CVE-2026-28267

Multiple i-フィルター products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user...

CVE-2026-27944 Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

CVE-2019-7178

Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup...

EUVD-2019-16722

Malware in sbrugna...

EUVD-2012-4509

Malware in sbrugna...

EUVD-2019-6976

Malware in sbrugna...

EUVD-2023-52824

Malicious code in bioql PyPI...

Fortinet FortiPortal Command Injection Vulnerability

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. A command injection vulnerability exists in Fortinet FortiPortal, which can be exploited b...

CVE-2023-50264

Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contains an arbitrary file read in /system/backup/download/ endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the sendfile function, which leads to an arbitrary file read on the system...

CVE-2023-50264 Bazarr Arbitrary file read in /system/backup/download/ endpoint

Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contains an arbitrary file read in /system/backup/download/ endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the sendfile function, which leads to an arbitrary file read on the system...

CVE-2023-48791

An improper neutralization of special elements used in a command 'Command Injection' vulnerability CWE-77 in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted argument...

Command injection

An improper neutralization of special elements used in a command 'Command Injection' vulnerability CWE-77 in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted argument...

CVE-2023-48791

An improper neutralization of special elements used in a command 'Command Injection' vulnerability CWE-77 in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted argument...

Fortinet FortiPortal 安全漏洞

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. A command injection vulnerability exists in Fortinet FortiPortal, which can be exploited b...

SUSE CVE-2018-20482

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service infinite read loop in sparsedumpregion in sparse.c by modifying a file that is supposed to be archived by a different user's process e.g., a system back...

CVE-2021-42539

The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change...

Design/Logic Flaw

The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change...

SINEMA Server 访问控制错误漏洞

Siemens SINEMA Server is a software developed for industrial applications by Siemens, Germany. It enables you to fully visualize and monitor your network. Siemens SINEMA Server has a security vulnerability that could be exploited by an attacker to obtain encoded system configuration backup files...

A New Program for Your Peloton – Whether You Like It or Not | McAfee Blogs

ARCHIVED STORY A New Program for Your Peloton – Whether You Like It or Not Sam Quinn · JUN 15, 2021 Executive Summary For those that are not familiar with Peloton, it is a brand that has combined high end exercise equipment with cutting-edge technology. Its products are equipped with a large tabl...