CVE-2026-35254

A flaw was found in Oracle OCI CLI. An unauthenticated attacker with network access can exploit this vulnerability, allowing imported files to be placed outside their intended directory. This could lead to arbitrary file placement, potentially enabling an attacker to write malicious files to...

CVE-2026-35254

Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in...

CVE-2026-35254

Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in...

CVE-2020-10616

Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts...

EUVD-2021-9347

Malicious code in bioql PyPI...

EUVD-2022-43038

Malicious code in bioql PyPI...

EUVD-2023-54807

Malicious code in bioql PyPI...

CVE-2023-4971

The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog...

WP Ultimate CSV Importer < 7.9.9 - Imported Files Disclosure

Description The plugin does not protect its imported files, which could allow unauthenticated users to list and view exported files...

CVE-2022-3679

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

Design/Logic Flaw

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

Design/Logic Flaw

The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...

CVE-2022-4324 Custom Field Template < 2.5.8 - Admin+ PHP Object Injection

The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...

WordPress plugin Custom Field Template 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the...

CVE-2022-3359

The Shortcodes and extra features for Phlox theme WordPress plugin before 2.10.7 unserializes the content of an imported file, which could lead to PHP object injection when a user imports intentionally or not a malicious file and a suitable gadget chain is present on the blog...

Design/Logic Flaw

The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import intentionally or not a malicious file, and a suitable gadget chain is present on the site...

GitLab Cross-Site Scripting Vulnerability (CNVD-2020-17175)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in GitLab. An...