CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5059 matches found

NVD•added 2026/02/04 7:16 a.m.•3 views

CVE-2026-24447

If a malformed data is input to the affected product, a CSV file downloaded from the affected product may contain such malformed data. When a victim user download and open such a CSV file, the embedded code may be executed in the user's environment. Note that Movable Type 7 series and 8.4 series,...

6.5CVSS0.00021EPSS

Exploits0References3

Japan Vulnerability Notes•added 2026/02/04 7:15 a.m.•5 views

Multiple vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in Edit Comment CWE-79 - CVE-2026-21393 Stored cross-site scripting vulnerability in Export Sites CWE-79 - CVE-2026-22875 Unrestricted upload of file with...

6.5CVSS5.5AI score0.00021EPSS

Exploits0References9

CVE•added 2026/02/04 7:4 a.m.•10 views

CVE-2026-24447

Movable Type 7.x and 8.4.x are affected by CVE-2026-24447. A flaw in CSV handling allows specially crafted input data to produce a malicious CSV file that, when opened by a user, can execute code in the user’s environment. The PT-2026-6193 entry explicitly identifies Movable Type 7.x and 8.4.x (n...

6.5CVSS6.6AI score0.00021EPSS

Exploits0References3

RedhatCVE•added 2026/02/04 3:15 a.m.•5 views

CVE-2025-65923

A Stored Cross-Site Scripting XSS vulnerability was discovered within the CSV import mechanism of ERPNext thru 15.88.1 when using the Update Existing Recordsoption. An attacker can embed malicious JavaScript code into a CSV field, which is then stored in the database and executed whenever the...

5.4CVSS5.6AI score0.00052EPSS

Exploits0References1

Positive Technologies•added 2026/02/04 12:0 a.m.•3 views

PT-2026-6193

Name of the Vulnerable Software and Affected Versions Movable Type versions 7.x and 8.4.x Description A flaw exists where specially crafted input data can lead to the creation of a malicious CSV file. Downloading and opening this file can result in code execution within the user's system. The iss...

6.5CVSS6AI score0.00021EPSS

Exploits0References5

OSV•added 2026/02/03 6:16 p.m.•4 views

CVE-2025-65923

5.4CVSS5.7AI score

Exploits0References1

NVD•added 2026/02/03 6:16 p.m.•2 views

CVE-2025-65923

5.4CVSS0.00052EPSS

Exploits0References1

Snyk•added 2026/02/03 11:49 a.m.•2 views

CSV Injection

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to CSV Injection when exporting data to CSV or Excel. An attacker can execute arbitrary formulas in a spreadsheet application by supplying specially crafted input that is not properly escaped during...

7.8CVSS5.9AI score0.00063EPSS

Exploits0References2

CNNVD•added 2026/02/03 12:0 a.m.•4 views

ERPNext 安全漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions of ERPNext 15.88.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the CSV import mechanism’s improper handling of inputs, which may lead to...

5.4CVSS5.7AI score0.00052EPSS

Exploits0References1

ATTACKERKB•added 2026/02/03 12:0 a.m.•4 views

CVE-2025-65923

5.7AI score0.00052EPSS

Exploits0References2

CVE•added 2026/02/03 12:0 a.m.•8 views

CVE-2025-65923

ERPNext (up to 15.88.1) CSV import, specifically the Update Existing Records option, is affected by a Stored Cross-Site Scripting (XSS) vulnerability. A malicious CSV field can contain JavaScript that is stored in the database and executed when a user views the affected record in the ERPNext web ...

5.4CVSS5.7AI score0.00052EPSS

Exploits0References1Affected Software1

EUVD•added 2026/02/03 12:0 a.m.•3 views

EUVD-2025-206724

5.4CVSS5.7AI score0.00052EPSS

Exploits0References1

Positive Technologies•added 2026/02/03 12:0 a.m.•3 views

PT-2026-5951

Name of the Vulnerable Software and Affected Versions ERPNext versions through 15.88.1 Description A Stored Cross-Site Scripting XSS issue exists in the CSV import mechanism when the Update Existing Records option is used. An attacker can inject malicious JavaScript code into a CSV field. This co...

5.4CVSS5.6AI score0.00052EPSS

Exploits0References2

Cvelist•added 2026/02/03 12:0 a.m.•27 views

CVE-2025-65923

0.00052EPSS

Exploits0References1

Vulnrichment•added 2026/02/03 12:0 a.m.•3 views

CVE-2025-65923

5.6AI score0.00052EPSS

Exploits0References1

OSV•added 2026/01/28 6:30 p.m.•2 views

GHSA-4Q3W-JGFX-4792 Tendenci is Vulnerable to CSV Formula Injection through its Contact Form Message Field

Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when...

9.8CVSS5.8AI score0.00347EPSS

Exploits1References7

NVD•added 2026/01/28 6:16 p.m.•4 views

CVE-2020-36962

9.8CVSS0.00347EPSS

Exploits1References4

EUVD•added 2026/01/28 5:35 p.m.•4 views

EUVD-2020-30887

9.8CVSS6.1AI score0.00347EPSS

Exploits1References4

NVD•added 2026/01/28 7:16 a.m.•2 views

CVE-2026-0825

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the CSV export functionality in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to download...

5.3CVSS0.00019EPSS

Exploits0References6

Vulnrichment•added 2026/01/28 6:43 a.m.•5 views

CVE-2026-0825 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.5 - Missing Authorization to Unauthenticated Form Data Exfiltration via CSV Export

5.3CVSS5.9AI score0.00019EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by