CVE-2025-58855

CVE-2025-58855 affects AP HoneyPot WordPress Plugin (Versions up to 1.4). Public records describe an improper neutralization of formula elements in a CSV file leading to reflected XSS, and related sources also flag a CSRF vulnerability in the plugin’s CSRF handling. The combination implies an imp...

Linux Distros Unpatched Vulnerability : CVE-2021-43815

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv...

Linux Distros Unpatched Vulnerability : CVE-2023-5541

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content. CVE-2023-5541 Note that Nessus relies on...

CVE-2025-39245

There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an attacker to inject executable commands via malicious CSV data...

Linux Distros Unpatched Vulnerability : CVE-2018-20752

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitte...

Linux Distros Unpatched Vulnerability : CVE-2023-36250

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new...

Linux Distros Unpatched Vulnerability : CVE-2019-20184

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KeePass 2.4.1 allows CSV injection in the title field of a CSV export. CVE-2019-20184 Note that Nessus relies on the presence of the package as reported by the...

CVE-2025-39245

There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an attacker to inject executable commands via malicious CSV data...

CVE-2025-54029

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in extendons WooCommerce csv import export extendons-eo-wooimport-export allows Path Traversal.This issue affects WooCommerce csv import export: from n/a through = 2.0.6...

CVE-2025-54029 WordPress WooCommerce csv import export Plugin <= 2.0.6 - Arbitrary File Deletion Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in extendons WooCommerce csv import export extendons-eo-wooimport-export allows Path Traversal.This issue affects WooCommerce csv import export: from n/a through = 2.0.6...

CVE-2025-54029

CVE-2025-54029 affects the WordPress plugin WooCommerce csv import export (versions up to 2.0.6). The issue is an improper limitation of a pathname to a restricted directory (path traversal), enabling traversal to arbitrary files. Some sources also describe an Arbitrary File Deletion impact. Reme...

WordPress plugin WooCommerce csv import export 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

Linux Distros Unpatched Vulnerability : CVE-2020-36308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries...

Linux Distros Unpatched Vulnerability : CVE-2018-13421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Fast C++ CSV Parser aka fast-cpp-csv-parser before 2018-07-06 has a heap-based buffer over-read in io::trimchars in csv.h. CVE-2018-13421 Note that Nessus relie...

CVE-2025-55745 UnoPim Quick Export feature is vulnerable to CSV injection

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported...

UnoPim 安全漏洞

UnoPim is an open source Product Information Management PIM system based on the Laravel framework by UnoPim Open Source. A security vulnerability exists in UnoPim 0.3.0 and earlier versions, which stems from CSV injection and could lead to remote code execution...

CVE-2025-9241

A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited...

ELADMIN 安全漏洞

ELADMIN is a backend management system for elunez personal developers. A security vulnerability exists in ELADMIN 2.7 and earlier versions, which stems from the exportUser function not escaping and filtering exported CSV content, which allows remote attackers to inject malicious CSV loads...

Exploit for CVE-2025-9216

StoreEngine – Powerful WordPress eCommerce Plugin for Payments...

Linux Distros Unpatched Vulnerability : CVE-2018-11652

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header,...