Lucene search
K

428 matches found

Nuclei
Nuclei
added yesterday14 views

Emlog 2.1.9 - SQL Injection

emlog v2.1.9 contains a SQL injection caused by unsanitized input in the data backup/restore functionality, allowing attackers to execute arbitrary SQL commands through crafted backup files. id: CVE-2023-39121 info: name: Emlog 2.1.9 - SQL Injection author: wjch611 severity: high description: |...

7.2CVSS7.3AI score0.02258EPSS
Exploits1References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-41455

WatchGuard Fireware OS contains a firmware validation bypass when processing a backup image via the backup/restore feature. An authenticated administrator can exploit this vulnerability to install a tampered firmware image.This vulnerability affects Fireware OS 11.0 up to and including...

8.6CVSS5.7AI score
Exploits0References2
CVE
CVE
added 2 days ago12 views

CVE-2026-13722

CVE-2026-13722 concerns WatchGuard Fireware OS. The issue is a firmware validation bypass when processing a backup image via the backup/restore feature, enabling an authenticated administrator to install a tampered firmware image. Affected are Fireware OS versions: 11.0–11.12.4_Update1, 12.0–12.1...

8.6CVSS5.7AI score
Exploits0References1
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.4 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: gitea-fips, k9s-fips, gitlab-rails-ce, nemo, kube-arangodb-fips, zitadel, loki, coder, flux-source-controller, opentofu-fips, frankenphp-8.4, mattermost-fips, harbor, kaf, skaffold-fips, kubevela-fips, kyverno-fips, skaffold, prometheus-mongodb-exporter,...

5.9AI score
Exploits0
CVE
CVE
added 2026/06/26 2:52 p.m.10 views

CVE-2026-54839

The CVE concerns the WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin, affected

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/25 8:18 a.m.15 views

Important: Red Hat Security Advisory: Red Hat OpenShift API for Data Protection

A new version of OpenShift API for Data Protection OADP is now available. OpenShift API for Data Protection OADP enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and...

10CVSS6.7AI score0.01557EPSS
Exploits2References13
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.6 views

GHSA-WJ3P-5H3X-C74Q vulnerabilities

Vulnerabilities for packages: backup-restore-operator, backup-restore-operator-fips...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.6 views

CVE-2025-62879 vulnerabilities

Vulnerabilities for packages: backup-restore-operator, backup-restore-operator-fips...

6.8CVSS7.2AI score0.0034EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/17 12:57 p.m.13 views

Important: Red Hat Security Advisory: Red Hat OpenShift API for Data Protection

A new version of OpenShift API for Data Protection OADP is now available. OpenShift API for Data Protection OADP enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and...

9.8CVSS7.8AI score0.01557EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.8 views

CVE-2026-41202

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Backup::restore extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user...

9.4CVSS6.3AI score0.00528EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 10:16 p.m.18 views

CVE-2026-44885

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target...

5.5CVSS0.00606EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/28 8:56 p.m.10 views

EUVD-2026-33057

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target...

5.5CVSS5.9AI score0.00606EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 8:56 p.m.8 views

CVE-2026-44885

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target...

5.9AI score0.00606EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/05/28 8:56 p.m.35 views

CVE-2026-44885 Portainer: Path traversal in backup archive extraction allows arbitrary file write

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target...

5.5CVSS0.00606EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/20 7:57 a.m.9 views

CVE-2026-26978

FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data during restore operations, potentially leading to compromise if the backup contains carefully crafted hostile data. During backup restore operations, FreePBX extracts selected...

8.6CVSS5.8AI score0.00896EPSS
Exploits0References1
NVD
NVD
added 2026/05/18 9:16 p.m.18 views

CVE-2026-26978

FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data during restore operations, potentially leading to compromise if the backup contains carefully crafted hostile data. During backup restore operations, FreePBX extracts selected...

8.6CVSS0.00896EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/18 8:49 p.m.11 views

CVE-2026-26978

FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data during restore operations, potentially leading to compromise if the backup contains carefully crafted hostile data. During backup restore operations, FreePBX extracts selected...

8.6CVSS5.8AI score0.00896EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/18 8:49 p.m.11 views

CVE-2026-26978 Free PBX backup: Deserialization of Untrusted Data in admin/modules/backup/Models/BackupSplFileInfo.php

FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data during restore operations, potentially leading to compromise if the backup contains carefully crafted hostile data. During backup restore operations, FreePBX extracts selected...

8.6CVSS5.8AI score0.00896EPSS
Exploits0References3
CVE
CVE
added 2026/05/18 8:49 p.m.29 views

CVE-2026-26978

CVE-2026-26978 affects FreePBX backups: in versions below 16.0.71 and 17.0.6, restoring a user-supplied tar archive can trigger deserialization of untrusted data via backup module, leading to Remote Code Execution as the web server user (e.g., asterisk/www-data). The issue arises when a malicious...

8.6CVSS5.8AI score0.00896EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.16 views

PT-2026-41736

Name of the Vulnerable Software and Affected Versions FreePBX versions prior to 16.0.71 FreePBX versions prior to 17.0.6 Description The backup module fails to properly sanitize data during restore operations. When extracting files from a user-supplied tar archive, the system reads malicious file...

8.6CVSS5.9AI score0.00896EPSS
Exploits0References6
Rows per page
Query Builder