5079 matches found
PT-2025-27949 · Intelbras · Intelbras Incontrol
Name of the Vulnerable Software and Affected Versions: Intelbras InControl versions up to 2.21.60.9 Description: A vulnerability was found in Intelbras InControl, affecting unknown code of the file /v1/operador/. The manipulation leads to csv injection. The attack can be initiated remotely...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Citrix Netscaler_Application_Delivery_Controller
CVE-2025-6543CitrixNetScalerPoC Multi-host, multi-port scann...
PT-2025-31397 · Undefined · Undefined
Уязвимость обработчика CSV-файлов программной платформы для разработки веб-приложений Django связана с неверным ограничением имени пути к каталогу с ограниченным доступом. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код путём внедрения его в...
CVE-2024-51977
An unauthenticated attacker who can access either the HTTP service TCP port 80, the HTTPS service TCP port 443, or the IPP service TCP port 631, can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mntinfo.csv can be accessed via a GET request and no...
CVE-2024-51977
An unauthenticated attacker who can access either the HTTP service TCP port 80, the HTTPS service TCP port 443, or the IPP service TCP port 631, can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mntinfo.csv can be accessed via a GET request and no...
CVE-2023-47295
A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings...
CVE-2023-47295
A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings...
CVE-2025-50013
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jason Judge CSV Importer Improved csv-importer-improved allows Stored XSS.This issue affects CSV Importer Improved: from n/a through = 0.6.1...
CVE-2023-47295
A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings...
CVE-2023-47295
A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings...
PT-2025-26611 · Ncr · Ncr Terminal Handler
Name of the Vulnerable Software and Affected Versions: NCR Terminal Handler version 1.5.1 Description: A CSV injection issue allows attackers to execute arbitrary commands by injecting a crafted payload into any text field that accepts strings. Recommendations: For NCR Terminal Handler version...
CVE-2023-47295
CVE-2023-47295 affects NCR Terminal Handler v1.5.1. The vulnerability is a CSV injection in exported data: attackers can inject a crafted payload into text fields and execute arbitrary commands. Per the CVE metadata, it has a CVSS v3.1 base score of 9.8 (CRITICAL) with Network attack vector, no p...
CVE-2025-50013
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jason Judge CSV Importer Improved csv-importer-improved allows Stored XSS.This issue affects CSV Importer Improved: from n/a through = 0.6.1...
CVE-2025-50013
CVE-2025-50013 relates to the WordPress plugin CSV Importer Improved (versions
PT-2025-26370 · Unknown · Csv Importer Improved
Name of the Vulnerable Software and Affected Versions: CSV Importer Improved versions 0.6.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...
WordPress plugin CSV Importer Improved 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress CSV Importer Improved plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...
WordPress CSV Importer Improved plugin <= 0.6.1 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Chu The Anh Blue Rock in WordPress Plugin CSV Importer Improved versions = 0.6.1...
Deserialization Of Untrusted Data
goodby-csv is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to insecure deserialization due to the presence of classes that can be used in a gadget chain enabling remote code execution when deserializing untrusted data in a vulnerable application...
CVE-2025-6086 CSV Me <= 2.0 - Authenticated (Administrator+) Arbitrary File Upload
The CSV Me plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'csvmeoptionspage' function in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload...
CVE-2025-6086
CVE-2025-6086 affects the WordPress plugin CSV Me (versions up to and including 2.0). The vulnerability stems from insufficient file type validation in the csv_me_options_page function, allowing an authenticated attacker with Administrator+ privileges to upload arbitrary files on the server, with...