Lucene search
K

971 matches found

Snyk
Snyk
added 5 days ago3 views

CSV Injection

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to CSV Injection through the postActivityReport process. An attacker can cause arbitrary formula execution in spreadsheet software by injecting a specially crafted User-Agent...

7.3CVSS6.3AI score0.00269EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-55452

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

7.3CVSS0.00269EPSS
Exploits0References3
CVE
CVE
added 5 days ago11 views

CVE-2026-55452

CVE-2026-55452 concerns Snipe-IT (IT asset/license management) where pre-8.5.0 builds store the User-Agent header via Actionlog::logaction() and export it in Activity Report CSV without formula escaping. This allows a low-privileged authenticated user to inject a formula-like payload that can exe...

7.3CVSS6.2AI score0.00269EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42997

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

4.8CVSS6.2AI score0.00269EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-55452 Snipe-IT: CSV formula injection in Activity Report export

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

4.8CVSS0.00269EPSS
Exploits0References3
OSV
OSV
added 5 days ago3 views

CVE-2026-55452 Snipe-IT: CSV formula injection in Activity Report export

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

4.8CVSS6.2AI score0.00269EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

RockyLinux 9 : libreoffice (RLSA-2026:36832)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:36832 advisory. libreoffice: LibreOffice Calc: Arbitrary code execution via heap buffer overflow in formula compilation CVE-2026-8357 Tenable has extracted the preceding...

7.8CVSS7.3AI score0.00139EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 6 days ago5 views

RHEL 9 : libreoffice (RHSA-2026:36832)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:36832 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a...

7.8CVSS7.3AI score0.00139EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added last week4 views

libreoffice: LibreOffice Calc: Arbitrary code execution via heap buffer overflow in formula compilation

A vulnerability has been identified in LibreOffice Calc. An application crash may occur if a user opens a malicious spreadsheet that contains excessively long formulas. Successful exploitation of this vulnerability could result in a denial of service or potentially lead to arbitrary code executio...

7.8CVSS6.1AI score0.00139EPSS
Exploits0References5
NVD
NVD
added 2026/07/07 10:16 p.m.8 views

CVE-2026-50179

Actual is a local-first personal finance tool. Prior to 26.6.0, exportToCSV and exportQueryToCSV in packages/loot-core/src/server/transactions/export/export-to-csv.ts pass user-controlled Payee, Notes, Account, and Category strings to csv-stringify with no cast callback and no formula-prefix...

4.2CVSS0.00286EPSS
Exploits0References3
NVD
NVD
added 2026/07/07 9:17 p.m.7 views

CVE-2026-46672

Actual is a local-first personal finance app. Prior to 26.6.0, @actual-app/cli ships a hand-rolled CSV serializer in packages/cli/src/output.ts used whenever the global --format csv option is passed, whose escapeCsv helper only handles RFC 4180 delimiter, quote, and newline escaping and does not...

4.6CVSS0.00188EPSS
Exploits0References4
CVE
CVE
added 2026/07/07 8:58 p.m.15 views

CVE-2026-50179

CVE-2026-50179 affects Actual Budget prior to version 26.6.0 where exportToCSV/exportQueryToCSV passed user-controlled Payee/Notes/Account/Category strings to csv-stringify without a cast callback, allowing formula prefixes (e.g., =, +, -, @, tab, CR) to survive in CSV cells. When opened in Excel...

4.2CVSS6AI score0.00286EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:58 p.m.6 views

CVE-2026-50179

Actual is a local-first personal finance tool. Prior to 26.6.0, exportToCSV and exportQueryToCSV in packages/loot-core/src/server/transactions/export/export-to-csv.ts pass user-controlled Payee, Notes, Account, and Category strings to csv-stringify with no cast callback and no formula-prefix...

4.2CVSS6AI score0.00286EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/07/07 8:55 p.m.22 views

CVE-2026-46672

The CVE-2026-46672 entry describes a local CSV formula-injection flaw in the @actual-app/cli before version 26.6.0. The CLI uses a hand-rolled CSV serializer in packages/cli/src/output.ts with an escapeCsv that only neutralizes RFC 4180 delimiters (comma, quote, newline) and does not neutralize c...

4.6CVSS6.1AI score0.00188EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/07 8:55 p.m.32 views

CVE-2026-46672 Actual: CSV Formula Injection in `@actual-app/cli` `--format csv` Output via Custom `escapeCsv` Helper

Actual is a local-first personal finance app. Prior to 26.6.0, @actual-app/cli ships a hand-rolled CSV serializer in packages/cli/src/output.ts used whenever the global --format csv option is passed, whose escapeCsv helper only handles RFC 4180 delimiter, quote, and newline escaping and does not...

4.6CVSS0.00188EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 8:55 p.m.6 views

CVE-2026-46672 Actual: CSV Formula Injection in `@actual-app/cli` `--format csv` Output via Custom `escapeCsv` Helper

Actual is a local-first personal finance app. Prior to 26.6.0, @actual-app/cli ships a hand-rolled CSV serializer in packages/cli/src/output.ts used whenever the global --format csv option is passed, whose escapeCsv helper only handles RFC 4180 delimiter, quote, and newline escaping and does not...

4.6CVSS6.1AI score0.00188EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:55 p.m.6 views

CVE-2026-46672

Actual is a local-first personal finance app. Prior to 26.6.0, @actual-app/cli ships a hand-rolled CSV serializer in packages/cli/src/output.ts used whenever the global --format csv option is passed, whose escapeCsv helper only handles RFC 4180 delimiter, quote, and newline escaping and does not...

4.6CVSS6.1AI score0.00188EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/07/07 6:0 a.m.4 views

RLSA-2026:35839 Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

7.8CVSS6.6AI score0.00139EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/07/07 6:0 a.m.5 views

libreoffice security update

An update is available for libreoffice. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibreOffice is an open source, community-developed office productivity...

7.8CVSS6.7AI score0.00139EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/07/06 5:38 a.m.5 views

Important: Red Hat Security Advisory: libreoffice security update

An update for libreoffice is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

7.8CVSS6.6AI score0.00139EPSS
Exploits0References2
Rows per page
Query Builder