Masa CMS 跨站请求伪造漏洞

Masa CMS is a digital experience platform operated by Masa CMS organization. Versions of Masa CMS 7.5.2 and earlier contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the cTrash.restore function not properly verifying the anti-CSRF token, allowing attackers to...

pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...

CVE-2025-12762

pgAdmin versions up to 9.9 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...

GHSA-W2P4-P4RH-QCM3 pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode

pgAdmin versions up to 9.9 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...

EUVD-2025-169296

pgAdmin4 vulnerable to Remote Code Execution RCE when running in server mode...

CVE-2025-12762

pgAdmin versions up to 9.9 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...

CVE-2025-12763 Command injection vulnerability allowing arbitrary command execution on Windows

pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input...

EUVD-2025-31839

A vulnerability was found in JhumanJ OpnForm up to 1.9.3. This issue affects some unknown processing of the file /show/integrations. Performing manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The pat...

Linux Distros Unpatched Vulnerability : CVE-2024-46690

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfsd4deleggetattrconflict in presence of third party lease It is not safe to...

CVE-2025-45239

An issue in the restores method DataBackup.php of foxcms v2.0.6 allows attackers to execute a directory traversal...

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.16 Multiple Vulnerabilities (CloudBees Security Advisory 2023-05-03-security-advisory)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.16. It is, therefore, affected by multiple vulnerabilities including the following: - Backup Jobs Can Be Broken by Low-Privilege User With Job/Configure BEE-29576Severity...

CVE-2020-3187

A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted...

How to Create Custom IAM Role to Perform Restores

How to Create Custom IAM Role to Perform Restores...

CVE-2017-18385

cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores SEC-311...

CVE-2017-18385

cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores SEC-311...

Design/Logic Flaw

cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores SEC-311...

CVE-2017-18385

cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores SEC-311...

CVE-2017-18385

CVE-2017-18385 affects cPanel before 68.0.15, where unprivileged users can access restricted directories during account restores (SEC-311). The issue is documented across multiple sources (cPanel changelog references and Red Hat/CNVD listings). Practical impact: restricted directory exposure duri...

CVE-2019-4383

When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 162165...

PT-2019-17051 · Ibm +2 · Ibm Spectrum Protect Plus +2

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Protect Plus versions 10.1.0 through 10.1.3 Description: The issue concerns an escalation of user privileges that may occur during a redirected restore operation when protecting Oracle or MongoDB databases. Recommendations: For...