CVE-2026-6040

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...

LizardSystems Remote Desktop Audit 安全漏洞

LizardSystems Remote Desktop Audit is a remote desktop security audit and monitoring tool developed by LizardSystems. Version 2.3.0.157 of LizardSystems Remote Desktop Audit contains a security vulnerability. This vulnerability stems from a buffer overflow during the process of importing computer...

CVE-2021-22970

Concrete CMS formerly concrete5 versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb. SS...

CVE-2024-2298

The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkpimportproduct function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level...

WordPress Booking Manager plugin cross-site scripting vulnerability

WordPress Booking Manager plugin is a tool for managing appointments and schedules, supporting features such as synchronization with external ICS calendars, importing events and exporting booking data. A cross-site scripting vulnerability exists in the WordPress Booking Manager plugin, which stem...

EUVD-2020-14292

Malware in sbrugna...

EUVD-2021-2351

Malware in sbrugna...

EUVD-2023-25832

Malicious code in bioql PyPI...

EUVD-2024-27253

Malicious code in bioql PyPI...

CVE-2025-9918

A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server versions 6.3.54.0, 6.3.53.2, and all prior versions allows an authenticated attacker with permissions to import Use Cases to achieve Remote Code Execution RCE via uploading a malicious ZIP archive...

Linux Distros Unpatched Vulnerability : CVE-2023-3205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions...

Ollama <= 0.3.3 DoS

The version of Ollama installed on the remote host is prior or equal to 0.3.3. It is, therefore, affected by a vulnerability. A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF models with a crafted type for blockcount in the...

CVE-2020-14022

Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts "Import Contacts" functionality from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality E.g. the "Application Starter" module...

CVE-2018-1000645

LibreHealthIO lh-ehr version...

[SECURITY] Fedora 40 Update: digikam-8.6.0-4.fc40

digiKam is an easy to use and powerful digital photo management application, which makes importing, organizing and manipulating digital photos a "snap". An easy to use interface is provided to connect to your digital camera, preview the images and download and/or delete them. digiKam built-in ima...

GHSA-P9HH-MH5X-WVX3 Formie has XSS vulnerability for importing forms

Impact When importing a form from JSON, if the field label or handle contained malicious content, the output wasn't correctly escaped when viewing a preview of what was to be imported. As imports are undertaking primarily by users who have themselves exported the form from one environment to...

Formie for Craft CMS 跨站脚本漏洞

Formie for Craft CMS is an open source form plugin for Craft CMS by Verbb. A cross-site scripting vulnerability exists in Formie for Craft CMS versions prior to 2.1.44 that stems from not properly escaping output when importing forms...

USN-7412-1 gnupg2 vulnerability

It was discovered that GnuPG incorrectly handled importing keys with certain crafted subkey data. If a user or automated system were tricked into importing a specially crafted key, a remote attacker may prevent users from importing other keys in the future...

LogicalDOC 安全漏洞

LogicalDOC is a document management system developed using Java technology by LogicalDOC, Inc. in the United States. The system has features such as Lucene full-text search indexing and automatic importing. A security vulnerability exists in LogicalDOC that stems from an API used in the applicati...

CVE-2024-45679

Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product...