6753 matches found
[SECURITY] [DSA 6032-1] request-tracker4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6032-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 22, 2025 https://www.debian.org/security/faq -...
PT-2025-45645
Name of the Vulnerable Software and Affected Versions Request Tracker versions prior to 4.4.4+dfsg-2+deb11u5 Request Tracker versions prior to 4.4.6+dfsg-1.1+deb12u3 Request Tracker versions prior to 5.0.3+dfsg-3deb12u4 Request Tracker versions prior to 5.0.7+dfsg-4+deb13u1 Description Request...
EUVD-2022-54957
In the Linux kernel, the following vulnerability has been resolved: can: isotp: sanitize CAN ID checks in isotpbind Syzbot created an environment that lead to a state machine status that can not be reached with a compliant CAN ID address configuration. The provided address information consisted o...
YouTube-Scraper-POC
What this repo is The code in this repository is a proof of...
GHSA-JQRP-58FV-W8CQ bagisto has CSV Formula Injection in Create New Product
Summary When product data that begins with a spreadsheet formula character for example =, +, -, or @ is accepted and later exported or saved into a CSV and opened in spreadsheet software, the spreadsheet will interpret that cell as a formula. This allows an attacker to supply a CSV field e.g.,...
bagisto has CSV Formula Injection in Create New Product
Summary When product data that begins with a spreadsheet formula character for example =, +, -, or @ is accepted and later exported or saved into a CSV and opened in spreadsheet software, the spreadsheet will interpret that cell as a formula. This allows an attacker to supply a CSV field e.g.,...
CVE-2025-62417
Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula character for example =, +, -, or @ is accepted and later exported or saved into a CSV and opened in spreadsheet software, the spreadsheet will interpret that cell as a formula. This...
CVE-2025-62417 bagisto - CSV Formula Injection in Create New Product
Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula character for example =, +, -, or @ is accepted and later exported or saved into a CSV and opened in spreadsheet software, the spreadsheet will interpret that cell as a formula. This...
CVE-2025-62417
Bagisto (open-source Laravel eCommerce platform) is affected by CVE-2025-62417 due to improper handling of leading spreadsheet formula characters (e.g., =, +, -, @) in CSV data, allowing formulas to be interpreted when a CSV is opened in spreadsheet software. This leads to potential data exfiltra...
CVE-2025-61907 Icinga 2 API users could access restricted values in filter expressions
Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...
CVE-2025-61907
CVE-2025-61907 affects Icinga 2. Versions 2.4–2.15.0 allow authenticated API users to exploit filter expressions on /v1/objects endpoints to access variables and objects that should be restricted by permissions. The root cause is improper exposure of hidden data through filter evaluation, enablin...
CVE-2025-61789 Icinga DB Web hidden/protected custom variables are prone to filter enumeration
Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...
Deserialization Of Untrusted Data
monai is vulnerable to Unsafe Deserialization. The vulnerability is due to the pickleoperations function automatically deserializing dictionary key-value pairs with a specific suffix without any validation, An attackers can supply crafted pickle payloads to execute arbitrary code when those value...
DEBIAN-CVE-2025-11683
YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read The issue is seen with complex YAML files with a has...
Hidden/Protected custom variables are prone to filter enumeration
Icinga reports: An authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values assigned to it...
Improper Authorization
TYPO3 CMS is vulnerable to Improper Authorization. The vulnerability is due to missing authorization checks in the CSV download feature, which allows an attacker to disclose information from arbitrary database tables within a user’s web mounts without having proper access...
EUVD-2025-34509
Malicious code in csv-parsing-xyz npm...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: squashfs: harden sanity check in squashfsreadxattridtable While mounting a corrupted filesystem, a signed integer 'xattrids' can become less than zero. This leads to the incorrect computation of 'len' and 'indexes' values which c...
CVE-2025-11498
An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager SDM of B&R Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file. The exploitation of this vulnerability requires the attack...
CVE-2025-11498 CSV Formula Injection Vulnerability
An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager SDM of B&R Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file. The exploitation of this vulnerability requires the attack...