CVE-2016-20076 WordPress Simple-Backup 2.7.11 Arbitrary File Deletion and Download

WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the deletebackupfile and downloadbackupfile parameters in tools.php. Attackers can exploit insufficient input validation usi...

PT-2026-49214

WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the delete backup file and download backup file parameters in tools.php. Attackers can exploit insufficient input validation...

CVE-2026-39810

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump...

EUVD-2023-60568

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

CVE-2023-54346 WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities were caused by multiple vulnerabilities in the CloneSite plugin, which could allow unauthenticated attackers to...

CVE-2025-68462

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...

CVE-2025-68462

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...

UBUNTU-CVE-2025-68462

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...

CVE-2025-68462

CVE-2025-68462 affects Freedombox prior to 25.17.1. The vulnerability arises from improper permissions on the backups-data directory, which can allow reading of database dump files stored there. The CVSS baseline indicates a local attack with high complexity and no privileges required, yielding a...

Linux Distros Unpatched Vulnerability : CVE-2025-68462

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases. CVE-2025-68462 Note...

Freedombox 安全漏洞

Freedombox is a Debian-based freeware home server operating system. A security vulnerability exists in Freedombox versions prior to 25.17.1 that stems from improperly set permissions on the backup data directory, which could result in database dump files being read...

PT-2025-51993

Name of the Vulnerable Software and Affected Versions Freedombox versions prior to 25.17.1 Description Freedombox versions prior to 25.17.1 do not establish appropriate permissions for the backups-data directory. This allows unauthorized access to database dump files. Recommendations Update to...

CVE-2025-60912

phpIPAM v1.7.3 contains a Cross-Site Request Forgery CSRF vulnerability in the database export functionality. The generate-mysql.php function, located in the /app/admin/import-export/ endpoint, allows remote attackers to trigger large database dump downloads via crafted HTTP GET requests if an...

CVE-2025-12762 Remote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4)

pgAdmin versions up to 9.9 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...

EUVD-2025-25184

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-33568

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects,...

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability in a web‑exposed script. A remote attacker can supply a crafted path parameter to read arbitrary files from the filesystem via directory traversal (e.g., ../../../), without authentication or proper path handling. Potentia...

CVE-2025-34084

The CVE CVE-2025-34084 affects the WordPress Total Upkeep (BoldGrid Backup) plugin. Affected versions are up to and including 1.14.9 (and prior to 1.14.10 per RH) and expose sensitive backup information via env-info.php and restore-info.json without authentication. Attackers can locate backup fil...