Lucene search
K

1296 matches found

Nuclei
Nuclei
added yesterday34 views

Discourse Backup File Disclosure Via Default Nginx Configuration

Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore--LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...

7.5CVSS7.1AI score0.25431EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday33 views

WordPress Plugin File Manager (wp-file-manager) Backup Disclosure

mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fmbackups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken...

7.5CVSS7AI score0.15906EPSS
Exploits2References5
Cvelist
Cvelist
added last week34 views

CVE-2026-9834 WP Database Backup <= 7.11 - Authenticated (Administrator+) OS Command Injection via 'wp_db_exclude_table' Parameter

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...

7.2CVSS0.01588EPSS
Exploits0References8
OSV
OSV
added 2026/06/29 8:14 a.m.4 views

OPENSUSE-SU-2026:21166-1 Security update for nano

This update for nano fixes the following issues: Changes in nano: - Update to version 9.1: When searching, the viewport is placed snug left where possible. The ability to read and write files in old Mac format a lone carriage return as line ending was removed. The ^T toggle between WhereIs and...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References7
NVD
NVD
added 2026/06/29 12:16 a.m.10 views

CVE-2026-13514

A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform...

2.4CVSS0.00133EPSS
Exploits0References6
OSV
OSV
added 2026/06/26 6:52 p.m.4 views

GHSA-4XG6-52MH-FPW8 Incus: Nil-pointer dereference in createDependentVolumesFromBackup on disk.{Volume,VolumeSnapshots,Pool}

Summary backend.createDependentVolumesFromBackup in internal/server/storage/backend.go contains a cluster of unguarded pointer derefs on every dependent-volume entry's VolumeSnapshotsi, Volume, and Pool sub-fields. An authenticated user with cancreateinstances permission on any project can crash...

5.3CVSS5.8AI score0.00025EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 6:46 p.m.3 views

GHSA-VXP5-584Q-C479 Incus has arbitrary file read+write on host via templates/ symlink in malicious image

Summary A specially crafted image or instance backup can be used to read or create/write arbitrary files on the host; possibly leading to arbitrary command execution. Details For container images, internal/server/storage/utils.go calls archive.UnpackimageFile, destPath, .... The tar extraction pa...

9.9CVSS6AI score
Exploits0References2
OSV
OSV
added 2026/06/26 4:16 p.m.2 views

DEBIAN-CVE-2026-9639

Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with cancreatestoragevolumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expiresat snapshot field...

6.5CVSS5.7AI score0.00389EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-53013

Name of the Vulnerable Software and Affected Versions Incus affected versions not specified Description A flaw exists where a specially crafted container image or instance backup can be used to read or create and write arbitrary files on the host, potentially leading to arbitrary command executio...

9.9CVSS6.1AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/25 8:18 a.m.21 views

Important: Red Hat Security Advisory: Red Hat OpenShift API for Data Protection

A new version of OpenShift API for Data Protection OADP is now available. OpenShift API for Data Protection OADP enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and...

10CVSS6.7AI score0.01557EPSS
Exploits2References13
OSV
OSV
added 2026/06/19 9:42 p.m.5 views

GHSA-48X2-6PR9-2JJF Network-AI: EnvironmentManager.restore() backup ID path traversal copies arbitrary directories into environment data

Summary EnvironmentManager.restoreenv, backupId computes the backup path with joinenvDir, '.backups', backupId and only checks that this path exists. It does not resolve the result or verify that it remains under data//.backups. A caller can pass a traversal backup ID such as...

6.1CVSS6AI score
Exploits0References4
OSV
OSV
added 2026/06/19 9:42 p.m.7 views

GHSA-2FMP-9RVW-HC96 Network-AI: Poisoned environment backup manifest allows arbitrary recursive deletion during backup pruning

Summary EnvironmentManager.listBackups reads each backup's manifest.json and trusts the manifest's path field. EnvironmentManager.pruneBackups later passes that trusted entry.path directly to rmSyncentry.path, recursive: true, force: true . An attacker who can place or modify a manifest inside...

7.1CVSS6.1AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/17 12:57 p.m.15 views

Important: Red Hat Security Advisory: Red Hat OpenShift API for Data Protection

A new version of OpenShift API for Data Protection OADP is now available. OpenShift API for Data Protection OADP enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and...

9.8CVSS7.8AI score0.01557EPSS
Exploits1References12
OSV
OSV
added 2026/06/16 12:37 p.m.3 views

BIT-DISCOURSE-2026-45775 Discourse: Cross-site backup access via path traversal in multisite local backups

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.4, 2026.3.0 to before 2026.3.1, and 2026.4.0 to before 2026.4.1, a path traversal vulnerability in Discourse backup handling could allow an authenticated administrator on one site in a multisite deployment to...

6.8CVSS5.2AI score0.00323EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/14 6:53 a.m.92 views

wannacry-soc-lab

WannaCry SOC Investigation Lab Overview This project simu...

5.4AI score
Exploits0
NVD
NVD
added 2026/06/12 9:16 p.m.13 views

CVE-2026-45775

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a path traversal vulnerability in Discourse backup handling could allow an authenticated administrator on one site in a...

6.8CVSS0.00323EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:25 p.m.9 views

CVE-2026-45775 Discourse: Cross-site backup access via path traversal in multisite local backups

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a path traversal vulnerability in Discourse backup handling could allow an authenticated administrator on one site in a...

6.8CVSS5.1AI score0.00323EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:25 p.m.8 views

EUVD-2026-36559

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a path traversal vulnerability in Discourse backup handling could allow an authenticated administrator on one site in a...

6.8CVSS5.2AI score0.00323EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:25 p.m.21 views

CVE-2026-45775

Discourse, a multi-site capable open-source discussion platform, has a path traversal vulnerability in its backup handling that could let an authenticated administrator on one site access backup files from another site on the same host. Affected version ranges include 2026.1.0-latest up to before...

6.8CVSS5.2AI score0.00323EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/12 8:25 p.m.29 views

CVE-2026-45775 Discourse: Cross-site backup access via path traversal in multisite local backups

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a path traversal vulnerability in Discourse backup handling could allow an authenticated administrator on one site in a...

6.8CVSS0.00323EPSS
Exploits0References1
Rows per page
Query Builder