CVE-2023-53913

Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file...

EUVD-2023-60202

phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payload like 'calc|a!z|' to trigger code execution when an administrator exports user data as a CSV fil...

WordPress Secure Copy Content Protection and Content Locking plugin <= 4.9.2 - Unauthenticated Sensitive Information Exposure via Exposed CSV Export File vulnerability

Unauthenticated Sensitive Information Exposure via Exposed CSV Export File vulnerability discovered by Deadbee - NA in WordPress Plugin Secure Copy Content Protection and Content Locking versions = 4.9.2...

CVE-2025-12042

The Course Booking System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in the csv-export.php file in all versions up to, and including, 6.1.5. This makes it possible for unauthenticated attackers to directly access the file and obtain an expo...

EUVD-2025-38359

The Course Booking System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in the csv-export.php file in all versions up to, and including, 6.1.5. This makes it possible for unauthenticated attackers to directly access the file and obtain an expo...

CVE-2025-12042

The Course Booking System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in the csv-export.php file in all versions up to, and including, 6.1.5. This makes it possible for unauthenticated attackers to directly access the file and obtain an expo...

CVE-2025-12042 Course Booking System <= 6.1.5 - Missing Authorization to Unauthenticated Booking Data Export

The Course Booking System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in the csv-export.php file in all versions up to, and including, 6.1.5. This makes it possible for unauthenticated attackers to directly access the file and obtain an expo...

CVE-2025-12042

The CVE-2025-12042 vulnerability affects the WordPress Course Booking System plugin, specifically due to a missing capability check in csv-export.php. This flaw allows unauthenticated access to export (download) all booking data for all versions up to and including 6.1.5. Public details consisten...

cybersec-ids

cybersec-ids Full-stack AI-driven Web App Intrusion Detection...

CVE-2025-62417

Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula character for example =, +, -, or @ is accepted and later exported or saved into a CSV and opened in spreadsheet software, the spreadsheet will interpret that cell as a formula. This...

EUVD-2017-15161

Malware in sbrugna...

EUVD-2018-12126

Malware in sbrugna...

EUVD-2021-2220

Malware in sbrugna...

EUVD-2020-23850

Malware in sbrugna...

EUVD-2020-7266

Malware in sbrugna...

EUVD-2015-7906

Malware in sbrugna...

EUVD-2018-6743

Malware in sbrugna...

EUVD-2021-13793

Malware in sbrugna...

EUVD-2014-2412

Malware in sbrugna...

EUVD-2025-5507

Malicious code in bioql PyPI...