VulnCheck KEV: CVE-2022-0142

The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...

CVE-2025-51735

CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...

CVE-2025-51735

CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...

EUVD-2025-199873

CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...

CVE-2025-51735

CVE-2025-51735 corresponds to a CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0. The connected documents confirm the affected product/version but do not provide technical exploit details or concrete root-cause specifics beyond the CSV-injection description. The CVSS v3.1...

CVE-2025-51735

CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...

Netscaler / Citrix ADC / Gateway Memory Overflow

This is a multi-host, multi-port scanner and auditor for CVE-2025-6543-affected NetScaler devices. Supports SNMP and SSH enumeration with optional CSV reporting and exploit stubs...

EUVD-2025-199173

Malicious code in csv-tool-cli npm...

MAL-2025-191084 Malicious code in csv-tool-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4710ebc34f0c5b28d34c41d165d2fff2c6ea04e90038226c7b328283319dd2a4 The package csv-tool-cli was found to contain malicious code. Source: ghsa-malware 7a82657ae868943eebe70053efe5b50087b24ce2a81a2c5eccca35dcb483a1f2 A...

Malicious code in csv-tool-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4710ebc34f0c5b28d34c41d165d2fff2c6ea04e90038226c7b328283319dd2a4 The package csv-tool-cli was found to contain malicious code. Source: ghsa-malware 7a82657ae868943eebe70053efe5b50087b24ce2a81a2c5eccca35dcb483a1f2 A...

CVE-2025-12800

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.4.5 via the sushortcodecsvtable function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make...

@collegedunia/newman-mocha (>=0.0.1 <=0.1.1), @dineshparne/postman-cli (>=1.0.0 <=1.0.5) +24 more potentially affected by unknown CVE via @postman/csv-parse (=4.0.2)

@postman/csv-parse NPM version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @postman/csv-parse and may be impacted: - @collegedunia/newman-mocha =0.0.1, =1.0.0, =1.0.0, =0.0.2, =1.1.1-beta.1, =1.0.34, =4.5.5, =1.0.0, =1.0.0, =1.0.2, =1.0.0,...

Malicious code in @postman/csv-parse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6072df393f967e34b9e50f3c9843f4716a7e65e30aff5648c7f003cb37c38e01 The package @postman/csv-parse was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190646 Malicious code in @postman/csv-parse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6072df393f967e34b9e50f3c9843f4716a7e65e30aff5648c7f003cb37c38e01 The package @postman/csv-parse was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-198633

Malicious code in @postman/csv-parse npm...

WordPress plugin WP Shortcodes Plugin — Shortcodes Ultimate 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

PT-2025-47865

Name of the Vulnerable Software and Affected Versions WP Shortcodes Plugin – Shortcodes Ultimate versions prior to 7.4.6 Description The Shortcodes Ultimate plugin for WordPress is susceptible to Server-Side Request Forgery SSRF. This allows authenticated attackers with Administrator-level access...

CVE-2025-64027

Snipe-IT v8.3.4 build 20218 contains a reflected cross-site scripting XSS vulnerability in the CSV Import workflow. When an invalid CSV file is uploaded, the application returns a progressmessage value that is rendered as raw HTML in the admin interface. An attacker can intercept and modify the...

CVE-2025-13145

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.33.1. This is due to deserialization of untrusted data supplied via CSV file imports in the importsinglepostascsv function within...

EUVD-2025-198298

Snipe-IT has Cross-site Scripting vulnerability in CSV import workflow...