EUVD-2025-6282

Malicious code in bioql PyPI...

EUVD-2024-21559

Malicious code in bioql PyPI...

EUVD-2025-18141

Malicious code in bioql PyPI...

EUVD-2024-33647

Malicious code in bioql PyPI...

GHSA-74RG-6F92-G6WX UnoPim has CSV Injection on Quick Export feature

Summary Description: CSV Injection or Formula Injection is a security vulnerability that occurs when malicious content is inserted into a CSV Comma-Separated Values file, which is then opened in a spreadsheet application like Microsoft Excel. This attack exploits the way spreadsheet software...

CVE-2025-30085 Extension - rsjoomla.com - Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla

Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was discovered. The issue occurs within the submission export feature and requires administrative access to the export feature...

CVE-2025-30085 Extension - rsjoomla.com - Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla

Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was discovered. The issue occurs within the submission export feature and requires administrative access to the export feature...

PT-2025-25251 · Joomla · Rsform!Pro

Name of the Vulnerable Software and Affected Versions: RSForm!pro versions 3.0.0 through 3.3.14 Description: A remote code execution vulnerability was discovered in the RSForm!pro component for Joomla. The issue occurs within the submission export feature and requires administrative access to the...

CVE-2023-27481

Directus is a real-time API and App dashboard for managing SQL database content. In versions prior to 9.16.0 users with read access to the password field in directususers can extract the argon2 password hashes by brute forcing the export functionality combined with a startswith filter. This allow...

CVE-2019-19458

SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature...

CVE-2019-12134

CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in Workday through 32 via a value provided by a low-privileged user in a contact form field that is mishandled in a CSV export...

Single Content Sync - Moderately critical - Access bypass - SA-CONTRIB-2025-060

This module enables you to seamlessly migrate and deploy content across environments, eliminating manual steps. It simplifies the process by exporting content to a YML file or a ZIP archive, which can be imported into another environment effortlessly. While the export feature rightfully bypasses...

CVE-2025-27149 Zulip exports can leak private data

Zulip server provides an open-source team chat that helps teams stay productive and focused. Prior to 10.0, the data export to organization administrators feature in Zulip leaks private data. The collection of user-agent types identifying specific integrations or HTTP libraries E.g.,...

CVE-2025-1635

Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows a user exporting a hub data source to include his authenticated session in the export due to faulty business logic...

CVE-2025-1635

CVE-2025-1635 affects Devolutions Remote Desktop Manager (Windows) versions 2024.3.29 and earlier. The hub data source export feature can expose a user’s authenticated session in the exported data due to a faulty business logic. This leads to potential information exposure with a CVSS v3.1 base s...

CVE-2024-55532

Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue...

CVE-2022-48581

A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

BIT-SUPERSET-2023-25504 Apache Superset: Possible SSRF on import datasets

A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This vulnerability exists in...

PT-2024-16755 · WordPress · 404 Solution

Name of the Vulnerable Software and Affected Versions: The 404 Solution plugin for WordPress versions up to, and including, 2.35.17 Description: The issue allows unauthenticated attackers to extract sensitive data, such as redirects including GET parameters, via the export feature. This could...

PT-2023-7017 · Comodo · Itop

Name of the Vulnerable Software and Affected Versions: Combodo iTop version 3.1.0-2-11973 Description: The issue is related to a CSV injection in the export as CSV feature, allowing a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components...