Lucene search
K

1288 matches found

UbuntuCve
UbuntuCve
added 2025/12/18 6:15 a.m.4 views

CVE-2025-68462

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...

3.2CVSS5.8AI score0.00096EPSS
Exploits0References3
OSV
OSV
added 2025/12/18 6:15 a.m.4 views

UBUNTU-CVE-2025-68462

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...

3.2CVSS5.8AI score0.00096EPSS
Exploits0References4
CVE
CVE
added 2025/12/18 5:14 a.m.11 views

CVE-2025-68462

CVE-2025-68462 affects Freedombox prior to 25.17.1. The vulnerability arises from improper permissions on the backups-data directory, which can allow reading of database dump files stored there. The CVSS baseline indicates a local attack with high complexity and no privileges required, yielding a...

3.2CVSS6.5AI score0.00096EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 5:14 a.m.26 views

CVE-2025-68462

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...

3.2CVSS0.00096EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/12/18 5:14 a.m.4 views

CVE-2025-68462

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...

3.2CVSS5.2AI score0.00096EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.5 views

PT-2025-51993

Name of the Vulnerable Software and Affected Versions Freedombox versions prior to 25.17.1 Description Freedombox versions prior to 25.17.1 do not establish appropriate permissions for the backups-data directory. This allows unauthorized access to database dump files. Recommendations Update to...

3.2CVSS6.4AI score0.00096EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2025-68462

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases. CVE-2025-68462 Note...

3.2CVSS5.8AI score0.00096EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2025/12/15 12:0 a.m.148 views

📄 GetSimple CMS 3.3.16 Cross Site Request Forgery

GetSimple CMS version 3.3.16 cross site request forgery proof of concept that deletes all backups without user confirmation. ============================================================================================================================================= | Title : GetSimple CMS 3.3.16...

7.2CVSS6.8AI score0.07548EPSS
Exploits3
EUVD
EUVD
added 2025/12/13 6:30 p.m.6 views

EUVD-2025-203201

The Export WP Page to Static HTML & PDF plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.4 through publicly exposed cookies.txt files containing authentication cookies. This makes it possible for unauthenticated attackers to cookies th...

9.8CVSS5.5AI score0.01954EPSS
Exploits0References3
CVE
CVE
added 2025/12/13 4:31 a.m.28 views

CVE-2025-11693

CVE-2025-11693 affects the WordPress plugin “Export WP Page to Static HTML & PDF” (versions up to 4.3.4). It exposes authentication cookies via a publicly accessible cookies.txt log file, potentially leaking cookies injected during backups triggered by high-privilege roles (e.g., administrator). ...

9.8CVSS5.6AI score0.01954EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.4 views

PT-2025-51053

Name of the Vulnerable Software and Affected Versions Export WP Page to Static HTML & PDF plugin for WordPress versions up to and including 4.3.4 Description The software is susceptible to sensitive information exposure due to publicly exposed cookies.txt files containing authentication cookies...

9.8CVSS5.8AI score0.01954EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/12/10 9:16 p.m.4 views

CVE-2023-53739

Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3settings.bin file and extract base64-encoded user and admin passwords witho...

9.9CVSS7.1AI score0.00455EPSS
Exploits0References1
OSV
OSV
added 2025/12/10 9:16 p.m.2 views

CVE-2020-36887

SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information...

7.5CVSS5.8AI score0.00352EPSS
Exploits1References4
NVD
NVD
added 2025/12/10 9:16 p.m.5 views

CVE-2020-36887

SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information...

8.7CVSS0.00352EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/10 8:49 p.m.23 views

CVE-2020-36887 SpinetiX Fusion Digital Signage 3.4.8 Unauthenticated Database Backup Disclosure

SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information...

8.7CVSS0.00352EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/10 8:49 p.m.2 views

CVE-2020-36887 SpinetiX Fusion Digital Signage 3.4.8 Unauthenticated Database Backup Disclosure

SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information...

8.7CVSS6AI score0.00352EPSS
Exploits1References4
CVE
CVE
added 2025/12/10 8:49 p.m.14 views

CVE-2020-36887

SpinetiX Fusion Digital Signage 3.4.8 has an unauthenticated information disclosure vulnerability in the database backup directory. The /content/files/backups/ endpoint can be accessed to download sensitive backup files containing user credentials and system information. Exploitation details are ...

8.7CVSS6AI score0.00352EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.7 views

PT-2025-50511

SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information...

8.7CVSS6.4AI score0.00352EPSS
Exploits1References6
EUVD
EUVD
added 2025/12/09 9:31 p.m.4 views

EUVD-2023-60177

Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3settings.bin file and extract base64-encoded user and admin passwords witho...

9.9CVSS6.6AI score0.00455EPSS
Exploits0References5
NVD
NVD
added 2025/12/09 9:15 p.m.5 views

CVE-2023-53739

Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3settings.bin file and extract base64-encoded user and admin passwords witho...

9.9CVSS0.00455EPSS
Exploits0References4
Rows per page
Query Builder