CVE-2026-6214 Forminator Forms <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export via forminator_export_entries Action on wp_loaded Hook

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listenforsavingexportschedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration,...

CVE-2026-6222 Forminator Forms <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'forminator_action' Parameter

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...

CVE-2018-25137

FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability in the ExportConfig REST API that allows attackers to download sensitive configuration files. Attackers can exploit the getConfigExportFile.cgi endpoint to retrieve system configurations, potentially enabling authenticati...

CVE-2018-25137 FLIR Brickstream 3D+ 2.1.742.1842 Unauthenticated Config File Disclosure

FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability in the ExportConfig REST API that allows attackers to download sensitive configuration files. Attackers can exploit the getConfigExportFile.cgi endpoint to retrieve system configurations, potentially enabling authenticati...

CVE-2018-25137 FLIR Brickstream 3D+ 2.1.742.1842 Unauthenticated Config File Disclosure

FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability in the ExportConfig REST API that allows attackers to download sensitive configuration files. Attackers can exploit the getConfigExportFile.cgi endpoint to retrieve system configurations, potentially enabling authenticati...

FLIR Brickstream 3D+ 安全漏洞

FLIR Brickstream 3D+ is an intelligent passenger flow analysis sensor from FLIR, Inc. A security vulnerability exists in FLIR Brickstream 3D+ version 2.1.742.1842, which stems from an unauthenticated ExportConfig REST API that could lead to the disclosure of sensitive configuration files...

PT-2025-53357

FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability in the ExportConfig REST API that allows attackers to download sensitive configuration files. Attackers can exploit the getConfigExportFile.cgi endpoint to retrieve system configurations, potentially enabling authenticati...

EUVD-1999-1527

Malware in sbrugna...

EUVD-2022-3807

Malicious code in bioql PyPI...

The vulnerability of the /cgi-bin/ExportIbmsConfig.sh file, a component of the IBMS Configuration File Handler microprogramming system for TOTOLINK A3000RU routers, allows a hacker to trigger a service failure.

The vulnerability of the /cgi-bin/ExportIbmsConfig.sh file, a component of the IBMS Configuration File Handler microprogramming system for TOTOLINK A3000RU routers, is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to cause service interruptions...

CVE-2024-27086

The MSAL library enabled acquisition of security tokens to call protected APIs. MSAL.NET applications targeting Xamarin Android and .NET Android e.g., MAUI using the library from versions 4.48.0 to 4.60.0 are impacted by a low severity vulnerability. A malicious application running on a customer...

CVE-2024-27086 MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service

The MSAL library enabled acquisition of security tokens to call protected APIs. MSAL.NET applications targeting Xamarin Android and .NET Android e.g., MAUI using the library from versions 4.48.0 to 4.60.0 are impacted by a low severity vulnerability. A malicious application running on a customer...

CVE-2024-27086 MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service

The MSAL library enabled acquisition of security tokens to call protected APIs. MSAL.NET applications targeting Xamarin Android and .NET Android e.g., MAUI using the library from versions 4.48.0 to 4.60.0 are impacted by a low severity vulnerability. A malicious application running on a customer...

Remote Code Execution

Froxlor is vulnerable to Remote Code Execution. The vulnerability is due to not sanitizing or escaping the export configuration values/output. This leads to attacker including PHP code inside export configuration .json leading to RCE when the same configuration is executed when accessed by a...

Exploit for Missing Authorization in Intelbras Sg_2404_Mr_Firmware

CVE-2023-36144 PoC of CVE-2023-36144 - Intelbras Switch SG 24...

Juniper Junos OS Multiple Local Privilege Escalation Vulnerabilities (JSA11114)

The version of Junos OS installed on the remote host is affected by multiple local privilege escalation vulnerabilities as referenced in the JSA11114 advisory. Specifically: - A sensitive information disclosure vulnerability in delta-export configuration utility dexp of Juniper Networks Junos OS...

CVE-2021-0204

A sensitive information disclosure vulnerability in delta-export configuration utility dexp of Juniper Networks Junos OS may allow a locally authenticated shell user the ability to create and read database files generated by the dexp utility, including password hashes of local users. Since dexp i...

Exploit for Improper Privilege Management in Centreon

CVE-2019-19699 Centreon =\ After logging in we navi...

CVE-2019-3938

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is encrypted using the awenc binary. The same binary can be used to decrypt any...

CVE-2016-7572

The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors...