Lucene search
K

5079 matches found

CVE
CVE
added 2025/05/11 8:0 p.m.85 views

CVE-2025-4546

CVE-2025-4546 affects 1Panel-dev MaxKB, specifically the Knowledge Base Module up to version 1.10.7. The issue enables csv injection via an unknown functionality in the Knowledge Base Module, with remote exploitation possible. Upgrading to version 1.10.8 addresses the vulnerability. If applying r...

8.8CVSS7.5AI score0.00532EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/05/11 8:0 p.m.30 views

CVE-2025-4546 1Panel-dev MaxKB Knowledge Base Module csv injection

A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Knowledge Base Module. The manipulation leads to csv injection. The attack can be launched remotely. The exploit has been...

5.8CVSS0.00532EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/05/11 12:0 a.m.4 views

PT-2025-20668 · Unknown · 1Panel-Dev Maxkb

Name of the Vulnerable Software and Affected Versions: 1Panel-dev MaxKB versions up to 1.10.7 Description: A critical issue was found in the Knowledge Base Module component, leading to csv injection. This issue can be exploited remotely. The estimated number of potentially affected devices...

8.8CVSS4.8AI score0.00532EPSS
Exploits1References11
GithubExploit
GithubExploit
added 2025/05/07 10:56 a.m.486 views

Exploit for CVE-2025-4190

CVE-2025-4190 — WordPress CSV Mass Importer ≤ 1.2 Arbitrary Fi...

7.2CVSS8AI score0.00489EPSS
Exploits3
Packet Storm News
Packet Storm News
added 2025/05/07 12:0 a.m.12 views

WordPress CSV Mass Importer 1.2 Shell Upload

WordPress CSV Mass Importer plugin versions 1.2 and below suffer from a remote shell upload vulnerability...

7.2CVSS7.6AI score0.00489EPSS
Exploits3
Snyk
Snyk
added 2025/05/01 6:33 a.m.5 views

Deserialization of Untrusted Data

Overview rtc-tools is a Toolbox for control and optimization of water systems. Affected versions of this package are vulnerable to Deserialization of Untrusted Data rough cashing in pickle module in csvlookuptablemixin.py. An attacker could potentially execute arbitrary code by exploiting the...

9.8CVSS8.1AI score
Exploits0References3
OSV
OSV
added 2025/04/27 4:15 p.m.4 views

CVE-2025-3975

A vulnerability was found in ScriptAndTools eCommerce-website-in-PHP 3.0 and classified as problematic. This issue affects some unknown processing of the file /admin/subscriber-csv.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been...

6.9CVSS4.9AI score0.00602EPSS
Exploits1References4
Fedora
Fedora
added 2025/04/21 1:41 a.m.8 views

[SECURITY] Fedora 40 Update: rpki-client-9.5-1.fc40

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...

7.3AI score
Exploits0
OSV
OSV
added 2025/04/19 7:10 a.m.6 views

BIT-GHOST-2024-34448

Ghost before 5.82.0 allows CSV Injection during a member CSV export...

8.8CVSS7.5AI score0.00723EPSS
Exploits2References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:56 a.m.55 views

Security Bulletin: IBM Aspera Console has addressed multiple vulnerabilities (CVE-2024-38477, CVE-2021-38963, CVE-2024-38475, CVE-2024-38474)

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Aspera Console 3.4.5. Vulnerability Details CVEID:CVE-2024-38477 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in modproxy. By sendi...

9.8CVSS9.6AI score0.99957EPSS
Exploits1Affected Software5
OSV
OSV
added 2025/03/26 12:15 p.m.2 views

CVE-2025-1912

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the validatefile Function. This makes it possible for authenticated attackers, with Administrator-level...

7.6CVSS7.3AI score0.00353EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2025/03/26 10:26 a.m.515 views

Exploit for CVE-2025-30208

中文 | English Vite Dev Server Vulnerability...

6CVSS6.9AI score0.76736EPSS
Exploits33
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:29 a.m.37 views

Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to CSV injection (CVE-2022-35281)

Summary IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to CSV injection. Vulnerability Details CVEID:CVE-2022-35281 DESCRIPTION: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are...

8.8CVSS7AI score0.00505EPSS
Exploits0Affected Software11
Patchstack
Patchstack
added 2025/03/24 4:47 p.m.5 views

WordPress CSV to Responsive Tables plugin <= 5.1 - CSRF to Privilege Escalation vulnerability

CSRF to Privilege Escalation vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin CSV to Responsive Tables versions = 5.1...

9.8CVSS7AI score0.00346EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2025/03/20 10:51 a.m.7 views

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview gluoncv is a Gluon CV Toolkit Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the fromcsv function in ImageClassificationDataset. An attacker can overwrite files on the victim's system by using this function to extract maliciou...

7.1CVSS7.9AI score0.00293EPSS
Exploits0References2
OSV
OSV
added 2025/03/20 10:15 a.m.3 views

CVE-2024-10569

A vulnerability in the dataframe component of gradio-app/gradio version git 98cbcae allows for a zip bomb attack. The component uses pd.readcsv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server...

7.5CVSS5.8AI score0.0061EPSS
Exploits1References1
Hacker One
Hacker One
added 2025/03/18 8:41 a.m.964 views

1Password - Enterprise Password Manager: #**CSV Injection in shared passwords leads to complete Private Vault Exfiltration**

Vulnerability description not provided...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/09 7:47 a.m.20 views

CVE-2024-13906

The Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.7.3 via deserialization of untrusted input in the 'importgalleryfromcsv' function. This makes it possible for...

7.2CVSS7.1AI score0.00651EPSS
Exploits0References1
Veracode
Veracode
added 2025/03/06 6:0 a.m.6 views

CSV Injection

org.apache.ranger, security-admin-web is vulnerable to CSV Injection. The vulnerability is due to improper neutralization of formula elements due to insufficient sanitization of exported CSV data, allowing malicious formulas to execute when opened in a spreadsheet application...

9.8CVSS7.2AI score0.00723EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/06 1:51 a.m.27 views

CVE-2024-55532

Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue...

9.8CVSS7AI score0.00723EPSS
Exploits0References1
Rows per page
Query Builder