CVE-2026-41231

Froxlor is open source server administration software. Prior to version 2.3.6, DataDump.add constructs the export destination path from user-supplied input without passing the $fixedhomedir parameter to FileDir::makeCorrectDir, bypassing the symlink validation that was added to all other...

CVE-2025-59100

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

CVE-2025-59100 Unauthenticated Access to the SQLite Database in dormakaba access manager

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

CVE-2025-59100

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

PT-2026-4750

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

CVE-2025-12894

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.17 via the import/export functionality and a lack of .htaccess protection. This makes it possible for unauthenticated...

EUVD-2025-198409

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.17 via the import/export functionality and a lack of .htaccess protection. This makes it possible for unauthenticated...

Linux Distros Unpatched Vulnerability : CVE-2016-9855

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display...

Applio 信息泄露漏洞

Applio is an open source AI speech conversion tool from Spanish AI Hispano. An information disclosure vulnerability exists in Applio 3.2.8-bugfix and prior versions, which stems from an arbitrary file read issue in the exportpth function of train.py, which could lead to reading arbitrary files on...

DEBIAN-CVE-2024-45004

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix leak of blob encryption key Trusted keys unseal the key blob on load, but keep the sealed payload in the blob field so that every subsequent read export will simply convert this field to hex and send it to...

The vulnerability of the administrator panel of GL.iNet microprogramming software allows a intruder to gain unauthorized access to protected information and upload arbitrary files.

The vulnerability of the administrator panel of GL.iNet microprogramming software is related to the use of an unreliable search path during the export of logs. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information and upload arbitrary files...

IBOS SQL注入漏洞

IBOS is a collaborative office management system. A SQL injection vulnerability exists in IBOS OA version 4.5.5, which stems from the fact that the file ?r=recruit/contact/export&contactids=x causes sql injection...

IBOS SQL注入漏洞

IBOS is a collaborative office management system. An SQL injection vulnerability exists in IBOS OA version 4.5.5, which stems from the function actionExport in the file ?r=contact/default/export that causes sql injection...

LIVEBOX Collaboration vDesk 安全漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions, which stems from the presence of corrupted access control under /api/v1/vdeskDOMAIN/export...

CVE-2023-1431

The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible location /wp-content/plugins/wordpress-simple-paypal-shopping-cart/includes/admin/...

UBUNTU-CVE-2016-7116

Directory traversal vulnerability in hw/9pfs/9p.c in QEMU aka Quick Emulator allows local guest OS administrators to access host files outside the export path via a .. dot dot in an unspecified string...

PT-2016-7226 · Qemu Team +3 · Qemu +3

Name of the Vulnerable Software and Affected Versions: QEMU aka Quick Emulator affected versions not specified Description: A directory traversal issue exists, allowing local guest OS administrators to access host files outside the export path by utilizing a .. dot dot in an unspecified string...

ActFax 4.31 Local Privilege Escalation Exploit

Exploit for windows platform in category local exploits !/usr/bin/python Title: ActFax 4.31 Local Privilege Escalation Exploit Author: Craig Freyman @cd1zz Discovered: July 10, 2012 Vendor Notified: June 12, 2012 Description: http://www.pwnag3.com/2012/08/actfax-local-privilege-escalation.html...