PT-2026-37298

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions prior to 29.0 Description The unauthenticated 'plugin/Scheduler/downloadICS.php' endpoint passes attacker-controlled title, description, and joinURL parameters into the Scheduler::downloadICS function, which utilizes the I...

CVE-2022-33180

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”...

EVE-NG 安全漏洞

EVE-NG is a clientless multi-vendor network emulation software from EVE-NG, Inc. A security vulnerability exists in EVE-NG version 6.4.0-13-PRO, which originates from directory traversal in the /api/export interface and could lead to the export of arbitrary files...

EUVD-2012-3765

Malware in sbrugna...

EUVD-2023-59235

Malicious code in bioql PyPI...

EUVD-2022-44861

Malicious code in bioql PyPI...

EUVD-2024-22369

Malicious code in bioql PyPI...

EUVD-2021-7481

Malicious code in bioql PyPI...

CVE-2024-27113

An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...

CVE-2022-3558

The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files...

CVE-2021-20018

A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier...

CVE-2020-18336

Cross Site Scripting XSS vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function...

CVE-2025-4185 Wangshen SecGate 3600 g=obj_area_export_save path traversal

A vulnerability, which was classified as critical, has been found in Wangshen SecGate 3600 2024. This issue affects some unknown processing of the file ?g=objareaexportsave. The manipulation of the argument filename leads to path traversal. The attack may be initiated remotely. The exploit has be...

GHSA-G48V-3P35-88JR H2O Vulnerable to Arbitrary File Overwrite

In h2oai/h2o-3 version 3.46.0, the /99/Models/name/json endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the exportModelDetails function in ModelsHandler.java, where the user-controllable mexport.dir parameter is used to specify the file path for...

CVE-2024-13556

The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export. This makes it possible for unauthenticated attackers to...

CVE-2024-13556 Affiliate Links: WordPress Plugin for Link Cloaking and Link Management <= 3.0.1 - Missing Authorization to Unauthenticated Import/Export and PHP Object Injection

The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export. This makes it possible for unauthenticated attackers to...

CVE-2024-13556

CVE-2024-13556 affects the WordPress plugin “Affiliate Links: WordPress Plugin for Link Cloaking and Link Management.” The vulnerability is a PHP Object Injection via deserialization of untrusted input from a file export, affecting all versions up to 3.0.1. An unauthenticated attacker could injec...

CVE-2024-13556 Affiliate Links: WordPress Plugin for Link Cloaking and Link Management <= 3.0.1 - Missing Authorization to Unauthenticated Import/Export and PHP Object Injection

The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export. This makes it possible for unauthenticated attackers to...

CVE-2024-42485

Filament Excel enables excel export for Filament admin resources. The export download route /filament-excel/path allowed downloading any file without login when the webserver allows ../ in the URL. Patched with Version v2.3.3...

CVE-2024-22422

AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit 08d33cfd8 an unauthenticated API route file export can allow attacker to crash the server resulting in a denial of...