GHSA-QXPQ-82F3-XJ47 CI4MS: Backup Management Full Account Takeover for All Roles & Privilege Escalation via Stored DOM Blind XSS

An attacker can achieve Full Account Takeover and Privilege Escalation via Stored DOM XSS in the backup module's filename field, which is manipulated through an SQL file that tampers with the filename field to contain a hidden XSS payload...

CVE-2026-34563

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when handling backup uploads and processing backup metadata. An...

GHSA-FHH2-GG7W-GWPQ nginx-ui Backup Restore Allows Tampering with Encrypted Backups

Summary The nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. Details The backup format lacks a trusted integrity root. Although files are encrypted, the encryption key and IV are provided to the clie...

SUSE CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

EUVD-2026-9847

Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure...

CVE-2026-27944 Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

CVE-2026-27944 Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

EUVD-2018-3201

Malware in sbrugna...

EUVD-2018-3190

Malware in sbrugna...

EUVD-2008-3657

Malware in sbrugna...

EUVD-2019-16247

Malware in sbrugna...

EUVD-2008-5658

Malware in sbrugna...

EUVD-2006-4925

Malware in sbrugna...

EUVD-2017-0012

Malware in sbrugna...

EUVD-2018-3235

Malware in sbrugna...

EUVD-2024-30654

Malicious code in bioql PyPI...

EUVD-2025-12691

Malicious code in bioql PyPI...

EUVD-2022-41768

Malicious code in bioql PyPI...