55 matches found
CVE-2026-5242
The CVE-2026-5242 entry concerns MIA Technology Inc.’s Pizzy Library. A vulnerability in CSV handling arises from improper neutralization of formula elements, enabling Code Injection. Affected versions are 1.0.0.26250 up to (but not including) 1.3.9.26250. CVSS‑3.1 scoring is 8.8 (HIGH): Network ...
CVE-2026-35157
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote...
PT-2026-39587
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote...
GHSA-4Q3W-JGFX-4792 Tendenci is Vulnerable to CSV Formula Injection through its Contact Form Message Field
Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when...
CVE-2020-36962
Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when...
EUVD-2020-30887
Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when...
CVE-2025-66834
A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadsheet formulas into exported chat logs via crafted Display Name...
CVE-2025-51735
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...
CVE-2025-51735
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...
CVE-2025-51735
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...
CVE-2025-51735
CVE-2025-51735 corresponds to a CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0. The connected documents confirm the affected product/version but do not provide technical exploit details or concrete root-cause specifics beyond the CSV-injection description. The CVSS v3.1...
EUVD-2025-199873
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...
CVE-2025-11498
An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager SDM of B Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file. The exploitation of this vulnerability requires the attacker...
CVE-2025-11498
CVE-2025-11498 affects the System Diagnostics Manager (SDM) component of B&R Automation Runtime before 6.4. The issue is an Improper Neutralization of Formula Elements in a CSV File, allowing a remote attacker to inject formula data into a generated CSV. Exploitation requires the attacker to craf...
EUVD-2021-10381
Malware in sbrugna...
EUVD-2021-22954
Malware in sbrugna...
EUVD-2020-18132
Malware in sbrugna...
CVE-2025-58855
Improper Neutralization of Formula Elements in a CSV File vulnerability in Denis V Artprima AP HoneyPot WordPress Plugin ap-honeypot allows Reflected XSS.This issue affects AP HoneyPot WordPress Plugin: from n/a through = 1.4...
CVE-2025-58855
Improper Neutralization of Formula Elements in a CSV File vulnerability in Denis V Artprima AP HoneyPot WordPress Plugin ap-honeypot allows Reflected XSS.This issue affects AP HoneyPot WordPress Plugin: from n/a through = 1.4...
PT-2025-32992 · Unknown · Cyclonedx Sunshine
Name of the Vulnerable Software and Affected Versions: CycloneDX Sunshine version 0.9 Description: CycloneDX Sunshine version 0.9 is vulnerable to CSV Formula Injection via a crafted JSON file. Recommendations: At the moment, there is no information about a newer version that contains a fix for...