CVE-2026-27644 traccar allows CSV formula injection via exported position data

Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...

CVE-2025-9571

CVE-2025-9571 is a remote code execution vulnerability in Google Cloud Data Fusion. An attacker with permission to upload artifacts to a Data Fusion instance can execute arbitrary code in the core AppFabric component, potentially gaining control of the Data Fusion instance and leading to unauthor...

PT-2025-50308

A remote code execution RCE vulnerability exists in Google Cloud Data Fusion. A user with permissions to upload artifacts to a Data Fusion instance can execute arbitrary code within the core AppFabric component. This could allow the attacker to gain control over the Data Fusion instance,...

Fedora: Security Advisory (FEDORA-2024-727ecb90c7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2024-30260

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch, but did not clear them for undici.request. This vulnerability was patched in versions 5.28.4 and 6.11.1...

CVE-2024-30260 Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch, but did not clear them for undici.request. This vulnerability was patched in versions 5.28.4 and 6.11.1...

CVE-2024-30261

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...

AZL-39773 CVE-2024-30261 affecting package nodejs for versions less than 20.14.0-1

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...

DEBIAN-CVE-2024-30261

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...

@0cfg/rpc-common (>=0.0.1 <=0.1.3), @0cfg/rpc-node (>=0.0.1 <=0.1.3) +302 more potentially affected by CVE-2022-25878 via protobufjs (>=6.11.1 <=6.11.2)

protobufjs NPM version =6.11.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.11, =0.0.2, =0.1.0, =4.0.0, =1.0.0, =0.4.21, =1.0.3, =0.1.0, =0.1.0, =0.4.115, =0.5.167 - @atomist/npm-release-skill =0.1.1-110 and more Source cves: CVE-2022-25878 Source advisory: OSV:GHSA-G954-5HWP-PP24...