CVE-2025-43806

Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with import and export tasks, which allows remote authenticated users to access the exported data via...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

PT-2025-39083

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.112 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.7 Liferay Portal versions 7.4 GA through update 92 Description The Batch Engine does not correctly...

WordPress plugin ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages SQL注入漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... WordPress plugi...

CVE-2019-8107

An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with export data transfer privileges can craft a request to perform arbitrary file deletion...

CVE-2025-3113

A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance’s internal database configurations can leverage the application’s built-in Connector functionality to access Continuous Compliance’s internal database. This allows the user to explore the internal...

WordPress plugin WC Affiliate – A Complete WooCommerce Affiliate Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WC Affilia...

CVE-2024-0765

As a default user on a multi-user instance of AnythingLLM, you could execute a call to the /export-data endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit acce...

PT-2024-17509 · WordPress · The Simple Ecommerce Shopping Cart Plugin

Name of the Vulnerable Software and Affected Versions: The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress versions up to, and including, 3.1.2 Description: The issue is related to a missing capability check on the 'save settings', 'export csv', and...

WordPress plugin Form Vibes security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-4605 · Asus · Asus Rt-N12+ B1

Name of the Vulnerable Software and Affected Versions: ASUS RT-N12+ B1 version affected versions not specified Description: The issue is related to a lack of data sanitization on the administrative level, allowing for the exploitation of a CSV injection vulnerability. This vulnerability enables a...

PT-2024-3046

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V2.0 SP2 Description: A vulnerability has been identified that allows authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal, which could allow an authenticat...

CVE-2024-0765

As a default user on a multi-user instance of AnythingLLM, you could execute a call to the /export-data endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit acce...

Design/Logic Flaw

As a default user on a multi-user instance of AnythingLLM, you could execute a call to the /export-data endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit acce...

CVE-2024-0765 Default user role exporting save state of instance

As a default user on a multi-user instance of AnythingLLM, you could execute a call to the /export-data endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit acce...

CVE-2024-0765 Default user role exporting save state of instance

As a default user on a multi-user instance of AnythingLLM, you could execute a call to the /export-data endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit acce...

PT-2024-15802 · Unknown · Anything-Llm

Name of the Vulnerable Software and Affected Versions: AnythingLLM affected versions not specified Description: The issue allows a default user on a multi-user instance to execute a call to the "/export-data" endpoint, enabling them to exfiltrate data of the system at that save state. This requir...

The vulnerability in the exportDataObject API of the Foxit Reader text viewing application, which allows a hacker to execute arbitrary code.

The vulnerability of the exportDataObject API in the Foxit Reader text viewer software is related to improper checking of dangerous extensions. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially created file...

WordPress Plugin Eventin Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2024-16836

Name of the Vulnerable Software and Affected Versions The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress versions up to, and including, 3.3.50 Description The issue is related to unauthorized access of data due to a missing capability check on the...