Lucene search
K

10 matches found

Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-39934

UNSUPPORTED WHEN ASSIGNED An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration file...

4.4CVSS5.8AI score0.00108EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/10 2:8 p.m.4 views

CVE-2025-41763

A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files...

6.5CVSS5.8AI score0.00241EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/11 8:49 p.m.2 views

CVE-2020-37104

ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database...

8.7CVSS5.5AI score0.00565EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/10/03 12:15 p.m.9 views

CVE-2025-10306

The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the processbackupbatch function. This makes it possible for authenticated attackers, with Administrator-level access and above, to download...

3.8CVSS0.0029EPSS
Exploits0References3
OSV
OSV
added 2023/03/07 3:15 p.m.5 views

CVE-2022-4932

The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2023/03/07 3:15 p.m.5 views

CVE-2022-4931

The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00458EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/07 12:0 a.m.7 views

WordPress plugin BackupWordPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...

4.3CVSS5.2AI score0.00458EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/13 1:18 a.m.14 views

Missing permission checks in Jenkins Periodic Backup Plugin allow every user to change settings

The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not requiring requests to it...

8CVSS6.8AI score0.01072EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2017/10/04 1:0 a.m.47 views

CVE-2017-1000086

Summary: Multiple sources report a vulnerability in the Jenkins Periodic Backup Plugin (CVE-2017-1000086) involving missing permission checks and CSRF exposure. Affected component: Jenkins Periodic Backup Plugin (version 1.4 and earlier, per CNVD/CVE references). Root cause (as stated): The plugi...

8CVSS7.8AI score0.01072EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2016/12/26 12:0 a.m.4 views

Database Backup Download Vulnerability in Joomla!

Joomla! is an open source content management system CMS. A database backup download vulnerability exists in joomla version 1.6.x. The vulnerability stems from the program's failure to adequately filter user-submitted input, which can be exploited by an attacker to download database backups to...

6.8AI score
Exploits0References1
Rows per page
Query Builder