CVE-2025-71332

Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, an authenticated user can supply a crafted JSON import file whose id field is concatenated unsanitized into a SQL IN clause, allowing arbitrary SQL to ...

CVE-2026-10720

CVE-2026-10720 affects Canonical MicroCeph versions on squid and tentacle tracks. A path traversal in the remote-import API allows holders of a trusted cluster mTLS certificate or a join token to manipulate files inside the imported remote cluster confined at /var/snap/microceph, potentially caus...

PT-2026-49716

Name of the Vulnerable Software and Affected Versions galaxy ng affected versions not specified Description A command injection issue exists in the legacy role import API v1 where the do git checkout function interpolates unsanitized git ref names, such as branch or tag names, into shell commands...

CVE-2026-34522 SillyTavern: Path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in /api/chats/import allows an authenticated attacker to...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via throttling policy import API. An attacker can execute arbitrary code by uploading a specially crafted file to a user-controlled location. Remediation Upgrade org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.impl t...

EUVD-2019-6668

Malware in sbrugna...

EUVD-2024-3532

Malicious code in bioql PyPI...

CVE-2019-15732

An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions...

VulnCheck KEV: CVE-2025-47539

A privilege escalation vulnerability is present in the Eventin plugin due to lack of permission checking in the /wp-json/eventin/v2/speakers/import REST API endpoint. This occurs when importing the user due to lack of permission validation of user roles...

Gitlab -- vulnerabilities

Gitlab reports: Partial Bypass for Device OAuth flow using Cross Window Forgery Denial of service by abusing Github import API Group IP restriction bypass allows disclosing issue title of restricted project...

BIT-MINIO-2024-55949 Privilege escalation in IAM import API in MinIO

MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit 580d9db85e04f1b63cc2909af50f0ed08afa965f. This issue has been addressed in commit...

Privilege Escalation

github.com/minio/minio is vulnerable to Privilege Escalation. The vulnerability is due to improper validation and handling of imported IAM policies in the IAM import API, allows an attacker to escalate their privileges and potentially gain unauthorized access to resources or perform actions beyon...

SUSE CVE-2024-55949

MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit 580d9db85e04f1b63cc2909af50f0ed08afa965f. This issue has been addressed in commit...

GO-2024-3336 MinIO vulnerable to privilege escalation in IAM import API in github.com/minio/minio

MinIO vulnerable to privilege escalation in IAM import API in github.com/minio/minio...

CVE-2024-55949

A flaw was found in MinIO. Due to insufficient permissions checking in the IAM import API, a user may be able to change their policy mapping to escalate their privileges via a specially crafted configuration file...

CVE-2024-55949

MinIO is affected by a privilege-escalation flaw in the IAM import API. The issue impacts all users since the commit 580d9db85e04f1b63cc2909af50f0ed08afa965f, with a fix introduced in commit f246c9053f9603e610d98439799bdd2a6b293427 and released in RELEASE.2024-12-13T22-19-12Z. There are no workar...

CVE-2024-55949 Privilege escalation in IAM import API in MinIO

MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit 580d9db85e04f1b63cc2909af50f0ed08afa965f. This issue has been addressed in commit...

CVE-2024-55949 Privilege escalation in IAM import API in MinIO

MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit 580d9db85e04f1b63cc2909af50f0ed08afa965f. This issue has been addressed in commit...

CVE-2024-55949 Privilege escalation in IAM import API in MinIO

MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit 580d9db85e04f1b63cc2909af50f0ed08afa965f. This issue has been addressed in commit...

GHSA-CWQ8-G58R-32HG MinIO vulnerable to privilege escalation in IAM import API

Impact Privilege escalation in IAM import API, all users are impacted since MinIO commit 580d9db85e04f1b63cc2909af50f0ed08afa965f Patches commit f246c9053f9603e610d98439799bdd2a6b293427 Author: Aditya Manthramurthy Date: Wed Dec 11 18:09:40 2024 -0800 fix: Privilege escalation in IAM import API...