EUVD-2018-2178

Malware in sbrugna...

EUVD-2025-23853

Malicious code in bioql PyPI...

EUVD-2025-27226

Malicious code in bioql PyPI...

CVE-2025-35033

Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14...

CVE-2025-59019

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them...

TYPO3 CSV download feature information disclosure

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them...

CVE-2025-59019

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them...

CVE-2025-59019

Missing authorization checks in TYPO3’s CSV download feature (CVE-2025-59019) allows backend users to disclose information from arbitrary database tables within their web mounts. Affected are TYPO3 CMS versions: 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17. Root cause is an authorization ga...

CVE-2025-59019 Information Disclosure via CSV Download

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them...

PT-2025-36695

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 11.0.0 through 11.5.47 TYPO3 CMS versions 12.0.0 through 12.4.36 TYPO3 CMS versions 13.0.0 through 13.4.17 Description: The CSV download feature lacks proper authorization checks. This allows backend users to disclose...

CVE-2025-2028

Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs...

CVE-2025-2028 Lack of TLS validation

Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs...

CVE-2025-2028 Lack of TLS validation

Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs...

Inedo ProGet 安全漏洞

Inedo ProGet is a package management system from Inedo. A security vulnerability exists in Inedo ProGet versions prior to 2.17.5, which stems from the possibility that device activation data could be downloaded as a CSV file by an elevated privileged user and cause damage to the PC, allowing an...

CVE-2024-9430 Get Quote For Woocommerce – Request A Quote For Woocommerce <= 1.0.0 - Missing Authorization to Unauthenticated Quote PDF and CSV Download

The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the cttepfwwploaded function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attacke...

Vulnerability On-Demand Search Reporting & Easy Download options

Vulnerability reporting is different from any other aspect of a Vulnerability Management Program. The methodologies of Discover, Assess, Report and Remediate are critical components that should be included in the respective sections of a Vulnerability Report. Qualys VMDR Vulnerability Management...

Cross site scripting

Google Monorail before 2018-06-07 has a Cross-Site Search XS-Search vulnerability because CSV downloads are affected by CSRF, and calculations of download times for requests with a crafted groupby value can be used to obtain sensitive information about the content of bug reports...

CVE-2018-19334

CVE-2018-19334 affects Google Monorail prior to 2018-05-04, exposing Cross-Site Search (XS-Search) via CSV downloads that are CSRF-protected inappropriately. The root cause is CSRF-assisted CSV download handling and calculations of download times for requests with an unsupported axis, which can r...

CVE-2018-6015

The CVE-2018-6015 issue affects WordPress Email Subscribers & Newsletters plugin prior to v3.4.8. An attacker can trigger an information-disclosure by sending an HTTP POST to a URI ending with /?es=export and including option=view_all_subscribers in the body, which allows downloading a CSV contai...