An improper authorization logic lets any authenticated user with access to the plugin’s APIs list backups from any account, though they cannot view the backup contents. The issue is resolved by upgrading to version 4.2...
CVE-2025-66170 Apache CloudStack: Any user can list backups that they should not have access to
The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and has access to specific APIs can list backups from any account in the environment...
PT-2026-38914
Name of the Vulnerable Software and Affected Versions CloudStack versions 4.21.0.0 through 4.22.0.0 Description The CloudStack Backup plugin contains improper access logic. Authenticated users in environments where this plugin is enabled can leverage specific APIs to create new virtual machines...
PT-2026-38913
Name of the Vulnerable Software and Affected Versions CloudStack Backup plugin versions 4.21.0.0 through 4.22.0.0 Description The CloudStack Backup plugin contains improper authorization logic. Authenticated users in environments where this plugin is enabled can list backups from any account in t...
PT-2026-38915
Name of the Vulnerable Software and Affected Versions CloudStack Backup plugin versions 4.21.0.0 through 4.22.0.0 Description The CloudStack Backup plugin contains improper access logic. Authenticated users in environments where this plugin is enabled can access specific APIs to restore a volume...
CVE-2026-3143
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxclicancel' function in all versions up to, and including, 1.17.1. This makes it possible for...
CVE-2026-3143
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxclicancel' function in all versions up to, and including, 1.17.1. This makes it possible for...
EUVD-2026-26502
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxclicancel' function in all versions up to, and including, 1.17.1. This makes it possible for...
📄 WordPress WPvivid 0.9.123 Arbitrary File Write
This Metasploit module exploits an unauthenticated arbitrary file write vulnerability in the WPvivid Backup plugin used in WordPress websites. The vulnerability allows an attacker to send a specially crafted encrypted payload to the vulnerable endpoint using the parameter wpvividaction=sendtosite...
Exploit for CVE-2026-1357
CVE-2026-1357 — WPvivid Backup & Migration RCE Unauthentica...
CVE-2024-34015
Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM Linux before build 1.9.1.892...
CVE-2023-53907
Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logged-in users to access arbitrary files. Attackers can exploit the plugin's download functionality by manipulating file path parameters to read sensitive system files through...
EUVD-2023-60223
Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logged-in users to access arbitrary files. Attackers can exploit the plugin's download functionality by manipulating file path parameters to read sensitive system files through...
CVE-2023-53907
Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logged-in users to access arbitrary files. Attackers can exploit the plugin's download functionality by manipulating file path parameters to read sensitive system files through...
CVE-2023-53907
Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logged-in users to access arbitrary files. Attackers can exploit the plugin's download functionality by manipulating file path parameters to read sensitive system files through...
CVE-2023-53907
Summary: CVE-2023-53907 affects Bludit versions prior to 3.13.1, where the Backup Plugin allows an authenticated user to download arbitrary files via directory traversal in the download endpoint. Affected software/versions: Bludit prior to 3.13.1 (Backup Plugin vulnerability) across multiple feed...
CVE-2023-53907 Bludit 3.13.1 Authenticated Arbitrary File Download via Backup Plugin
Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logged-in users to access arbitrary files. Attackers can exploit the plugin's download functionality by manipulating file path parameters to read sensitive system files through...
CVE-2023-53907 Bludit 3.13.1 Authenticated Arbitrary File Download via Backup Plugin
Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logged-in users to access arbitrary files. Attackers can exploit the plugin's download functionality by manipulating file path parameters to read sensitive system files through...
Bludit 路径遍历漏洞
Bludit is an open source lightweight blog content management system CMS from Bludit Open Source. A path traversal vulnerability exists in versions prior to Bludit 3.13.1, which stems from improper manipulation of the Backup Plugin file path parameter, which could lead to arbitrary file downloads...
PT-2025-51945
Name of the Vulnerable Software and Affected Versions Bludit versions prior to 3.13.1 Description A file download issue exists in the Backup Plugin within Bludit. Logged-in users can access arbitrary files. Attackers can exploit the plugin’s download functionality by manipulating file path...