CVE-2025-9800

A weakness has been identified in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Affected by this issue is the function Import of the file apps/sim/app/api/files/upload/route.ts of the component HTML File Parser. Executing manipulation of the argument File can lead to unrestricte...

CVE-2025-9800

The CVE-2025-9800 entry corresponds to SimStudioAI, where the vulnerability resides in the Import function of the file apps/sim/app/api/files/upload/route.ts within the HTML File Parser component. The root cause is manipulation of the File argument, leading to unrestricted file upload and potenti...

PT-2025-35515

Name of the Vulnerable Software and Affected Versions: SimStudioAI affected versions not specified Description: A weakness exists in the function Import of the file apps/sim/app/api/files/upload/route.ts within the HTML File Parser component. Manipulation of the File argument can lead to...

Gitlab -- vulnerabilities

Gitlab reports: Allocation of Resources Without Limits issue in import function impacts GitLab CE/EE Missing authentication issue in GraphQL endpoint impacts GitLab CE/EE Allocation of Resources Without Limits issue in GraphQL impacts GitLab CE/EE Code injection issue in GitLab repositories impac...

CVE-2025-8081 Elementor <= 3.30.2 - Authenticated (Administrator+) Arbitrary File Read via Image Import

The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the ImportImages::import function due to insufficient controls on the filename specified. This makes it possible for authenticated attackers, with administrator-level access an...

PT-2025-24588 · Sap · Sap S/4Hana

Name of the Vulnerable Software and Affected Versions: SAP S/4HANA Manage Central Purchase Contract affected versions not specified Description: The issue concerns the lack of necessary authorization checks for authenticated users, allowing an attacker to execute the import function on an entity...

CVE-2024-24510

Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function to the mail component...

CVE-2024-35424

vmir e8117 was discovered to contain a segmentation violation via the importfunction function at /src/vmirwasmparser.c...

CVE-2025-29457

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation...

CVE-2025-29457

CVE-2025-29457 affects MyBB 1.8.38 via the Import a Theme function, enabling a remote attacker to obtain sensitive information. The supplier disputes the issue due to board administrator actions and SSRF mitigation. Public details confirm the vulnerability in the MyBB 1.8.38 import mechanism; no ...

CVE-2025-32779 labsai/eddi Vulnerable to Path Traversal (Zip Slip) in ZIP Import Function

E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. In versions before 5.5.0, an attacker with access to the /backup/import API endpoint can write arbitrary files to locations outside the intended extraction directory due to a Zip Slip vulnerability...

CVE-2025-32779

E.D.D.I (Enhanced Dialog Driven Interface) is vulnerable to a Zip Slip path traversal in the ZIP import path ( /backup/import ) prior to version 5.5.0, allowing an attacker to write arbitrary files outside the intended extraction directory and potentially overwrite application files (e.g., JARs) ...

Multiple vulnerabilities in BizRobo!

Overview BizRobo! is an RPA Robotic Process Automation software provided by OPEN, Inc. Users compile an automation flow using DesignStudio, a development application that runs on Windows, and create robot files. A web application Management Console is provided to schedule RPA execution and to che...

CVE-2024-13906 Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress <= 4.7.3 - Authenticated (Administrator+) PHP Object Injection

The Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.7.3 via deserialization of untrusted input in the 'importgalleryfromcsv' function. This makes it possible for...

PT-2025-6162 · Dayrui · Xunruicms

Name of the Vulnerable Software and Affected Versions: dayrui XunRuiCMS version 4.6.3 Description: A critical issue was found in dayrui XunRuiCMS, affecting the import add function of the file dayrui/Fcms/Control/Admin/Linkage.php. The manipulation leads to deserialization, and it is possible to...

CVE-2024-12155

The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settingsimport function in all versions up to, and including, 2.0.02. This makes it possible for unauthenticated attackers to...

CVE-2024-55089

Rhymix before 2.1.24 is vulnerable to Server-Side Request Forgery SSRF in the background import data function because XML documents may contain external entities...

CVE-2024-35424

vmir e8117 was discovered to contain a segmentation violation via the importfunction function at /src/vmirwasmparser.c...

PT-2024-26493 · Vmir · Vmir

Name of the Vulnerable Software and Affected Versions: vmir e8117 version e8117 Description: A segmentation violation was discovered in vmir e8117 via the import function function at /src/vmir wasm parser.c. Recommendations: For vmir e8117 version e8117, as a temporary workaround, consider...

VMIR 安全漏洞

VMIR is a standalone library written in C by the individual developer Andreas Smas. A security vulnerability exists in VMIR version e8117, which stems from a segmentation violation in the importfunction function...