Skip to main content

CWE-148

Improper Neutralization of Input Leaders

2 CVEs Avg CVSS 6.6 MITRE
0
CRITICAL
1
HIGH
1
MEDIUM
0
LOW
1
POC
0
KEV

Monthly

CVE-2026-12862 MEDIUM PATCH This Month

Formula injection in Venueless Excel exports allows an attacker with a low-privilege account to embed malicious spreadsheet formulas into user-supplied data fields, which execute when an administrator opens the generated export file. Affected deployments include all versions of Venueless (pretix) as indicated by the wildcard CPE entry. No public exploit has been identified at time of analysis, and no CISA KEV listing is present, but the low attack complexity and the availability of a GitHub security advisory signal a credible, reproducible attack path against administrative workflows.

Code Injection Venueless
NVD GitHub
CVSS 4.0
5.1
EPSS
0.2%
CVE-2023-4853 Maven HIGH POC PATCH This Week

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Quarkus Build Of Optaplanner Build Of Quarkus Decision Manager +8
NVD
CVSS 3.1
8.1
EPSS
1.2%
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Formula injection in Venueless Excel exports allows an attacker with a low-privilege account to embed malicious spreadsheet formulas into user-supplied data fields, which execute when an administrator opens the generated export file. Affected deployments include all versions of Venueless (pretix) as indicated by the wildcard CPE entry. No public exploit has been identified at time of analysis, and no CISA KEV listing is present, but the low attack complexity and the availability of a GitHub security advisory signal a credible, reproducible attack path against administrative workflows.

Code Injection Venueless
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Quarkus Build Of Optaplanner +10
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy