CVE-2026-35157

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote...

PT-2026-39587

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote...

CVE-2020-36962

Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when...

EUVD-2020-30887

Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when...

CVE-2025-66834

A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadsheet formulas into exported chat logs via crafted Display Name...

CVE-2025-51735

CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...

CVE-2025-51735

CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...

EUVD-2025-199873

CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...

CVE-2025-51735

CVE-2025-51735 corresponds to a CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0. The connected documents confirm the affected product/version but do not provide technical exploit details or concrete root-cause specifics beyond the CSV-injection description. The CVSS v3.1...

CVE-2025-51735

CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...

CVE-2025-11498

An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager SDM of B Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file. The exploitation of this vulnerability requires the attacker...

CVE-2025-11498

CVE-2025-11498 affects the System Diagnostics Manager (SDM) component of B&R Automation Runtime before 6.4. The issue is an Improper Neutralization of Formula Elements in a CSV File, allowing a remote attacker to inject formula data into a generated CSV. Exploitation requires the attacker to craf...

EUVD-2020-18132

Malware in sbrugna...

EUVD-2021-10381

Malware in sbrugna...

EUVD-2021-22954

Malware in sbrugna...

CVE-2025-58855

Improper Neutralization of Formula Elements in a CSV File vulnerability in Denis V Artprima AP HoneyPot WordPress Plugin ap-honeypot allows Reflected XSS.This issue affects AP HoneyPot WordPress Plugin: from n/a through = 1.4...

CVE-2025-58855

Improper Neutralization of Formula Elements in a CSV File vulnerability in Denis V Artprima AP HoneyPot WordPress Plugin ap-honeypot allows Reflected XSS.This issue affects AP HoneyPot WordPress Plugin: from n/a through = 1.4...

PT-2025-32992 · Unknown · Cyclonedx Sunshine

Name of the Vulnerable Software and Affected Versions: CycloneDX Sunshine version 0.9 Description: CycloneDX Sunshine version 0.9 is vulnerable to CSV Formula Injection via a crafted JSON file. Recommendations: At the moment, there is no information about a newer version that contains a fix for...

CVE-2025-52386

CVE-2025-52386 affects CycloneDX Sunshine v0.9. The issue arises when processing JSON input without validating formulas, enabling a CSV Formula Injection via crafted JSON files. Potential impact includes injection into downstream CSV, depending on how the data are consumed. The connected document...

CVE-2025-54752

Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed...