40 matches found
CVE-2026-35157
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote...
GHSA-4Q3W-JGFX-4792 Tendenci is Vulnerable to CSV Formula Injection through its Contact Form Message Field
Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when...
CVE-2020-36962
Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when...
EUVD-2020-30887
Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when...
CVE-2025-66834
A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadsheet formulas into exported chat logs via crafted Display Name...
CVE-2025-51735
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...
CVE-2025-51735
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...
CVE-2025-51735
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...
CVE-2025-51735
CVE-2025-51735 corresponds to a CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0. The connected documents confirm the affected product/version but do not provide technical exploit details or concrete root-cause specifics beyond the CSV-injection description. The CVSS v3.1...
EUVD-2025-199873
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...
CVE-2025-11498
CVE-2025-11498 affects the System Diagnostics Manager (SDM) component of B&R Automation Runtime before 6.4. The issue is an Improper Neutralization of Formula Elements in a CSV File, allowing a remote attacker to inject formula data into a generated CSV. Exploitation requires the attacker to craf...
EUVD-2021-10381
Malware in sbrugna...
EUVD-2021-22954
Malware in sbrugna...
EUVD-2020-18132
Malware in sbrugna...
PT-2025-32992 · Unknown · Cyclonedx Sunshine
Name of the Vulnerable Software and Affected Versions: CycloneDX Sunshine version 0.9 Description: CycloneDX Sunshine version 0.9 is vulnerable to CSV Formula Injection via a crafted JSON file. Recommendations: At the moment, there is no information about a newer version that contains a fix for...
CVE-2025-52386
CVE-2025-52386 affects CycloneDX Sunshine v0.9. The issue arises when processing JSON input without validating formulas, enabling a CSV Formula Injection via crafted JSON files. Potential impact includes injection into downstream CSV, depending on how the data are consumed. The connected document...
CVE-2023-46401
KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function...
CVE-2023-46400
KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function...
CVE-2020-25445
The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed...
CVE-2023-46400
KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function...