Lucene search
K

778 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:34 a.m.6 views

CVE-2019-7667

Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and disclose login...

9.8CVSS7.1AI score0.04497EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:34 a.m.11 views

CVE-2019-7403

An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/databasebackup.php?action=import=deldir=../ URI...

5.5CVSS7.2AI score0.01686EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:27 a.m.6 views

CVE-2019-12564

In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames...

9.8CVSS7.1AI score0.02011EPSS
Exploits1References1
OSV
OSV
added 2026/01/05 10:3 p.m.5 views

CVE-2025-68456 Unauthenticated Craft CMS users can trigger a database backup

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger database backup operations via specific admin actions, potentially leading to resource exhaustion or information disclosure. Users should update ...

8.3CVSS6.7AI score0.00471EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/01/05 6:49 p.m.9 views

Unauthenticated Craft CMS users can trigger a database backup

Unauthenticated users can trigger database backup operations the updater/backup action, potentially leading to resource exhaustion or information disclosure. Users should update to the patched versions 5.8.21 and 4.16.17 to mitigate the issue. Craft 3 users should update to the latest Craft 4 and...

9.1CVSS6.7AI score0.00471EPSS
Exploits1References5Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress WP Database Backup plugin < 5.2 - Unauthenticated OS Command Injection vulnerability

Unauthenticated OS Command Injection vulnerability discovered by WordFence in WordPress Plugin WP Database Backup versions 5.2...

9.8CVSS5.6AI score0.16682EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/24 10:29 p.m.4 views

CVE-2025-66209

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Backup functionality allows users with application/service management permissions to execute...

9.9CVSS8.8AI score0.0376EPSS
Exploits1References1
NVD
NVD
added 2025/12/23 10:15 p.m.11 views

CVE-2025-66209

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Backup functionality allows users with application/service management permissions to execute...

9.9CVSS0.0376EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/23 9:42 p.m.23 views

CVE-2025-66209 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Backup

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Backup functionality allows users with application/service management permissions to execute...

9.9CVSS0.0376EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/23 9:42 p.m.4 views

CVE-2025-66209 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Backup

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Backup functionality allows users with application/service management permissions to execute...

9.9CVSS8.7AI score0.0376EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/23 9:42 p.m.4 views

EUVD-2025-204961

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Backup functionality allows users with application/service management permissions to execute...

9.4CVSS8.5AI score0.0376EPSS
Exploits1References3
CVE
CVE
added 2025/12/23 9:42 p.m.14 views

CVE-2025-66209

CVE-2025-66209 affects Coolify (open‑source self‑hosted platform for managing servers, apps, and databases). The authenticated command injection vulnerability exists prior to 4.0.0-beta.451 in the Database Backup functionality, where database names are passed to shell commands without sanitizatio...

9.9CVSS8.7AI score0.0376EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/12/23 9:42 p.m.5 views

CVE-2025-66209 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Backup

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Backup functionality allows users with application/service management permissions to execute...

9.9CVSS9AI score0.0376EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/12/23 12:0 a.m.7 views

Coolify 操作系统命令注入漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. An operating system command injection vulnerability exists in versions prior to Coolify 4.0.0-beta.451, which stems from an uncleaned database name in the Database Backup feature and could lead ...

9.9CVSS7.2AI score0.0376EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.3 views

PT-2025-52851

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.451 Description Coolify is a self-hostable tool for managing servers, applications, and databases. A command injection issue exists in the Database Backup functionality for authenticated users with...

9.9CVSS7.5AI score0.0376EPSS
Exploits1References21
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.11 views

PT-2025-50511

SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information...

8.7CVSS6.4AI score0.00352EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.5 views

SpinetiX Fusion Digital Signage 安全漏洞

SpinetiX Fusion Digital Signage is a digital signage software from SpinetiX Switzerland. A security vulnerability exists in SpinetiX Fusion Digital Signage version 3.4.8, which originates from unauthorized access to the database backup directory and could lead to information disclosure...

8.7CVSS6.4AI score0.00352EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/11/14 12:0 a.m.4 views

SourceCodester Simple Online Book Store System 安全漏洞

SourceCodester Simple Online Book Store System is a SourceCodester open source simple online bookstore system. A security vulnerability exists in SourceCodester Simple Online Book Store System, which originates from an unauthenticated HTTP GET request to access a database backup file, potentially...

7.5CVSS6.9AI score0.00401EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/29 9:30 p.m.5 views

EUVD-2025-36705

Allegra DatabaseBackupBL Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

4.9CVSS5.7AI score0.01905EPSS
Exploits0References3
NVD
NVD
added 2025/10/29 8:15 p.m.9 views

CVE-2025-11466

Allegra DatabaseBackupBL Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

4.9CVSS0.01905EPSS
Exploits0References2
Rows per page
Query Builder