5077 matches found
MAL-2025-48414 Malicious code in csv-parsing-xyz (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 363b0535fad3e1200b4ecbbcaf6864c57f005f66af100032426235146347282e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-11498 CSV Formula Injection Vulnerability
An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager SDM of B&R Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file. The exploitation of this vulnerability requires the attack...
CVE-2025-11498
CVE-2025-11498 affects the System Diagnostics Manager (SDM) component of B&R Automation Runtime before 6.4. The issue is an Improper Neutralization of Formula Elements in a CSV File, allowing a remote attacker to inject formula data into a generated CSV. Exploitation requires the attacker to craf...
EUVD-2025-34193
An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager SDM of B&R Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file. The exploitation of this vulnerability requires the attack...
EUVD-2025-33824
The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 27.0.3 via gallery submissions. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which c...
BIT-GRAFANA-IMAGE-RENDERER-2025-11539 Arbitrary Code Execution in Grafana Image Renderer Plugin
Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...
WordPress Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin <= 27.0.3 - Unauthenticated CSV Injection vulnerability
Unauthenticated CSV Injection vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin Contest Gallery versions = 27.0.3...
CVE-2025-11539
Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...
WordPress MSTW CSV EXPORTER plugin <= 1.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jin Yub in WordPress Plugin MSTW CSV EXPORTER versions = 1.4...
CVE-2025-11539
Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...
CVE-2025-11539
Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...
CVE-2025-11539 Arbitrary Code Execution in Grafana Image Renderer Plugin
Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...
CVE-2025-11539 Arbitrary Code Execution in Grafana Image Renderer Plugin
Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...
grafana-image-renderer 安全漏洞
grafana-image-renderer is a Grafana open source backend plugin for Grafana. A security vulnerability exists in grafana-image-renderer versions 1.0.0 through 4.0.16, which stems from the /render/csv endpoint that does not validate the filePath parameter, which could lead to remote code execution...
Arbitrary Code Execution in Grafana Image Renderer Plugin
Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...
EUVD-2020-30798
Malware in sbrugna...
EUVD-2021-13793
Malware in sbrugna...
EUVD-2019-4536
Malware in sbrugna...
EUVD-2020-8180
Malware in sbrugna...
EUVD-2017-18448
Malware in sbrugna...