Lucene search
+L

778 matches found

Cvelist
Cvelist
added yesterday17 views

CVE-2026-54243 Statamic: CSV formula injection in form submission exports

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.24 and 6.20.1, form submission values in src/Forms/Exporters/CsvExporter.php were not neutralized for spreadsheet formula characters when exported to CSV. A submission containing a value beginning with a formula...

6.1CVSS
Exploits0References5
CVE
CVE
added yesterday7 views

CVE-2026-63101

Open Event Server 1.19.1 is affected by an unauthenticated access vulnerability that lets attackers export the full member roster (emails, names, join dates, roles) by calling the group followers CSV export endpoint. The issue arises because the export endpoint lacks authentication and can be tri...

8.7CVSS5.5AI score
Exploits0References2
Cvelist
Cvelist
added yesterday19 views

CVE-2026-63101 Open Event Server 1.19.1 Unauthenticated Member Roster Export via CSV Export Endpoint

Open Event Server through 1.19.1 contains a missing authentication vulnerability that allows unauthenticated attackers to export the complete member roster of any group, including email addresses, names, join dates, and roles, by submitting requests to the group followers CSV export endpoint whic...

8.7CVSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago39 views

CVE-2026-49476 Soup Sieve: Memory Exhaustion via Large Comma-Separated Selector Lists in soupsieve

Soup Sieve is a CSS selector library designed to be used with Beautiful Soup 4. Prior to 2.8.4, the CSS selector parser in soupsieve allocates unbounded memory when compiling large comma-separated selector lists, allowing an attacker who can supply a crafted selector string to soupsieve.compile o...

7.5CVSS0.00601EPSS
Exploits0References3
NVD
NVD
added 5 days ago4 views

CVE-2026-14846

In version 8.2.1 of PrestaShop, there is a vulnerability relating to the incorrect sanitisation of elements, caused by inadequate validation of the ‘Alias’ parameter in the ‘Update your address’ function. This flaw allows an attacker to inject malicious expressions that are executed when the...

4.5CVSS0.0033EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-57859

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 7.4.0 Description A low-privileged user can bypass the /admin/export UI to exfiltrate the entire member directory. The POST /CSVCreateFile.php endpoint generates and streams a CSV file containing the full Personally...

6.5CVSS6.1AI score0.00217EPSS
Exploits0References5
NVD
NVD
added 2026/07/10 8:16 p.m.8 views

CVE-2026-11321

The DataInjection plugin for GLPI 2.15.6 GLPI 11 builds concatenates user-supplied CSV field values directly into SQL queries during CSV import, without parameterization or escaping, resulting in authenticated SQL injection. An authenticated user with access to the Data injection feature can embe...

7.1CVSS0.00314EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/10 7:43 p.m.30 views

CVE-2026-55475 Snipe-IT: Import created_by can be overwritten

Snipe-IT is an IT asset/license management system. Prior to 8.6.1, the Importer API endpoint allows a user with CSV import capabilities and a valid API key to overwrite the createdby value of an import file, allowing unauthorized modification of import ownership metadata. This issue is fixed in...

5.7CVSS0.00192EPSS
Exploits0References4
CVE
CVE
added 2026/07/10 7:42 p.m.9 views

CVE-2026-55469

Snipe-IT prior to 8.6.2 is affected. An authenticated user with import and assets.update permissions can inject a path traversal string into an asset image field via CSV import, which can trigger image deletion and lead to deletion of arbitrary files accessible to the server process. The issue is...

6.5CVSS6.2AI score0.00378EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/07/10 7:42 p.m.7 views

EUVD-2026-43000

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with import and assets.update permissions can place a path traversal string in an asset image field through CSV import and then trigger image deletion, allowing deletion of arbitrary files accessible to the...

6.5CVSS6.2AI score0.00378EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/10 7:42 p.m.30 views

CVE-2026-55469 Snipe-IT: Path traversal vulnerability via CSV import `image` field

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with import and assets.update permissions can place a path traversal string in an asset image field through CSV import and then trigger image deletion, allowing deletion of arbitrary files accessible to the...

6.5CVSS0.00378EPSS
Exploits0References3
OSV
OSV
added 2026/07/10 7:42 p.m.4 views

CVE-2026-55469 Snipe-IT: Path traversal vulnerability via CSV import `image` field

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with import and assets.update permissions can place a path traversal string in an asset image field through CSV import and then trigger image deletion, allowing deletion of arbitrary files accessible to the...

6.5CVSS6.2AI score0.00378EPSS
Exploits0References5
CVE
CVE
added 2026/07/10 7:40 p.m.13 views

CVE-2026-55452

CVE-2026-55452 concerns Snipe-IT (IT asset/license management) where pre-8.5.0 builds store the User-Agent header via Actionlog::logaction() and export it in Activity Report CSV without formula escaping. This allows a low-privileged authenticated user to inject a formula-like payload that can exe...

7.3CVSS6.2AI score0.00234EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/07/10 6:53 p.m.37 views

CVE-2026-11321 GLPI DataInjection Plugin Authenticated SQL Injection via CSV Import

The DataInjection plugin for GLPI 2.15.6 GLPI 11 builds concatenates user-supplied CSV field values directly into SQL queries during CSV import, without parameterization or escaping, resulting in authenticated SQL injection. An authenticated user with access to the Data injection feature can embe...

7.1CVSS0.00314EPSS
Exploits0References4
OSV
OSV
added 2026/07/10 6:53 p.m.5 views

CVE-2026-11321 GLPI DataInjection Plugin Authenticated SQL Injection via CSV Import

The DataInjection plugin for GLPI 2.15.6 GLPI 11 builds concatenates user-supplied CSV field values directly into SQL queries during CSV import, without parameterization or escaping, resulting in authenticated SQL injection. An authenticated user with access to the Data injection feature can embe...

7.1CVSS6.1AI score0.00314EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/07/09 1:37 p.m.7 views

Soup Sieve has Memory Exhaustion via Large Comma-Separated Selector Lists

Summary The CSS selector parser in soupsieve the CSS selector engine for Beautiful Soup 4 allocates unbounded memory when compiling large comma-separated selector lists. An attacker who can supply a crafted CSS selector string to soupsieve.compile or Beautiful Soup's .select / .selectone can caus...

7.5CVSS6AI score0.00601EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/07/09 7:16 a.m.8 views

CVE-2026-11571

The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via...

7.5CVSS0.00256EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/09 6:52 a.m.8 views

EUVD-2026-42524

The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to unauthorized access in all versions up to and including 4.0.2. This is due to the handleexporttable function being registered on the WordPress 'init' hook, which fires for all requests, including...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/09 6:0 a.m.36 views

CVE-2026-11571 Everest Forms < 3.5.0 - Unauthenticated Sensitive Information Exposure via Residual CSV Artifacts

The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via...

0.00256EPSS
Exploits0References1
CVE
CVE
added 2026/07/09 6:0 a.m.12 views

CVE-2026-11571

The CVE concerns the Everest Forms WordPress plugin prior to version 3.5.0. It does not reliably delete temporary CSV files created during email-notification processing, leaving them publicly accessible in the uploads directory. This enables unauthenticated attackers to retrieve other users’ form...

7.5CVSS6AI score0.00256EPSS
Exploits0References1
Rows per page
Query Builder