CVE-2026-5335

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

MiracleLinux 4 : samba-3.6.23-45.AXS4 (AXSA:2017-2303:05)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2303:05 advisory. A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003142)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003142 advisory. Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server nfsd that can...

CVE-2025-14442 Secure Copy Content Protection and Content Locking <= 4.9.2 - Unauthenticated Sensitive Information Exposure via Exposed CSV Export File

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to sensitive information exposure due to storage of exported CSV files in a publicly accessible directory with predictable filenames in all versions up to, and including, 4.9.2. This makes it possible for...

CVE-2025-11254 Contest Gallery – Upload, Vote & Sell with PayPal and Stripe <= 27.0.3 - Unauthenticated CSV Injection

The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 27.0.3 via gallery submissions. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which c...

CVE-2025-11254

CVE-2025-11254 affects the WordPress plugin “Contest Gallery – Upload, Vote & Sell with PayPal and Stripe” (versions up to 27.0.3). The vulnerability is CSV Injection in gallery submissions that allows unauthenticated input to be embedded in exported CSVs, enabling code execution when the CSV is ...

EUVD-2004-0496

Malware in sbrugna...

EUVD-2021-28004

Malicious code in bioql PyPI...

CVE-2025-10498

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation when exporting CSV files. This makes it possible for unauthenticated...

CVE-2025-10498

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation when exporting CSV files. This makes it possible for unauthenticated...

CVE-2023-5424

The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system...

CVE-2023-5424

The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system...

WS Form LITE <= 1.9.217 - Unauthenticated CSV Injection

Description The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a...

Barcode Scanner with Inventory & Order Manager < 1.5.5 - Unauthenticated Information Exposure

Description The Barcode Scanner and Inventory manager. POS Point of Sale – scan barcodes & create orders with barcode reader. plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.4 via exported files. This makes it possible for...

WordPress plugin FastDup security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2023-4139

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported file...

Wordpress Modern Events Calendar Lite 访问控制错误漏洞

Wordpress Modern Events Calendar Lite is an open source application plugin for Wordpress. This plugin is the best tool for managing event websites. An access control error vulnerability exists in the WordPress Modern Events Calendar Lite plugin before 5.16.5, which stems from not properly...

CVE-2019-13941

A vulnerability has been identified in OZW672 All versions V10.00, OZW772 All versions V10.00. Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific...

Limesurvey CSV Injection Vulnerability

limesurvey is an open source online questionnaire program with multiple functions such as questionnaire design, modification, release, recovery and statistics. A CSV injection vulnerability exists in Limesurvey versions prior to 3.17.14. An attacker can exploit this vulnerability to inject comman...

Linux Kernel 2.6.x chown() Group Ownership Alteration Exploit

No description provided by source. / $Id: raptorchown.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorchown.c - syschown missing DAC controls on Linux Copyright c 2004 Marco Ivaldi [email protected] Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of file...