5072 matches found
CVE-2025-8808
A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been rated as problematic. This issue affects the function exportOrder of the file /tianti-module-admin/user/ajax/save of the component com.jeff.tianti.controller. The manipulation leads to csv injection. The attack may be initiated...
CVE-2025-8808
CVE-2025-8808 affects xujeff tianti 天梯 up to 2.3. The vulnerability is in the exportOrder function of /tianti-module-admin/user/ajax/save within com.jeff.tianti.controller, enabling CSV injection. Exploitation appears possible remotely and public disclosures exist. Multiple connected sources conf...
CVE-2025-2028
Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs...
CVE-2025-2028
Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs...
CVE-2025-2028 Lack of TLS validation
Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs...
CVE-2025-2028 Lack of TLS validation
Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs...
CVE-2025-2028
CVE-2025-2028 affects Check Point Management Log Server. Description: lack of TLS validation when downloading a CSV file that contains IP-to-country mappings used solely for displaying country flags in logs. Root cause: TLS validation is not performed for the CSV download. Impact: integrity could...
PT-2025-32175 · Csv File · Csv File
Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: The software lacks TLS validation when downloading a CSV file containing IP-to-country mappings. This file is used solely for displaying country flags in logs. Recommendations: At the moment, there...
CVE-2025-50572
Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report against their produ...
CVE-2025-54752
Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed...
The vulnerability of the MFlash secure data exchange platform lies in the lack of a mechanism to protect the output data used in generating CSV files. This allows attackers to influence the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the MFlash secure data exchange platform lies in the lack of a mechanism for shielding the output data used in generating CSV files. Exploiting this vulnerability allows an attacker, operating remotely, to compromise the confidentiality, integrity, and accessibility of the...
CVE-2025-54752
Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed...
CVE-2025-54752
CVE-2025-54752 affects PowerCMS; vulnerable component is the handling of CSV files where malformed entries can cause embedded code execution when opened by a victim. Root cause cited: improper neutralization of formula elements in a CSV file. Impact described as code execution with user interacti...
CVE-2025-54752
Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed...
CVE-2025-54752
Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed...
CVE-2025-50572
Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report against their produ...
PT-2025-31487 · Powercms · Powercms
Name of the Vulnerable Software and Affected Versions: PowerCMS affected versions not specified Description: Multiple versions of PowerCMS improperly neutralize formula elements within a CSV file. A malicious user can create a crafted CSV entry. If a victim user downloads and opens this file in...
CVE-2025-50572
Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report against their produ...
PT-2025-31581
Name of the Vulnerable Software and Affected Versions RSA Archer version 6.11.00204.10014 Description An issue was discovered that allows attackers to execute arbitrary code via crafted system inputs. These inputs are exported into a CSV file, and execution occurs after a user opens the file with...
CVE-2025-50572
CVE-2025-50572 affects RSA Archer 6.11.00204.10014. Description: an issue with improper handling of system inputs exported into CSV files can lead to arbitrary code execution when the user opens the CSV with compatible applications. Exploitation status is not provided in the supplied documents. R...