Lucene search
K

83 matches found

Positive Technologies
Positive Technologies
added 2025/12/20 12:0 a.m.6 views

PT-2025-52564

Name of the Vulnerable Software and Affected Versions Versa SASE Client for Windows versions 7.8.7 through 7.9.4 Description The software contains a local privilege escalation issue in the audit log export functionality. The client sends user-controlled file paths to a privileged service, which...

8.5CVSS6.7AI score0.00095EPSS
Exploits0References7
NVD
NVD
added 2025/12/17 11:15 p.m.3 views

CVE-2023-53905

ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into user profile names. Attackers can craft payloads like =calc|a!z| in the name field to trigger code execution when administrators export action logs as CSV files...

8CVSS0.00412EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-11608

Malware in sbrugna...

8.8CVSS8.6AI score0.0063EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-11530

Malware in sbrugna...

5.5CVSS5.5AI score0.01089EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-9915

Malware in sbrugna...

7.8CVSS7.7AI score0.01324EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2016-1732

Malware in sbrugna...

9.8CVSS9.5AI score0.01545EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-29051

Malicious code in bioql PyPI...

6.5CVSS4.9AI score0.00298EPSS
Exploits0References5
NVD
NVD
added 2025/09/12 3:15 p.m.5 views

CVE-2025-10319

A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been...

6.5CVSS0.00298EPSS
Exploits0References4
OSV
OSV
added 2025/09/12 3:15 p.m.4 views

CVE-2025-10319

A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been...

6.5CVSS6.6AI score
Exploits0References4
Cvelist
Cvelist
added 2025/09/12 3:2 p.m.10 views

CVE-2025-10319 JeecgBoot Tenant Log Export exportLog improper authorization

A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been...

5.3CVSS0.00298EPSS
Exploits0References4
CVE
CVE
added 2025/09/12 3:2 p.m.15 views

CVE-2025-10319

JeecgBoot is affected up to version 3.8.2 due to improper authorization in the Tenant Log Export component, specifically the /sys/tenant/exportLog path. A remote attack is possible and the exploit has been publicly released. Multiple sources (Red Hat, CNNVD, PT Security, CVE records) corroborate ...

6.5CVSS6.3AI score0.00298EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/12 12:0 a.m.5 views

PT-2025-37320

Name of the Vulnerable Software and Affected Versions: JeecgBoot versions prior to 3.8.2 Description: A security flaw has been discovered in JeecgBoot related to improper authorization within the Tenant Log Export component. The issue affects the file /sys/tenant/exportLog. This manipulation can ...

5.3CVSS4.4AI score0.00298EPSS
Exploits0References9
NVD
NVD
added 2025/09/10 7:15 a.m.34 views

CVE-2025-9979

The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior. This is due to missing capability checks on the Maspikspamlogdownloadcsv function. This makes it possible for authenticated attackers, with subscriber-level access and above, to export and download...

4.3CVSS0.0023EPSS
Exploits0References4
CVE
CVE
added 2025/09/10 6:38 a.m.16 views

CVE-2025-9979

CVE-2025-9979 concerns the Maspik WordPress plugin (versions up to 2.5.6). The root cause is missing capability checks in the Maspik_spamlog_download_csv function, enabling authenticated users with subscriber-level access and above to export the spam log database, which may contain misclassified ...

4.3CVSS5.3AI score0.0023EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/10 6:38 a.m.6 views

CVE-2025-9979 Maspik <= 2.5.6 - Authenticated (Subscriber+) Missing Authorization to Spam Log Export

The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior. This is due to missing capability checks on the Maspikspamlogdownloadcsv function. This makes it possible for authenticated attackers, with subscriber-level access and above, to export and download...

4.3CVSS0.0023EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/10 6:38 a.m.2 views

CVE-2025-9979 Maspik <= 2.5.6 - Authenticated (Subscriber+) Missing Authorization to Spam Log Export

The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior. This is due to missing capability checks on the Maspikspamlogdownloadcsv function. This makes it possible for authenticated attackers, with subscriber-level access and above, to export and download...

4.3CVSS5.3AI score0.0023EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/28 4:24 a.m.6 views

CVE-2025-8977 Simple Download Monitor <= 3.9.33 - Simple Download Monitor <= 3.9.33 – Authenticated (Contributor+) SQL Injection via order parameter in Log Export functionality

The Simple Download Monitor plugin for WordPress is vulnerable to time-based SQL Injection via the order parameter in all versions up to, and including, 3.9.33 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00287EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/28 4:24 a.m.2 views

CVE-2025-8977 Simple Download Monitor <= 3.9.33 - Simple Download Monitor <= 3.9.33 – Authenticated (Contributor+) SQL Injection via order parameter in Log Export functionality

The Simple Download Monitor plugin for WordPress is vulnerable to time-based SQL Injection via the order parameter in all versions up to, and including, 3.9.33 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS7.6AI score0.00287EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 7:23 p.m.7 views

CVE-2021-24696

The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1 make admins export logs to exploit a separate log disclosure vulnerability fixed in 3.9.6, 2 delete logs fixed in 3.9.9, 3 remove thumbnail image from...

8.8CVSS6.6AI score0.0063EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:5 a.m.11 views

CVE-2018-19855

UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features...

5.5CVSS6.9AI score0.01089EPSS
Exploits1References1
Rows per page
Query Builder