146 matches found
PT-2026-5832
webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backup timestamp.sql.gz file...
Improper Access Control
craftcms/cms is vulnerable to Improper Access Control. The vulnerability is due to missing authentication checks on certain administrative actions, which allows an unauthenticated attacker to trigger database backup operations and potentially cause resource exhaustion or information disclosure...
CVE-2025-68456
Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger database backup operations via specific admin actions, potentially leading to resource exhaustion or information disclosure. Users should update ...
CVE-2025-68456
CVE-2025-68456 affects Craft CMS versions 5.0.0-RC1–5.8.20 and 3.0.0–4.16.16, where unauthenticated users can trigger database backup operations via the admin action path updater/backup. The underlying issue is exposed across all updater actions configured for anonymous access, enabling a backup ...
CVE-2025-68456 Unauthenticated Craft CMS users can trigger a database backup
Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger database backup operations via specific admin actions, potentially leading to resource exhaustion or information disclosure. Users should update ...
GHSA-V64R-7WG9-23PR Unauthenticated Craft CMS users can trigger a database backup
Unauthenticated users can trigger database backup operations the updater/backup action, potentially leading to resource exhaustion or information disclosure. Users should update to the patched versions 5.8.21 and 4.16.17 to mitigate the issue. Craft 3 users should update to the latest Craft 4 and...
PT-2026-1193
Name of the Vulnerable Software and Affected Versions Craft versions 5.0.0-RC1 through 5.8.20 Craft versions 3.0.0 through 4.16.16 Description Unauthenticated users can initiate database backup operations through certain administrative actions. This could lead to resource exhaustion or informatio...
CVE-2020-36887 SpinetiX Fusion Digital Signage 3.4.8 Unauthenticated Database Backup Disclosure
SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information...
CVE-2020-36887 SpinetiX Fusion Digital Signage 3.4.8 Unauthenticated Database Backup Disclosure
SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information...
EUVD-2010-2476
Malware in sbrugna...
EUVD-2012-2885
Malware in sbrugna...
EUVD-2008-5823
Malware in sbrugna...
EUVD-2018-13425
Malware in sbrugna...
EUVD-2006-3825
Malware in sbrugna...
EUVD-2007-0062
Malware in sbrugna...
EUVD-2021-11088
Malware in sbrugna...
EUVD-2004-1718
Malware in sbrugna...
EUVD-2023-0134
Malicious code in bioql PyPI...
EUVD-2025-1849
Malicious code in bioql PyPI...
EUVD-2023-46278
Malicious code in bioql PyPI...