Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an oversight in the SCO backup settings table index in the btusb driver. This oversight may lead to...

CVE-2025-5965

In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Centreon Infra Monitoring Backup configuration in the administration setup...

CVE-2025-5965 RCE via the backup feature available only to user with high privilege

In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Centreon Infra Monitoring Backup configuration in the administration setup...

PT-2025-49185

The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on the Xcloner Remote Storage:save function. This makes it possible for...

EUVD-2022-24868

Malicious code in bioql PyPI...

CVE-2022-1577

The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails t...

CVE-2025-25758

An issue in KukuFM Android v1.12.7 11207 allows attackers to access sensitive cleartext data via the android:allowBackup="true" in the ANdroidManifest.xml...

CVE-2024-53991 Potential Backup file leaked via Nginx in Discourse

Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore::LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...

WordPress Total Upkeep plugin <= 1.16.6 - Authenticated (Administrator+) Remote Code Execution via Backup Settings vulnerability

Authenticated Administrator+ Remote Code Execution via Backup Settings vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Total Upkeep versions = 1.16.6...

CVE-2024-9461 Total Upkeep <= 1.16.6 - Authenticated (Administrator+) Remote Code Execution via Backup Settings

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the croninterval parameter. This is due to missing input validation and sanitization. This makes it possible f...

JetBrains TeamCity Cross-Site Scripting Vulnerability

JetBrains TeamCity is a Continuous Integration CI/CD tool that is primarily used to automate the software build, test, and deployment process. JetBrains TeamCity suffers from a cross-site scripting vulnerability that stems from an issue in the backup configuration settings. An attacker could use...

CVE-2024-47950

In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings...

PT-2024-7657 · Jetbrains · Jetbrains Teamcity +1

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.07.3 Description: The issue is related to stored XSS in the Backup configuration settings of JetBrains TeamCity. This could allow a remote attacker to perform cross-site scripting. Recommendations: Fo...

JetBrains TeamCity 跨站脚本漏洞

JetBrains TeamCity is a Continuous Integration CI/CD tool that is primarily used to automate the software build, test, and deployment process. JetBrains TeamCity suffers from a cross-site scripting vulnerability that stems from an issue in the backup configuration settings. An attacker could use...

Citrix Endpoint Management (aka XenMobile Server) 10.14.0 Rolling Patch 11

Package name: xms10.14.0.11121.bin For: XenMobile Server 10.14.0 Deployment type: On-premises only Replaces: xms10.14.0.11013.bin, xms10.14.0.10942.bin, xms10.14.0.10813.bin, xms10.14.0.10742.bin, xms10.14.0.10628.bin, xms10.14.0.10521.bin, xms10.14.0.10424.bin, xms10.14.0.10303.bin,...

CVE-2023-22389

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore–Backup Settings, which could be read by any user accessing the file...

Cross site request forgery (csrf)

The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails t...

WordPress plugin Database Backup 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site request forgery vulnerability exists in versions of WordPress Database Backup plugin prior to 2.5....

VulnCheck KEV: CVE-2014-8357

backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf...

July 12, 2016 — KB3172985 (OS Build 10586.494)

July 12, 2016 — KB3172985 OS Build 10586.494 This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes include: Improved reliability of Windows Media Player, Internet Explorer 11, Windows Explorer, Miracast, and...