CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/07 12:0 a.m.•7 views

Incus 代码问题漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained code vulnerabilities due to lack of error handling. These vulnerabilities could allow authenticated users to cause the daemon process to crash by importing truncated backup files...

6.5CVSS5.9AI score0.00394EPSS

Exploits1References1

CNNVD•added 2026/05/07 12:0 a.m.•6 views

Incus 代码问题漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained code vulnerabilities. These vulnerabilities stemmed from the backup.GetInfo function’s trust inlining backup configurations, which allowed valid, inline configurations along with...

6.5CVSS5.8AI score0.00408EPSS

Exploits1References1

NVD•added 2026/05/06 8:16 p.m.•4 views

CVE-2026-40309

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.empty function does not validate anti-CSRF tokens for trash management requests. An attacker can induce a logged-in administrator to submit a forged request that empties the trash and permanent...

7.2CVSS0.00165EPSS

Exploits0References1

ATTACKERKB•added 2026/05/06 7:42 p.m.•3 views

CVE-2026-40309

7.2CVSS5.7AI score0.00165EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/06 7:42 p.m.•23 views

CVE-2026-40309 Masa CMS CSRF in trash management allows unauthorized permanent deletion of deleted content

7.2CVSS0.00165EPSS

Exploits0References1

ATTACKERKB•added 2026/05/06 3:27 a.m.•6 views

CVE-2026-5753

The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmveSchedulesController::save' handler for 'adminpostai1wmscheduleeventsave' not verifying user capabilities before saving...

6.5CVSS5.7AI score0.00266EPSS

Exploits0References3

Positive Technologies•added 2026/05/06 12:0 a.m.•6 views

PT-2026-38227

Name of the Vulnerable Software and Affected Versions Masa CMS versions prior to 7.2.10 Masa CMS versions prior to 7.3.15 Masa CMS versions prior to 7.4.10 Masa CMS versions prior to 7.5.3 Description The cTrash.empty function fails to validate anti-CSRF Cross-Site Request Forgery tokens for tras...

7.2CVSS5.8AI score0.00165EPSS

Exploits0References3

NVD•added 2026/05/05 12:16 p.m.•10 views

CVE-2023-54346

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

8.7CVSS0.0031EPSS

Cvelist•added 2026/05/05 11:24 a.m.•26 views

CVE-2023-54346 WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download

8.7CVSS0.0031EPSS

CVE•added 2026/05/05 11:24 a.m.•12 views

CVE-2023-54346

WordPress Plugin Backup Migration 1.2.8 suffers information-disclosure: unauthenticated attackers can download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories via configuration files and logs to construct direct download URLs. No remediati...

ATTACKERKB•added 2026/05/05 11:24 a.m.•5 views

CVE-2023-54346

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/05 11:24 a.m.•6 views

CVE-2023-54346 WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download

Positive Technologies•added 2026/05/05 12:0 a.m.•6 views

PT-2026-37001

CNNVD•added 2026/05/05 12:0 a.m.•7 views

Exploits0References5

WordPress plugin Backup Migration 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Snyk•added 2026/05/04 9:27 p.m.•5 views

Exploits0References1

Arbitrary Code Injection

Overview github.com/0xJacky/Nginx-UI/api/system is a yet another Nginx Web UI Affected versions of this package are vulnerable to Arbitrary Code Injection via the restore process. An attacker can execute arbitrary OS commands by uploading a crafted backup archive that overwrites the application's...

9.8CVSS6AI score0.00764EPSS

OSV•added 2026/05/04 7:46 p.m.•4 views

GHSA-98VH-X9CX-9CFP Incus is affected by unbounded binary import disk exhaustion

Summary Uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.imagesvolume and storage.backupsvolume as those users will have large uploads be stored on those...

4.3CVSS5.8AI score0.00333EPSS

Exploits1References4

Snyk•added 2026/05/04 7:45 p.m.•4 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the restore process when handling a crafted backup archive containing a valid backup/index.yaml and a malformed legacy backup.yaml file that omits the container section. An attacker can cause the daemon to...

7.1CVSS5.8AI score0.00408EPSS

Snyk•added 2026/05/04 7:45 p.m.•5 views

NULL Pointer Dereference

7.1CVSS5.8AI score0.00408EPSS

Snyk•added 2026/05/04 7:38 p.m.•4 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference through the UploadAllFiles process. An attacker can cause the daemon to crash by importing a truncated or malformed backup archive that triggers a nil-pointer dereference during tar file iteration. Remediation...

7.1CVSS5.8AI score0.00394EPSS