Linux Distros Unpatched Vulnerability : CVE-2020-25706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability exists in templatesimport.php Cacti 1.2.13 due to Improper escaping of error message during template import preview in...

CVE-2025-6233

Mattermost versions 10.8.x = 10.8.1, 10.7.x = 10.7.3, 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL file, which allows a system admin to read arbitrary system files via path traversal...

H3C SecCenter SMP-E1114P02 安全漏洞

H3C SecCenter SMP-E1114P02 is a security management platform from China's Xinhua San H3C Corporation. A security vulnerability exists in H3C SecCenter SMP-E1114P02 20250513 and earlier versions, which stems from improper operation of the parameter logGeneralFile/logGeneralFile2 in the file...

PT-2025-37308

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description Chamilo is a learning management system with a command injection issue. Exploitation may allow a remote attacker to execute arbitrary SQL queries. The issue is located in the...

CVE-2024-9664

The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7 via deserialization of untrusted input from an import file. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP...

WordPress WP All Import plugin <= 3.7.9 - Authenticated (Administrator+) PHP Object Injection via Import File vulnerability

Authenticated Administrator+ PHP Object Injection via Import File vulnerability discovered by ? in WordPress Plugin WP All Import versions = 3.7.9...

WordPress WP All Import Pro plugin < 4.9.8 - Authenticated (Administrator+) PHP Object Injection via Import File vulnerability

Authenticated Administrator+ PHP Object Injection via Import File vulnerability discovered by ? in WordPress Plugin WP All Import Pro versions 4.9.8...

Mattermost Denial of Service Vulnerability (CNVD-2025-12636)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial of service vulnerability that stems from a failure to limit the file size of slack import file uploads. An attacker could exploit this vulnerability to import data to...

Exploit for CVE-2024-54262

CVE-2024-54262 Import Export For WooCommerce ---------------...

CVE-2021-1483

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. This vulnerability is due to improper handling of XML External Entity XXE entries when the affected...

BIT-GITLAB-2021-22201

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server...

PT-2024-1239 · Pmb · Pmb

Name of the Vulnerable Software and Affected Versions: PMB version 7.4.8 Description: The issue allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the "start import.php" file. This is related to an unlimited file upload vulnerability of...

PT-2024-13783 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo dev master commit 15fed957fb Description: A vulnerability exists in the import.json.php temporary copy functionality, allowing unrestricted PHP file uploads. This can lead to arbitrary code execution when combined with a Local Fil...

PrestaShop path traversal

Impact In the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path, using traversal path. Patches 8.1.1 Found by Aleksey Solovev Positive Technologies Workarounds none References none...

GHSA-M9R4-3FG7-PQM2 PrestaShop path traversal

Impact In the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path, using traversal path. Patches 8.1.1 Found by Aleksey Solovev Positive Technologies Workarounds none References none...

Path traversal

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file...

Path traversal

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the...

CVE-2022-46902

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the...

CVE-2022-46902

CVE-2022-46902 relates to Vocera Report Server/Voice Server 5.x–5.8. The issue is a path traversal vulnerability in an unzip operation used during a ZIP-based database restore via the Vocera Report Console’s websocket function. During extraction, the code uses file paths from the ZIP without suff...

Frappe Technologies Frappe 路径遍历漏洞

Frappe Technologies Frappe is a Python, Mariadb-based web development framework with integrated front-end pages from Frappe Technologies, India. A security vulnerability exists in Frappe Technologies Frappe version 14.10.0, which stems from a failure to properly validate user-injected information...