5079 matches found
CVE-2025-4546
CVE-2025-4546 affects 1Panel-dev MaxKB, specifically the Knowledge Base Module up to version 1.10.7. The issue enables csv injection via an unknown functionality in the Knowledge Base Module, with remote exploitation possible. Upgrading to version 1.10.8 addresses the vulnerability. If applying r...
CVE-2025-4546 1Panel-dev MaxKB Knowledge Base Module csv injection
A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Knowledge Base Module. The manipulation leads to csv injection. The attack can be launched remotely. The exploit has been...
PT-2025-20668 · Unknown · 1Panel-Dev Maxkb
Name of the Vulnerable Software and Affected Versions: 1Panel-dev MaxKB versions up to 1.10.7 Description: A critical issue was found in the Knowledge Base Module component, leading to csv injection. This issue can be exploited remotely. The estimated number of potentially affected devices...
Exploit for CVE-2025-4190
CVE-2025-4190 — WordPress CSV Mass Importer ≤ 1.2 Arbitrary Fi...
WordPress CSV Mass Importer 1.2 Shell Upload
WordPress CSV Mass Importer plugin versions 1.2 and below suffer from a remote shell upload vulnerability...
Deserialization of Untrusted Data
Overview rtc-tools is a Toolbox for control and optimization of water systems. Affected versions of this package are vulnerable to Deserialization of Untrusted Data rough cashing in pickle module in csvlookuptablemixin.py. An attacker could potentially execute arbitrary code by exploiting the...
CVE-2025-3975
A vulnerability was found in ScriptAndTools eCommerce-website-in-PHP 3.0 and classified as problematic. This issue affects some unknown processing of the file /admin/subscriber-csv.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been...
[SECURITY] Fedora 40 Update: rpki-client-9.5-1.fc40
The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...
BIT-GHOST-2024-34448
Ghost before 5.82.0 allows CSV Injection during a member CSV export...
Security Bulletin: IBM Aspera Console has addressed multiple vulnerabilities (CVE-2024-38477, CVE-2021-38963, CVE-2024-38475, CVE-2024-38474)
Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Aspera Console 3.4.5. Vulnerability Details CVEID:CVE-2024-38477 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in modproxy. By sendi...
CVE-2025-1912
The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the validatefile Function. This makes it possible for authenticated attackers, with Administrator-level...
Exploit for CVE-2025-30208
中文 | English Vite Dev Server Vulnerability...
Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to CSV injection (CVE-2022-35281)
Summary IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to CSV injection. Vulnerability Details CVEID:CVE-2022-35281 DESCRIPTION: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are...
WordPress CSV to Responsive Tables plugin <= 5.1 - CSRF to Privilege Escalation vulnerability
CSRF to Privilege Escalation vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin CSV to Responsive Tables versions = 5.1...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview gluoncv is a Gluon CV Toolkit Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the fromcsv function in ImageClassificationDataset. An attacker can overwrite files on the victim's system by using this function to extract maliciou...
CVE-2024-10569
A vulnerability in the dataframe component of gradio-app/gradio version git 98cbcae allows for a zip bomb attack. The component uses pd.readcsv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server...
1Password - Enterprise Password Manager: #**CSV Injection in shared passwords leads to complete Private Vault Exfiltration**
Vulnerability description not provided...
CVE-2024-13906
The Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.7.3 via deserialization of untrusted input in the 'importgalleryfromcsv' function. This makes it possible for...
CSV Injection
org.apache.ranger, security-admin-web is vulnerable to CSV Injection. The vulnerability is due to improper neutralization of formula elements due to insufficient sanitization of exported CSV data, allowing malicious formulas to execute when opened in a spreadsheet application...
CVE-2024-55532
Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue...