103 matches found
EUVD-2017-7854
Malware in sbrugna...
EUVD-2014-3697
Malware in sbrugna...
EUVD-2021-15620
Malware in sbrugna...
EUVD-2019-2917
Malware in sbrugna...
EUVD-2022-42498
Malicious code in bioql PyPI...
EUVD-2023-51300
Malicious code in bioql PyPI...
EUVD-2024-44463
Malicious code in bioql PyPI...
EUVD-2023-23486
Malicious code in bioql PyPI...
EUVD-2025-16060
Malicious code in bioql PyPI...
EUVD-2022-3459
Malicious code in bioql PyPI...
CVE-2025-9515
The Multi Step Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the import functionality in all versions up to, and including, 1.7.25. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload...
CVE-2025-9515
The Multi Step Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the import functionality in all versions up to, and including, 1.7.25. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload...
CVE-2025-9515
The CVE-2025-9515 entry concerns the WordPress plugin Multi Step Form . Affected versions are all prior to and including 1.7.25 . The root cause is missing file-type validation in the import functionality, allowing authenticated users with Administrator-level access to upload arbitrary files on t...
PT-2025-22874 · H3C · H3C Seccenter Smp-E1114P02
Name of the Vulnerable Software and Affected Versions: H3C SecCenter SMP-E1114P02 up to 20250513 Description: A critical vulnerability has been found in H3C SecCenter SMP-E1114P02, affecting some unknown functionality of the file /safeEvent/importFile/. The manipulation of the argument...
CVE-2022-30289
A stored Cross-site Scripting XSS vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the file location...
CVE-2025-45753
A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature...
CVE-2025-45752
A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager...
CVE-2022-3067
An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects'...
CVE-2020-26517
A cross-site scripting XSS issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project Authn users, using the users import functionality Admin only, and changing the login text in t...
CVE-2019-11216
BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed...