CVE-2026-9101 Prototype pollution in csv parsing

Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...

EUVD-2026-31127

Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...

PT-2026-42201

Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...

SUSE SLED15 / SLES15 Security Update : perl-Text-CSV_XS (SUSE-SU-2026:1936-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1936-1 advisory. This update for perl-Text-CSVXS fixes the following issue - CVE-2026-7111: use-after-free when registered callbacks...

Security update for perl-Text-CSV_XS

This update for perl-Text-CSVXS fixes the following issue CVE-2026-7111: use-after-free when registered callbacks extend the Perl argument stack may enable type confusion or memory corruption bsc1263690. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods...

SUSE-SU-2026:1936-1 Security update for perl-Text-CSV_XS

This update for perl-Text-CSVXS fixes the following issue - CVE-2026-7111: use-after-free when registered callbacks extend the Perl argument stack may enable type confusion or memory corruption bsc1263690...

CVE-2018-25325

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the deleteexportfile AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename paramet...

CVE-2018-25325 Woocommerce CSV Importer 3.3.6 Path Traversal File Deletion

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the deleteexportfile AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename paramet...

EUVD-2018-21849

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the deleteexportfile AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename paramet...

CVE-2018-25325

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the deleteexportfile AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename paramet...

CVE-2018-25325

CVE-2018-25325 concerns the Woocommerce CSV Importer 3.3.6 path traversal vulnerability. The issue allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX action. By sending POST requests that include directory traversal sequences...

OPENSUSE-SU-2026:10774-1 perl-Text-CSV_XS-1.620.0-1.1 on GA media

These are all security issues fixed in the perl-Text-CSVXS-1.620.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-35157

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote...

EUVD-2026-29045

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote...

CVE-2026-35157

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote...

CVE-2026-35157

Dell ECS 3.8.1.0–3.8.1.7 and Dell ObjectScale

Dell ECS和Dell ObjectScale 安全漏洞

Dell ECS and Dell ObjectScale are both products of the American company Dell. Dell ECS is an extensible, manageable, and elastic enterprise-level object storage solution. Dell ObjectScale is an object storage platform. There were security vulnerabilities in versions 3.8.1.0 to 3.8.1.7 of Dell ECS...

PT-2026-39587

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote...

PT-2026-39724

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's write txt, write csv, write json, and commented-but-shipping scan file helpers open their output as openf"user.", where user comes unsanitized from the -u CLI flag or any line of a -U usernames file. A...

📄 WordPress CatFolders 2.5.2 SQL Injection

WordPress CatFolders plugin versions 2.5.2 and below suffer from a remote SQL injection vulnerability. CVE-2025-9776: Authenticated SQL Injection in CatFolders WordPress Plugin Keywords: CVE-2025-9776, CatFolders WordPress vulnerability, SQL injection WordPress, authenticated SQL injection,...