613 matches found
UBUNTU-CVE-2025-66424
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...
CVE-2025-66424
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...
Tryton trytond 安全漏洞
Tryton trytond is a core application server from Tryton Open Source. A security vulnerability exists in Tryton trytond version 6.0 through versions prior to 7.6.11, which stems from unenforced access rights to data export...
CVE-2025-66424
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...
CVE-2025-66424
CVE-2025-66424 affects Tryton trytond before 7.6.11 (also impacting 6.0.0–7.0 and 7.4 paths per disclosure), where data exports are not protected by access rights. Root cause: the component does not enforce access rights during data export. Impact per available data indicates potential exposure o...
WordPress Chamber Dashboard Business Directory plugin unauthorized data export vulnerability
WordPress Chamber Dashboard Business Directory plugin is a plugin for creating business directories, job boards, real estate, classified ads and other types of directory websites with support for custom forms, image uploads, payment integration and more. The WordPress Chamber Dashboard Business...
PT-2025-48381
Name of the Vulnerable Software and Affected Versions Tryton versions prior to 6.0.70 Tryton versions prior to 7.0.40 Tryton versions prior to 7.4.21 Tryton versions prior to 7.6.11 Description The software does not enforce access rights during data export operations. Recommendations Update to...
web-app-vulnerability-scanner
web-app-vulnerability-scanner A Python-based Web Application V...
CVE-2025-13414
The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdashwatchforexport function in all versions up to, and including, 3.3.11. This makes it possible for unauthenticated attackers to export business...
WordPress Chamber Dashboard Business Directory plugin <= 3.3.11 - Missing Authorization to Unauthenticated Business Information Export vulnerability
Missing Authorization to Unauthenticated Business Information Export vulnerability discovered by Legion Hunter in WordPress Plugin Chamber Dashboard Business Directory versions = 3.3.11...
PT-2025-48014
The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdash watch for export function in all versions up to, and including, 3.3.11. This makes it possible for unauthenticated attackers to export business...
WordPress plugin Chamber Dashboard Business Directory 安全漏洞
WordPress Chamber Dashboard Business Directory plugin is a plugin for creating business directories, job boards, real estate, classified ads and other types of directory websites with support for custom forms, image uploads, payment integration and more. The WordPress Chamber Dashboard Business...
EUVD-2025-199108
Malicious code in react-data-to-export npm...
CVE-2025-60797
phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...
CVE-2025-60797
phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...
UBUNTU-CVE-2025-60797
phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...
phpPgAdmin 安全漏洞
phpPgAdmin is an open source application of phppgadmin. The premier web-based administration tool for postgresql. A security vulnerability exists in phpPgAdmin 7.13.0 and earlier versions, which stems from the lack of cleanup or parameterization of user input in dataexport.php, which could lead t...
WordPress Directorist plugin <= 8.5.2 - Missing Authorization to Authenticated (Subscriber+) Data Export and Slug Update vulnerability
Missing Authorization to Authenticated Subscriber+ Data Export and Slug Update vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Directorist versions = 8.5.2...
CVE-2025-12042 Course Booking System <= 6.1.5 - Missing Authorization to Unauthenticated Booking Data Export
The Course Booking System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in the csv-export.php file in all versions up to, and including, 6.1.5. This makes it possible for unauthenticated attackers to directly access the file and obtain an expo...
CVE-2025-12042 Course Booking System <= 6.1.5 - Missing Authorization to Unauthenticated Booking Data Export
The Course Booking System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in the csv-export.php file in all versions up to, and including, 6.1.5. This makes it possible for unauthenticated attackers to directly access the file and obtain an expo...