MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an administrator ...

EUVD-2020-4012

Malware in sbrugna...

EUVD-2025-25386

Malicious code in bioql PyPI...

EUVD-2022-24989

Malicious code in bioql PyPI...

Arbitrary Code Injection

Craft CMS is vulnerable to Arbitrary Code Injection. The vulnerability is due to inadequate protection of restore functionality because, with a compromised security key and the ability to place an arbitrary file in storage/backups, an attacker can craft a request to /updater/restore-db that...

CVE-2025-8612 AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability

AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AOMEI Backupper Workstation. An attacker must first obtain the ability to execute low-privileged code on the target...

(0Day) AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of AOMEI Backupper Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an...

CVE-2025-27532

A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to access secret information via multiple crafted HTTP requests...

CVE-2025-2292

Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35...

CVE-2025-2292

Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35...

CVE-2025-2292 Xorcom CompletePBX <= 5.2.35 Authenticated File Disclosure

Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35...

CVE-2025-2292 Xorcom CompletePBX <= 5.2.35 Authenticated File Disclosure

Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35...

CVE-2025-27413

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template update functionality as it uses the path from the...

CVE-2025-27413

Summary of CVE-2025-27413 (PwnDoc) : Prior to version 1.2.0, PwnDoc’s backup restore functionality accepts raw data containing Path Traversal sequences (../). The template update process uses the database path to write content, which can overwrite source code and enable Remote Code Execution (RCE...

CVE-2024-31144

For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...

CVE-2024-20358

A vulnerability in the Cisco Adaptive Security Appliance ASA restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level...

K35255309: Linux kernel vulnerability CVE-2020-11669

Security Advisory Description An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idlebook3s.S does not have save/restore functionality for PNVPOWERSAVEAMR, PNVPOWERSAVEUAMOR, and PNVPOWERSAVEAMOR, aka CID-53a712bae5dd. CVE-2020-11669 Impact There i...

Inductive Automation Ignition

1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Inductive Automation Equipment: Ignition Vulnerability: Improper Restriction of XML External Entity Reference 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...

CVE-2020-11669

An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idlebook3s.S does not have save/restore functionality for PNVPOWERSAVEAMR, PNVPOWERSAVEUAMOR, and PNVPOWERSAVEAMOR, aka CID-53a712bae5dd...

CVE-2020-11669

An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idlebook3s.S does not have save/restore functionality for PNVPOWERSAVEAMR, PNVPOWERSAVEUAMOR, and PNVPOWERSAVEAMOR, aka CID-53a712bae5dd...