Lucene search
K

5079 matches found

Positive Technologies
Positive Technologies
added 2025/07/04 12:0 a.m.6 views

PT-2025-27949 · Intelbras · Intelbras Incontrol

Name of the Vulnerable Software and Affected Versions: Intelbras InControl versions up to 2.21.60.9 Description: A vulnerability was found in Intelbras InControl, affecting unknown code of the file /v1/operador/. The manipulation leads to csv injection. The attack can be initiated remotely...

5.1CVSS4.1AI score0.0029EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2025/07/03 8:2 p.m.389 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Citrix Netscaler_Application_Delivery_Controller

CVE-2025-6543CitrixNetScalerPoC Multi-host, multi-port scann...

9.8CVSS7.4AI score0.09756EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2025/06/30 12:0 a.m.3 views

PT-2025-31397 · Undefined · Undefined

Уязвимость обработчика CSV-файлов программной платформы для разработки веб-приложений Django связана с неверным ограничением имени пути к каталогу с ограниченным доступом. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код путём внедрения его в...

9CVSS7.3AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/27 8:20 a.m.7 views

CVE-2024-51977

An unauthenticated attacker who can access either the HTTP service TCP port 80, the HTTPS service TCP port 443, or the IPP service TCP port 631, can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mntinfo.csv can be accessed via a GET request and no...

5.3CVSS7.3AI score0.7656EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/06/25 8:15 a.m.9 views

CVE-2024-51977

An unauthenticated attacker who can access either the HTTP service TCP port 80, the HTTPS service TCP port 443, or the IPP service TCP port 631, can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mntinfo.csv can be accessed via a GET request and no...

5.3CVSS7.3AI score0.7656EPSS
Exploits0References12Affected Software21
RedhatCVE
RedhatCVE
added 2025/06/25 12:53 a.m.4 views

CVE-2023-47295

A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings...

9.8CVSS8.2AI score0.00528EPSS
Exploits1References1
NVD
NVD
added 2025/06/23 4:15 p.m.8 views

CVE-2023-47295

A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings...

9.8CVSS0.00528EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/06/23 8:40 a.m.4 views

CVE-2025-50013

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jason Judge CSV Importer Improved csv-importer-improved allows Stored XSS.This issue affects CSV Importer Improved: from n/a through = 0.6.1...

5.9CVSS5.9AI score0.00218EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/23 12:0 a.m.5 views

CVE-2023-47295

A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings...

8.2AI score0.00528EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/06/23 12:0 a.m.14 views

CVE-2023-47295

A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings...

0.00528EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/06/23 12:0 a.m.4 views

PT-2025-26611 · Ncr · Ncr Terminal Handler

Name of the Vulnerable Software and Affected Versions: NCR Terminal Handler version 1.5.1 Description: A CSV injection issue allows attackers to execute arbitrary commands by injecting a crafted payload into any text field that accepts strings. Recommendations: For NCR Terminal Handler version...

9.8CVSS7.6AI score0.00528EPSS
Exploits1References6
CVE
CVE
added 2025/06/23 12:0 a.m.20 views

CVE-2023-47295

CVE-2023-47295 affects NCR Terminal Handler v1.5.1. The vulnerability is a CSV injection in exported data: attackers can inject a crafted payload into text fields and execute arbitrary commands. Per the CVE metadata, it has a CVSS v3.1 base score of 9.8 (CRITICAL) with Network attack vector, no p...

9.8CVSS7.7AI score0.00528EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2025/06/20 3:15 p.m.3 views

CVE-2025-50013

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jason Judge CSV Importer Improved csv-importer-improved allows Stored XSS.This issue affects CSV Importer Improved: from n/a through = 0.6.1...

5.9CVSS0.00218EPSS
Exploits0References1
CVE
CVE
added 2025/06/20 3:4 p.m.18 views

CVE-2025-50013

CVE-2025-50013 relates to the WordPress plugin CSV Importer Improved (versions

5.9CVSS5.9AI score0.00218EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/20 12:0 a.m.4 views

PT-2025-26370 · Unknown · Csv Importer Improved

Name of the Vulnerable Software and Affected Versions: CSV Importer Improved versions 0.6.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...

5.9CVSS6.1AI score0.00218EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/06/20 12:0 a.m.1 views

WordPress plugin CSV Importer Improved 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress CSV Importer Improved plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

5.9CVSS6AI score0.00218EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/06/19 4:29 p.m.6 views

WordPress CSV Importer Improved plugin <= 0.6.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Chu The Anh Blue Rock in WordPress Plugin CSV Importer Improved versions = 0.6.1...

5.9CVSS5.9AI score0.00218EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2025/06/18 9:37 a.m.3 views

Deserialization Of Untrusted Data

goodby-csv is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to insecure deserialization due to the presence of classes that can be used in a gadget chain enabling remote code execution when deserializing untrusted data in a vulnerable application...

3.9CVSS4.8AI score0.00213EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/06/18 9:21 a.m.8 views

CVE-2025-6086 CSV Me <= 2.0 - Authenticated (Administrator+) Arbitrary File Upload

The CSV Me plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'csvmeoptionspage' function in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload...

7.2CVSS0.00551EPSS
Exploits0References2
CVE
CVE
added 2025/06/18 9:21 a.m.23 views

CVE-2025-6086

CVE-2025-6086 affects the WordPress plugin CSV Me (versions up to and including 2.0). The vulnerability stems from insufficient file type validation in the csv_me_options_page function, allowing an authenticated attacker with Administrator+ privileges to upload arbitrary files on the server, with...

7.2CVSS7.3AI score0.00551EPSS
Exploits0References2
Rows per page
Query Builder