319 matches found
EUVD-2021-28271
Malicious code in bioql PyPI...
EUVD-2021-34249
Malicious code in bioql PyPI...
EUVD-2022-42968
Malicious code in bioql PyPI...
EUVD-2024-50429
Malicious code in bioql PyPI...
EUVD-2022-28220
Malicious code in bioql PyPI...
EUVD-2022-42924
Malicious code in bioql PyPI...
EUVD-2022-2006
Malicious code in bioql PyPI...
EUVD-2024-24363
Malicious code in bioql PyPI...
EUVD-2022-27834
Malicious code in bioql PyPI...
CVE-2025-10498
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation when exporting CSV files. This makes it possible for unauthenticated...
Linux Distros Unpatched Vulnerability : CVE-2021-32472
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and...
Linux Distros Unpatched Vulnerability : CVE-2019-20184
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KeePass 2.4.1 allows CSV injection in the title field of a CSV export. CVE-2019-20184 Note that Nessus relies on the presence of the package as reported by the...
Linux Distros Unpatched Vulnerability : CVE-2020-36308
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries...
CVE-2025-50572
CVE-2025-50572 affects RSA Archer 6.11.00204.10014. Description: an issue with improper handling of system inputs exported into CSV files can lead to arbitrary code execution when the user opens the CSV with compatible applications. Exploitation status is not provided in the supplied documents. R...
WordPress Broken Link Notifier plugin code execution vulnerability
WordPress Broken Link Notifier plugin is a plugin for monitoring broken links e.g. 404 errors, timeout links, etc. within a website. A code execution vulnerability exists in the WordPress Broken Link Notifier plugin that stems from the possibility of embedding malicious input when exporting CSV...
WordPress plugin Broken Link Notifier 安全漏洞
WordPress Broken Link Notifier plugin is a plugin for monitoring broken links e.g. 404 errors, timeout links, etc. within a website. A code execution vulnerability exists in the WordPress Broken Link Notifier plugin that stems from the possibility of embedding malicious input when exporting CSV...
CVE-2024-28111
Canarytokens helps track activity and actions on a network. Canarytokens.org supports exporting the history of a Canarytoken's incidents in CSV format. The generation of these CSV files is vulnerable to a CSV Injection vulnerability. This flaw can be used by an attacker who discovers an HTTP-base...
CVE-2023-50448
In ActiveAdmin aka Active Admin before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data that belongs to another user by making CSV export requests at certain specific times...
CVE-2023-7048
The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. This is due to missing or incorrect nonce validation in mystickymenu-contact-leads.php. This makes it possible for unauthenticated attackers to trigger the export of a C...
CVE-2022-22689
CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands...