67 matches found
EUVD-2025-206818
An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information...
CVE-2025-69621
An arbitrary file overwrite vulnerability in the file import process of Comic Book Reader v1.0.95 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information...
CVE-2025-69618
An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information...
CVE-2025-69618
The CVE-2025-69618 issue affects Tarot, Astro & Healing v11.4.0 and is described as an arbitrary file overwrite vulnerability in the file import process. The root cause is the ability to overwrite critical internal files, which could lead to arbitrary code execution or exposure of sensitive infor...
EUVD-2025-206821
An arbitrary file overwrite vulnerability in the file import process of Comic Book Reader v1.0.95 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information...
CVE-2020-10081
GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user...
EUVD-2025-202433
A lack of security checks in the file import process of AB TECHNOLOGY Document Reader: PDF, DOC, PPT v65.0 allows attackers to execute a directory traversal...
CVE-2025-34270 Nagios Log Server < 2024R2.0.2 AD/LDAP Import Password Not Obfuscated
Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obfuscate the password field during import. As a result, the plaintext password supplied for imported accounts may be exposed in the user interface, logs, or other...
EUVD-2021-0099
Malware in sbrugna...
EUVD-2021-30895
Malicious code in bioql PyPI...
Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.
...
Malicious code in import-process-orchestrate-stub-phi (npm)
The package import-process-orchestrate-stub-phi was found to contain malicious code...
MAL-2025-23087 Malicious code in import-process-orchestrate-stub-phi (npm)
The package import-process-orchestrate-stub-phi was found to contain malicious code...
Directory Traversal
Overview org.dspace:dspace-api is a DSpace core data model and service APIs. Affected versions of this package are vulnerable to Directory Traversal in the import process when handling Simple Archive Format packages. An attacker can access sensitive files on the server by crafting a malicious...
PT-2025-26837 · Cvat · Cvat
Name of the Vulnerable Software and Affected Versions: CVAT versions 2.2.0 through 2.39.0 Description: CVAT is an open source interactive video and image annotation tool for computer vision. The issue arises from the lack of validation during the import process of a project or task backup, allowi...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the field label or handle during the import process from JSON. An attacker can execute arbitrary scripts in the context of the interface by inserting malicious content into these fields. Note: This is only...
SUSE CVE-2016-6632
An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...
CVE-2021-39458
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables...
CVE-2021-39458
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables...
CVE-2021-39458
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables...