CVE-2026-7257

UNSUPPORTED WHEN ASSIGNED An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration file...

CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS

Summary Vulnerability: Stored DOM Blind XSS via Backup Management Filename Persistent Payload Injection - Stored Cross-Site Scripting Blind XSS via Unsanitized Backup Filename in Backup Management Description The application fails to properly sanitize user-controlled input when handling backup...

SUSE CVE-2026-27965

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...

GO-2026-4570 Vitess users with backup storage access can write to arbitrary file paths in vitess.io/vitess

Vitess users with backup storage access can write to arbitrary file paths on restore in vitess.io/vitess...

GHSA-R492-HJGH-C9GW Vitess users with backup storage access can write to arbitrary file paths on restore

Impact Anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also added to the manifest and backup contents — are written to any accessible location on restore. This is ...

Vitess users with backup storage access can write to arbitrary file paths on restore

Impact Anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also added to the manifest and backup contents — are written to any accessible location on restore. This is ...

Vitess users with backup storage access can write to arbitrary file paths on restore

...

Vitess users with backup storage access can gain unauthorized access to production deployment environments

...

Vitess users with backup storage access can gain unauthorized access to production deployment environments

Impact Any user with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored. This can be used to provide that attacker with unintended/unauthorized access to the production...

AZL-78593 CVE-2026-27965 affecting package vitess 17.0.7-14

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...

AZL-78356 CVE-2026-27965 affecting package vitess 19.0.4-7

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...

CVE-2026-27969 Vitess users with backup storage access can write to arbitrary file paths on restore

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also...

CVE-2026-27969 Vitess users with backup storage access can write to arbitrary file paths on restore

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also...

CVE-2026-27969

Vitess backup manifest path traversal vulnerability affecting read/write access to backup storage locations. Prior to versions 23.0.3 and 22.0.4, an attacker who can access the backup storage (e.g., S3 bucket) can manipulate manifest files so that files listed in the manifest, including themselve...

CVE-2026-27969 Vitess users with backup storage access can write to arbitrary file paths on restore

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also...

CVE-2026-27965 Vitess users with backup storage access can gain unauthorized access to production deployment environments

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...

CVE-2026-27965

Vitess CVE-2026-27965 affects versions older than 23.0.3 and 22.0.4, where read/write access to backup storage (e.g., S3) lets an attacker modify backup manifest files and cause arbitrary code to run when the backup is restored, potentially gaining unauthorized access to production. A patch exist...

CVE-2025-11759

The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on the XclonerRemoteStorage:save function. This makes it possible for...

CVE-2025-11759 Backup, Restore and Migrate your sites with XCloner <= 4.8.2 - Cross-Site Request Forgery in Xcloner_Remote_Storage:save()

The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on the XclonerRemoteStorage:save function. This makes it possible for...

How to offboard a single protection unit from an Express backup policy in Veeam Data Cloud for M365

Challenge Issue Summary After creating an Express Protection Policy in Veeam Data Cloud for Microsoft 365, backups are retained for one year. These Express Protection Policies are built on the Microsoft 365 Backup storage backend. Over time, a situation may arise where you need to offboard a sing...