4 matches found
CSV Injection
Overview @actual-app/api is an An API for Actual Affected versions of this package are vulnerable to CSV Injection in the exportToCSV and exportQueryToCSV processes, where user-controlled input from fields such as Payee and Notes is passed to CSV export without neutralizing formula-triggering...
CVE-2026-5568
A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the...
Allocation of Resources Without Limits or Throttling
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to lack of note length validation. An attacker can cause permanent corruption of issue activity logs and disrupt collaboration by...
EUVD-2024-3233
Malicious code in bioql PyPI...