PT-2026-35929

Name of the Vulnerable Software and Affected Versions Text::CSV XS versions prior to 1.62 Description A use-after-free issue exists when registered callbacks extend the Perl argument stack, potentially leading to type confusion or memory corruption. The Parse, print, getline, and getline all...

EUVD-2026-22186

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file .xlsx via the...

CVE-2026-24447

If a malformed data is input to the affected product, a CSV file downloaded from the affected product may contain such malformed data. When a victim user download and open such a CSV file, the embedded code may be executed in the user's environment. Note that Movable Type 7 series and 8.4 series,...

CVE-2023-45597

A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “fileconfiguration” functionality of the web application concerning the function “exportfile” allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. This issue...

EUVD-2018-4222

Malware in sbrugna...

EUVD-2019-1176

Malware in sbrugna...

EUVD-2019-19264

Malware in sbrugna...

EUVD-2022-0115

Malicious code in bioql PyPI...

EUVD-2022-49583

Malicious code in bioql PyPI...

EUVD-2025-23301

Malicious code in bioql PyPI...

CVE-2025-54752

CVE-2025-54752 affects PowerCMS; vulnerable component is the handling of CSV files where malformed entries can cause embedded code execution when opened by a victim. Root cause cited: improper neutralization of formula elements in a CSV file. Impact described as code execution with user interacti...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview handcraftedinthealps/goodby-csv is a CSV import/export library Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the wakeup process. An attacker can execute arbitrary code by leveraging a gadget chain if...

PT-2025-25443 · Unknown · Goodby-Csv

Name of the Vulnerable Software and Affected Versions: goodby-csv versions prior to 1.4.3 Description: The issue concerns an insecure deserialization vulnerability in the goodby-csv library, which can be used as part of a "gadget chain" to achieve remote code execution if an application...

CVE-2024-27785

An improper neutralization of formula elements in a CSV File CWE-1236 vulnerability in Fortinet FortiAIOps 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports...

CVE-2022-45348

Improper Neutralization of Formula Elements in a CSV File vulnerability in anmari amr users.This issue affects amr users: from n/a through 4.59.4...

CVE-2022-46821

Improper Neutralization of Formula Elements in a CSV File vulnerability in Jackmail & Sarbacane Emails & Newsletters with Jackmail.This issue affects Emails & Newsletters with Jackmail: from n/a through 1.2.22...

CVE-2022-46804

Improper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct.This issue affects Export Users Data Distinct: from n/a through 1.3...

CVE-2022-47442

Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9...

CVE-2022-45810

Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce: from n/a throu...

CVE-2024-27785

An improper neutralization of formula elements in a CSV File CWE-1236 vulnerability in Fortinet FortiAIOps 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports...