4 matches found
CVE-2026-27644 traccar allows CSV formula injection via exported position data
Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...
CVE-2026-27644
CVE-2026-27644 affects Traccar (versions 6.11.1–6.13.0). CSV export writes position data and computed attributes without proper escaping, enabling an attacker to inject spreadsheet formulas via exported fields. When opened in spreadsheet software, this can lead to formula execution and potential ...
CVE-2026-27644 traccar allows CSV formula injection via exported position data
Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...
iTrack Easy Authentication Mechanism Bypass Vulnerability
The iTrack Easy is a versatile Bluetooth device. The iTrack Easy fails to implement an authentication mechanism, which can be exploited by a remote attacker to modify the GPS data of a lost device using the 'parametercmd:setothergps' function...