MAL-2025-27331 Malicious code in neuromorphic-terser-csv-dagda (npm)

The package neuromorphic-terser-csv-dagda was found to contain malicious code...

MAL-2025-17801 Malicious code in csv-cosmicray-mui-spica (npm)

The package csv-cosmicray-mui-spica was found to contain malicious code...

MAL-2025-27722 Malicious code in norma-csv-impulse-gatsby (npm)

The package norma-csv-impulse-gatsby was found to contain malicious code...

MAL-2025-17802 Malicious code in csv-hermes-cryonics-solis (npm)

The package csv-hermes-cryonics-solis was found to contain malicious code...

PT-2025-32992 · Unknown · Cyclonedx Sunshine

Name of the Vulnerable Software and Affected Versions: CycloneDX Sunshine version 0.9 Description: CycloneDX Sunshine version 0.9 is vulnerable to CSV Formula Injection via a crafted JSON file. Recommendations: At the moment, there is no information about a newer version that contains a fix for...

CVE-2025-52386

CVE-2025-52386 affects CycloneDX Sunshine v0.9. The issue arises when processing JSON input without validating formulas, enabling a CSV Formula Injection via crafted JSON files. Potential impact includes injection into downstream CSV, depending on how the data are consumed. The connected document...

CVE-2025-8808

A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been rated as problematic. This issue affects the function exportOrder of the file /tianti-module-admin/user/ajax/save of the component com.jeff.tianti.controller. The manipulation leads to csv injection. The attack may be initiated...

CVE-2025-8808

CVE-2025-8808 affects xujeff tianti 天梯 up to 2.3. The vulnerability is in the exportOrder function of /tianti-module-admin/user/ajax/save within com.jeff.tianti.controller, enabling CSV injection. Exploitation appears possible remotely and public disclosures exist. Multiple connected sources conf...

CVE-2025-2028

Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs...

CVE-2025-2028

Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs...

CVE-2025-2028 Lack of TLS validation

Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs...

CVE-2025-2028 Lack of TLS validation

Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs...

CVE-2025-2028

CVE-2025-2028 affects Check Point Management Log Server. Description: lack of TLS validation when downloading a CSV file that contains IP-to-country mappings used solely for displaying country flags in logs. Root cause: TLS validation is not performed for the CSV download. Impact: integrity could...

PT-2025-32175 · Csv File · Csv File

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: The software lacks TLS validation when downloading a CSV file containing IP-to-country mappings. This file is used solely for displaying country flags in logs. Recommendations: At the moment, there...

CVE-2025-50572

Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report against their produ...

CVE-2025-54752

Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed...

The vulnerability of the MFlash secure data exchange platform lies in the lack of a mechanism to protect the output data used in generating CSV files. This allows attackers to influence the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the MFlash secure data exchange platform lies in the lack of a mechanism for shielding the output data used in generating CSV files. Exploiting this vulnerability allows an attacker, operating remotely, to compromise the confidentiality, integrity, and accessibility of the...

CVE-2025-54752

Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed...

CVE-2025-54752

CVE-2025-54752 affects PowerCMS; vulnerable component is the handling of CSV files where malformed entries can cause embedded code execution when opened by a victim. Root cause cited: improper neutralization of formula elements in a CSV file. Impact described as code execution with user interacti...

CVE-2025-54752

Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed...