CVE-2025-66172

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can restore a volume from any other user's backups and...

PT-2026-38914

Name of the Vulnerable Software and Affected Versions CloudStack versions 4.21.0.0 through 4.22.0.0 Description The CloudStack Backup plugin contains improper access logic. Authenticated users in environments where this plugin is enabled can leverage specific APIs to create new virtual machines...

CVE-2025-48860

A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated low privileged attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup archive, the attacker may have been able to acce...

CVE-2023-4587

An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN server...

ZKTeco ZEM800 Security Vulnerability

The ZKTeco ZEM800 is a biometric device from ZKTeco that is primarily used for access control and time and attendance management systems. A security vulnerability exists in the ZKTeco ZEM800 version 6.60, which originated from a vulnerability that allows local attackers to obtain enrolled user...