Lucene search
K

5084 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:43 a.m.5 views

CVE-2022-26249

Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack...

9.8CVSS7.8AI score0.01761EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:32 a.m.6 views

CVE-2017-18900

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report...

9.8CVSS7.2AI score0.01285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:11 a.m.9 views

CVE-2019-11537

In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file...

6.1CVSS5.8AI score0.04622EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:8 a.m.17 views

CVE-2019-20184

KeePass 2.4.1 allows CSV injection in the title field of a CSV export...

7.8CVSS7.1AI score0.01633EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:7 a.m.10 views

CVE-2019-20385

The CSV upload feature in /supervisor/procesacarga.php on Logaritmo Aware CallManager 2012 devices allows upload of .php files with a text/ content type. The PHP code can then be executed by visiting a /supervisor/csv/ URI...

8.8CVSS7.3AI score0.01127EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:56 a.m.9 views

CVE-2020-12468

Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/...

7.8CVSS7AI score0.00858EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:51 a.m.13 views

CVE-2020-10131

SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter...

9.8CVSS7.1AI score0.01276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:31 a.m.8 views

CVE-2023-25611

A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names...

7.3CVSS7.2AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:28 a.m.5 views

CVE-2023-49783

Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...

4.3CVSS6.7AI score0.00341EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:28 a.m.8 views

CVE-2023-45597

A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “fileconfiguration” functionality of the web application concerning the function “exportfile” allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. This issue...

9CVSS6.7AI score0.00446EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.6 views

CVE-2021-41270

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula...

6.5CVSS7.1AI score0.01355EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:11 a.m.13 views

CVE-2022-35281

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335...

8.8CVSS6.7AI score0.00505EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.8 views

CVE-2023-4006

Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16...

9.8CVSS6.7AI score0.00677EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.6 views

CVE-2021-41128

Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports Statistics & BAG MED contain a CSV Injection Vulnerability. Users of the system are able to submit formula as exported fields which then get...

9.1CVSS7.2AI score0.01257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.7 views

CVE-2021-41161

Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There are no known workarounds for this issue...

9.3CVSS7.1AI score0.00612EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:36 a.m.15 views

CVE-2020-12074

The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV...

8.8CVSS6.8AI score0.01727EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.9 views

PT-2026-1754

Name of the Vulnerable Software and Affected Versions Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to and including 1.49.1 Description The Forminator Forms plugin is susceptible to authorization bypass. This occurs because the plugin does no...

5.3CVSS6.1AI score0.00262EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/01/08 10:36 p.m.7 views

WordPress Forminator Forms plugin <= 1.49.1 - Missing Authorization to Authenticated (Forminator User+) CSV Export vulnerability

Missing Authorization to Authenticated Forminator User+ CSV Export vulnerability discovered by type5afe in WordPress Plugin Forminator versions = 1.49.1...

5.3CVSS6.9AI score0.00262EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:31 a.m.7 views

CVE-2019-16120

CSV injection in the event-tickets Event Tickets plugin before 4.10.7.2 for WordPress exists via the "All Post Ticketed Attendees" Export Attendees feature...

8.8CVSS7.4AI score0.03194EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.8 views

CVE-2019-16959

SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket...

6.5CVSS6.9AI score0.0163EPSS
Exploits1References1
Rows per page
Query Builder