Lucene search
K

5080 matches found

CNNVD
CNNVD
added 2024/10/17 12:0 a.m.2 views

WordPress plugin CSV Product Import Export for WooCommerce SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

8.5CVSS7.7AI score0.00384EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.3 views

PT-2024-33382 · Cmssoft · Cmssoft Csv Product Import Export For Woocommerce

Name of the Vulnerable Software and Affected Versions: cmssoft CSV Product Import Export for WooCommerce versions 1.0.0 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL...

8.5CVSS8.4AI score0.00384EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/10/14 11:48 a.m.4 views

WordPress SV Product Import Export for WooCommerce plugin <= 1.0.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Hakiduck Patchstack Alliance in WordPress Plugin CSV Product Import Export for WooCommerce versions = 1.0.0...

8.5CVSS8.1AI score0.00384EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/10/01 12:0 a.m.12 views

Synology DiskStation Manager Improper Encoding or Escaping of Output (CVE-2018-8920)

Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format. This plugin only works with Tenable.ot. Please visit...

7.2CVSS6.6AI score0.01027EPSS
Exploits0References2
OSV
OSV
added 2024/09/25 1:15 a.m.3 views

CVE-2021-38963

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on t...

8CVSS6.2AI score0.00602EPSS
Exploits0References1
NVD
NVD
added 2024/09/25 1:15 a.m.15 views

CVE-2021-38963

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on t...

8CVSS0.00602EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.6 views

IBM Aspera Console 安全漏洞

IBM Aspera Console is a Web-based application from International Business Machines IBM, Inc. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A security vulnerability exists in IBM Aspera Console versions 3.4.0 through 3.4.4 that originates from CSV...

8CVSS7.6AI score0.00602EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/24 10:15 a.m.29 views

CVE-2021-38963 IBM Aspera Console CSV injection

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on t...

8CVSS0.00602EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/24 10:15 a.m.18 views

CVE-2021-38963 IBM Aspera Console CSV injection

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on t...

8CVSS7.7AI score0.00602EPSS
Exploits0References1
CVE
CVE
added 2024/09/24 10:15 a.m.67 views

CVE-2021-38963

IBM Aspera Console versions 3.4.0–3.4.4 are affected by a CSV injection vulnerability that could allow a remote authenticated attacker to execute arbitrary code by persuading a user to open a crafted file. The issue affects IBM Aspera Console and is driven by CSV injection in the application. Rem...

8CVSS8.1AI score0.00602EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/12 3:33 p.m.24 views

Refuel Autolab Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code...

7.8CVSS7.6AI score0.00349EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/12 3:33 p.m.15 views

Refuel Autolab Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a user creates a multilabel classification task using a maliciously crafted CSV file containing Python...

7.8CVSS7.6AI score0.00349EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/09/12 3:33 p.m.6 views

GHSA-G2M8-F3X2-QPRW Refuel Autolab Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code...

8.6CVSS7.8AI score0.00349EPSS
Exploits0References4
OSV
OSV
added 2024/09/12 3:33 p.m.8 views

GHSA-4FGP-7VVM-M4JF Refuel Autolab Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a user creates a multilabel classification task using a maliciously crafted CSV file containing Python...

8.6CVSS7.8AI score0.00349EPSS
Exploits0References4
NVD
NVD
added 2024/09/12 1:15 p.m.17 views

CVE-2024-27320

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code...

7.8CVSS0.00349EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/12 12:50 p.m.11 views

CVE-2024-27321

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a user creates a multilabel classification task using a maliciously crafted CSV file containing Python...

7.8CVSS7.6AI score0.00349EPSS
Exploits0References1
CVE
CVE
added 2024/09/12 12:49 p.m.61 views

CVE-2024-27320

The CVE-2024-27320 entry concerns the Refuel Autolabel library. The connected PT-2024-21820 and related sources confirm an arbitrary code execution flaw in versions 0.0.8 and newer, caused by handling of CSV files in classification tasks where Python code can be injected and executed via eval. Im...

7.8CVSS7.9AI score0.00349EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/12 12:49 p.m.14 views

CVE-2024-27320

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code...

7.8CVSS7.6AI score0.00349EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/12 12:49 p.m.27 views

CVE-2024-27320

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code...

7.8CVSS0.00349EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/12 12:0 a.m.2 views

Autolabel 安全漏洞

Autolabel is a Python library open-sourced by refuel-ai. It is used to label, clean, and enrich textual datasets using any Large Language Model LLM. A security vulnerability exists in Autolabel 0.0.8 and earlier versions, which stems from the presence of an arbitrary code execution vulnerability...

7.8CVSS7.5AI score0.00349EPSS
Exploits0References2
Rows per page
Query Builder