Mahara 安全漏洞

Mahara is a free open source web-based ePortfolio management system from Mahara. A security vulnerability exists in Mahara versions 23.04.8 and 24.04.4, which stems from an external RSS feed link attribute containing malicious values that could lead to a cross-site scripting attack...

Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway

Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is...

CVE-2025-51281

D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via the en, val and id parameters in the qjasp function. This vulnerability allows authenticated attackers to cause a Denial of Service DoS by sending crafted GET requests with overly long values for these parameters...

CVE-2024-39923

An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting XSS due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in...

PT-2025-34609 · Mahara · Mahara

Name of the Vulnerable Software and Affected Versions: Mahara versions 23.04 through 23.04.7 Mahara versions 24.04 through 24.04.2 Description: An issue exists in Mahara where the About, Contact, and Help footer links are susceptible to Cross Site Scripting XSS due to insufficient input...

CVE-2024-39923

CVE-2024-39923 affects Mahara, specifically versions Mahara 23.04 before 23.04.7 and 24.04 before 24.04.2. The issue stems from the About, Contact, and Help footer links not being sanitised, allowing cross-site scripting (XSS). The links are configurable by an administrator but are clickable by a...

Mahara 安全漏洞

Mahara is a free and open source web-based ePortfolio management system from Mahara. A security vulnerability exists in Mahara versions prior to 24.04.2 and prior to 23.04.7, which stems from an uncleaned About, Contact, and Help footer link values that could lead to a cross-site scripting attack...

Linux Distros Unpatched Vulnerability : CVE-2014-8958

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated...

Linux Distros Unpatched Vulnerability : CVE-2016-6623

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service DoS attack on a server by passing large values to a loop. All 4.6.x...

CVE-2025-55745

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported...

CVE-2025-9241

A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited...

CVE-2025-55745

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported...

CSV Injection

Overview Affected versions of this package are vulnerable to CSV Injection via the Quick Export process. An attacker can execute arbitrary commands on the victim's machine by injecting malicious formulas into fields that are later exported to CSV and opened in spreadsheet applications. This is on...

GHSA-74RG-6F92-G6WX UnoPim has CSV Injection on Quick Export feature

Summary Description: CSV Injection or Formula Injection is a security vulnerability that occurs when malicious content is inserted into a CSV Comma-Separated Values file, which is then opened in a spreadsheet application like Microsoft Excel. This attack exploits the way spreadsheet software...

UnoPim has CSV Injection on Quick Export feature

Summary Description: CSV Injection or Formula Injection is a security vulnerability that occurs when malicious content is inserted into a CSV Comma-Separated Values file, which is then opened in a spreadsheet application like Microsoft Excel. This attack exploits the way spreadsheet software...

CVE-2025-55745

CVE-2025-55745 affects UnoPim (Laravel-based PIM). Versions 0.3.0 and earlier are vulnerable to CSV/Formula Injection in Quick Export, allowing malicious content in exported CSVs to be interpreted as formulas, potentially enabling remote code execution (including reverse shells). Remediation: upg...

CVE-2025-55745 UnoPim Quick Export feature is vulnerable to CSV injection

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported...

CVE-2025-55745 UnoPim Quick Export feature is vulnerable to CSV injection

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported...

PT-2025-34444 · Microsoft +1 · Office Excel +1

Name of the Vulnerable Software and Affected Versions: UnoPim versions prior to 0.3.1 Description: UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Versions 0.3.0 and prior are susceptible to CSV injection, also known as formula injection, in the...

CVE-2025-55398

An issue was discovered in mouse07410 asn1c thru 0.9.29 2025-03-20 - a fork of vlm asn1c. In UPER Unaligned Packed Encoding Rules, asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits in length, potentially allowing incorrect or malicious inp...