CSV Injection

Overview Affected versions of this package are vulnerable to CSV Injection in the CSV export functionality. An attacker can cause command execution or data exfiltration by injecting malicious formulas into exported fields, which are then executed when the CSV file is opened in spreadsheet softwar...

CVE-2026-27694

Traccar (org.traccar:traccar) versions 6.11.1–6.12.x are vulnerable to stored HTML injection in email notification templates. User-controlled device, geofence, and driver names are inserted into HTML output without proper escaping, allowing an attacker with low privileges to store crafted HTML th...

EUVD-2026-27309

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver names into HTML email output without proper escaping. An attacker with low privileges can store...

PT-2026-37033

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML...

CVE-2025-65235

OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function...

OpenCode USSD Gateway 安全漏洞

OpenCode USSD Gateway is an OpenCode open source gateway software for processing and managing USSD messages. A security vulnerability exists in OpenCode USSD Gateway version 6.13.11, which stems from an SQL injection in the ID parameter of the getSubUsersByProvider function...

CVE-2025-41074

LimeSurvey 6.13.0 has a vulnerability in the /optout endpoint causing infinite HTTP redirects, which can exhaust server/client resources and lead to DoS or degraded service. Affected product: LimeSurvey (LimeSurvey/limesurvey). Root cause: infinite redirect loop when accessing /optout. Impact: po...

PT-2025-47569

Name of the Vulnerable Software and Affected Versions LimeSurvey version 6.13.0 Description A flaw exists in LimeSurvey version 6.13.0 within the /optout endpoint that results in infinite HTTP redirects when directly accessed. This can be leveraged to create a Denial of Service DoS attack by...

Incus 安全漏洞

Incus is an LXC open source system container and virtual machine manager. A security vulnerability exists in Incus versions 6.12 and 6.13, which stems from a partial bypass of security options in the nftables rule, and could lead to DHCP pool exhaustion...

CVE-2023-32761

Cross Site Request Forgery CSRF vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to execute arbitrary code via a crafted request...

Orckestra C1 CMS 代码问题漏洞

C1 CMS is an open source web content management system CMS based on .NET. A deserialization vulnerability exists in versions of Orckestra C1 CMS prior to 6.13. An authenticated attacker can exploit this vulnerability to execute arbitrary code...

D-Link DAP-1360 Elevation of Privilege Vulnerability

The D-Link DAP-136 is a wireless network signal extender from AUO D-Link of Taiwan, China. A security vulnerability exists in the D-Link DAP-1360 all Fx hardware versions using firmware version v6.13EUb01 and earlier. An attacker could exploit the vulnerability to start a remote terminal protocol...