Lucene search
K

1288 matches found

Cvelist
Cvelist
added 2025/12/09 8:49 p.m.20 views

CVE-2023-53739 Tinycontrol LAN Controller v3 LK3 1.58a Unauthenticated Configuration Backup Disclosure

Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3settings.bin file and extract base64-encoded user and admin passwords witho...

9.9CVSS0.00455EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.7 views

PT-2025-50266

Name of the Vulnerable Software and Affected Versions Tinycontrol LAN Controller v3 LK3 version 1.58a Description The Tinycontrol LAN Controller v3 LK3 version 1.58a has an issue that allows remote attackers to download configuration backup files containing sensitive credentials without...

9.9CVSS6.5AI score0.00455EPSS
Exploits0References8
OSV
OSV
added 2025/12/02 12:38 a.m.6 views

GHSA-J422-QMXP-HV94 Grav vulnerable to Path Traversal allowing server files backup

Summary A path traversal vulnerability has been identified in Grav CMS, versions 1.7.49.5 , allowing authenticated attackers with administrative privileges to read arbitrary files on the underlying server filesystem. This vulnerability arises due to insufficient input sanitization in the backup...

6.8CVSS6.7AI score0.0042EPSS
Exploits1References4
CVE
CVE
added 2025/11/24 6:0 a.m.17 views

CVE-2025-12394

CVE-2025-12394 concerns the WordPress plugin Backup Migration. The vulnerability affects the plugin up to version 2.0.0, where it fails to generate the backup path correctly in certain server configurations. This allows unauthenticated users to read a log that reveals the backup filename, and the...

5.9CVSS6.4AI score0.00253EPSS
Exploits0References1
hivepro
hivepro
added 2025/11/19 6:23 p.m.8 views

SafePay Ransomware: TTPs and Defense Strategies

When a threat actor disables your security software and starts deleting your backups, you’re already in the middle of a crisis. The operators behind SafePay ransomware are known for these exact tactics, deliberately sabotaging your ability to respond and recover. Catching an attack like this earl...

7.1AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/11/19 4:22 p.m.0 views

CVE-2025-34331 AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated File Read via download.php

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. The endpoint exposes a file download mechanism that lacks access control, allowing remote, unauthenticated users to request...

8.7CVSS6.1AI score0.00462EPSS
Exploits2References4
CVE
CVE
added 2025/11/19 4:22 p.m.10 views

CVE-2025-34331

CVE-2025-34331 affects AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23. The issue is an unauthenticated file read via the download.php endpoint, which lacks access control and lets remote, unauthenticated users request files based on attacker-supplied path/filename. T...

8.7CVSS6.1AI score0.00462EPSS
Exploits2References4Affected Software2
RedhatCVE
RedhatCVE
added 2025/11/17 6:4 a.m.12 views

CVE-2016-15056

Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...

8.7CVSS6.5AI score0.00567EPSS
Exploits0References1
NVD
NVD
added 2025/11/14 11:15 p.m.8 views

CVE-2016-15056

Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...

8.7CVSS0.00567EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/14 10:52 p.m.4 views

EUVD-2021-34718

PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup interface over HTTP that does not require authentication. A remote, unauthenticated attacker can directly retrieve a compressed configuration backup file from the device. The backup contains sensitive configuration information,...

8.7CVSS6.4AI score0.00591EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/14 10:52 p.m.4 views

CVE-2021-4468 PLANEX CS-QP50F-ING2 Smart Camera Remote Configuration Disclosure

PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup interface over HTTP that does not require authentication. A remote, unauthenticated attacker can directly retrieve a compressed configuration backup file from the device. The backup contains sensitive configuration information,...

8.7CVSS6.5AI score0.00591EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/14 10:49 p.m.13 views

CVE-2016-15056 Ubee EVW3226 Unauthenticated Backup File Disclosure

Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...

8.7CVSS0.00567EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/14 10:49 p.m.4 views

EUVD-2016-10800

Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...

8.7CVSS6.1AI score0.00567EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/11/14 10:49 p.m.5 views

CVE-2016-15056 Ubee EVW3226 Unauthenticated Backup File Disclosure

Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...

8.7CVSS6.2AI score0.00567EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.6 views

PT-2025-47014

Name of the Vulnerable Software and Affected Versions Ubee EVW3226 versions up to and including 1.0.20 Description The Ubee EVW3226 cable modem/router firmware stores configuration backup files in the web root after they are generated for download. These files remain accessible without...

8.7CVSS6.3AI score0.00567EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.5 views

PT-2025-47019

Name of the Vulnerable Software and Affected Versions PLANEX CS-QP50F-ING2 smart cameras affected versions not specified Description The PLANEX CS-QP50F-ING2 smart cameras have a configuration backup interface accessible over HTTP without authentication. An unauthenticated remote attacker can...

8.7CVSS6.6AI score0.00591EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/11/13 1:0 p.m.2 views

CVE-2025-12763 Command injection vulnerability allowing arbitrary command execution on Windows

pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input...

6.8CVSS7.7AI score0.00737EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/11/10 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-53118

An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM...

9.8CVSS5.8AI score0.29365EPSS
In wildExploits0References75
Positive Technologies
Positive Technologies
added 2025/11/08 12:0 a.m.5 views

PT-2025-46142

Name of the Vulnerable Software and Affected Versions QNAP HBS 3 Hybrid Backup Sync versions prior to 26.2.0.938 Description A flaw exists in QNAP HBS 3 Hybrid Backup Sync related to incorrect path restriction for an access-limited directory. Successful exploitation by a remote attacker could lea...

7.8CVSS7.3AI score0.00203EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/11/06 6:13 a.m.14 views

CVE-2025-21078

Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications...

8.8CVSS6.8AI score0.00187EPSS
Exploits0References1
Rows per page
Query Builder