Lucene search
K

1288 matches found

Vulnrichment
Vulnrichment
added 2026/02/12 2:25 p.m.2 views

CVE-2026-1104 FastDup – Fastest WordPress Migration & Duplicator <= 2.7.1 - Missing Authorization to Authenticated (Contributor+) Backup Creation and Download

The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missing capability check on REST API endpoints in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.5AI score0.00266EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.5 views

WordPress plugin FastDup 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.8AI score0.00266EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.7 views

PT-2026-7851

The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missing capability check on REST API endpoints in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.5AI score0.00266EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/11 10:57 p.m.5 views

CVE-2025-43537

A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5. Restoring a maliciously crafted backup file may lead to modification of protected system files...

5.5AI score0.00475EPSS
Exploits0References2
NVD
NVD
added 2026/02/11 9:16 p.m.10 views

CVE-2020-37104

ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database...

8.7CVSS0.00565EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/11 8:49 p.m.2 views

CVE-2020-37104

ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database...

8.7CVSS5.5AI score0.00565EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/02/11 8:49 p.m.15 views

CVE-2020-37104

CVE-2020-37104 affects ASTPP 4.0.1 and describes an information disclosure where unauthenticated attackers can download database backup files by predicting 6‑digit PINs and fuzzing the backup download URL under /database_backup/. The vulnerability relates to information exposure of sensitive data...

8.7CVSS5.5AI score0.00565EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.5 views

ASTPP 安全漏洞

ASTPP is a VoIP billing solution developed by Innextrix Technologies Pvt. Ltd. Version 4.0.1 of ASTPP contains a security vulnerability. This vulnerability stems from information leakage, and it could allow unverified attackers to download database backup files by predicting the file name pattern...

8.7CVSS5.8AI score0.00565EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.10 views

PT-2026-7668

ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database...

8.7CVSS5.5AI score0.00565EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.5 views

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Versions of Apple iOS prior to 18.7.5 and Apple iPadOS prior to 18.7.5 contained security vulnerabilities...

5.5CVSS5.8AI score0.00475EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/02/09 2:20 p.m.10 views

Important: Red Hat Security Advisory: Red Hat OpenShift API for Data Protection

A new version of OpenShift API for Data Protection OADP is now available. OpenShift API for Data Protection OADP enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and...

7.8CVSS7.1AI score0.00526EPSS
Exploits4References6
CNNVD
CNNVD
added 2026/02/07 12:0 a.m.5 views

ACE SECURITY WiP-90113 访问控制错误漏洞

ACE SECURITY WiP-90113 is a camera product developed by the Japanese company ACE SECURITY. ACE SECURITY WiP-90113 has a vulnerability related to access control. This vulnerability arises from the unprotected configuration of backup endpoints, which may allow unverified attackers to retrieve...

8.7CVSS5.8AI score0.00414EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/07 12:0 a.m.6 views

DBPower C300 HD Camera 访问控制错误漏洞

The DBPower C300 HD Camera is a camera produced by the American company DBPower. The DBPower C300 HD Camera has a access control vulnerability, which stems from unprotected configuration of backup endpoints. This vulnerability may allow unverified attackers to retrieve hardcoded credentials...

8.7CVSS5.8AI score0.004EPSS
Exploits0References4
NVD
NVD
added 2026/02/03 10:16 p.m.4 views

CVE-2020-37082

webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backuptimestamp.sql.gz file...

9.8CVSS0.00541EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:1 p.m.2 views

CVE-2020-37082

webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backuptimestamp.sql.gz file...

9.8CVSS5.5AI score0.00541EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/02/03 10:1 p.m.3 views

EUVD-2020-30993

webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backuptimestamp.sql.gz file...

9.8CVSS5.5AI score0.00541EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/03 10:1 p.m.25 views

CVE-2020-37082 webERP 4.15.1 - Unauthenticated Backup File Access

webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backuptimestamp.sql.gz file...

9.8CVSS0.00541EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/03 10:1 p.m.3 views

CVE-2020-37082 webERP 4.15.1 - Unauthenticated Backup File Access

webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backuptimestamp.sql.gz file...

9.8CVSS5.5AI score0.00541EPSS
Exploits1References4
CVE
CVE
added 2026/02/03 10:1 p.m.11 views

CVE-2020-37082

Summary: CVE-2020-37082 affects webERP 4.15.1 and describes an unauthenticated backup file access flaw. Attackers can directly request and download generated backup files (Backup_[timestamp].sql.gz) from the companies/weberp/ directory without authentication, enabling remote file retrieval via ne...

9.8CVSS5.5AI score0.00541EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.3 views

PT-2026-5832

webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backup timestamp.sql.gz file...

9.8CVSS5.6AI score0.00541EPSS
Exploits1References5
Rows per page
Query Builder