Lucene search
K

14458 matches found

Patchstack
Patchstack
added 2026/07/02 8:54 a.m.6 views

WordPress pCloud WP Backup plugin <= 2.0.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by R2D2 in WordPress Plugin pCloud WP Backup versions = 2.0.4...

7.1CVSS5.9AI score0.00116EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/07/02 8:33 a.m.6 views

EUVD-2026-41262

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...

7.2CVSS6.3AI score0.01588EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/02 8:33 a.m.35 views

CVE-2026-9834 WP Database Backup <= 7.11 - Authenticated (Administrator+) OS Command Injection via 'wp_db_exclude_table' Parameter

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...

7.2CVSS0.01588EPSS
Exploits0References8
CVE
CVE
added 2026/07/02 8:33 a.m.16 views

CVE-2026-9834

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin (WordPress) is vulnerable to OS Command Injection in all versions up to 7.11 via the wp_db_exclude_table parameter. The root cause is direct concatenation of user-supplied $_POST['wp_db_exclude_table'] values into ...

7.2CVSS6.3AI score0.01588EPSS
Exploits0References8
NVD
NVD
added 2026/07/02 6:16 a.m.12 views

CVE-2026-5821

The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...

8.1CVSS0.00354EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:35 a.m.5 views

CVE-2026-5821

The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...

8.1CVSS5.9AI score0.00354EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.6 views

PT-2026-55045

Name of the Vulnerable Software and Affected Versions pCloud WP Backup versions prior to 2.0.3 Description An unauthenticated Cross Site Request Forgery CSRF issue exists in the pCloud WP Backup plugin. CSRF is a flaw that allows an attacker to trick a victim into performing actions they did not...

7.1CVSS6AI score0.00116EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.7 views

PT-2026-55336

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.0 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2025.6.2 Description An issue exists in the backup/restore feature where firmware...

8.6CVSS6AI score0.00232EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/01 6:20 p.m.5 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS5.9AI score0.00324EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/07/01 12:0 a.m.5 views

WordPress WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin <= 7.11 - Authenticated (Administrator+) OS Command Injection vulnerability

Authenticated Administrator+ OS Command Injection vulnerability discovered by Irwan Kusuma - wanjay in WordPress Plugin WP Database Backup versions = 7.11...

7.2CVSS5.8AI score0.01588EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/29 12:26 p.m.5 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS5.9AI score0.00324EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/29 12:31 a.m.10 views

EUVD-2026-40011

A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform...

2.4CVSS5.4AI score0.00133EPSS
Exploits0References7
CVE
CVE
added 2026/06/28 11:15 p.m.20 views

CVE-2026-13514

The affected software is the Chess Play and Learn App for Android (com.chess), with impact up to version 4.9.42. The issue stems from a weakness in processing AndroidManifest.xml that can cause a backup file to be exposed to an unauthorized control sphere. Exploitation is feasible on a physical d...

2.4CVSS5.4AI score0.00133EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/28 11:15 p.m.39 views

CVE-2026-13514 Chess Play and Learn App com.chess AndroidManifest.xml backup

A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform...

2.4CVSS0.00133EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-52949

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/ttm: Fix ttmboshrink infinite LRU walk on backup failure Apply the same fix as b2ed01e7ad drm/ttm: Fix ttmboswapout infinite LRU walk on swapout failure to...

6.1AI score0.00162EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-9639

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with cancreatestoragevolumes...

6.5CVSS6AI score0.00389EPSS
Exploits1References2
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.4 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: argo-workflows, prometheus-elasticsearch-exporter, kyverno, kots, kyverno-fips, nemo, backup-restore-operator, trivy-fips, gitlab-rails-ce-fips, nerdctl, mattermost-fips, opentelemetry-collector, upwind-agent, flux-image-automation-controller, trivy-operator,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.11 views

GHSA-Q4H4-GMJ2-QVW2 vulnerabilities

Vulnerabilities for packages: argo-events, crossplane-provider-aws-elasticsearch, caddy-fips, prometheus-elasticsearch-exporter, splunk-otel-collector, buildkitd, redpanda-console, eksctl, backup-restore-operator, crossplane-provider-azure-storagesync, trivy-fips, gitlab-rails-ce-fips,...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/26 7:36 p.m.8 views

CVE-2026-52949

A flaw was found in the Linux kernel's Direct Rendering Manager DRM subsystem. Specifically, within the ttmboshrink function, a backup failure could lead to an infinite Least Recently Used LRU walk. This issue may allow a local attacker to trigger a Denial of Service DoS, making the system...

5.5CVSS5.7AI score0.00162EPSS
Exploits0References4
OSV
OSV
added 2026/06/26 7:7 p.m.4 views

GHSA-XHQX-MGH3-3H7Q Incus: CreateCustomVolumeFromBackup nil-pointer dereference on volume_snapshots[*].expires_at (sibling-field variant of GHSA-r7w7)

Summary backend.CreateCustomVolumeFromBackup in internal/server/storage/backend.go contains an unguarded time.Time dereference on the ExpiresAt field of every volume-snapshot entry in an imported custom-volume backup. An authenticated user with cancreatestoragevolumes permission on any project ca...

5.3CVSS5.8AI score0.00025EPSS
Exploits0References2
Rows per page
Query Builder