Lucene search
K

959 matches found

Cvelist
Cvelist
added 2026/06/23 8:36 p.m.28 views

CVE-2026-47375 NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, an authenticated user with columnAdd permission on a Postgres-backed base can inject arbitrary SQL into the formula engine via the optional direction argument of ARRAYSORT.... The value is unrestricted by formula...

6CVSS0.00215EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:36 p.m.20 views

CVE-2026-47375

CVE-2026-47375 (NocoDB) : A Postgres-backed deployment is vulnerable to authenticated SQL injection through the ARRAYSORT formula when a user with columnAdd permission supplies a malicious second argument. The issue arises because the attacker-controlled value is embedded into a knex.raw ORDER BY...

6CVSS6AI score0.00215EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/22 11:48 p.m.5 views

@actual-app/web has CSV Formula Injection in Transaction Export via Imported Payee/Notes Fields

Summary exportToCSV and exportQueryToCSV in packages/loot-core/src/server/transactions/export/export-to-csv.ts pass user-controlled Payee, Notes, Account, and Category strings to csv-stringify with no cast callback and no formula-prefix neutralization. Strings that begin with =, +, -, @, tab, or...

4.2CVSS5.9AI score0.00286EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/22 11:48 p.m.3 views

CSV Injection

Overview Affected versions of this package are vulnerable to CSV Injection in the exportToCSV and exportQueryToCSV processes, where user-controlled input from fields such as Payee and Notes is passed to CSV export without neutralizing formula-triggering characters. An attacker can cause...

4.2CVSS5.9AI score0.00286EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/22 9:42 p.m.7 views

@actual-app/cli `--format csv` Output Vulnerable to CSV Formula Injection via Custom `escapeCsv` Helper

Summary @actual-app/cli ships a hand-rolled CSV serializer in packages/cli/src/output.ts used whenever the global --format csv option is passed whose escapeCsv helper only handles RFC 4180 delimiter/quote/newline escaping. It does not neutralize the standard CSV formula-injection prefixes =, +, -...

4.6CVSS6.1AI score0.00188EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/22 9:42 p.m.5 views

CSV Injection

Overview @actual-app/cli is a CLI for Actual Budget Affected versions of this package are vulnerable to CSV Injection via the escapeCsv function, which fails to neutralize formula-triggering prefixes in user-controlled fields when exporting data to CSV format. An attacker can cause arbitrary...

4.6CVSS6.2AI score0.00188EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 9:42 p.m.5 views

CSV Injection

Overview Affected versions of this package are vulnerable to CSV Injection via the escapeCsv function, which fails to neutralize formula-triggering prefixes in user-controlled fields when exporting data to CSV format. An attacker can cause arbitrary formula execution or data exfiltration by...

4.6CVSS6.2AI score0.00188EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 10:16 a.m.17 views

CVE-2026-12862

Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file...

5.1CVSS0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 8:26 a.m.8 views

EUVD-2026-38220

Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file...

5.1CVSS5.8AI score0.00226EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 8:26 a.m.20 views

CVE-2026-12862

The CVE-2026-12862 entry documents a formula-injection risk in XLSX exports where untrusted user data is passed directly to Excel exports for administrators. Root cause: untrusted data used in the export path enables Excel formulas to be interpreted when the file is opened, potentially compromisi...

5.1CVSS5.8AI score0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 8:26 a.m.33 views

CVE-2026-12862 XLSX formula injection in exports

Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file...

5.1CVSS0.00226EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 8:26 a.m.4 views

CVE-2026-12862

Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file...

5.1CVSS5.8AI score0.00226EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.20 views

PT-2026-51455

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.6.0 Description Actual is a local-first personal finance tool that fails to neutralize formula-trigger characters when exporting data to CSV. The functions exportToCSV and exportQueryToCSV in...

4.2CVSS6.7AI score0.00286EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.9 views

PT-2026-51447

Name of the Vulnerable Software and Affected Versions @actual-app/cli versions prior to 26.6.0 Description The @actual-app/cli tool contains a CSV serialization issue in the escapeCsv function within packages/cli/src/output.ts. When the --format csv option is used, the serializer only handles...

4.6CVSS6.2AI score0.00188EPSS
Exploits0References11
NVD
NVD
added 2026/06/15 6:16 p.m.16 views

CVE-2026-8357

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

7.8CVSS0.00139EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/15 4:23 p.m.41 views

CVE-2026-8357 Heap buffer overflow in Calc formula compilation

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

6.9CVSS0.00139EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 4:23 p.m.10 views

EUVD-2026-36739

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

6.9CVSS5.6AI score0.00139EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 4:23 p.m.25 views

CVE-2026-8357

CVE-2026-8357 affects LibreOffice Calc. A heap buffer overflow occurs when compiling very long formulas with many opening tokens: the nesting-depth tracking array was allocated too small for the worst case, causing writes past the end. In fixed versions the array is sized to hold the largest poss...

7.8CVSS5.6AI score0.00139EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/15 4:23 p.m.10 views

CVE-2026-8357 Heap buffer overflow in Calc formula compilation

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

6.9CVSS5.6AI score0.00139EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/15 4:23 p.m.8 views

CVE-2026-8357

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

7.8CVSS5.6AI score0.00139EPSS
Exploits0
Rows per page
Query Builder