403 matches found
CVE-2026-12862
Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file...
CVE-2026-12862
Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file...
EUVD-2026-38220
Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file...
CVE-2026-12862
The CVE-2026-12862 entry documents a formula-injection risk in XLSX exports where untrusted user data is passed directly to Excel exports for administrators. Root cause: untrusted data used in the export path enables Excel formulas to be interpreted when the file is opened, potentially compromisi...
CVE-2026-12862 XLSX formula injection in exports
Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file...
PT-2026-49236
Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...
CSV Injection
Poweradmin is vulnerable to CSV Injection. The vulnerability is due to improper sanitization of user-controlled data before exporting it to CSV files, which allows an attacker to inject malicious spreadsheet formulas that execute when an administrator opens the exported file...
GHSA-3H6H-67X3-CV5X Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications
Description: Summary Poweradmin v4.4.0 is vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing formula trigger characters =, +, -, @. When an administrator export...
Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications
Description: Summary Poweradmin v4.4.0 is vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing formula trigger characters =, +, -, @. When an administrator export...
PT-2026-47615
Description: Summary Poweradmin v4.4.0 is vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing formula trigger characters =, +, -, @. When an administrator export...
PT-2026-47544
Description: Summary Poweradmin v4.4.0 is vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing formula trigger characters =, +, -, @. When an administrator export...
CVE-2026-27644
Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...
GHSA-XF4V-W5X5-PV79 Spree: CSV Formula Injection in Customer Export
Summary CSV formula injection also known as formula injection or CSV injection affects customer export. User-controlled values customer names, email addresses, and shipping addresses. When an administrator opens a crafted Export in Microsoft Excel or LibreOffice Calc, formulas embedded in user da...
PT-2026-49156
Summary CSV formula injection also known as formula injection or CSV injection affects customer export. User-controlled values customer names, email addresses, and shipping addresses. When an administrator opens a crafted Export in Microsoft Excel or LibreOffice Calc, formulas embedded in user da...
json-2-csv 安全漏洞
json-2-csv is a JSON-to-CSV conversion tool developed by Michael Rodrigues. Versions of json-2-csv from 3.15.0 to 5.5.11 had security vulnerabilities. These vulnerabilities stemmed from the possibility of bypassing the preventCsvInjection option, allowing attackers to inject formulas into the CSV...
CVE-2026-41073 RT: Spreadsheet downloads vulnerable to CSV/formula injection in Microsoft Excel and similar apps
RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet CSV/formula injection vulnerability. User-controlled data in spreadsheet exports is not sanitized before being written to the output file, which can caus...
CVE-2026-35157
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote...
CVE-2026-42267 Kimai: Formula Injection via tag names in XLSX export
Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLEUSER can create a tag with a formula string as its name e.g. =SUM54+51 via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue joi...
CVE-2026-42267
Kimai vulnerability CVE-2026-42267 affects Kimai versions 2.27.0 through before 2.54.0. A user with ROLE_USER can create a tag whose name is a formula string (for example =SUM(54+51)) via POST /api/tags and attach it to a timesheet. When an admin exports to XLSX, ArrayFormatter.formatValue() conc...
CVE-2026-42267 Kimai: Formula Injection via tag names in XLSX export
Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLEUSER can create a tag with a formula string as its name e.g. =SUM54+51 via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue joi...