10 matches found
EUVD-2019-15754
Malware in sbrugna...
EUVD-2025-12282
Malicious code in bioql PyPI...
The vulnerability of the MFlash secure data exchange platform lies in the lack of a mechanism to protect the output data used in generating CSV files. This allows attackers to influence the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the MFlash secure data exchange platform lies in the lack of a mechanism for shielding the output data used in generating CSV files. Exploiting this vulnerability allows an attacker, operating remotely, to compromise the confidentiality, integrity, and accessibility of the...
CVE-2024-53924
Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IFA1=200, eval"import'os'.system substring...
PYSEC-2025-177
Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IFA1=200, eval"import'os'.system substring...
CVE-2024-53924
Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IFA1=200, eval"import'os'.system substring...
PT-2025-17210 · Pycel · Pycel
Name of the Vulnerable Software and Affected Versions: Pycel versions 1.0b30 and earlier Description: The issue allows code execution via a crafted formula in a cell, such as one beginning with the =IFA1=200, eval" import 'os'.system substring." in an untrusted spreadsheet. Recommendations: For...
Lenovo XClarity Administrator Injection Vulnerability
Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The product is capable of providing agentless hardware management for servers, storage, network switches, and more. An injection vulnerability exists in Lenovo XClarity Administrator. An attacker...
Design/Logic Flaw
A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator LXCA versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formul...
CVE-2019-6182
A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator LXCA versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formul...