CVE-2026-6437

Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver aws-efs-csi-driver before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection. To remediate this issue, users...

CVE-2026-6437

Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver aws-efs-csi-driver before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection. To remediate this issue, users...

Amazon EFS CSI Driver 安全漏洞

The Amazon EFS CSI Driver is an open-source component developed by the Kubernetes SIGs, used for mounting AWS File Storage in Kubernetes clusters. Previous versions of the Amazon EFS CSI Driver, such as 3.0.1, contained security vulnerabilities. These vulnerabilities stemmed from improper paramet...

CVE-2026-40113 PraisonAI has an Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openaimodel, openaikey, and openaibase without validating that these values do not contain commas. gcloud use...

CVE-2026-40113

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openaimodel, openaikey, and openaibase without validating that these values do not contain commas. gcloud use...

CVE-2021-47901

Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through redirected endpoints. Attackers can craft malicious server redirects with comma-separated paths containing Excel formulas to manipulate the generated CSV report...

CVE-2025-11254 Contest Gallery – Upload, Vote & Sell with PayPal and Stripe <= 27.0.3 - Unauthenticated CSV Injection

The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 27.0.3 via gallery submissions. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which c...

CycloneDX Sunshine 安全漏洞

CycloneDX Sunshine is an open source visualization tool from CycloneDX. A security vulnerability exists in CycloneDX Sunshine version v0.9 that stems from processing JSON files without validating formulas, which could lead to a CSV injection attack...

CVE-2023-5424

The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system...

PT-2023-30978 · Unknown · Car Rental Script

Name of the Vulnerable Software and Affected Versions: Car Rental Script version 3.0 Description: The issue concerns a CSV Injection vulnerability. It can be exploited via the Language Labels Export action. Recommendations: For Car Rental Script version 3.0, consider disabling the Export action i...

CVE-2023-42004

IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262...

PHPJabbers Availability Booking Calendar Security Vulnerability

PHPJabbers Availability Booking Calendar is a booking system. A security vulnerability exists in PHPJabbers Availability Booking Calendar version 5.0, which stems from an insufficient input validation of Unique, resulting in a CSV injection vulnerability. An attacker can exploit the vulnerability...

WordPress plugin WP Server Health Stats 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

Dell EMC CloudLink 安全漏洞

Dell EMC CloudLink is a flexible data encryption and key management solution for data encryption in public, private, and hybrid cloud environments.A CSV formula injection vulnerability exists in Dell EMC CloudLink 7.1 and earlier versions, which can be exploited by remote, high-privilege attacker...

Pixel＆tonic Craft CMS 代码注入漏洞

Pixel & tonic Craft CMS is a content management system CMS from Pixel & Tonic Pixel & tonic USA. A security vulnerability exists in Pixel & Tonic Craft CMS versions prior to 3.7.14 that could lead to CSV injection...

clustercoding Blog Master Pro CSV Injection Vulnerability

clustercoding Blog Master Pro is a personal blog system based on Laravel framework. The system has a blog management , comment management and site configuration file management and other functions . A CSV injection vulnerability exists in clustercoding Blog Master Pro version 1.0. An attacker can...

CVE-2018-9035

CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form...

CVE-2017-11167

FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo input value...