CVE-2021-32650

October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents P...

CVE-2020-6832

An issue was discovered in GitLab Enterprise Edition EE 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects...

CVE-2025-45755

A Stored Cross-Site Scripting XSS vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improper...

CVE-2025-45755

A Stored Cross-Site Scripting XSS vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improper...

CVE-2025-45755

Vulnerable software: Vtiger CRM Open Source Edition v8.3.0. The issue is a Stored Cross-Site Scripting (XSS) vulnerability exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload mapped to the Service Name field; when uploaded, the applica...

Vtiger CRM Open Source Edition 安全漏洞

Vtiger CRM Open Source Edition is a customer relationship management software from Vtiger, Inc. A security vulnerability exists in Vtiger CRM Open Source Edition version v8.3.0, which stems from the Services Import feature not properly cleaning up user input and could lead to a stored cross-site...

CVE-2025-45753

Vulnerability CVE-2025-45753 affects Vtiger CRM Open Source Edition v8.3.0. An attacker with admin privileges can execute arbitrary PHP code by abusing the ZIP import functionality in the Module Import feature. The entry indicates high impact (C/H/I/A) with a CVSSv3.1 base score of 7.2. Connected...

PT-2025-22435

Name of the Vulnerable Software and Affected Versions Vtiger CRM Open Source Edition version 8.3.0 Description A vulnerability in the software allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature...

PT-2025-22425

Name of the Vulnerable Software and Affected Versions Vtiger CRM Open Source Edition version 8.3.0 Description A Stored Cross-Site Scripting XSS issue exists, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service...

CVE-2025-45753

A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature...

CVE-2024-51445

A vulnerability has been identified in Polarion V2310 All versions, Polarion V2404 All versions V2404.4. The affected application contains a XML External Entity Injection XXE vulnerability in the docx import feature. This could allow an authenticated remote attacker to read arbitrary data from th...

CVE-2024-51445

A vulnerability has been identified in Polarion V2310 All versions, Polarion V2404 All versions V2404.4. The affected application contains a XML External Entity Injection XXE vulnerability in the docx import feature. This could allow an authenticated remote attacker to read arbitrary data from th...

PT-2025-20845 · Siemens · Polarion

Name of the Vulnerable Software and Affected Versions: Polarion V2310 All versions Polarion V2404 versions prior to V2404.4 Description: A vulnerability has been identified in the affected application, which contains a XML External Entity Injection XXE vulnerability in the docx import feature. Th...

PT-2025-16335 · Yauzl +1 · Yauzl +1

Name of the Vulnerable Software and Affected Versions: PeerTube affected versions not specified Description: The issue allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner. If user import is enabled, which is the default setting, any registered use...

CVE-2025-0525

In affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. This could provide an adversary with information that may aid in further attacks against the server...

CVE-2025-0525

In affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. This could provide an adversary with information that may aid in further attacks against the server...

CVE-2025-0525

CVE-2025-0525 affects Octopus Server. The issue centers on the Preview Import feature, which can be leveraged to determine whether a specific target file exists, enabling information disclosure that may aid further attacks against the server. The available sources describe the vulnerability as a ...

PT-2025-6187 · Unknown · Octopus Server

Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The preview import feature in affected versions of Octopus Server could be used to identify the existence of a target file, providing an adversary with information that may aid in...

Octopus Server 安全漏洞

Octopus Server is a deployment automation and release management tool for continuous delivery from Octopus Australia. A security vulnerability exists in Octopus Server that stems from the Preview Import feature that can be utilized to identify the presence of a target file...

WordPress Customizer Export/Import plugin <= 0.9.7 - Authenticated (Admin+) Arbitrary File Upload via Customization Settings Import vulnerability

Authenticated Admin+ Arbitrary File Upload via Customization Settings Import vulnerability discovered by Luk6785 in WordPress Plugin Customizer Export/Import versions = 0.9.7...