Skip to main content

Pizzy Library

3 CVEs product

Monthly

CVE-2026-5242 HIGH PATCH This Week

CSV formula injection in MIA Technology's Pizzy Library (versions 1.0.0.26250 through 1.3.9.26250) allows authenticated attackers to inject malicious formula elements into generated CSV files, leading to code execution when the file is opened in a spreadsheet application. The flaw is rated CVSS 8.8 and was reported by TR-CERT, though no public exploit identified at time of analysis. Impact spans confidentiality, integrity, and availability on the system of any victim who opens the crafted CSV.

Code Injection Pizzy Library
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-5233 HIGH PATCH This Week

Resource flooding in MIA Technology Pizzy Library versions 1.0.0.26250 through 1.3.9.26250 allows authenticated remote attackers to abuse improper interaction frequency controls (CWE-799) to degrade availability and tamper with integrity. With a CVSS 3.1 base score of 7.1 and no public exploit identified at time of analysis, the flaw primarily threatens service availability in deployments that expose the library over the network. The advisory was coordinated through Turkey's TR-CERT, with no CISA KEV listing and no EPSS data provided.

Information Disclosure Pizzy Library
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-5230 HIGH PATCH This Week

Improper access control in MIA Technology Inc. Pizzy Library versions 1.0.0.26250 through 1.3.9.26250 allows authenticated remote attackers to bypass authorization checks and access resources or actions outside their permission level. The flaw was reported by TR-CERT and carries a CVSS 3.1 base score of 7.1, with high confidentiality impact but only low integrity impact and no availability impact; no public exploit identified at time of analysis.

Authentication Bypass Pizzy Library
NVD
CVSS 3.1
7.1
EPSS
0.2%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

CSV formula injection in MIA Technology's Pizzy Library (versions 1.0.0.26250 through 1.3.9.26250) allows authenticated attackers to inject malicious formula elements into generated CSV files, leading to code execution when the file is opened in a spreadsheet application. The flaw is rated CVSS 8.8 and was reported by TR-CERT, though no public exploit identified at time of analysis. Impact spans confidentiality, integrity, and availability on the system of any victim who opens the crafted CSV.

Code Injection Pizzy Library
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Resource flooding in MIA Technology Pizzy Library versions 1.0.0.26250 through 1.3.9.26250 allows authenticated remote attackers to abuse improper interaction frequency controls (CWE-799) to degrade availability and tamper with integrity. With a CVSS 3.1 base score of 7.1 and no public exploit identified at time of analysis, the flaw primarily threatens service availability in deployments that expose the library over the network. The advisory was coordinated through Turkey's TR-CERT, with no CISA KEV listing and no EPSS data provided.

Information Disclosure Pizzy Library
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Improper access control in MIA Technology Inc. Pizzy Library versions 1.0.0.26250 through 1.3.9.26250 allows authenticated remote attackers to bypass authorization checks and access resources or actions outside their permission level. The flaw was reported by TR-CERT and carries a CVSS 3.1 base score of 7.1, with high confidentiality impact but only low integrity impact and no availability impact; no public exploit identified at time of analysis.

Authentication Bypass Pizzy Library
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy