Lucene search
K

75 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-55500

9Router is an AI router & token saver. Prior to 0.4.80, the /api/settings/database endpoint allows full database export containing all credentials, API keys, OAuth tokens, and settings and full database import complete overwrite without any authentication requirement beyond the ALWAYSPROTECTED...

9.9CVSS0.00685EPSS
Exploits0References3
CVE
CVE
added 4 days ago14 views

CVE-2026-55500

CVE-2026-55500 (9router) exposes a critical flaw in the /api/settings/database endpoint. The GET export returns the entire database, including plaintext API keys, OAuth tokens, and provider credentials, while POST can wipe-and-replace the database with attacker-controlled data. This bypasses auth...

9.9CVSS6.1AI score0.00685EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/07/06 9:37 p.m.6 views

9routers has Exposure of Sensitive Information and Unprotected Database Import/Export, Allowing Complete Credential Theft and Database Takeover

Summary The /api/settings/database endpoint allows full database export containing all credentials, API keys, OAuth tokens, and settings and full database import complete overwrite without any authentication requirement beyond the ALWAYSPROTECTED middleware check, which only validates JWT or CLI...

9.9CVSS6AI score0.00685EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/07/06 9:37 p.m.6 views

NPM: 9routers has Exposure of Sensitive Information and Unprotected Database Import/Export, Allowing Complete Credential Theft and Database Takeover

NPM: 9routers has Exposure of Sensitive Information and Unprotected Database Import/Export, Allowing Complete Credential Theft and Database Takeover vulnerability discovered by ? in WordPress Npm 9router versions = 0.4.71...

9.9CVSS5.9AI score0.00685EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.13 views

PT-2026-56083

Name of the Vulnerable Software and Affected Versions 9Router versions prior to 0.4.80 Description The /api/settings/database endpoint allows for full database export and import without sufficient authentication. The endpoint is protected by the ALWAYS PROTECTED middleware, which only validates a...

9.9CVSS6.1AI score0.00685EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.12 views

CVE-2026-4029

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to...

7.5CVSS5.5AI score0.0041EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 1:16 p.m.24 views

CVE-2026-4029

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to...

7.5CVSS0.0041EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/14 12:32 p.m.16 views

EUVD-2026-30272

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to...

7.5CVSS5.8AI score0.0041EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:15 p.m.5 views

CVE-2026-4173

A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation...

6.5CVSS6.2AI score0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/16 3:30 p.m.3 views

EUVD-2026-12220

A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation...

6.5CVSS5.5AI score0.00242EPSS
Exploits0References5
NVD
NVD
added 2026/03/16 2:19 p.m.5 views

CVE-2026-4173

A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation...

6.5CVSS0.00242EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/15 9:2 a.m.2 views

CVE-2026-4173

A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation...

6.5CVSS5.5AI score0.00242EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/15 9:2 a.m.45 views

CVE-2026-4173 CodePhiliaX Chat2DB Database Export DMDBManage.java updateProcedure sql injection

A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation...

6.5CVSS0.00242EPSS
Exploits0References4
CVE
CVE
added 2026/03/15 9:2 a.m.17 views

CVE-2026-4173

CodePhiliaX Chat2DB (≤0.3.7) exposes a SQL injection in DMDBManage.java under Database Export Handler, affecting functions exportTable, exportTableColumnComment, exportView, exportProcedure, exportTriggers, exportTrigger, and updateProcedure. The flaw enables remote exploitation with a proof-of-c...

6.5CVSS6.3AI score0.00242EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.5 views

PT-2026-25546

A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation...

6.5CVSS5.5AI score0.00242EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/02/12 10:48 p.m.2 views

CVE-2019-25342 Centova Cast 3.2.12 - Denial of Service

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

7.5CVSS5.5AI score0.004EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/12 10:48 p.m.7 views

CVE-2019-25342

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

7.5CVSS5.5AI score0.004EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/02/12 10:48 p.m.17 views

CVE-2019-25342

CVE-2019-25342 affects Centova Cast 3.2.12. The vulnerability is a denial-of-service in which repeatedly calling the database export API endpoint (via /api.php) with crafted parameters and multiple concurrent requests can drive the system to 100% CPU. Metrics indicate high impact to availability ...

7.5CVSS5.5AI score0.004EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/12 10:48 p.m.30 views

CVE-2019-25342 Centova Cast 3.2.12 - Denial of Service

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

7.5CVSS0.004EPSS
Exploits0References3
CVE
CVE
added 2026/02/12 2:25 p.m.17 views

CVE-2026-1104

CVE-2026-1104 affects the FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress. The vulnerability is due to a missing capability check on REST API endpoints across all versions up to and including 2.7.1, enabling authenticated attackers with Contributor-level access and above t...

8.8CVSS5.5AI score0.00266EPSS
Exploits0References3
Rows per page
Query Builder