PT-2025-34444 · Microsoft +1 · Office Excel +1

Name of the Vulnerable Software and Affected Versions: UnoPim versions prior to 0.3.1 Description: UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Versions 0.3.0 and prior are susceptible to CSV injection, also known as formula injection, in the...

CVE-2025-55398

An issue was discovered in mouse07410 asn1c thru 0.9.29 2025-03-20 - a fork of vlm asn1c. In UPER Unaligned Packed Encoding Rules, asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits in length, potentially allowing incorrect or malicious inp...

CLSA-2025-1755791708 Update of linux-firmware

Addition AMD CPU microcode for processor family 0x19: cpuid:0x00A70FC0ver:0x0A70C005, cpuid:0x00A70F52ver:0x0A705206, cpuid:0x00A00F82ver:0x0A00820C, cpuid:0x00A40F41ver:0x0A404107, cpuid:0x00A70F80ver:0x0A708007, cpuid:0x00A20F10ver:0x0A20102D, cpuid:0x00A70F41ver:0x0A704107,...

go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data

Summary Use of this library in a security-critical context may result in leaking sensitive information, if used to process sensitive fields. Details OpenBao and presumably HashiCorp Vault have surfaced error messages from mapstructure as follows:...

CVE-2025-9241 elunez eladmin exportUser csv injection

A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited...

CVE-2025-9241

CVE-2025-9241 affects elunez eladmin up to version 2.7. The vulnerability resides in the exportUser function, which does not escape/export CSV content, enabling CSV injection. Exploitation can be remote and public exploits exist. Multiple connected sources corroborate the issue and identify the s...

CVE-2025-9241 elunez eladmin exportUser csv injection

A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited...

PT-2025-34151 · Unknown · Elunez Eladmin

Name of the Vulnerable Software and Affected Versions: elunez eladmin versions prior to 2.8 Description: A weakness has been identified in the exportUser function, which can lead to CSV injection. The attack can be initiated remotely and the exploit has been made publicly available...

Linux Distros Unpatched Vulnerability : CVE-2020-26971

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firef...

CVE-2025-38579

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix KMSAN uninit-value in extentinfo usage KMSAN reported a use of uninitialized value in isextentmergeable and isbackmergeable via the read extent tree path. The root cause is that getreadextentinfo only initializes three...

Sensitive Information Disclosure

OpenSearch is vulnerable to Sensitive Information Disclosure. The vulnerability is due to redacted values being retrievable through range queries and the fields option in the search API...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the presence of uninitialized values in the use of extrainfo, which could lead to undefined behavior...

📄 nopCommerce 4.10 / 4.80.3 CSV Injection

nopCommerce versions 4.10 and 4.80.3 are vulnerable to CSV injection Formula Injection when exporting data to CSV. The application does not properly sanitize user-supplied input before including it in CSV export files. nopCommerce versions v4.10 and v4.80.3 are vulnerable to CSV Injection Formula...

Linux Distros Unpatched Vulnerability : CVE-2024-10603

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in som...

GO-2025-3887 Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion in helm.sh/helm

Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion in helm.sh/helm...

BIT-POSTGRESQL-2025-8713 PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table

PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this...

Linux Distros Unpatched Vulnerability : CVE-2020-8518

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. CVE-2020-8518 Note that Nessus...

Linux Distros Unpatched Vulnerability : CVE-2020-6838

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In mruby 2.1.0, there is a use-after-free in hashvaluesat in mrbgems/mruby-hash-ext/src/hash-ext.c. CVE-2020-6838 Note that Nessus relies on the presence of the...

CVE-2025-38532

In the Linux kernel, the following vulnerability has been resolved: net: libwx: properly reset Rx ring descriptor When device reset is triggered by feature changes such as toggling Rx VLAN offload, wx-doreset is called to reinitialize Rx rings. The hardware descriptor ring may retain stale values...

UBUNTU-CVE-2025-38532

In the Linux kernel, the following vulnerability has been resolved: net: libwx: properly reset Rx ring descriptor When device reset is triggered by feature changes such as toggling Rx VLAN offload, wx-doreset is called to reinitialize Rx rings. The hardware descriptor ring may retain stale values...