Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 2026/03/09 9:15 a.m.1 views

CVE-2025-41757

A low-privileged remote attacker can abuse the backup restore functionality of UBR ubr-restore which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system...

8.8CVSS6AI score0.00542EPSS
Exploits0References1
CVE
CVEadded 2026/03/09 8:16 a.m.7 views

CVE-2025-41757

The CVE-2025-41757 entry concerns the backup restore functionality of UBR (ubr-restore) . The vulnerability arises because this component runs with elevated privileges and does not validate the contents of the backup archive, enabling a low-privileged remote attacker to create or overwrite arbitr...

8.8CVSS5.9AI score0.00542EPSS
Exploits0References1Affected Software1
CNNVD
CNNVDadded 2026/02/21 12:0 a.m.5 views

Moodle 安全漏洞

Moodle is an open-source e-learning software platform developed by Moodle, also known as a course management system, learning management system, or virtual learning environment. There are security vulnerabilities in Moodle; these vulnerabilities stem from insufficient validation of special backup...

7.2CVSS5.9AI score0.00553EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/01/02 3:11 p.m.5 views

Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)

Summary An unauthenticated attacker can pollute the internal state restoreFilePath of the server via the /skServer/validateBackup endpoint. This allows the attacker to hijack the administrator's "Restore" functionality to overwrite critical server configuration files e.g., security.json,...

9.6CVSS9AI score0.17934EPSS
Exploits3References5Affected Software1
OSV
OSVadded 2025/08/27 5:15 p.m.2 views

CVE-2025-20344

A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. This vulnerability is due to insufficient validation of the contents of a backup file. An attacker with valid...

7.2CVSS5.8AI score0.0055EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/07/01 6:46 p.m.26 views

CVE-2024-39303 Weblate vulnerabler to improper sanitization of project backups

Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a...

4.4CVSS0.00315EPSS
Exploits0References2
CNNVD
CNNVDadded 2024/06/06 12:0 a.m.3 views

ZenML Authorization Issues Vulnerability

ZenML is an extensible open source MLOps framework for creating portable, production-ready machine learning pipelines. An authorization issue vulnerability exists in ZenML versions 0.55.4 and below, which stems from an improper backup validation mechanism that could allow an attacker to take over...

3.3CVSS6.8AI score0.00241EPSS
Exploits1References3
Core Security
Core Securityadded 2017/07/12 12:0 a.m.531 views

Trend Micro Deep Discovery Director Multiple Vulnerabilities

1. Advisory Information Title: Trend Micro Deep Discovery Director Multiple Vulnerabilities Advisory ID: CORE-2017-0005 Advisory URL:https://www.coresecurity.com/core-labs/advisories/trend-micro-deep-discovery-director-multiple-vulnerabilities Date published: 2017-07-12 Date of last update:...

9.8CVSS9.7AI score0.03097EPSS
Exploits0
Rows per page
Query Builder