5059 matches found
CVE-2019-25360
Aida64 Engineer 6.10.5200 contains a buffer overflow vulnerability in the CSV logging configuration that allows attackers to execute malicious code by crafting a specially designed payload. Attackers can exploit the vulnerability by creating a malformed log file with carefully constructed SEH...
CVE-2019-25360 Aida64 6.10.5200 - Buffer Overflow
Aida64 Engineer 6.10.5200 contains a buffer overflow vulnerability in the CSV logging configuration that allows attackers to execute malicious code by crafting a specially designed payload. Attackers can exploit the vulnerability by creating a malformed log file with carefully constructed SEH...
CVE-2019-25360 Aida64 6.10.5200 - Buffer Overflow
Aida64 Engineer 6.10.5200 contains a buffer overflow vulnerability in the CSV logging configuration that allows attackers to execute malicious code by crafting a specially designed payload. Attackers can exploit the vulnerability by creating a malformed log file with carefully constructed SEH...
CVE-2026-1317
The WP Import – Ultimate CSV XML Importer for WordPress plugin is affected by a SQL Injection in all versions up to 7.37 due to insufficient escaping of the file_name parameter, which is stored in the database during file upload and later used in raw SQL queries. This requires an authenticated us...
WordPress plugin WP Import – Ultimate CSV XML Importer for WordPress SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
FinalWire Aida64 Engineer 安全漏洞
FinalWire Aida64 Engineer is a system information diagnosis and benchmarking tool provided by FinalWire Corporation. Version 6.10.5200 of FinalWire Aida64 Engineer contains a security vulnerability. This vulnerability stems from a buffer overflow in the CSV log configuration, which may allow remo...
WordPress Tune Library plugin <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via CSV Import vulnerability
Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting via CSV Import vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Tune Library versions = 1.6.3...
CVE-2026-2184
A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be...
CVE-2026-2184
A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be...
CVE-2026-2184
A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be...
CVE-2026-2184 Great Developers Certificate Generation System csv.php os command injection
A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be...
CVE-2026-2184 Great Developers Certificate Generation System csv.php os command injection
A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be...
PT-2026-7018
Name of the Vulnerable Software and Affected Versions Great Developers Certificate Generation System versions prior to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73 Description A flaw exists in Great Developers Certificate Generation System that allows for operating system command injection. The issue...
Certificate Generation System 代码问题漏洞
Certificate Generation System is an open-source web-based certificate generation system developed by Great Developers. The Certificate Generation System has a code vulnerability that stems from incorrect operations with the /restructured/csv.php file, which may lead to unlimited uploads...
PT-2026-7015
Name of the Vulnerable Software and Affected Versions Great Developers Certificate Generation System affected versions not specified Description A security issue exists in Great Developers Certificate Generation System. The issue involves unrestricted upload due to manipulation of the file...
Certificate Generation System 操作系统命令注入漏洞
Certificate Generation System is an open-source web-based certificate generation system developed by Great Developers. The Certificate Generation System has a vulnerability related to operating system command injection, which stems from incorrect handling of the parameter “photo” in the file...
CVE-2026-1401
The Tune Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via CSV import in all versions up to, and including, 1.6.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
CVE-2026-1401 Tune Library <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via CSV Import
The Tune Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via CSV import in all versions up to, and including, 1.6.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
CVE-2026-1401
The CVE-2026-1401 issue affects the Tune Library WordPress plugin (versions up to and including 1.6.3). It is a Stored Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping on user-supplied attributes during CSV import, compounded by missing authorization checks....
WordPress plugin Tune Library 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...