Lucene search
K

67 matches found

EUVD
EUVD
added 2026/02/04 12:0 a.m.4 views

EUVD-2025-206818

An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information...

6.2AI score0.0034EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/04 12:0 a.m.3 views

CVE-2025-69621

An arbitrary file overwrite vulnerability in the file import process of Comic Book Reader v1.0.95 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information...

6.3AI score0.00481EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/04 12:0 a.m.4 views

CVE-2025-69618

An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information...

6.3AI score0.0034EPSS
Exploits1References4
CVE
CVE
added 2026/02/04 12:0 a.m.9 views

CVE-2025-69618

The CVE-2025-69618 issue affects Tarot, Astro & Healing v11.4.0 and is described as an arbitrary file overwrite vulnerability in the file import process. The root cause is the ability to overwrite critical internal files, which could lead to arbitrary code execution or exposure of sensitive infor...

8.1CVSS6.2AI score0.0034EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/02/04 12:0 a.m.5 views

EUVD-2025-206821

An arbitrary file overwrite vulnerability in the file import process of Comic Book Reader v1.0.95 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information...

6.2AI score0.00481EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:52 a.m.7 views

CVE-2020-10081

GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user...

6.5CVSS6.7AI score0.00949EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/10 6:30 p.m.4 views

EUVD-2025-202433

A lack of security checks in the file import process of AB TECHNOLOGY Document Reader: PDF, DOC, PPT v65.0 allows attackers to execute a directory traversal...

6.5CVSS6.5AI score0.00484EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/10/30 9:22 p.m.5 views

CVE-2025-34270 Nagios Log Server < 2024R2.0.2 AD/LDAP Import Password Not Obfuscated

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obfuscate the password field during import. As a result, the plaintext password supplied for imported accounts may be exposed in the user interface, logs, or other...

6.9CVSS6.4AI score0.00571EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-0099

Malware in sbrugna...

7.5CVSS7.4AI score0.01846EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-30895

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00417EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2025/09/03 10:30 p.m.4 views

Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.

...

5.9CVSS7AI score0.0163EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in import-process-orchestrate-stub-phi (npm)

The package import-process-orchestrate-stub-phi was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-23087 Malicious code in import-process-orchestrate-stub-phi (npm)

The package import-process-orchestrate-stub-phi was found to contain malicious code...

7.2AI score
Exploits0
Snyk
Snyk
added 2025/07/15 6:5 p.m.1 views

Directory Traversal

Overview org.dspace:dspace-api is a DSpace core data model and service APIs. Affected versions of this package are vulnerable to Directory Traversal in the import process when handling Simple Archive Format packages. An attacker can access sensitive files on the server by crafting a malicious...

7CVSS7.6AI score0.00404EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/25 12:0 a.m.5 views

PT-2025-26837 · Cvat · Cvat

Name of the Vulnerable Software and Affected Versions: CVAT versions 2.2.0 through 2.39.0 Description: CVAT is an open source interactive video and image annotation tool for computer vision. The issue arises from the lack of validation during the import process of a project or task backup, allowi...

5.3CVSS6.5AI score0.00255EPSS
Exploits0References7
Snyk
Snyk
added 2025/04/11 2:41 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the field label or handle during the import process from JSON. An attacker can execute arbitrary scripts in the context of the interface by inserting malicious content into these fields. Note: This is only...

6.1CVSS5.6AI score0.002EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:59 a.m.2 views

SUSE CVE-2016-6632

An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

5.9CVSS7AI score0.02146EPSS
Exploits0References4
NVD
NVD
added 2021/09/09 12:15 p.m.11 views

CVE-2021-39458

Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables...

6.5CVSS0.01191EPSS
Exploits1References2
OSV
OSV
added 2021/09/09 12:15 p.m.13 views

CVE-2021-39458

Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables...

6.5CVSS6.6AI score0.01191EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/09/09 11:32 a.m.16 views

CVE-2021-39458

Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables...

6.6AI score0.01191EPSS
Exploits1References2
Rows per page
Query Builder