63 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-1774
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send...
Description of the security update for Microsoft Exchange Server 2019: August 12, 2025 (KB5063222)
Description of the security update for Microsoft Exchange Server 2019: August 12, 2025 KB5063222 Original article content This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and...
CVE-2025-8745
A vulnerability, which was classified as problematic, has been found in Weee RICEPO App 6.17.77 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.ricepo.app. The manipulation leads to improper export of android application components. An...
CVE-2025-54125 XWiki Platform: Password and email exposure in xml.vm fields
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 1.1 through 16.4.6, 16.5.0-rc-1 through 16.10.4 and 17.0.0-rc-1 through 17.1.0, the XML export of a page in XWiki that can b...
CVE-2025-8258
A vulnerability, which was classified as problematic, has been found in Cool Mo Maigcal Number App up to 1.0.3 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.sdmagic.number. The manipulation leads to improper export of android...
CVE-2025-8258
Summary of CVE-2025-8258 : Affects the Android app “Cool Mo Maigcal Number App” (version up to 1.0.3) and its AndroidManifest.xml handling for component com.sdmagic.number. The vulnerability allows improper export of Android components via a local attack path. Exploitation is indicated as publicl...
PT-2025-30987 · Yeelink · Yeelight App +1
Name of the Vulnerable Software and Affected Versions: Yeelink Yeelight App versions up to 3.5.4 Description: A vulnerability exists in the Yeelink Yeelight App on Android. The issue involves improper export of android application components due to manipulation of an unknown function within the...
CVE-2025-7890
CVE-2025-7890 concerns the Dunamu StockPlus App (Android) up to version 7.62.10 . The vulnerability involves improper export of AndroidManifest.xml components in the package com.dunamu.stockplus caused by manipulation of an unknown functionality. A local attack is required. The exploit has been p...
CVE-2025-7889 CallApp Caller ID App caller.id.phone.number.block AndroidManifest.xml improper export of android application components
A vulnerability was found in CallApp Caller ID App up to 2.0.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component caller.id.phone.number.block. The manipulation leads to improper export of android application...
CVE-2025-5351
A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additiona...
CVE-2025-5351
A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additiona...
CVE-2025-6814
The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportnow function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal...
WordPress plugin Modern Events Calendar Lite 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
PT-2025-23752
Name of the Vulnerable Software and Affected Versions Android versions prior to SMR Jun-2025 Release 1 Description The issue concerns the improper export of Android application components in Bluetooth, allowing local attackers to make devices discoverable. Recommendations For Android versions pri...
CVE-2024-23193
E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation...
CVE-2024-28111
Canarytokens helps track activity and actions on a network. Canarytokens.org supports exporting the history of a Canarytoken's incidents in CSV format. The generation of these CSV files is vulnerable to a CSV Injection vulnerability. This flaw can be used by an attacker who discovers an HTTP-base...
CVE-2024-36615
FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread...
CVE-2023-28458
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...
CVE-2020-27358
An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature that allows users to export their conversation threads as CSV allows non-privileged users to export one another's conversation threads by changing the threadid parameter in the request to the endpoint...
CVE-2025-4185 Wangshen SecGate 3600 g=obj_area_export_save path traversal
A vulnerability, which was classified as critical, has been found in Wangshen SecGate 3600 2024. This issue affects some unknown processing of the file ?g=objareaexportsave. The manipulation of the argument filename leads to path traversal. The attack may be initiated remotely. The exploit has be...