CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

32 matches found

Vulnrichment•added 2026/05/11 9:33 a.m.•7 views

CVE-2026-35157

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote...

5.8CVSS5.9AI score0.00051EPSS

Exploits0References1

NVD•added 2026/01/28 6:16 p.m.•4 views

CVE-2020-36962

Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when...

9.8CVSS0.00347EPSS

Exploits1References4

RedhatCVE•added 2025/12/01 3:19 p.m.•6 views

CVE-2025-51735

CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...

7.5CVSS7.4AI score0.00052EPSS

Exploits0References1

NVD•added 2025/11/28 3:16 p.m.•1 views

CVE-2025-51735

CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...

7.5CVSS0.00052EPSS

Exploits0References1

EUVD•added 2025/11/28 12:0 a.m.•3 views

EUVD-2025-199873

CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...

7.5CVSS6.8AI score0.00052EPSS

Exploits0References2

CVE•added 2025/10/14 12:42 p.m.•7 views

CVE-2025-11498

CVE-2025-11498 affects the System Diagnostics Manager (SDM) component of B&R Automation Runtime before 6.4. The issue is an Improper Neutralization of Formula Elements in a CSV File, allowing a remote attacker to inject formula data into a generated CSV. Exploitation requires the attacker to craf...

6.1CVSS6.4AI score0.00033EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2021-10381

Malware in sbrugna...

8CVSS7.8AI score0.00096EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-22954

Malware in sbrugna...

6.8CVSS6.6AI score0.00467EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2020-18132

Malware in sbrugna...

7.8CVSS7.7AI score0.00203EPSS

Exploits0References3

CVE•added 2025/08/13 12:0 a.m.•12 views

CVE-2025-52386

CVE-2025-52386 affects CycloneDX Sunshine v0.9. The issue arises when processing JSON input without validating formulas, enabling a CSV Formula Injection via crafted JSON files. Potential impact includes injection into downstream CSV, depending on how the data are consumed. The connected document...

5.4CVSS7.3AI score0.00166EPSS

Exploits0References3

RedhatCVE•added 2025/05/23 2:18 a.m.•11 views

CVE-2023-46401

KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function...

9.8CVSS7.2AI score0.00128EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 2:18 a.m.•9 views

CVE-2023-46400

KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function...

9.8CVSS7.2AI score0.00123EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 3:22 p.m.•4 views

CVE-2020-25445

The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed...

7.8CVSS7.2AI score0.00203EPSS

Exploits0

NVD•added 2025/01/23 10:15 p.m.•11 views

CVE-2023-46400

KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function...

9.8CVSS0.00123EPSS

Exploits0References1

NVD•added 2025/01/23 10:15 p.m.•12 views

CVE-2023-46401

KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function...

9.8CVSS0.00128EPSS

Exploits1References1

CVE•added 2025/01/23 12:0 a.m.•48 views

CVE-2023-46400

KWHotel 0.47 is vulnerable to CSV Formula Injection in the Add Guest function. The CVE-2023-46400 entry is corroborated by multiple sources (NVD, Red Hat, CVE lists, CNNVD) with the same description. Affected component: the Add Guest functionality in KWHotel 0.47. Root cause: CSV formula injectio...

9.8CVSS7.2AI score0.00123EPSS

Exploits0References1Affected Software1