14458 matches found
WordPress pCloud WP Backup plugin <= 2.0.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by R2D2 in WordPress Plugin pCloud WP Backup versions = 2.0.4...
EUVD-2026-41262
The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...
CVE-2026-9834 WP Database Backup <= 7.11 - Authenticated (Administrator+) OS Command Injection via 'wp_db_exclude_table' Parameter
The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...
CVE-2026-9834
The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin (WordPress) is vulnerable to OS Command Injection in all versions up to 7.11 via the wp_db_exclude_table parameter. The root cause is direct concatenation of user-supplied $_POST['wp_db_exclude_table'] values into ...
CVE-2026-5821
The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...
CVE-2026-5821
The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...
PT-2026-55045
Name of the Vulnerable Software and Affected Versions pCloud WP Backup versions prior to 2.0.3 Description An unauthenticated Cross Site Request Forgery CSRF issue exists in the pCloud WP Backup plugin. CSRF is a flaw that allows an attacker to trick a victim into performing actions they did not...
PT-2026-55336
Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.0 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2025.6.2 Description An issue exists in the backup/restore feature where firmware...
postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind
A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...
WordPress WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin <= 7.11 - Authenticated (Administrator+) OS Command Injection vulnerability
Authenticated Administrator+ OS Command Injection vulnerability discovered by Irwan Kusuma - wanjay in WordPress Plugin WP Database Backup versions = 7.11...
postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind
A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...
EUVD-2026-40011
A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform...
CVE-2026-13514
The affected software is the Chess Play and Learn App for Android (com.chess), with impact up to version 4.9.42. The issue stems from a weakness in processing AndroidManifest.xml that can cause a backup file to be exposed to an unauthorized control sphere. Exploitation is feasible on a physical d...
CVE-2026-13514 Chess Play and Learn App com.chess AndroidManifest.xml backup
A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform...
Linux Distros Unpatched Vulnerability : CVE-2026-52949
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/ttm: Fix ttmboshrink infinite LRU walk on backup failure Apply the same fix as b2ed01e7ad drm/ttm: Fix ttmboswapout infinite LRU walk on swapout failure to...
Linux Distros Unpatched Vulnerability : CVE-2026-9639
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with cancreatestoragevolumes...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: argo-workflows, prometheus-elasticsearch-exporter, kyverno, kots, kyverno-fips, nemo, backup-restore-operator, trivy-fips, gitlab-rails-ce-fips, nerdctl, mattermost-fips, opentelemetry-collector, upwind-agent, flux-image-automation-controller, trivy-operator,...
GHSA-Q4H4-GMJ2-QVW2 vulnerabilities
Vulnerabilities for packages: argo-events, crossplane-provider-aws-elasticsearch, caddy-fips, prometheus-elasticsearch-exporter, splunk-otel-collector, buildkitd, redpanda-console, eksctl, backup-restore-operator, crossplane-provider-azure-storagesync, trivy-fips, gitlab-rails-ce-fips,...
CVE-2026-52949
A flaw was found in the Linux kernel's Direct Rendering Manager DRM subsystem. Specifically, within the ttmboshrink function, a backup failure could lead to an infinite Least Recently Used LRU walk. This issue may allow a local attacker to trigger a Denial of Service DoS, making the system...
GHSA-XHQX-MGH3-3H7Q Incus: CreateCustomVolumeFromBackup nil-pointer dereference on volume_snapshots[*].expires_at (sibling-field variant of GHSA-r7w7)
Summary backend.CreateCustomVolumeFromBackup in internal/server/storage/backend.go contains an unguarded time.Time dereference on the ExpiresAt field of every volume-snapshot entry in an imported custom-volume backup. An authenticated user with cancreatestoragevolumes permission on any project ca...