Lucene search
K

1289 matches found

Positive Technologies
Positive Technologies
added 2025/09/24 12:0 a.m.5 views

PT-2025-39287

Name of the Vulnerable Software and Affected Versions Puppet Enterprise versions 2025.4.0 through 2025.5 Description The encryption key for the Infra Assistant database was not excluded from Puppet backups in Puppet Enterprise. This key is only present if a Puppet Enterprise Advanced license is...

6.9CVSS6.6AI score0.00177EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/24 12:0 a.m.4 views

Puppet Enterprise Administration Module(PEADM) 安全漏洞

Puppet Enterprise Administration Module PEADM is an open source Puppet module from Puppet that defines the Bolt program. It is used to automate Puppet Enterprise deployments. A security vulnerability exists in Puppet Enterprise Administration Module PEADM versions 2025.4.0 and 2025.5, which stems...

6.9CVSS6.6AI score0.00177EPSS
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2025/09/10 5:44 p.m.7 views

Akira Ransomware Group Utilizing SonicWall Devices for Initial Access

Latest update – September 18, 2025 On September 17, 2025, SonicWall disclosed a security breach affecting all SonicWall customers with MySonicWall.com cloud backups enabled. The firm detected suspicious activity targeting MySonicWall.com, through which threat actors were able to access backup...

6.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2016-3759

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to read backup data via a crafted application th...

5CVSS5.6AI score0.00313EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/05 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-43437

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting XSS risk from malicious backup file...

6.1CVSS5AI score0.00338EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-40314

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. CVE-2022-40314 Note that Nessus relies on the presence of t...

9.8CVSS7AI score0.01527EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/30 6:17 p.m.5 views

CVE-2025-53118

An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM...

9.8CVSS7.1AI score0.29365EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/08/29 4:1 p.m.5 views

WordPress Nifty Backups plugin <= 1.08 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Nifty Backups versions = 1.08...

7.1CVSS6.1AI score0.00228EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/08/28 5:43 p.m.4 views

CVE-2025-58049 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki...

5.8CVSS6.7AI score0.00341EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/08/28 5:43 p.m.7 views

CVE-2025-58049 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki...

5.8CVSS0.00341EPSS
Exploits1References3
NVD
NVD
added 2025/08/28 6:15 a.m.4 views

CVE-2024-13807

The Xagio SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.1.0.5 via the backup functionality due to weak filename structure and lack of protection in the directory. This makes it possible for unauthenticated attackers to extract...

7.5CVSS0.00351EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2023-41335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be...

3.7CVSS7.2AI score0.00362EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/08/25 11:58 p.m.4 views

SUSE CVE-2023-41335

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities-it already learns the users' passwords as...

3.7CVSS6.4AI score0.00362EPSS
Exploits0References3
NVD
NVD
added 2025/08/25 4:15 p.m.5 views

CVE-2025-53118

An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM...

9.8CVSS0.29365EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/25 4:6 p.m.2 views

CVE-2025-53118 Securden Unified PAM Authentication Bypass

An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM...

9.8CVSS7.3AI score0.29365EPSS
Exploits0References1
CVE
CVE
added 2025/08/25 4:6 p.m.27 views

CVE-2025-53118

CVE-2025-53118 affects Securden Unified PAM. An unauthenticated attacker can bypass authentication to manipulate administrator backups, risking exposure of passwords, secrets, and session tokens stored by Unified PAM. The issue has been observed in the wild (CIRCL sighting/export data) and was di...

9.8CVSS6.8AI score0.29365EPSS
In wildExploits0References1
Cvelist
Cvelist
added 2025/08/25 4:6 p.m.330 views

CVE-2025-53118 Securden Unified PAM Authentication Bypass

An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM...

9.8CVSS0.29365EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/25 12:0 a.m.4 views

PT-2025-34675 · Unknown · Unified Pam

Name of the Vulnerable Software and Affected Versions: Unified PAM affected versions not specified Description: An authentication bypass allows unauthenticated attackers to control administrator backup functions. Successful exploitation can lead to the compromise of passwords, secrets, and...

9.8CVSS6.4AI score0.29365EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/08/23 12:23 a.m.5 views

CVE-2025-51818

MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an attacker to execute arbitrary commands...

5.4CVSS7.8AI score0.00235EPSS
Exploits1References1
NVD
NVD
added 2025/08/21 2:15 p.m.5 views

CVE-2025-51818

MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an attacker to execute arbitrary commands...

5.4CVSS0.00235EPSS
Exploits1References1
Rows per page
Query Builder