Lucene search
K

319 matches found

EUVD
EUVD
added 2025/12/18 12:34 a.m.5 views

EUVD-2023-60217

Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file...

8.8CVSS7.2AI score0.00616EPSS
Exploits1References4
CVE
CVE
added 2025/12/17 10:44 p.m.12 views

CVE-2023-53929

Summary: CVE-2023-53929 affects phpMyFAQ 3.1.12. The vulnerability arises in the user data export workflow: an authenticated user can place CSV-injection payloads (e.g., calc|a!z|) in their profile name, which can trigger code execution when an administrator exports user data as CSV. Affected sof...

8.8CVSS7.3AI score0.00442EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/12/17 10:44 p.m.17 views

CVE-2023-53905 ProjectSend r1605 CSV Injection via User Account Export Functionality

ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into user profile names. Attackers can craft payloads like =calc|a!z| in the name field to trigger code execution when administrators export action logs as CSV files...

8CVSS0.00412EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/12/10 5:17 p.m.6 views

CVE-2025-60912

phpIPAM v1.7.3 contains a Cross-Site Request Forgery CSRF vulnerability in the database export functionality. The generate-mysql.php function, located in the /app/admin/import-export/ endpoint, allows remote attackers to trigger large database dump downloads via crafted HTTP GET requests if an...

3.3CVSS7AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/03 5:0 a.m.6 views

CVE-2025-13606

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the parseData function. This makes it possible for unauthenticated attackers...

6.5CVSS5.2AI score0.00138EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/02 4:37 a.m.5 views

EUVD-2025-200180

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the parseData function. This makes it possible for unauthenticated attackers...

6.5CVSS4.8AI score0.00138EPSS
Exploits0References3
CNVD
CNVD
added 2025/11/27 12:0 a.m.2 views

WordPress Chamber Dashboard Business Directory plugin unauthorized data export vulnerability

WordPress Chamber Dashboard Business Directory plugin is a plugin for creating business directories, job boards, real estate, classified ads and other types of directory websites with support for custom forms, image uploads, payment integration and more. The WordPress Chamber Dashboard Business...

5.3CVSS6.8AI score0.0024EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.8 views

PT-2025-48014

The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdash watch for export function in all versions up to, and including, 3.3.11. This makes it possible for unauthenticated attackers to export business...

5.3CVSS5.3AI score0.0024EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/06 7:59 p.m.3 views

CVE-2022-50589 SuiteCRM < 7.12.6 SQL Injection via 'export' Functionality

SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated attackers to ultimately execute arbitrary code...

9.3CVSS8.1AI score0.00629EPSS
Exploits0References3
CVE
CVE
added 2025/11/04 10:3 p.m.13 views

CVE-2025-62720

CVE-2025-62720 affects the LinkAce self-hosted archive. The vulnerability lies in the ExportController HTML/CSV export paths, which retrieve all links without applying ownership or visibility filtering, enabling any authenticated user to exfiltrate private links from all users. Affected versions ...

7.1CVSS6AI score0.00361EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.5 views

PT-2025-45055

Name of the Vulnerable Software and Affected Versions LinkAce versions prior to 2.4.0 Description LinkAce is a self-hosted archive for website links. Versions 2.3.1 and below permit any authenticated user to export the complete database of links, including private links intended only for their...

7.1CVSS6.4AI score0.00361EPSS
Exploits1References5
NVD
NVD
added 2025/10/30 10:15 p.m.4 views

CVE-2020-36867

Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the PDF generation pipeline or the wrapper that invokes offline/pdf helper utilities were insufficiently validated or improperly escaped,...

8.8CVSS0.02648EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/24 12:29 p.m.6 views

EUVD-2025-35834

The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.6.5. This is due to insufficient sanitization in the 'newcodebytechatbotexportmessages' function. This makes it possible for...

4.3CVSS6.3AI score0.00262EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/24 4:9 a.m.6 views

CVE-2025-48428

Cleartext Storage of Sensitive Information CWE-312 in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or counterfeit device on that site. This issue...

6.7CVSS6.7AI score0.00094EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/24 12:40 a.m.12 views

CVE-2025-60852

A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600. Applications built with affected versions of the framework did not properly sanitize user-controlled input before including it in CSV exports. This issue could lead to code execution on the system...

6.5CVSS7.6AI score0.00372EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/23 6:19 a.m.10 views

CVE-2025-10638

The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site's subscribers containing their name and email address...

5.3CVSS6.8AI score0.00224EPSS
Exploits0References1
Rockylinux
Rockylinux
added 2025/10/08 6:40 p.m.6 views

gnutls security, bug fix, and enhancement update

An update is available for gnutls. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gnutls packages provide the GNU Transport Layer Security GnuTLS library,...

8.2CVSS6.9AI score0.01185EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-7062

Malware in sbrugna...

6.5CVSS6.6AI score0.006EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-14092

Malware in sbrugna...

7.1CVSS7AI score0.00827EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-21238

Malware in sbrugna...

8.6CVSS8.6AI score0.00844EPSS
Exploits0References2
Rows per page
Query Builder