CVE-2026-47693 Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing...

CVE-2026-47693

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing...

CVE-2026-47693

CVE-2026-47693 details (Poweradmin) : Poweradmin, a web-based DNS admin tool for PowerDNS, is vulnerable to CSV Injection in its log export endpoints. User-supplied data (notably the username) is written to exported CSVs without sanitizing formula trigger characters (=, +, -, @). When an admin ex...

CVE-2026-47375

CVE-2026-47375 (NocoDB) : A Postgres-backed deployment is vulnerable to authenticated SQL injection through the ARRAYSORT formula when a user with columnAdd permission supplies a malicious second argument. The issue arises because the attacker-controlled value is embedded into a knex.raw ORDER BY...

CVE-2026-47375 NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, an authenticated user with columnAdd permission on a Postgres-backed base can inject arbitrary SQL into the formula engine via the optional direction argument of ARRAYSORT.... The value is unrestricted by formula...

CVE-2026-12862

Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file...

CVE-2026-12862

The CVE-2026-12862 entry documents a formula-injection risk in XLSX exports where untrusted user data is passed directly to Excel exports for administrators. Root cause: untrusted data used in the export path enables Excel formulas to be interpreted when the file is opened, potentially compromisi...

CVE-2026-12862

Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file...

EUVD-2026-38220

Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file...

CVE-2026-12862 XLSX formula injection in exports

Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file...

CVE-2026-8357

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

CVE-2026-8357 Heap buffer overflow in Calc formula compilation

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

EUVD-2026-36739

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

CVE-2026-8357 Heap buffer overflow in Calc formula compilation

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

CVE-2026-8357

CVE-2026-8357 affects LibreOffice Calc. The vulnerability arises in the formula compilation path when opening a spreadsheet, where very long formulas composed of many opening tokens cause a heap buffer overflow because the nesting-depth tracking array was undersized. The issue writes past the end...

CVE-2026-8357

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

CVE-2026-5242 Code Injection in Mia Technologies' Pizzy Library

Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

CVE-2026-5242 Code Injection in Mia Technologies' Pizzy Library

Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

CVE-2026-5242

The CVE-2026-5242 entry concerns MIA Technology Inc.’s Pizzy Library. A vulnerability in CSV handling arises from improper neutralization of formula elements, enabling Code Injection. Affected versions are 1.0.0.26250 up to (but not including) 1.3.9.26250. CVSS‑3.1 scoring is 8.8 (HIGH): Network ...

PT-2026-49236

Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...