CVE-2026-22315

Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...

PT-2026-42142

Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...

EUVD-2025-11138

Malicious code in bioql PyPI...

EUVD-2025-25399

Malicious code in bioql PyPI...

CVE-2025-9241

A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited...

CVE-2025-9241

A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited...

CVE-2025-9241 elunez eladmin exportUser csv injection

A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited...

CVE-2025-9241 elunez eladmin exportUser csv injection

A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited...

CVE-2025-9241

CVE-2025-9241 affects elunez eladmin up to version 2.7. The vulnerability resides in the exportUser function, which does not escape/export CSV content, enabling CSV injection. Exploitation can be remote and public exploits exist. Multiple connected sources corroborate the issue and identify the s...

ELADMIN 安全漏洞

ELADMIN is a backend management system for elunez personal developers. A security vulnerability exists in ELADMIN 2.7 and earlier versions, which stems from the exportUser function not escaping and filtering exported CSV content, which allows remote attackers to inject malicious CSV loads...

GHSA-57Q2-6CP4-9MQ3 XWiki exposes passwords and emails stored in fields not named password/email in xml.vm

Impact The XML export of a page in XWiki that can be triggered by any user with view rights on a page by appending ?xpage=xml to the URL includes password and email properties stored on a document that aren't named password or email. This allows any user to obtain the salted and hashed user accou...

CVE-2024-3039

A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Affected is an unknown function of the file /api/blade-user/export-user of the component API. The manipulation with the input updatexml1,concat0x3f,md5123456,0x3f,1=1 leads to sql injection. It is...

CVE-2023-27890

The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2022-29287

Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights default is Administrator to export the user options of any user, even ones with higher privileges like Global Administrators than the current user. The exported XML...

CVE-2024-3039

A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Affected is an unknown function of the file /api/blade-user/export-user of the component API. The manipulation with the input updatexml1,concat0x3f,md5123456,0x3f,1=1 leads to sql injection. It is...

Shanghai Brad Technology BladeX SQL注入漏洞

Shanghai Brad Technology BladeX is a SpringBoot Rapid Development Platform from Shanghai Brad Technology Shanghai, China. A SQL injection vulnerability exists in Shanghai Brad Technology BladeX version 3.4.0, which originates from a SQL injection vulnerability in file/api/blade-user/export-user...

PT-2024-23336 · Shanghai Brad Technology · Bladex

Name of the Vulnerable Software and Affected Versions: Shanghai Brad Technology BladeX version 3.4.0 Description: A critical vulnerability has been found in the API component of Shanghai Brad Technology BladeX, specifically affecting an unknown function of the file /api/blade-user/export-user. Th...

CVE-2024-1690

The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the terawalletexportusersearch function in all versions up to, and including, 1.4.10. This...

WordPress Plugin TeraWallet Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-18226 · WordPress · Terawallet

Name of the Vulnerable Software and Affected Versions: The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress versions up to, and including, 1.4.10 Description: The issue allows authenticated attackers with subscriber-level acce...