Search criteria
3 vulnerabilities found for Pizzy Library by MIA Technology Inc.
CVE-2026-5242 (GCVE-0-2026-5242)
Vulnerability from cvelistv5 – Published: 2026-06-15 12:47 – Updated: 2026-06-15 15:59
VLAI?
Title
Code Injection in Mia Technologies' Pizzy Library
Summary
Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection.
This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.
Severity ?
8.8 (High)
CWE
- CWE-1236 - Improper neutralization of formula elements in a CSV file
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MIA Technology Inc. | Pizzy Library |
Affected:
1.0.0.26250 , < 1.3.9.26250
(custom)
|
Credits
Ahmet DURMUŞ
STM Savunma Teknolojileri Mühendislik ve Ticaret A.Ş.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-15T15:58:47.887349Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T15:59:03.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pizzy Library",
"vendor": "MIA Technology Inc.",
"versions": [
{
"lessThan": "1.3.9.26250",
"status": "affected",
"version": "1.0.0.26250",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ahmet DURMU\u015e"
},
{
"lang": "en",
"type": "sponsor",
"value": "STM Savunma Teknolojileri M\u00fchendislik ve Ticaret A.\u015e."
}
],
"datePublic": "2026-06-15T12:44:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection.\u003cp\u003eThis issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.\u003c/p\u003e"
}
],
"value": "Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection.\n\nThis issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper neutralization of formula elements in a CSV file",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T13:47:05.726Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0383"
}
],
"source": {
"advisory": "TR-26-0383",
"defect": [
"TR-26-0383"
],
"discovery": "UNKNOWN"
},
"title": "Code Injection in Mia Technologies\u0027 Pizzy Library",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-5242",
"datePublished": "2026-06-15T12:47:51.609Z",
"dateReserved": "2026-03-31T14:31:37.706Z",
"dateUpdated": "2026-06-15T15:59:03.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5233 (GCVE-0-2026-5233)
Vulnerability from cvelistv5 – Published: 2026-06-15 12:42 – Updated: 2026-06-15 15:58
VLAI?
Title
Missing Rate Limiting in Mia Technologies' Pizzy Library
Summary
Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding.
This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.
Severity ?
7.1 (High)
CWE
- CWE-799 - Improper Control of Interaction Frequency
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MIA Technology Inc. | Pizzy Library |
Affected:
1.0.0.26250 , < 1.3.9.26250
(custom)
|
Credits
Ahmet DURMUŞ
STM Savunma Teknolojileri Mühendislik ve Ticaret A.Ş.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5233",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-15T15:58:13.174347Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T15:58:23.979Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pizzy Library",
"vendor": "MIA Technology Inc.",
"versions": [
{
"lessThan": "1.3.9.26250",
"status": "affected",
"version": "1.0.0.26250",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ahmet DURMU\u015e"
},
{
"lang": "en",
"type": "sponsor",
"value": "STM Savunma Teknolojileri M\u00fchendislik ve Ticaret A.\u015e."
}
],
"datePublic": "2026-06-15T12:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding.\u003cp\u003eThis issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.\u003c/p\u003e"
}
],
"value": "Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding.\n\nThis issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250."
}
],
"impacts": [
{
"capecId": "CAPEC-125",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-125 Flooding"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-799",
"description": "CWE-799 Improper Control of Interaction Frequency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T13:48:27.639Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0383"
}
],
"source": {
"advisory": "TR-26-0383",
"defect": [
"TR-26-0383"
],
"discovery": "UNKNOWN"
},
"title": "Missing Rate Limiting in Mia Technologies\u0027 Pizzy Library",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-5233",
"datePublished": "2026-06-15T12:42:34.666Z",
"dateReserved": "2026-03-31T13:36:58.860Z",
"dateUpdated": "2026-06-15T15:58:23.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5230 (GCVE-0-2026-5230)
Vulnerability from cvelistv5 – Published: 2026-06-15 12:23 – Updated: 2026-06-15 15:57
VLAI?
Title
Improper Access Control in Mia Technologies' Pizzy Library
Summary
Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.
Severity ?
7.1 (High)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MIA Technology Inc. | Pizzy Library |
Affected:
1.0.0.26250 , < 1.3.9.26250
(custom)
|
Credits
Ahmet DURMUŞ
STM Savunma Teknolojileri Mühendislik ve Ticaret A.Ş.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5230",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-15T15:57:39.043602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T15:57:52.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pizzy Library",
"vendor": "MIA Technology Inc.",
"versions": [
{
"lessThan": "1.3.9.26250",
"status": "affected",
"version": "1.0.0.26250",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ahmet DURMU\u015e"
},
{
"lang": "en",
"type": "sponsor",
"value": "STM Savunma Teknolojileri M\u00fchendislik ve Ticaret A.\u015e."
}
],
"datePublic": "2026-06-15T12:14:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.\u003c/p\u003e"
}
],
"value": "Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T13:49:56.327Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0383"
}
],
"source": {
"advisory": "TR-26-0383",
"defect": [
"TR-26-0383"
],
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in Mia Technologies\u0027 Pizzy Library",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-5230",
"datePublished": "2026-06-15T12:23:36.729Z",
"dateReserved": "2026-03-31T13:28:53.611Z",
"dateUpdated": "2026-06-15T15:57:52.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}