CVE-2026-20252

Splunk Enterprise and Splunk Cloud Platform are affected by CVE-2026-20252 due to an SSRF in Dashboard Studio PDF export. A low-privilege user (not admin/power role) can cause server-side requests to arbitrary internal destinations by abusing the PDF export feature. Root cause: trusted-domain val...

CVE-2026-21026

Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information...

CVE-2026-27895 LAM has incorrect regular expression in PDF export component that allows user to upload files of any type

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way any file type including .php files can be uploaded. With...

CVE-2026-20993

The connected PT and EUVD entries describe a vulnerability in Samsung Assistant prior to version 9.3.10.7, caused by improper export of Android application components. This allows a local attacker to access saved information. No exploitation details are provided in the documents, and no remediati...

CVE-2026-20983

Improper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Samsung Dialer privilege...

PT-2026-6093

Name of the Vulnerable Software and Affected Versions Samsung Dialer versions prior to SMR Feb-2026 Release 1 Description A flaw exists due to the improper export of Android application components in Samsung Dialer. This allows a local attacker to launch arbitrary activity with Samsung Dialer...

CVE-2022-0914

The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages including private and draft into an arbitrary CSV file, which the attacker can then download and retrieve the list of...

PT-2025-51322

Name of the Vulnerable Software and Affected Versions Misskey versions 13.0.0-beta.16 through 2025.12.0 Description Misskey is a federated social media platform. Users without the necessary permissions to view favorites or clips could export posts and access their contents. Recommendations Update...

CVE-2025-14517

CVE-2025-14517 affects Yalantis uCrop 2.2.11 and concerns the UCropActivity component defined in AndroidManifest.xml. The vulnerability arises from an improper export of Android application components, which could allow manipulation to lead to exposure of components outside the intended scope. Ex...

CVE-2025-13066

The Demo Importer Plus plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.0.6. This is due to insufficient file type validation detecting WXR files, allowing double extension files to bypass sanitization while being accepted as a valid WXR file. Th...

EulerOS 2.0 SP11 : gnutls (EulerOS-SA-2025-2226)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A NULL pointer dereference flaw was found in the GnuTLS software in gnutlsfigurecommonciphersuite.CVE-2025-6395 A heap-buffer-overflow off-by-one...

EUVD-2025-25163

Malicious code in bioql PyPI...

CVE-2025-10715

CVE-2025-10715 affects APEUni PTE Exam Practice App on Android up to version 10.8.0. Root cause: improper export of Android components due to an issue in AndroidManifest.xml for the package com.ape_edication. This enables a local attack; exploit has been released publicly. Remediation: update to ...

PT-2025-38587

Name of the Vulnerable Software and Affected Versions Webull Investing & Trading App version 11.2.5.63 Description A vulnerability exists in Webull Investing & Trading App that causes improper export of Android application components due to manipulation of unknown code within the...

CVE-2024-34598

Improper export of component in GoodLock prior to version 2.2.04.95 allows local attackers to install arbitrary applications from Galaxy Store...

CVE-2025-9676 NCSOFT Universe App com.ncsoft.universeapp AndroidManifest.xml improper export of android application components

A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to improper export of android application components. Local access is required to approach this attack...

Linux Distros Unpatched Vulnerability : CVE-2025-5351

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into...

CVE-2025-9102

A security vulnerability has been detected in 1&1 Mail & Media mail.com App 8.8.0 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.mail.mobile.android.mail. The manipulation leads to improper export of android application components. It is possible ...

CVE-2025-9098 Elseplus File Recovery App AndroidManifest.xml improper export of android application components

A vulnerability was determined in Elseplus File Recovery App 4.4.21 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit...

1&1 Mail & Media mail.com App 安全漏洞

1&1 Mail & Media mail.com App is an email application from the German company 1&1 Mail & Media. A security vulnerability exists in 1&1 Mail & Media mail.com App version 8.8.0, which stems from an improper export of the component com.mail.mobile.android.mail, which allows a local attacker to launc...