Lucene search
K

12 matches found

NVD
NVD
added yesterday6 views

CVE-2026-55761

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization...

7.1CVSS
Exploits0References6
Cvelist
Cvelist
added yesterday6 views

CVE-2026-55761 Portainer: Unauthenticated Restore Endpoint Allows Admin Takeover on Uninitialised Portainer Instances

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization...

7.1CVSS
Exploits0References6
CVE
CVE
added yesterday5 views

CVE-2026-55761

Portainer Community Edition contains a vulnerability where, in versions 2.39.0–2.39.3 and 2.40.0–2.43.0, unauthenticated restore and administrator initialization endpoints (/api/restore and /api/users/admin/init) remain accessible during the five-minute setup window for uninitialized instances. A...

7.1CVSS5.9AI score
Exploits0References6
EUVD
EUVD
added yesterday3 views

EUVD-2026-42297

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization...

7.1CVSS5.9AI score
Exploits0References6
Cvelist
Cvelist
added 2026/06/26 4:42 p.m.36 views

CVE-2026-54341 Dragonfly: RESTORE operations may crash the server

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process SIGSEGV. Because DragonflyDB requires no authentication by defaul...

7.5CVSS0.00399EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2026/06/08 12:35 a.m.15 views

K000161622: NGINX UI vulnerability CVE-2026-42238

Security Advisory Description Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An...

9.8CVSS5.5AI score0.00764EPSS
Exploits1
OSV
OSV
added 2026/05/06 5:3 p.m.6 views

GHSA-4PVG-PRR3-9CXR Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore

Product: nginx-ui Repository: 0xJacky/nginx-ui branch: dev Vulnerability Class: Authentication Bypass → Arbitrary File Write → OS Command Injection Affected Component: POST /api/restore --- 1. Vulnerability Summary nginx-ui exposes a backup restore endpoint POST /api/restore that is completely...

9.8CVSS6.1AI score0.00764EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/06 5:3 p.m.8 views

Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore

Product: nginx-ui Repository: 0xJacky/nginx-ui branch: dev Vulnerability Class: Authentication Bypass → Arbitrary File Write → OS Command Injection Affected Component: POST /api/restore --- 1. Vulnerability Summary nginx-ui exposes a backup restore endpoint POST /api/restore that is completely...

9.8CVSS6.1AI score0.00764EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/06 12:0 a.m.10 views

Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore

nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can upload a crafted backup archive that overwrites the application's configuration file...

9.8CVSS6AI score0.00764EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/05/04 9:16 p.m.48 views

CVE-2026-42238

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can...

9.8CVSS0.00764EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/04 8:13 p.m.10 views

CVE-2026-42238

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can...

9CVSS5.9AI score0.00764EPSS
Exploits1References3Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2021/06/29 12:0 a.m.8 views

VulnCheck KEV: CVE-2021-35941

Western Digital WD My Book Live 2.x and later and WD My Book Live Duo all versions have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472...

10CVSS7.2AI score0.30284EPSS
Exploits1References1
Rows per page
Query Builder