Lucene search
K

1289 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.10 views

CVE-2026-25107

ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file...

6.9CVSS6.8AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.8 views

CVE-2026-42886

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiobookshelf ZIP file entirely into memory using zip.entryData, with no limit on the decompressed size. The upload middleware als...

4.9CVSS5.5AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.8 views

CVE-2026-2712

The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability checks in the receiveheartbeat function in includes/class-wp-optimize-heartbeat.php in all versions up to, and including, 4.5.0. This is due to the Heartbeat handler directly...

5.4CVSS5.4AI score0.00427EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.7 views

CVE-2026-33435

Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...

8CVSS6.2AI score0.00708EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-4031

The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.5.2. This is due to the plugin not restricting access to the wpdbtempdir parameter, which controls where database backups are written. This makes it possible for...

7.5CVSS5.4AI score0.00488EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.13 views

PT-2026-45994

Mercusys AC12G EU V1 router with firmware AC12GEU V1 200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

7.1CVSS5.8AI score0.00104EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/03 12:0 a.m.15 views

EUVD-2026-34145

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

7.1CVSS5.8AI score0.00104EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 12:0 a.m.17 views

CVE-2026-36606

CVE-2026-36606 affects Mercusys AC12G (EU) V1 router running firmware AC12G(EU)_V1_200909. The vulnerability stems from encrypting configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who gains a backup file can decrypt it to recover all stored credentials, inc...

7.1CVSS5.8AI score0.00104EPSS
Exploits0References1
Veeam
Veeam
added 2026/06/02 12:0 a.m.15 views

Support Statement — Impact of SharePoint Service Prioritization on Veeam Backup Performance

Article Applicability This article is regarding SharePoint Service Prioritization, a paid, consumption-based Microsoft Azure feature billed through the customer's Microsoft Azure subscription. It affects only SharePoint and OneDrive backup performance. Exchange Online uses a different throttling...

5.8AI score
Exploits0
NVD
NVD
added 2026/06/01 9:16 a.m.16 views

CVE-2026-40547

SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files previously added through the backup functionality. Critically, due to CVE-2026-40543 Missing...

6.4CVSS0.00447EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 9:4 a.m.17 views

CVE-2026-40547

SOPlanning CVE-2026-40547 is a Path Traversal vulnerability in backup endpoints. The issue allows an authenticated remote attacker to exploit a vulnerable endpoint and craft payloads that enable reading and executing files that were added via the backup functionality. Crucially, CVE-2026-40543 (M...

6.4CVSS5.8AI score0.00447EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/01 9:3 a.m.11 views

CVE-2026-40543 Missing Authorization in SOPlanning

SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases with usernames and password hashes, as well as the config.csv file, which includes additional...

8.8CVSS5.8AI score0.00273EPSS
Exploits0References2
CVE
CVE
added 2026/05/29 5:32 p.m.20 views

CVE-2026-42951

CVE-2026-42951 concerns the Danelec MacGregor Voyage Data Recorder (VDR) device. The description across sources states an authenticated user can download a backup of the VDR that includes account data and password hashes. The connected records corroborate credentials exposure as the primary issue...

5.9CVSS5.8AI score0.00169EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/29 4:40 p.m.24 views

CVE-2026-43917

CVE-2026-43917 (Dokploy) describes an IDOR due to a missing organization scoping check in the protectedProcedure middleware prior to 0.19.0. The middleware only validates authentication, not that the resource’s organization matches the session’s activeOrganizationId, enabling cross-organization a...

5.3CVSS5.8AI score0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 12:9 p.m.17 views

CVE-2026-9508 Incorrect Permission Assignment for Critical Resource vulnerability in Suprema's BioStar

Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...

10CVSS5.8AI score0.00341EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/05/29 12:7 p.m.40 views

Signal users targeted in backup-stealing phishing attacks

A new phishing campaign is targeting Signal users by attempting to steal their backup recovery keys to access encrypted message archives. The attack is initiated by a text message pretending to come from Signal Support. “Action Required: Data Recovery Needed Your Signal account data message and...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/29 11:16 a.m.14 views

CVE-2026-49201

The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection...

10CVSS0.00262EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 8:57 a.m.10 views

CVE-2026-49201

The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection...

10CVSS5.8AI score0.00262EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/29 8:57 a.m.10 views

CVE-2026-49201 Acer Wave 7 router: Hardcoded Cryptographic Key

The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection...

10CVSS5.8AI score0.00262EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

Danelec Marine Danelec MacGregor Voyage Data Recorder 安全漏洞

The Danelec Marine Danelec MacGregor Voyage Data Recorder is a series of ship navigation data recording systems developed by Danelec Marine. There is a security vulnerability associated with the Danelec Marine Danelec MacGregor Voyage Data Recorder. This vulnerability stems from the ability for...

5.9CVSS5.8AI score0.00169EPSS
Exploits0References3
Rows per page
Query Builder