Lucene search
K

944 matches found

Cvelist
Cvelist
added 2026/06/15 12:47 p.m.34 views

CVE-2026-5242 Code Injection in Mia Technologies' Pizzy Library

Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

8.8CVSS0.00304EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 12:31 a.m.11 views

EUVD-2026-36670

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserialization. The attack is only possible with local access. The vendor was contacte...

8.5CVSS7.1AI score0.00137EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49236

Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

8.8CVSS5.3AI score0.00304EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 12:0 a.m.17 views

CVE-2026-39007

Technical details about CVE-2026-39007 are not publicly available in the provided documents. Monitor for updates from vendors and advisories.

7.5CVSS5.4AI score0.00375EPSS
Exploits0References1
CVE
CVE
added 2026/06/14 11:0 p.m.19 views

CVE-2026-12191

CVE-2026-12191 affects Comma AI Openpilot 0.11. The issue is a deserialization vulnerability in the pickle.loads/pickle.load usage inside selfdrive/modeld/modeld.py (Pickle Module). Exploitation requires local access. The CVSS metrics indicate high impact (confidentiality, integrity, availability...

8.5CVSS7.1AI score0.00137EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/14 11:0 p.m.8 views

CVE-2026-12191 Comma AI Openpilot Pickle modeld.py pickle.loads deserialization

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserialization. The attack is only possible with local access. The vendor was contacte...

8.5CVSS5.1AI score0.00137EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.12 views

PT-2026-49111

Name of the Vulnerable Software and Affected Versions Comma AI Openpilot version 0.11 Description An issue exists in the Pickle Module within the file selfdrive/modeld/modeld.py where the functions pickle.load and pickle.loads can be manipulated. This leads to deserialization, a process of...

8.5CVSS7.2AI score0.00137EPSS
Exploits0References8
OSV
OSV
added 2026/06/10 5:11 p.m.10 views

MGASA-2026-0193 Updated openssh packages fix security vulnerabilities

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode. CVE-2026-35385 In OpenSSH before 10.3, command execution can occur vi...

8.1CVSS6AI score0.00419EPSS
Exploits0References5
Veracode
Veracode
added 2026/06/10 4:47 p.m.9 views

CSV Injection

Poweradmin is vulnerable to CSV Injection. The vulnerability is due to improper sanitization of user-controlled data before exporting it to CSV files, which allows an attacker to inject malicious spreadsheet formulas that execute when an administrator opens the exported file...

6.9CVSS5.6AI score0.00229EPSS
Exploits0References5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 2:57 p.m.9 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in qs-6.14.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in qs-6.14.2.tgz Vulnerability Details CVEID:CVE-2026-8723 DESCRIPTION: Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is...

6.3CVSS5.5AI score0.00351EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/08 11:4 p.m.12 views

GHSA-3H6H-67X3-CV5X Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications

Description: Summary Poweradmin v4.4.0 is vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing formula trigger characters =, +, -, @. When an administrator export...

6.9CVSS5.5AI score0.00229EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/07 8:59 a.m.15 views

CVE-2026-9673

A flaw was found in json-2-csv. An attacker can bypass the preventCsvInjection option to inject malicious formulas into CSV Comma Separated Values files. When these manipulated CSV files are opened in spreadsheet applications, the injected formulas can execute, potentially leading to arbitrary co...

7CVSS5.8AI score0.00166EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.13 views

CVE-2026-11333

A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unknown function of the file dashboardpage/forms/uploadstudentdata.php of the component Student Data...

6.5CVSS5.2AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.15 views

CVE-2026-21741

An URL Redirection to Untrusted Site 'Open Redirect' vulnerability CWE-601 vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may allow a remote privileged attacker with system administrator role to redirect users to an arbitrary...

4.8CVSS5.6AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.11 views

CVE-2025-52612

HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters...

8.8CVSS5.2AI score0.00199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.11 views

CVE-2026-8723

Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...

6.3CVSS5.5AI score0.00351EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-4345

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...

7.1CVSS5.9AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.9 views

CVE-2026-40113

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openaimodel, openaikey, and openaibase without validating that these values do not contain commas. gcloud use...

8.4CVSS5.6AI score0.00231EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.16 views

CVE-2026-39414

MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function...

7.1CVSS5.4AI score0.00485EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 2:50 p.m.31 views

CVE-2026-11362

DataDog::DogStatsd for Perl versions through 0.07 is vulnerable to metric injections via event tags. The root cause is the format_event method not validating tag content, allowing commas, newlines, pipes and colons in tags; an ineffective pipe-removal attempt (s/|//g) due to unescaped pipe being ...

9.8CVSS5.4AI score0.00447EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder