CVE-2025-64176 ThinkDashboard: Arbitrary File Upload vulnerability in the Backup Import Feature

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, an attacker can upload any file they wish to the /data directory of the web application via the backup import feature. When importing a backup, an attacker can first choose a .zip...

CVE-2025-62262

Information exposure through log file vulnerability in LDAP import feature in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows local users t...

CVE-2025-62262

Information exposure through log file vulnerability in LDAP import feature in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows local users t...

CVE-2025-62262

CVE-2025-62262 : Information exposure in Liferay Portal/DXP via a log-file vulnerability in the LDAP import feature. Affected: Liferay Portal 7.4.0–7.4.3.97, older unsupported Portal, Liferay DXP 2023.Q3.1–2023.Q3.4, and various 7.4/7.3 lines up to specified updates. Local users can view user ema...

EUVD-2017-14945

Malware in sbrugna...

EUVD-2020-5541

Malware in sbrugna...

EUVD-2016-10654

Malware in sbrugna...

EUVD-2020-5590

Malware in sbrugna...

EUVD-2011-1373

Malware in sbrugna...

EUVD-2013-4405

Malware in sbrugna...

EUVD-2025-1734

Malicious code in bioql PyPI...

EUVD-2025-19588

Malicious code in bioql PyPI...

EUVD-2022-15349

Malicious code in bioql PyPI...

EUVD-2021-30821

Malicious code in bioql PyPI...

EUVD-2022-0465

Malicious code in bioql PyPI...

PT-2025-37005

Name of the Vulnerable Software and Affected Versions: Import any XML, CSV or Excel File to WordPress plugin versions through 3.9.3 Description: The Import any XML, CSV or Excel File to WordPress plugin for WordPress is susceptible to arbitrary file uploads due to the absence of file type...

CVE-2025-8490

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

Frappe Technologies Frappe 跨站脚本漏洞

Frappe Technologies Frappe is a Python, Mariadb-based web development framework with integrated front-end pages from Frappe Technologies, India. A cross-site scripting vulnerability exists in Frappe Technologies Frappe versions prior to 14.94.2 and prior to 15.57.0, which stems from an...

CVE-2023-1207

This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability...

CVE-2022-0136

A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature...