Lucene search
K

1288 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/09 8:17 a.m.1 views

CVE-2025-41763

A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files...

6.5CVSS5.8AI score0.00241EPSS
Exploits0References2
CVE
CVE
added 2026/03/09 8:16 a.m.7 views

CVE-2025-41757

The CVE-2025-41757 entry concerns the backup restore functionality of UBR (ubr-restore) . The vulnerability arises because this component runs with elevated privileges and does not validate the contents of the backup archive, enabling a low-privileged remote attacker to create or overwrite arbitr...

8.8CVSS5.9AI score0.00542EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.3 views

CVE-2026-29190

Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader backup/backends/v3/backend.py. If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation...

5.3CVSS5.8AI score0.00373EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/03/09 5:57 a.m.8 views

Improper file access permission settings in multiple Digital Arts products

Overview Multiple products provided by Digital Arts Inc. contains the following vulnerability. Incorrect default permissions CWE-276 - CVE-2026-28267 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

6.8CVSS6AI score0.00105EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.8 views

PT-2026-24035

Name of the Vulnerable Software and Affected Versions Versions prior to 2025-41765 Description Insufficient authorization enforcement allows a remote attacker to upload and apply arbitrary data through the wwwupload.cgi endpoint. This includes contact images, HTTPS certificates, system backups,...

9.1CVSS5.9AI score0.00265EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.5 views

PT-2026-24033

A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files...

6.5CVSS5.8AI score0.00241EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/09 12:0 a.m.6 views

MBS多款产品 路径遍历漏洞

MBS UBR-01 Mk II, etc., are products of the German MBS company. The MBS UBR-01 Mk II is a remote base station device. The MBS UBR-02 is also a remote base station device. The MBS UBR-LON is a communication interface device for industrial automation systems. Several MBS products have a path...

8.8CVSS5.8AI score0.00542EPSS
Exploits0References2
NVD
NVD
added 2026/03/07 4:15 p.m.7 views

CVE-2026-29190

Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader backup/backends/v3/backend.py. If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation...

5.3CVSS0.00373EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/07 3:16 p.m.25 views

CVE-2026-29190 Karapace: Path Traversal in Backup Reader

Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader backup/backends/v3/backend.py. If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation...

4.1CVSS0.00373EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/07 3:16 p.m.3 views

EUVD-2026-10147

Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader backup/backends/v3/backend.py. If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation...

4.1CVSS5.8AI score0.00373EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/07 3:16 p.m.2 views

CVE-2026-29190 Karapace: Path Traversal in Backup Reader

Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader backup/backends/v3/backend.py. If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation...

4.1CVSS5.8AI score0.00373EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/07 3:16 p.m.1 views

CVE-2026-29190

Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader backup/backends/v3/backend.py. If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation...

4.1CVSS5.8AI score0.00373EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/07 3:16 p.m.12 views

CVE-2026-29190

Karapace (open-source Kafka REST/Schema Registry) prior to v6.0.0 contains a Path Traversal in the backup reader (backup/backends/v3/backend.py). An attacker could read arbitrary files on the host where Karapace runs by supplying a malicious backup file, with impact depending on the process’s fil...

5.3CVSS5.8AI score0.00373EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/07 3:16 p.m.2 views

CVE-2026-29190 Karapace: Path Traversal in Backup Reader

Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader backup/backends/v3/backend.py. If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation...

4.1CVSS5.8AI score0.00373EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.4 views

PT-2026-23862

Name of the Vulnerable Software and Affected Versions Karapace versions prior to 6.0.0 Description Karapace is an implementation of Kafka REST and Schema Registry. A path traversal flaw exists in the backup reader backup/backends/v3/backend.py in versions before 6.0.0. An attacker providing a...

5.3CVSS5.9AI score0.00373EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.6 views

Nginx UI 安全漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.3 contained security vulnerabilities. These vulnerabilities stemmed from the /api/backup endpoint, which allowed access without authentication, thereby exposing encrypted keys. This could enable unverified...

9.8CVSS7.1AI score0.22162EPSS
Exploits12References1
Positive Technologies
Positive Technologies
added 2026/03/04 11:13 a.m.7 views

PT-2026-03: Access Control Violation Vulnerability in PT NGFW

The vulnerability was identified in PT NGFW, version1.8.1 certified. The discovered vulnerability can be exploited by an attacker to gain access to MinIO backups. The exfiltrated data can be used for reconnaissance of the organization's infrastructure to conduct subsequent attacks on the system...

8.7CVSS5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.157 views

📄 WordPress Backup Migration 1.3.7 Database Disclosure

WordPress Backup Migration plugin version 1.3.7 allows unauthenticated users to access sensitive backup files, potentially exposing the full database and website content. An attacker can retrieve backup archives without authentication...

5.9AI score
Exploits0
Veeam
Veeam
added 2026/03/02 12:0 a.m.11 views

"4BDN: Connected Salesforce Org already exists"

Challenge When attempting to add a Salesforce sandbox to an on-premise installation of Veeam Backup for Salesforce , the following error occurs: 4BDN: Connected Salesforce Org already exists. Cause This occurs when the sandbox being added has the same name as a Salesforce sandbox that was...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/26 10:35 p.m.9 views

CVE-2026-25701

An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: gain access to possible private information found in /var/lib/pcrlock.d manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the...

7CVSS5.4AI score0.00108EPSS
Exploits0References1
Rows per page
Query Builder