2 matches found
CVE-2026-53474 Migration-planner: second-order sql injection via rvtools upload
A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicious SQL embedded within a spreadsheet cell is executed when cluster names are processed. This SQL...
Kieback&Peter DDC4000 路径遍历漏洞
The Kieback&Peter DDC4000 is a building automation and control system from Kieback&Peter, a German company, that is used to manage and monitor various devices within a building. A path traversal vulnerability exists in the Kieback&Peter DDC4000 that originates from allowing an unauthenticated...