Lucene search
K

52 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-55452

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

7.3CVSS0.00269EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/22 9:42 p.m.8 views

@actual-app/cli `--format csv` Output Vulnerable to CSV Formula Injection via Custom `escapeCsv` Helper

Summary @actual-app/cli ships a hand-rolled CSV serializer in packages/cli/src/output.ts used whenever the global --format csv option is passed whose escapeCsv helper only handles RFC 4180 delimiter/quote/newline escaping. It does not neutralize the standard CSV formula-injection prefixes =, +, -...

4.6CVSS6.1AI score0.00188EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/15 12:47 p.m.12 views

EUVD-2026-36719

Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

8.8CVSS5.3AI score0.00304EPSS
Exploits0References1
Fedora
Fedora
added 2026/04/24 12:55 a.m.10 views

[SECURITY] Fedora 43 Update: rpki-client-9.8-1.fc43

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...

5.4AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/02/27 12:24 a.m.16 views

SUSE CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8CVSS6AI score0.00534EPSS
Exploits0References5
NVD
NVD
added 2026/02/26 1:16 a.m.16 views

CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS0.00534EPSS
Exploits0References14
OSV
OSV
added 2026/02/26 1:16 a.m.7 views

DEBIAN-CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS8.1AI score0.00534EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/26 12:45 a.m.34 views

CVE-2026-27830 c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS0.00534EPSS
Exploits0References5
CVE
CVE
added 2026/02/26 12:45 a.m.127 views

CVE-2026-27830

CVE-2026-27830 affects the c3p0 JDBC connection pool. Before 0.12.0, the property userOverridesAsString was stored as a hex-encoded serialized object, enabling an attacker to reset it and trigger deserialization that could load code from a remote factoryClassLocation via embedded JNDI references....

8.9CVSS6.1AI score0.00534EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2026/02/26 12:45 a.m.5 views

CVE-2026-27830 c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS7.4AI score0.00534EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/26 12:45 a.m.5 views

CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS6.2AI score0.00534EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/02/26 12:45 a.m.6 views

CVE-2026-27830 c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS6.2AI score0.00534EPSS
Exploits0References16
Debian CVE
Debian CVE
added 2026/02/26 12:45 a.m.5 views

CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS8.1AI score0.00534EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/02/26 12:0 a.m.6 views

CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS6.2AI score0.00534EPSS
Exploits0References6
Fedora
Fedora
added 2026/01/22 1:8 a.m.6 views

[SECURITY] Fedora 43 Update: rpki-client-9.7-1.fc43

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...

5.9AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2017-2437

Malware in sbrugna...

6.5CVSS6.5AI score0.01588EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-20528

Malware in sbrugna...

7.2CVSS6AI score0.01027EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2016-1303

Malware in sbrugna...

4.8CVSS5.1AI score0.00904EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-5932

Malware in sbrugna...

5.3CVSS5.5AI score0.01516EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-8180

Malware in sbrugna...

5.8CVSS5.4AI score0.00591EPSS
Exploits0References3
Rows per page
Query Builder