44 matches found
CVE-2026-50364
Improper link resolution before file access 'link following' in Windows Server Backup allows an authorized attacker to elevate privileges locally...
CVE-2026-50364
Technical details (affected product/version, root cause, and fixes) are not publicly available in the provided documents. Monitor for updates.
PT-2026-58203
Name of the Vulnerable Software and Affected Versions Windows Server Backup affected versions not specified Description An improper link resolution issue before file access, known as link following, allows an authorized attacker to elevate privileges locally. This flaw enables a low-privilege...
CVE-2025-9120
Improper Control of Generation of Code 'Code Injection' vulnerability in OpenText™ Carbonite Safe Server Backup allows Code Injection. The vulnerability could be exploited through an open port, potentially allowing unauthorized access. This issue affects Carbonite Safe Server Backup: through 6.8....
CVE-2025-9120 RCE vulnerability has been discovered in OpenText™ Carbonite Safe Server Backup.
Improper Control of Generation of Code 'Code Injection' vulnerability in OpenText™ Carbonite Safe Server Backup allows Code Injection. The vulnerability could be exploited through an open port, potentially allowing unauthorized access. This issue affects Carbonite Safe Server Backup: through 6.8....
OpenText Carbonite Safe Server Backup 代码注入漏洞
OpenText Carbonite Safe Server Backup is a hybrid cloud backup software developed by OpenText Corporation in Canada. Versions of OpenText Carbonite Safe Server Backup 6.8.3 and earlier contained a code injection vulnerability. This vulnerability stemmed from improper code generation controls, whi...
PT-2026-4752
The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...
CVE-2025-14188
A security vulnerability has been detected in UGREEN DH2100+ up to 5.3.0.251125. This impacts the function handlerfilebackupcreate of the file /v1/file/backup/create of the component nassvr. The manipulation of the argument path leads to command injection. The attack is possible to be carried out...
CVE-2025-14188 UGREEN DH2100+ nas_svr create handler_file_backup_create command injection
A security vulnerability has been detected in UGREEN DH2100+ up to 5.3.0.251125. This impacts the function handlerfilebackupcreate of the file /v1/file/backup/create of the component nassvr. The manipulation of the argument path leads to command injection. The attack is possible to be carried out...
EUVD-2020-5392
Malware in sbrugna...
EUVD-2018-7311
Malware in sbrugna...
JetBrains TeamCity Information Disclosure Vulnerability
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. An information disclosure vulnerability exists in...
JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. An information disclosure vulnerability exists in...
CVE-2024-38013
Microsoft Windows Server Backup Elevation of Privilege Vulnerability...
Microsoft Windows Server Security Vulnerabilities
Microsoft Windows Server is a suite of server operating systems from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Server Backup. An attacker could exploit the vulnerability to elevate privileges. The following products and editions are affected:Windows 10 Versio...
PT-2024-4974 · Microsoft · Windows Backup Service +1
Name of the Vulnerable Software and Affected Versions: Microsoft Windows Server Backup affected versions not specified Description: The issue is related to an elevation-of-privilege vulnerability in the Windows Backup Service, which is caused by incorrect handling of symbolic links before accessi...
CVE-2022-46900
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to...
CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities KEV catalog based on evidence of active exploitation. Tracked as CVE-2022-36537 CVSS score: 7.5, the issue impacts ZK Framework versions...
ZK Framework AuUploader Unspecified Vulnerability
ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to...
Exploit for CVE-2022-36537
CVE-2022-36537 Summary R1Soft Server Backup Manager uses t...