Lucene search
K

5079 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:3 a.m.6 views

CVE-2019-12134

CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in Workday through 32 via a value provided by a low-privileged user in a contact form field that is mishandled in a CSV export...

8.8CVSS7.2AI score0.01411EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:25 a.m.8 views

CVE-2019-11819

Alkacon OpenCMS v10.5.4 and before is affected by CSV aka Excel Macro Injection in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp via the First Name or Last Name...

7.8CVSS7.3AI score0.01001EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:2 a.m.8 views

CVE-2018-15906

SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file...

9CVSS7.6AI score0.08245EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:45 a.m.7 views

CVE-2019-16184

A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file...

9.8CVSS7.2AI score0.01711EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:37 a.m.7 views

CVE-2019-14352

In Joget Workflow 6.0.20, CSV Injection, also known as Formula Injection, exists, as demonstrated by jw/web/userview/crmcommunity/crmuserviewsales//accountnew with the Account ID or Account Name field. NOTE: the vendor disputes the relevance of this finding because CSV is not the intended export...

7.8CVSS7AI score0.00969EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:5 a.m.4 views

CVE-2019-15776

The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file...

6.1CVSS7.3AI score0.01344EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:32 a.m.6 views

CVE-2019-14749

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV aka Formula injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and...

8.8CVSS7AI score0.09612EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:9 a.m.4 views

CVE-2014-5016

Multiple cross-site scripting XSS vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via 1 the pid attribute to the getAttributejson function to application/controllers/admin/participantsaction.php in CPDB, 2 the sa parameter to...

4.3CVSS6AI score0.01474EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:53 a.m.5 views

CVE-2015-9512

The Easy Digital Downloads EDD CSV Manager extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...

6.1CVSS6.2AI score0.00923EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:52 a.m.6 views

CVE-2015-9306

The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS...

6.1CVSS7.1AI score0.00958EPSS
Exploits0References1
OSV
OSV
added 2025/05/21 8:15 p.m.4 views

CVE-2025-45755

A Stored Cross-Site Scripting XSS vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improper...

6.1CVSS5.8AI score0.00252EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/05/21 7:8 p.m.2171 views

Exploit for Use of Less Trusted Source in Apache Http_Server

CVE-2022-31813 Vulnerability Checker Author: Derek Odiorn...

9.8CVSS8.9AI score0.0314EPSS
Exploits1
CVE
CVE
added 2025/05/21 1:4 p.m.46 views

CVE-2025-1421

The CVE-2025-1421 issue affects Konsola Proget (server part of the MDM suite). Data submitted during device activation is stored in a database, enabling high-privileged users to export it as CSV and, by opening it in Excel, potentially corrupt the user’s PC. The attacker could gain remote access ...

2.4CVSS6.5AI score0.00214EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/21 1:4 p.m.15 views

CVE-2025-1421 Formula injection in a CSV file in Proget MDM

Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC...

2.4CVSS0.00214EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/21 1:4 p.m.7 views

CVE-2025-1421 Formula injection in a CSV file in Proget MDM

Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC...

2.4CVSS6.8AI score0.00214EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/21 12:0 a.m.8 views

CVE-2025-45755

A Stored Cross-Site Scripting XSS vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improper...

0.00252EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/21 12:0 a.m.4 views

Inedo ProGet 安全漏洞

Inedo ProGet is a package management system from Inedo. A security vulnerability exists in Inedo ProGet versions prior to 2.17.5, which stems from the possibility that device activation data could be downloaded as a CSV file by an elevated privileged user and cause damage to the PC, allowing an...

5.1CVSS6.5AI score0.00214EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/21 12:0 a.m.4 views

PT-2025-22425

Name of the Vulnerable Software and Affected Versions Vtiger CRM Open Source Edition version 8.3.0 Description A Stored Cross-Site Scripting XSS issue exists, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service...

6.1CVSS5.2AI score0.00252EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/05/21 12:0 a.m.6 views

PT-2025-22353 · Microsoft +1 · Office Excel +1

Name of the Vulnerable Software and Affected Versions: Konsola Proget server part of the MDM suite versions prior to 2.17.5 Description: The issue arises when data provided in a request to the server during new device activation is stored in a database. High-privileged users who download this dat...

5.1CVSS6.4AI score0.00214EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/05/19 4:4 p.m.8 views

CVE-2025-4876 Hardcoded Key Revealed in ConnectWise Password Encryption Utility

ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained t...

6CVSS5.9AI score0.0009EPSS
Exploits1References1
Rows per page
Query Builder