CVE-2026-9223

Missing authorization in the vault import feature in Devolutions Server 2026.1.16.0 and earlier allows a low-privileged authenticated user to create new vaults via a crafted import request...

CVE-2026-9223

CVE-2026-9223 affects Devolutions Server (versions 2026.1.16.0 and earlier) where the vault import feature has missing authorization. This allows a low-privileged authenticated user to create new vaults via a crafted import request. The provided documents do not include exploitation details, scop...

CVE-2026-9223

Missing authorization in the vault import feature in Devolutions Server 2026.1.16.0 and earlier allows a low-privileged authenticated user to create new vaults via a crafted import request...

EUVD-2026-31455

Missing authorization in the vault import feature in Devolutions Server 2026.1.16.0 and earlier allows a low-privileged authenticated user to create new vaults via a crafted import request...

PT-2026-42789

Missing authorization in the vault import feature in Devolutions Server 2026.1.16.0 and earlier allows a low-privileged authenticated user to create new vaults via a crafted import request...

Metabase Enterprise < 1.54.22 / 1.55.x < 1.55.22 / 1.56.x < 1.56.22 / 1.57.x < 1.57.16 / 1.58.x < 1.58.10 / 1.59.x < 1.59.4 RCE (GHSA-fppj-vcm3-w229)

The version of Metabase Enterprise installed on the remote host is prior to 1.54.22, 1.55.x prior to 1.55.22, 1.56.x prior to 1.56.22, 1.57.x prior to 1.57.16, 1.58.x prior to 1.58.10, or 1.59.x prior to 1.59.4. It is, therefore, affected by a remote code execution vulnerability: - Authenticated...

CVE-2026-30345

A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import...

CVE-2026-30345

A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import...

CVE-2025-25279

Mattermost versions 10.4.x = 10.4.1, 9.11.x = 9.11.7, 10.3.x = 10.3.2, 10.2.x = 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a specially crafted import archive in Boards...

PT-2022-26168 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.8 XWiki Platform versions prior to 14.6 Description: The XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view...

CVE-2021-22201

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server...

UBUNTU-CVE-2021-22201

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server...

PT-2020-3977 · Microsoft · Dynamics 365 For Finance/Operations

Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 for Finance and Operations version 10.0.11 Description: The issue is related to errors in input data processing, which can allow a remote attacker to execute arbitrary code. An authenticated attacker with privileges to...

PT-2019-19923 · Otrs +2 · Otrs +2

Name of the Vulnerable Software and Affected Versions: Open Ticket Request System OTRS versions 5.x through 5.0.34 Open Ticket Request System OTRS versions 6.x through 6.0.17 Open Ticket Request System OTRS versions 7.x through 7.0.6 Description: An issue was discovered in Open Ticket Request...

PT-2018-3478 · Go +2 · Go +2

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.10.6 Go versions 1.11.x prior to 1.11.3 Description: The issue is related to the "go get" command and is caused by insufficient input validation, specifically when using the -u flag with a malicious import path. This ca...