CVE-2026-26978

FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data during restore operations, potentially leading to compromise if the backup contains carefully crafted hostile data. During backup restore operations, FreePBX extracts selected...

EUVD-2026-30810

FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data during restore operations, potentially leading to compromise if the backup contains carefully crafted hostile data. During backup restore operations, FreePBX extracts selected...

Mbed TLS 安全漏洞

Mbed TLS is an open-source, portable, easy-to-use, readable, and flexible SSL library developed by Mbed. Versions of Mbed TLS from 3.5.0 to 4.0.0 contain security vulnerabilities, which stem from the potential for client impersonation when restoring TLS 1.3 sessions...

nginx-ui Backup Restore Allows Tampering with Encrypted Backups

The nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration...

CVE-2026-24901

Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference IDOR vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownership of deleted drafts belonging to other users,...

CVE-2026-24901

Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference IDOR vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownership of deleted drafts belonging to other users,...

CVE-2026-24901 Outline's IDOR allows unauthorized viewing and seizing of private deleted drafts

Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference IDOR vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownership of deleted drafts belonging to other users,...

CVE-2017-18384

cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail SEC-310...

CVE-2025-12023

The CVE concerns the WordPress ELEX HelpDesk & Customer Ticketing System plugin. Multiple connected documents corroborate a vulnerability in all versions up to 3.3.1 where a missing capability check on eh_crm_restore_data() allows authenticated users with Subscriber-level access and above to modi...

EUVD-2019-8364

Malware in sbrugna...

PostgreSQL 13.x < 13.22 / 14.x < 14.19 / 15.x < 15.14 / 16.x < 16.10 / 17.x < 17.6 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 13 prior to 13.22, 14 prior to 14.19, 15 prior to 15.14, 16 prior to 16.10, or 17 prior to 17.6. As such, it is potentially affected by multiple vulnerabilities : - Improper neutralization of newlines in pgdump in PostgreSQL allows a user ...

CVE-2024-36486

A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 55740. When an archived virtual machine is restored, the prlvmarchiver tool decompresses the file and writes the content back to its original location...

CVE-2018-20891

cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration SEC-436...

The vulnerability of the password restoration function in systems for job requests, incidents, and computer equipment inventory management allows a hacker to circumvent existing security restrictions.

The vulnerability of the password restoration function in systems for job requests, incidents, and computer equipment inventory management in GLPI is related to the lack of a password restoration mechanism. Exploiting this vulnerability could allow an attacker to bypass existing security...

CVE-2024-35302

In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible...

CVE-2024-27012 netfilter: nf_tables: restore set elements when delete set fails

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: restore set elements when delete set fails From abort path, nftmapelemactivate needs to restore refcounters to the original state. Currently, it uses the set-ops-walk to iterate over these set elements. The...

The vulnerability of the Glib library, related to the restoration of unreliable data in memory, allows a hacker to cause a service failure.

The vulnerability of the Glib library relates to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...

Design/Logic Flaw

The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled...

CVE-2022-48301

The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled...

The vulnerability of the unit_deserialize component in Systemd allows a malicious actor to elevate their privileges to the root level.

The vulnerability of the unitdeserialize component in Systemd relates to the restoration of a dubious data structure in memory. Exploiting this vulnerability allows an attacker, operating remotely, to elevate their privileges to the root level...