139 matches found
CVE-2026-46124
In the Linux kernel, the following vulnerability has been resolved: isofs: validate block number from NFS file handle in isofsexportiget isofsfhtodentry and isofsfhtoparent pass an attacker- controlled block number ifid-block or ifid-parentblock from the NFS file handle to isofsexportiget, which...
CVE-2026-6477 PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory
Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...
CVE-2024-46507
A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...
CSV Injection
Overview Affected versions of this package are vulnerable to CSV Injection via the export function. An attacker can execute arbitrary spreadsheet formulas in the context of an administrator's local machine by injecting formula payloads into profile fields, which are then exported and opened in...
SuiteCRM 安全漏洞
SuiteCRM is a customer relationship management system developed by the SuiteCRM team. Versions prior to SuiteCRM 7.15.1 and 8.9.3 contained security vulnerabilities. These vulnerabilities stemmed from the actionexportCustom function in modules/ModuleBuilder/controller.php, which failed to properl...
EduSoho path traversal vulnerability
EduSoho is an open-source online school system developed by EduSoho. Versions of EduSoho prior to 22.4.7 contained a path traversal vulnerability. This vulnerability stemmed from improper handling of the fileNames parameter in the classroom-course-statistics export function, which could lead to...
Kimai security vulnerabilities
Kimai is a web-based, multi-user time tracking application developed by Kimai’s developers. Versions of Kimai prior to 2.46.0 contained security vulnerabilities. These vulnerabilities stemmed from the overly lax security policies for the Twig sandbox used in the export function, which allowed...
CVE-2023-4545
A vulnerability was found in IBOS OA 4.5.5. It has been classified as critical. Affected is an unknown function of the file ?r=recruit/bgchecks/export=x. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be...
CVE-2025-60912
phpIPAM v1.7.3 contains a Cross-Site Request Forgery CSRF vulnerability in the database export functionality. The generate-mysql.php function, located in the /app/admin/import-export/ endpoint, allows remote attackers to trigger large database dump downloads via crafted HTTP GET requests if an...
Remotecontrolio Remote Keyboard Desktop 操作系统命令注入漏洞
Remotecontrolio Remote Keyboard Desktop is a remote control application from Remotecontrolio. An operating system command injection vulnerability exists in Remotecontrolio Remote Keyboard Desktop version 1.0.1, which stems from a flaw in the rundll32.exe export function that could lead to...
CVE-2025-13133 Simple User Import Export <= 1.1.7 - Authenticated (Admin+) CSV Injection
The Simple User Import Export plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.1.7 via the 'Import/export users' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to embed untrusted input into export...
SuiteCRM 安全漏洞
SuiteCRM is a customer relationship management system from the SuiteCRM team. A security vulnerability exists in SuiteCRM versions prior to 7.12.6 that stems from a SQL injection vulnerability when handling the parameter uid in the export function, which could lead to the execution of arbitrary...
GO-2025-4002 Canonical LXD Project Existence Determination Through Error Handling in Image Export Function in github.com/canonical/lxd
Canonical LXD Project Existence Determination Through Error Handling in Image Export Function in github.com/canonical/lxd...
CVE-2025-62720 LinkAce: Data Exfiltration via Export Functions Allow Access to All Users' Private Links
LinkAce is a self-hosted archive to collect website links. Versions 2.3.1 and below allow any authenticated user to export the entire database of links from all users in the system, including private links that should only be accessible to their owners. The HTML and CSV export functions in the...
JeeWMS 安全漏洞
JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. A security vulnerability exists in JeeWMS version 20250820, which stems from the exportXls function not handling input correctly, which could lead to an SQL injection attack...
EUVD-2020-30277
Malware in sbrugna...
EUVD-2017-14485
Malware in sbrugna...
EUVD-2019-16929
Malware in sbrugna...
EUVD-2019-7707
Malware in sbrugna...
EUVD-2020-15153
Malware in sbrugna...