Lucene search
+L

428 matches found

Vulnrichment
Vulnrichment
added 2026/05/08 3:28 a.m.8 views

CVE-2026-42267 Kimai: Formula Injection via tag names in XLSX export

Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLEUSER can create a tag with a formula string as its name e.g. =SUM54+51 via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue joi...

6.8CVSS5.7AI score0.0022EPSS
Exploits1References2
CVE
CVE
added 2026/05/08 3:28 a.m.19 views

CVE-2026-42267

Kimai vulnerability CVE-2026-42267 affects Kimai versions 2.27.0 through before 2.54.0. A user with ROLE_USER can create a tag whose name is a formula string (for example =SUM(54+51)) via POST /api/tags and attach it to a timesheet. When an admin exports to XLSX, ArrayFormatter.formatValue() conc...

6.8CVSS5.7AI score0.0022EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/08 3:28 a.m.2 views

CVE-2026-42267 Kimai: Formula Injection via tag names in XLSX export

Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLEUSER can create a tag with a formula string as its name e.g. =SUM54+51 via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue joi...

6.8CVSS5.9AI score0.0022EPSS
Exploits1References4
OSV
OSV
added 2026/05/06 7:48 p.m.6 views

GHSA-XQ9M-HMP9-FW87 wger: CSV/TSV formula injection in gym member export (first_name/last_name)

Summary The gym member TSV export endpoint in wger writes firstname and lastname profile fields verbatim to TSV cells with no formula-prefix sanitization. Any gym member including newly self-registered users can pre-load a spreadsheet formula into their own profile. When a gym admin later exports...

7.4CVSS6.1AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/06 7:48 p.m.10 views

wger: CSV/TSV formula injection in gym member export (first_name/last_name)

Summary The gym member TSV export endpoint in wger writes firstname and lastname profile fields verbatim to TSV cells with no formula-prefix sanitization. Any gym member including newly self-registered users can pre-load a spreadsheet formula into their own profile. When a gym admin later exports...

6.1AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/05 8:53 p.m.6 views

GHSA-3XC2-H5R3-WV3R Kimai vulnerable to formula Injection via tag names in XLSX export

Summary Any ROLEUSER can create a tag with a formula string as its name e.g. =SUM54+51 via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue joins tag names with implode and returns the result unchanged. OpenSpout promotes any...

6.8CVSS5.8AI score0.0022EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/05 8:53 p.m.16 views

Kimai vulnerable to formula Injection via tag names in XLSX export

Summary Any ROLEUSER can create a tag with a formula string as its name e.g. =SUM54+51 via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue joins tag names with implode and returns the result unchanged. OpenSpout promotes any...

6.8CVSS5.8AI score0.0022EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/05/05 3:34 p.m.9 views

CSV Injection

Overview Affected versions of this package are vulnerable to CSV Injection in the CSV export functionality. An attacker can cause command execution or data exfiltration by injecting malicious formulas into exported fields, which are then executed when the CSV file is opened in spreadsheet softwar...

6.5CVSS5.9AI score0.00228EPSS
Exploits1References2
NVD
NVD
added 2026/05/05 1:16 p.m.10 views

CVE-2026-27644

Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...

6.5CVSS0.00228EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/05 12:12 p.m.5 views

CVE-2026-27644 traccar allows CSV formula injection via exported position data

Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...

6.5CVSS5.8AI score0.00228EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/05 12:12 p.m.6 views

EUVD-2026-27306

Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...

6.5CVSS5.8AI score0.00228EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/05 12:12 p.m.38 views

CVE-2026-27644 traccar allows CSV formula injection via exported position data

Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...

6.5CVSS0.00228EPSS
Exploits1References2
CVE
CVE
added 2026/05/05 12:12 p.m.10 views

CVE-2026-27644

CVE-2026-27644 affects Traccar (versions 6.11.1–6.13.0). CSV export writes position data and computed attributes without proper escaping, enabling an attacker to inject spreadsheet formulas via exported fields. When opened in spreadsheet software, this can lead to formula execution and potential ...

6.5CVSS5.8AI score0.00228EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/05 12:12 p.m.2 views

CVE-2026-27644 traccar allows CSV formula injection via exported position data

Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...

6.5CVSS6AI score0.00228EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/05 12:12 p.m.4 views

CVE-2026-27644

Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...

6.5CVSS5.8AI score0.00228EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/05/05 11:24 a.m.37 views

CVE-2023-54348 ERPGo SaaS 3.9 CSV Injection via Vendor Creation

ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to inject spreadsheet formulas into vendor name fields that execute on the workstation of users who open the exported CSV in a spreadsheet application. Attackers can add malicious formulas like =10+20+cmd|' ...

8.8CVSS0.00352EPSS
Exploits0References4
CVE
CVE
added 2026/05/05 11:24 a.m.8 views

CVE-2023-54348

CVE-2023-54348 affects ERPGo SaaS 3.9. The issue is a CSV injection vulnerability in vendor creation: an authenticated user can inject formula payloads into the vendor name field, which execute when the exported CSV is opened in spreadsheet applications. A sample payload is =10+20+cmd|' /C calc'!...

8.8CVSS6.2AI score0.00352EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.12 views

Traccar 安全漏洞

Traccar is a Java-based website building system provided by the American company Traccar. This software supports over 170 GPS protocols and over 1,500 types of GPS tracking devices. Traccar can be used alongside any major SQL database systems. It also offers a user-friendly REST API. There were...

6.5CVSS5.9AI score0.00228EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.8 views

PT-2026-37032

Name of the Vulnerable Software and Affected Versions Traccar versions 6.11.1 through 6.12.x Description The CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. This allows an attacker to inject spreadshee...

6.5CVSS5.9AI score0.00228EPSS
Exploits1References6
OSV
OSV
added 2026/02/12 8:51 a.m.8 views

BIT-MOODLE-2025-67851 Moodle: moodle: formula injection allows arbitrary formula execution via unescaped data export

A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to...

7.8CVSS5.8AI score0.00251EPSS
Exploits0References4
Rows per page
Query Builder