CVE-2025-54752

Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed...

PT-2025-31487 · Powercms · Powercms

Name of the Vulnerable Software and Affected Versions: PowerCMS affected versions not specified Description: Multiple versions of PowerCMS improperly neutralize formula elements within a CSV file. A malicious user can create a crafted CSV entry. If a victim user downloads and opens this file in...

CVE-2025-50572

CVE-2025-50572 affects RSA Archer 6.11.00204.10014. Description: an issue with improper handling of system inputs exported into CSV files can lead to arbitrary code execution when the user opens the CSV with compatible applications. Exploitation status is not provided in the supplied documents. R...

CVE-2025-50572

Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report against their produ...

PT-2025-31581

Name of the Vulnerable Software and Affected Versions RSA Archer version 6.11.00204.10014 Description An issue was discovered that allows attackers to execute arbitrary code via crafted system inputs. These inputs are exported into a CSV file, and execution occurs after a user opens the file with...

CVE-2025-50572

Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report against their produ...

PoC

Pedro Ribeiro @pedrib Exploit Dumping Grounds === This repository contains information, exploits, scripts, etc, that I have made public and it is located at https://github.com/pedrib/PoC. advisories: all my public advisories, research notes, etc Pwn2Own: advisories related to my Pwn2Own...

CVE-2025-50185 DbGate allows Unauthorized File Access via CSV Plugin

DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from arbitrary files on the system, regardless of their location or file...

CVE-2025-50185 DbGate allows Unauthorized File Access via CSV Plugin

DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from arbitrary files on the system, regardless of their location or file...

CVE-2025-50185

CVE-2025-50185 (DbGate) affects DbGate ≤ 6.6.0. Affected component: the dbgate-plugin-csv reader function, which does not validate file paths/types before reading files. This enables unauthorized access to arbitrary system files (e.g., /etc/shadow) by a user with application-level access, via the...

CVE-2025-50185 DbGate allows Unauthorized File Access via CSV Plugin

DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from arbitrary files on the system, regardless of their location or file...

Malicious code in json-cookie-csv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be88f5a49c7d58722c535bb587afc5d0ca1e519b765a459881be4bd9ca3cdb8b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-6170 Malicious code in json-cookie-csv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be88f5a49c7d58722c535bb587afc5d0ca1e519b765a459881be4bd9ca3cdb8b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress Broken Link Notifier plugin code execution vulnerability

WordPress Broken Link Notifier plugin is a plugin for monitoring broken links e.g. 404 errors, timeout links, etc. within a website. A code execution vulnerability exists in the WordPress Broken Link Notifier plugin that stems from the possibility of embedding malicious input when exporting CSV...

Job Iteration API 操作系统命令注入漏洞

Job Iteration API is an open source API interface from Shopify. An operating system command injection vulnerability exists in Job Iteration API versions prior to 1.11.0, which stems from arbitrary code execution in the CsvEnumerator class that could lead to unauthorized access or data disclosure...

CVE-2025-6838

The Broken Link Notifier plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.3.0 via broken links that are later exported. This makes it possible for authenticated attackers, with Contributor-level access and above, to embed untrusted input into exported CS...

CVE-2020-36849

The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-export/admin/upload-handler.php file in versions up to, and including, 3.0.3. This makes it possible for unauthorized attackers to...

CVE-2020-36849 AIT CSV import/export <= 3.0.3 - Unauthenticated Arbitrary File Upload

The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-export/admin/upload-handler.php file in versions up to, and including, 3.0.3. This makes it possible for unauthorized attackers to...

WordPress plugin AIT CSV import/export 代码问题漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin AIT CSV import/export has a code issue vulnerability , the vulnerability stems from the...

PT-2025-29320 · WordPress · Ait Csv Import/Export

Name of the Vulnerable Software and Affected Versions: AIT CSV import/export plugin for WordPress versions up to and including 3.0.3 Description: The AIT CSV import/export plugin for WordPress is susceptible to arbitrary file uploads due to a lack of file type validation in the...