15 matches found
CVE-2026-47349
Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3...
CVE-2026-47349 TYPO3 CMS - Broken Access Control in Recycler
Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3...
CVE-2026-47349
CVE-2026-47349 affects TYPO3 CMS where backend users with access to the Recycler module could restore soft-deleted records on pages or tables they are not authorized to modify. Affected versions: 10.4.57 and earlier in 10.x; 11.0.0–11.5.51; 12.0.0–12.4.46; 13.0.0–13.4.31; 14.0.0–14.3.3. Root caus...
CVE-2026-47349 TYPO3 CMS - Broken Access Control in Recycler
Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3...
EUVD-2026-28158
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.restore function does not properly validate anti-CSRF tokens for content restoration requests. An attacker can trick a logged-in administrator to submit a forged request that restores deleted...
CVE-2025-55044
The Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to restore deleted content from the trash to unauthorized locations through CSRF. The vulnerable cTrash.restore function lacks CSRF token validation, enabling malicious websites to forge requests that restore content...
CVE-2025-55044
The Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to restore deleted content from the trash to unauthorized locations through CSRF. The vulnerable cTrash.restore function lacks CSRF token validation, enabling malicious websites to forge requests that restore content...
CVE-2024-39865
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker...
CVE-2024-28229
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles...
PT-2024-2107 · Jetbrains · Jetbrains Youtrack
Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.1.25893 Description: The issue is related to insufficient authorization mechanisms in JetBrains YouTrack, allowing a remote attacker to bypass existing security restrictions. This could enable a user...
CVE-2022-48301
The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled...
PT-2019-16984 · Hewlett Packard +2 · Hp-Ux +2
Name of the Vulnerable Software and Affected Versions: IBM Spectrum Protect version 7.1 Description: The issue affects the backup or archive operation of HP-UX VxFS objects. If an object has more than twelve Access Control List ACL entries, the IBM Spectrum Protect client silently skips these...
CVE-2006-1649
The "restore to" selection in the "quarantine a file" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory permissions...
Design/Logic Flaw
The "restore to" selection in the "quarantine a file" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory permissions...
CVE-2006-1649
The "restore to" selection in the "quarantine a file" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory permissions...