Brother MFC-L9570CDW - Information Disclosure

An unauthenticated attacker who can access either the HTTP service TCP port 80, the HTTPS service TCP port 443, or the IPP service TCP port 631, can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mntinfo.csv can be accessed via a GET request and no...

MongoDB-backed Spring Batch jobs and more in Spring Boot 4.1

Spring Batch was introduced many years before MongoDB existed, and its design assumed the presence of a SQL database in which to store the state of Spring Batch jobs. But that was decades ago, and a common question for anyone new to Spring Batch was, "Why does this thing need to talk to a SQL...

EUVD-2026-32721

Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are opened in spreadsheet applications...

Dell ECS和Dell ObjectScale 安全漏洞

Dell ECS and Dell ObjectScale are both products of the American company Dell. Dell ECS is an extensible, manageable, and elastic enterprise-level object storage solution. Dell ObjectScale is an object storage platform. There were security vulnerabilities in versions 3.8.1.0 to 3.8.1.7 of Dell ECS...

CVE-2026-21741

An URL Redirection to Untrusted Site 'Open Redirect' vulnerability CWE-601 vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may allow a remote privileged attacker with system administrator role to redirect users to an arbitrary...

CVE-2026-21741

Fortinet FortiNAC-F is affected by an Open Redirect (CWE-601) vulnerability across FortiNAC-F 7.6.0–7.6.5, FortiNAC-F 7.4 all versions, and FortiNAC-F 7.2 all versions. The issue allows a remote privileged attacker with the system administrator role to redirect users to an arbitrary website by up...

CVE-2026-2184

A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be...

CVE-2026-2184

A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be...

CVE-2026-2184

A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be...

CVE-2026-2184 Great Developers Certificate Generation System csv.php os command injection

A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be...

Certificate Generation System 代码问题漏洞

Certificate Generation System is an open-source web-based certificate generation system developed by Great Developers. The Certificate Generation System has a code vulnerability that stems from incorrect operations with the /restructured/csv.php file, which may lead to unlimited uploads...

CVE-2023-25983

Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84...

CVE-2025-23113

An issue was discovered in REDCap 14.9.6. It has an action=myprojects=1 CSRF issue in the alert-title while performing an upload of a CSV file containing a list of alert configuration. An attacker can send the victim a CSV file containing an HTML injection payload in the alert-title. Once the...

CVE-2022-38702

Improper Neutralization of Formula Elements in a CSV File vulnerability in Nakashima Masahiro WP CSV Exporter.This issue affects WP CSV Exporter: from n/a through 2.0...

CVE-2022-42882

Improper Neutralization of Formula Elements in a CSV File vulnerability in Shambix Simple CSV/XLS Exporter.This issue affects Simple CSV/XLS Exporter: from n/a through 1.5.8...

CVE-2023-25611

A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names...

CVE-2023-4006

Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16...

CVE-2019-12950

An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" feature, it is possible to load a crafted CSV file with an XSS payload...

EUVD-2025-113283

Malicious code in ganymede-xenon-public-csv npm...

Exploit for SQL Injection in Valvepress Automatic

This is a PoC exploit for CVE-2024-27956, a vulnerability in the...