CVE-2026-9712 Insecure direct object reference

When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...

CVE-2025-15442 CRMEB product_list sql injection

A vulnerability was determined in CRMEB up to 5.6.1. This vulnerability affects unknown code of the file /adminapi/export/productlist. This manipulation of the argument cateid causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...

CRMEB SQL注入漏洞

CRMEB is a Java mall system of CRMEB open source. A SQL injection vulnerability exists in CRMEB 5.6.1 and earlier versions, which originates from the incorrect operation of the parameter cateid in the file /adminapi/product/productexport, which could lead to a SQL injection attack...

CVE-2025-67442

EVE-NG 6.4.0-13-PRO is vulnerable to Directory Traversal. The /api/export interface allows authenticated users to export lab files. This interface lacks effective input validation and filtering when processing file path parameters submitted by users...

CVE-2025-67442

EVE-NG 6.4.0-13-PRO is vulnerable to Directory Traversal. The /api/export interface allows authenticated users to export lab files. This interface lacks effective input validation and filtering when processing file path parameters submitted by users...

EVE-NG 安全漏洞

EVE-NG is a clientless multi-vendor network emulation software from EVE-NG, Inc. A security vulnerability exists in EVE-NG version 6.4.0-13-PRO, which originates from directory traversal in the /api/export interface and could lead to the export of arbitrary files...

CVE-2025-67442

EVE-NG 6.4.0-13-PRO is vulnerable to Directory Traversal. The /api/export interface allows authenticated users to export lab files. This interface lacks effective input validation and filtering when processing file path parameters submitted by users...

CVE-2025-67442

EVE-NG 6.4.0-13-PRO is vulnerable to Directory Traversal. The /api/export interface allows authenticated users to export lab files. This interface lacks effective input validation and filtering when processing file path parameters submitted by users...

Zulip server 安全漏洞

Zulip server is an open source team chat application from Zulip USA. A security vulnerability exists in versions of Zulip server prior to 10.1, which stems from insufficient permission checking in the Delete Organization Export API, which could result in an administrator deleting exports from oth...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through the APIExport VirtualWorkspace. An attacker can create and delete objects in arbitrary target workspaces without the necessary permissions by exploiting this vulnerability. Workaround This vulnerability ca...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through the APIExport VirtualWorkspace. An attacker can create and delete objects in arbitrary target workspaces without the necessary permissions by exploiting this vulnerability. Workaround This vulnerability ca...

PT-2025-12365

Name of the Vulnerable Software and Affected Versions kcp versions prior to 0.26.3 Description The issue allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources, even if there is no APIBinding in that workspace or the...

kcp 授权问题漏洞

kcp is kcp-dev open source a Kubernetes-like control plane for Kubernetes and containers. An authorization issue vulnerability exists in kcp versions prior to 0.26.3, which stems from APIExport VirtualWorkspace allowing objects to be created or deleted in an arbitrary target workspace, potentiall...

CVE-2024-55658 SiYuan has an arbitrary file read and path traversal via /api/export/exportResources

SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitrary files from the host system by traversi...

SUSE-SU-2016:0727-1 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss

This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues: Mozilla Firefox was updated to 38.7.0 ESR bsc969894, fixing following security issues: MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards rv:45.0 / rv:38.7 MFSA 2016-17/CVE-2016-1954...