PT-2026-4718

A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf media export webvtt metadata of the file src/media tools/media export.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly availab...

CVE-2016-10762

The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used...

CVE-2020-36862

Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local exporting tool. Crafted export requests could 1 inject script into exported/returned content due to insufficient output encoding XSS, and 2 cause the server to fetch attacker-specified URLs SSRF,...

CVE-2020-36862 Nagios XI < 5.6.11 Unauthenticated XSS and SSRF via Highcharts

Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local exporting tool. Crafted export requests could 1 inject script into exported/returned content due to insufficient output encoding XSS, and 2 cause the server to fetch attacker-specified URLs SSRF,...

IBM DB2 High Performance Unload 安全漏洞

IBM DB2 High Performance Unload is a database data export program from International Business Machines IBM. A security vulnerability exists in IBM DB2 High Performance Unload that originates from an overwritten buffer allocated on the stack, which could cause the program to crash. The following...

IBM DB2 High Performance Unload 安全漏洞

IBM DB2 High Performance Unload is a database data export program from International Business Machines IBM. A security vulnerability exists in IBM DB2 High Performance Unload that stems from an error in the calculation of the data size and could cause the program to crash. The following versions...

EUVD-2016-1756

Malware in sbrugna...

EUVD-2025-8454

Malicious code in bioql PyPI...

PT-2025-38919

Name of the Vulnerable Software and Affected Versions Jonathan Brinley DOAJ Export versions through 1.0.4 Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, which can lead to Stored Cross-Site Scripting XSS. This allows an attacker...

CVE-2022-1092

The myCred WordPress plugin before 2.4.3.1 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog...

Moodle < 4.1.12, 4.2.x < 4.2.9, 4.3.x < 4.3.6, 4.4.x < 4.4.2 Multiple Vulnerabilities

Moodle is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescription...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper certificate validation. An attacker can intercept secure communications by presenting a forged certificate. Remediation Upgrade github.com/mongodb/mongo-tools/mongoexport to version 3.6.21...

CVE-2023-46154

Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.18...

Gmail and Google Calendar Now Support Client-Side Encryption (CSE) to Boost Data Privacy

Google has announced the general availability of client-side encryption CSE for Gmail and Calendar, months after piloting the feature in late 2022. The data privacy controls enable "even more organizations to become arbiters of their own data and the sole party deciding who has access to it,"...

PT-2022-13654 · WordPress · Mycred

Name of the Vulnerable Software and Affected Versions: myCred WordPress plugin versions prior to 2.4.3.1 Description: The issue concerns a lack of authorization and CSRF checks in the mycred-tools-import-export AJAX action. This allows any authenticated user to call the action and retrieve the li...

CVE-2021-0204

A sensitive information disclosure vulnerability in delta-export configuration utility dexp of Juniper Networks Junos OS may allow a locally authenticated shell user the ability to create and read database files generated by the dexp utility, including password hashes of local users. Since dexp i...

Dolibarr ERP/CRM 参数注入漏洞

Dolibarr ERP/CRM is an open source software/freeware for small and medium-sized businesses, organizations or freelancers. It includes different features such as Enterprise Resource Planning ERP and Customer Relationship Management CRM, as well as applications for other different activities. A...

PT-2020-17266 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 12.0.3 Description: The issue allows for authenticated Remote Code Execution. An attacker with access to the admin dashboard can exploit the backup function by inserting a payload into the zipfilename template parameter in th...

apls (>=0.0.6 <=0.1.0), datacube (=1.6.2) +16 more potentially affected by CVE-2019-17545 via gdal (>=2.1.0 <=3.0.1)

gdal PYPI version =2.1.0, =0.0.6, =0.1.0, =0.0.35, =0.1.0, =1.0.60, =0.0.4, =0.1.2, =1.0.16, =0.9.0, =0.0.6, =0.0.3, =0.1.0 - routing-ortools-osrm =1.0.1 and more Source cves: CVE-2019-17545 Source advisory: OSV:PYSEC-2019-241...

CVE-2016-10762

The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used...