CVE-2025-11576

The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.6.5. This is due to insufficient sanitization in the 'newcodebytechatbotexportmessages' function. This makes it possible for...

CVE-2025-11576 AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant <= 1.6.5 - Unauthenticated CSV Injection

The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.6.5. This is due to insufficient sanitization in the 'newcodebytechatbotexportmessages' function. This makes it possible for...

EUVD-2025-35834

The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.6.5. This is due to insufficient sanitization in the 'newcodebytechatbotexportmessages' function. This makes it possible for...

CVE-2025-11576

CVE-2025-11576 affects the WordPress plugin AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant, versions up to and including 1.6.5. The root cause is insufficient sanitization in the function newcodebyte_chatbot_export_messages, allowing unauthenticated CSV injection that can...

FreeBSD : RT -- CSV injection (b374df95-afa8-11f0-b4c8-792b26d8a051)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b374df95-afa8-11f0-b4c8-792b26d8a051 advisory. Gareth Watkin-Jones from 4armed reports: RT is vulnerable to CSV injection via ticket values with speci...

CVE-2025-60852

CVE-2025-60852 is a CSV Injection vulnerability in Instant Developer Foundation before 25.0.9600. The root cause is insufficient sanitization of user-controlled input when generating CSV exports, allowing untrusted content to be included in the exported file. This can lead to code execution on th...

CVE-2025-60852

A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600. Applications built with affected versions of the framework did not properly sanitize user-controlled input before including it in CSV exports. This issue could lead to code execution on the system...

[SECURITY] [DSA 6032-1] request-tracker4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6032-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 22, 2025 https://www.debian.org/security/faq -...

[SECURITY] [DSA 6031-1] request-tracker5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6031-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 22, 2025 https://www.debian.org/security/faq -...

Debian dsa-6032 : request-tracker4 - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-6032 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6032-1 [email protected] https://www.debian.org/security/...

PT-2025-45645

Name of the Vulnerable Software and Affected Versions Request Tracker versions prior to 4.4.4+dfsg-2+deb11u5 Request Tracker versions prior to 4.4.6+dfsg-1.1+deb12u3 Request Tracker versions prior to 5.0.3+dfsg-3deb12u4 Request Tracker versions prior to 5.0.7+dfsg-4+deb13u1 Description Request...

CVE-2025-62417

Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula character for example =, +, -, or @ is accepted and later exported or saved into a CSV and opened in spreadsheet software, the spreadsheet will interpret that cell as a formula. This...

Exploit for SQL Injection in Valvepress Automatic

This is a PoC exploit for CVE-2024-27956, a vulnerability in the...

CVE-2025-34513

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbusbuildfromcsv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...

CVE-2025-34513

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbusbuildfromcsv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...

EUVD-2025-34801

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbusbuildfromcsv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...

CVE-2025-34513 Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated Command Injection

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbusbuildfromcsv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...

Ilevia EVE X1 Server 安全漏洞

Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server 4.7.18.0.eden and prior versions, which stems from the presence of an OS command injection in mbusbuildfromcsv.php, which could lead to the execution of arbitra...

📄 Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated Remote Command Injection

Ilevia EVE X1 Server versions 4.7.18.0.eden and below suffer from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the mbusfile and mbuscsv HTTP POST parameters through the /ajax/php/mbusbuildfromcsv.php script...

CVE-2025-11498

An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager SDM of B Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file. The exploitation of this vulnerability requires the attacker...