1288 matches found
EUVD-2025-28282
Malicious code in bioql PyPI...
EUVD-2023-57819
Malicious code in bioql PyPI...
EUVD-2023-54529
Malicious code in bioql PyPI...
EUVD-2025-14673
Malicious code in bioql PyPI...
EUVD-2025-25468
Malicious code in bioql PyPI...
EUVD-2022-34157
Malicious code in bioql PyPI...
EUVD-2023-27427
Malicious code in bioql PyPI...
CVE-2025-10306
The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the processbackupbatch function. This makes it possible for authenticated attackers, with Administrator-level access and above, to download...
PT-2025-40471
The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the process backup batch function. This makes it possible for authenticated attackers, with Administrator-level access and above, to download...
CVE-2025-59337 Discourse: Cross-Site Data Exposure via Backup Restore Metacommand Injection in Multisite Deployments
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixe...
Migration to Unified Veeam Data Cloud FAQ
Below are the most commonly asked questions. What is changing with my Veeam Data Cloud for Microsoft 365 experience? Veeam is transitioning customers to the Veeam Data Cloud Platform, a unified multi-workload interface. This new experience allows you to manage Microsoft 365, Entra ID, Salesforce,...
Arbitrary Code Injection
Craft CMS is vulnerable to Arbitrary Code Injection. The vulnerability is due to inadequate protection of restore functionality because, with a compromised security key and the ability to place an arbitrary file in storage/backups, an attacker can craft a request to /updater/restore-db that...
CVE-2025-10360
In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled t...
CVE-2025-10360
In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled t...
CVE-2025-10360 Insufficiently Protected Credentials in Puppet Enterprise 2025.4 and 2025.5
In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled t...
CVE-2025-10360
CVE-2025-10360 affects Puppet Enterprise 2025.4.0 and 2025.5, where the encryption key for the Infra Assistant database was not excluded from files collected by Puppet backup. The key is present only for users with an Infra Assistant license and feature enabled, and it protects the API key for th...
CVE-2025-10360 Insufficiently Protected Credentials in Puppet Enterprise 2025.4 and 2025.5
In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled t...
CVE-2025-10360
In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled t...
How One Bad Password Ended a 158-Year-Old Business
Most businesses don't make it past their fifth birthday - studies show that roughly 50% of small businesses fail within the first five years. So when KNP Logistics Group formerly Knights of Old celebrated more than a century and a half of operations, it had mastered the art of survival. For 158...
Puppet Enterprise Administration Module(PEADM) 安全漏洞
Puppet Enterprise Administration Module PEADM is an open source Puppet module from Puppet that defines the Bolt program. It is used to automate Puppet Enterprise deployments. A security vulnerability exists in Puppet Enterprise Administration Module PEADM versions 2025.4.0 and 2025.5, which stems...