83 matches found
PT-2025-52564
Name of the Vulnerable Software and Affected Versions Versa SASE Client for Windows versions 7.8.7 through 7.9.4 Description The software contains a local privilege escalation issue in the audit log export functionality. The client sends user-controlled file paths to a privileged service, which...
CVE-2023-53905
ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into user profile names. Attackers can craft payloads like =calc|a!z| in the name field to trigger code execution when administrators export action logs as CSV files...
EUVD-2021-11608
Malware in sbrugna...
EUVD-2018-11530
Malware in sbrugna...
EUVD-2016-9915
Malware in sbrugna...
EUVD-2016-1732
Malware in sbrugna...
EUVD-2025-29051
Malicious code in bioql PyPI...
CVE-2025-10319
A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been...
CVE-2025-10319
A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been...
CVE-2025-10319 JeecgBoot Tenant Log Export exportLog improper authorization
A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been...
CVE-2025-10319
JeecgBoot is affected up to version 3.8.2 due to improper authorization in the Tenant Log Export component, specifically the /sys/tenant/exportLog path. A remote attack is possible and the exploit has been publicly released. Multiple sources (Red Hat, CNNVD, PT Security, CVE records) corroborate ...
PT-2025-37320
Name of the Vulnerable Software and Affected Versions: JeecgBoot versions prior to 3.8.2 Description: A security flaw has been discovered in JeecgBoot related to improper authorization within the Tenant Log Export component. The issue affects the file /sys/tenant/exportLog. This manipulation can ...
CVE-2025-9979
The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior. This is due to missing capability checks on the Maspikspamlogdownloadcsv function. This makes it possible for authenticated attackers, with subscriber-level access and above, to export and download...
CVE-2025-9979
CVE-2025-9979 concerns the Maspik WordPress plugin (versions up to 2.5.6). The root cause is missing capability checks in the Maspik_spamlog_download_csv function, enabling authenticated users with subscriber-level access and above to export the spam log database, which may contain misclassified ...
CVE-2025-9979 Maspik <= 2.5.6 - Authenticated (Subscriber+) Missing Authorization to Spam Log Export
The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior. This is due to missing capability checks on the Maspikspamlogdownloadcsv function. This makes it possible for authenticated attackers, with subscriber-level access and above, to export and download...
CVE-2025-9979 Maspik <= 2.5.6 - Authenticated (Subscriber+) Missing Authorization to Spam Log Export
The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior. This is due to missing capability checks on the Maspikspamlogdownloadcsv function. This makes it possible for authenticated attackers, with subscriber-level access and above, to export and download...
CVE-2025-8977 Simple Download Monitor <= 3.9.33 - Simple Download Monitor <= 3.9.33 – Authenticated (Contributor+) SQL Injection via order parameter in Log Export functionality
The Simple Download Monitor plugin for WordPress is vulnerable to time-based SQL Injection via the order parameter in all versions up to, and including, 3.9.33 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2025-8977 Simple Download Monitor <= 3.9.33 - Simple Download Monitor <= 3.9.33 – Authenticated (Contributor+) SQL Injection via order parameter in Log Export functionality
The Simple Download Monitor plugin for WordPress is vulnerable to time-based SQL Injection via the order parameter in all versions up to, and including, 3.9.33 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2021-24696
The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1 make admins export logs to exploit a separate log disclosure vulnerability fixed in 3.9.6, 2 delete logs fixed in 3.9.9, 3 remove thumbnail image from...
CVE-2018-19855
UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features...