Lucene search
K

5079 matches found

NVD
NVD
added 2024/11/26 5:15 p.m.27 views

CVE-2024-53555

A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file...

8.8CVSS0.00675EPSS
Exploits0References2
CVE
CVE
added 2024/11/26 12:0 a.m.64 views

CVE-2024-53555

CVE-2024-53555 affects Taiga (v6.8.1). A crafted CSV upload can trigger arbitrary code execution due to a CSV injection issue in the import/upload pathway. The vulnerability is tied to the CSV handling logic (CSV injection) and could impact systems that process uploaded CSV files through Taiga. M...

8.8CVSS7.7AI score0.00675EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/26 12:0 a.m.13 views

CVE-2024-53555

A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file...

8.2AI score0.00675EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/26 12:0 a.m.23 views

CVE-2024-53555

A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file...

0.00675EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/26 12:0 a.m.3 views

Taiga 安全漏洞

Taiga is a free open source project management tool from Taiga Open Source. A security vulnerability exists in Taiga version v6.8.1, which stems from the inclusion of a CSV injection issue that could lead to arbitrary code execution...

8.8CVSS7.8AI score0.00675EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/20 9:57 p.m.5 views

WordPress My Contador lesr plugin <= 2.0 - Missing Authorization to Unauthenticated User Registration CSV Export vulnerability

Missing Authorization to Unauthenticated User Registration CSV Export vulnerability discovered by SOPROBRO in WordPress Plugin My Contador lesr versions = 2.0...

5.3CVSS7AI score0.00596EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/11/16 10:15 p.m.25 views

CVE-2024-52406

Unrestricted Upload of File with Dangerous Type vulnerability in wibergsweb CSV to html csv-to-html allows Upload a Web Shell to a Web Server.This issue affects CSV to html: from n/a through = 3.26...

9.9CVSS0.00478EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/16 9:47 p.m.10 views

CVE-2024-52406 WordPress CSV to html plugin <= 3.04 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Wibergs Web CSV to html allows Upload a Web Shell to a Web Server.This issue affects CSV to html: from n/a through 3.04...

9.9CVSS6.8AI score0.00478EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/16 9:47 p.m.19 views

CVE-2024-52406 WordPress CSV to html plugin <= 3.26 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in wibergsweb CSV to html csv-to-html allows Upload a Web Shell to a Web Server.This issue affects CSV to html: from n/a through = 3.26...

9.9CVSS0.00478EPSS
Exploits0References1
CVE
CVE
added 2024/11/16 9:47 p.m.55 views

CVE-2024-52406

CVE-2024-52406 affects the WordPress plugin CSV to HTML (versions

9.9CVSS7.2AI score0.00478EPSS
Exploits0References1
NVD
NVD
added 2024/11/14 6:15 p.m.21 views

CVE-2024-52372

Unrestricted Upload of File with Dangerous Type vulnerability in WebTechGlobal Easy CSV Importer BETA easy-csv-importer allows Upload a Web Shell to a Web Server.This issue affects Easy CSV Importer BETA: from n/a through = 7.0.0...

10CVSS0.00496EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/14 6:12 p.m.11 views

CVE-2024-52372 WordPress Easy CSV Importer plugin <= 7.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WebTechGlobal Easy CSV Importer BETA easy-csv-importer allows Upload a Web Shell to a Web Server.This issue affects Easy CSV Importer BETA: from n/a through = 7.0.0...

10CVSS7.2AI score0.00496EPSS
Exploits0References1
CVE
CVE
added 2024/11/14 6:12 p.m.59 views

CVE-2024-52372

CVE-2024-52372 corresponds to an Unrestricted Upload of File with Dangerous Type in the WordPress plugin Easy CSV Importer BETA (versions n/a–7.0.0). The vulnerability allows uploading a web shell via the plugin’s file-upload feature; the root cause is unsafe handling of arbitrary file types duri...

10CVSS7.2AI score0.00496EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/14 6:12 p.m.25 views

CVE-2024-52372 WordPress Easy CSV Importer plugin <= 7.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WebTechGlobal Easy CSV Importer BETA easy-csv-importer allows Upload a Web Shell to a Web Server.This issue affects Easy CSV Importer BETA: from n/a through = 7.0.0...

10CVSS0.00496EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/11/13 9:7 a.m.4 views

WordPress CSV to html plugin <= 3.26 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin CSV to html versions = 3.26...

9.9CVSS7AI score0.00478EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/13 12:0 a.m.13 views

WordPress CSV to html Plugin <= 3.06 is vulnerable to Arbitrary File Upload

Software CSV to html Type Plugin Vulnerable versions = 3.06 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52406 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID f31bd5d837b7 Credits stealthcopter Required privilege Subscriber...

9.9CVSS9.6AI score0.00478EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2024/11/12 9:46 p.m.2 views

CSV Injection

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to CSV Injection via the file /account/profile of the Name field under the "Edit Your Profile" section. An attacker can gain elevated privileges and exfiltrate internal system...

8CVSS7.3AI score0.00429EPSS
Exploits0References2
OSV
OSV
added 2024/11/12 9:15 p.m.8 views

CVE-2024-51094

An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be...

8CVSS7AI score0.00429EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/12 12:0 a.m.12 views

CVE-2024-51094

An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be...

6.8AI score0.00429EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.5 views

PT-2024-34522 · Snipe-It · Snipe-It

Name of the Vulnerable Software and Affected Versions: Snipe-IT version 7.0.13 build 15514 Description: The issue allows a low-privileged attacker to modify their profile name and inject a malicious payload into the Name field. When an administrator later accesses the People Management page,...

8CVSS7.5AI score0.00429EPSS
Exploits0References5
Rows per page
Query Builder