Search criteria

3 vulnerabilities found for Pizzy Library by MIA Technology Inc.

CVE-2026-5242 (GCVE-0-2026-5242)

Vulnerability from cvelistv5 – Published: 2026-06-15 12:47 – Updated: 2026-06-15 15:59
VLAI?
Title
Code Injection in Mia Technologies' Pizzy Library
Summary
Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.
CWE
  • CWE-1236 - Improper neutralization of formula elements in a CSV file
Assigner
References
Impacted products
Vendor Product Version
MIA Technology Inc. Pizzy Library Affected: 1.0.0.26250 , < 1.3.9.26250 (custom)
Create a notification for this product.
Credits
Ahmet DURMUŞ STM Savunma Teknolojileri Mühendislik ve Ticaret A.Ş.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5242",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-15T15:58:47.887349Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-15T15:59:03.264Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Pizzy Library",
          "vendor": "MIA Technology Inc.",
          "versions": [
            {
              "lessThan": "1.3.9.26250",
              "status": "affected",
              "version": "1.0.0.26250",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ahmet DURMU\u015e"
        },
        {
          "lang": "en",
          "type": "sponsor",
          "value": "STM Savunma Teknolojileri M\u00fchendislik ve Ticaret A.\u015e."
        }
      ],
      "datePublic": "2026-06-15T12:44:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection.\u003cp\u003eThis issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.\u003c/p\u003e"
            }
          ],
          "value": "Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection.\n\nThis issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-242",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-242 Code Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1236",
              "description": "CWE-1236 Improper neutralization of formula elements in a CSV file",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-15T13:47:05.726Z",
        "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "shortName": "TR-CERT"
      },
      "references": [
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0383"
        }
      ],
      "source": {
        "advisory": "TR-26-0383",
        "defect": [
          "TR-26-0383"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Code Injection in Mia Technologies\u0027 Pizzy Library",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
    "assignerShortName": "TR-CERT",
    "cveId": "CVE-2026-5242",
    "datePublished": "2026-06-15T12:47:51.609Z",
    "dateReserved": "2026-03-31T14:31:37.706Z",
    "dateUpdated": "2026-06-15T15:59:03.264Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5233 (GCVE-0-2026-5233)

Vulnerability from cvelistv5 – Published: 2026-06-15 12:42 – Updated: 2026-06-15 15:58
VLAI?
Title
Missing Rate Limiting in Mia Technologies' Pizzy Library
Summary
Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.
CWE
  • CWE-799 - Improper Control of Interaction Frequency
Assigner
References
Impacted products
Vendor Product Version
MIA Technology Inc. Pizzy Library Affected: 1.0.0.26250 , < 1.3.9.26250 (custom)
Create a notification for this product.
Credits
Ahmet DURMUŞ STM Savunma Teknolojileri Mühendislik ve Ticaret A.Ş.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5233",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-15T15:58:13.174347Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-15T15:58:23.979Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Pizzy Library",
          "vendor": "MIA Technology Inc.",
          "versions": [
            {
              "lessThan": "1.3.9.26250",
              "status": "affected",
              "version": "1.0.0.26250",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ahmet DURMU\u015e"
        },
        {
          "lang": "en",
          "type": "sponsor",
          "value": "STM Savunma Teknolojileri M\u00fchendislik ve Ticaret A.\u015e."
        }
      ],
      "datePublic": "2026-06-15T12:25:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding.\u003cp\u003eThis issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.\u003c/p\u003e"
            }
          ],
          "value": "Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding.\n\nThis issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-125",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-125 Flooding"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-799",
              "description": "CWE-799 Improper Control of Interaction Frequency",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-15T13:48:27.639Z",
        "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "shortName": "TR-CERT"
      },
      "references": [
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0383"
        }
      ],
      "source": {
        "advisory": "TR-26-0383",
        "defect": [
          "TR-26-0383"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Missing Rate Limiting in Mia Technologies\u0027 Pizzy Library",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
    "assignerShortName": "TR-CERT",
    "cveId": "CVE-2026-5233",
    "datePublished": "2026-06-15T12:42:34.666Z",
    "dateReserved": "2026-03-31T13:36:58.860Z",
    "dateUpdated": "2026-06-15T15:58:23.979Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5230 (GCVE-0-2026-5230)

Vulnerability from cvelistv5 – Published: 2026-06-15 12:23 – Updated: 2026-06-15 15:57
VLAI?
Title
Improper Access Control in Mia Technologies' Pizzy Library
Summary
Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.
CWE
Assigner
References
Impacted products
Vendor Product Version
MIA Technology Inc. Pizzy Library Affected: 1.0.0.26250 , < 1.3.9.26250 (custom)
Create a notification for this product.
Credits
Ahmet DURMUŞ STM Savunma Teknolojileri Mühendislik ve Ticaret A.Ş.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5230",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-15T15:57:39.043602Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-15T15:57:52.729Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Pizzy Library",
          "vendor": "MIA Technology Inc.",
          "versions": [
            {
              "lessThan": "1.3.9.26250",
              "status": "affected",
              "version": "1.0.0.26250",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ahmet DURMU\u015e"
        },
        {
          "lang": "en",
          "type": "sponsor",
          "value": "STM Savunma Teknolojileri M\u00fchendislik ve Ticaret A.\u015e."
        }
      ],
      "datePublic": "2026-06-15T12:14:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.\u003c/p\u003e"
            }
          ],
          "value": "Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-180",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284 Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-15T13:49:56.327Z",
        "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "shortName": "TR-CERT"
      },
      "references": [
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0383"
        }
      ],
      "source": {
        "advisory": "TR-26-0383",
        "defect": [
          "TR-26-0383"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Improper Access Control in Mia Technologies\u0027 Pizzy Library",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
    "assignerShortName": "TR-CERT",
    "cveId": "CVE-2026-5230",
    "datePublished": "2026-06-15T12:23:36.729Z",
    "dateReserved": "2026-03-31T13:28:53.611Z",
    "dateUpdated": "2026-06-15T15:57:52.729Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}