Total
227 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29375 | 2025-03-28 | N/A | 9.8 CRITICAL | ||
| CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name (inside Input Triangles) and Yield Curve Name parameters. | |||||
| CVE-2024-28764 | 2 Ibm, Linux | 2 Websphere Automation, Linux Kernel | 2025-03-21 | N/A | 6.5 MEDIUM |
| IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 285623. | |||||
| CVE-2024-47485 | 1 Hikvision | 1 Hikcentral Master | 2025-03-13 | N/A | 9.8 CRITICAL |
| There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file. | |||||
| CVE-2024-55532 | 2025-03-04 | N/A | 9.8 CRITICAL | ||
| Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue. | |||||
| CVE-2025-1836 | 2025-03-02 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in Incorta 2023.4.3. It has been classified as problematic. Affected is an unknown function of the component Edit Insight Handler. The manipulation of the argument Service Name leads to csv injection. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-51311 | 2025-02-24 | N/A | 8.8 HIGH | ||
| PHPJabbers Car Park Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | |||||
| CVE-2023-51336 | 2025-02-21 | N/A | 8.8 HIGH | ||
| PHPJabbers Meeting Room Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | |||||
| CVE-2023-51333 | 2025-02-21 | N/A | 8.8 HIGH | ||
| PHPJabbers Cinema Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | |||||
| CVE-2023-51319 | 2025-02-20 | N/A | 8.8 HIGH | ||
| PHPJabbers Bus Reservation System v1.1 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | |||||
| CVE-2022-41791 | 1 Metagauss | 1 Profilegrid | 2025-02-20 | N/A | 6.5 MEDIUM |
| Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress. | |||||
| CVE-2022-38061 | 1 Apasionados | 1 Export Post Info | 2025-02-20 | N/A | 6.2 MEDIUM |
| Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at WordPress. | |||||
| CVE-2023-51302 | 2025-02-20 | N/A | 8.8 HIGH | ||
| PHPJabbers Hotel Booking System v4.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | |||||
| CVE-2023-51298 | 2025-02-20 | N/A | 4.7 MEDIUM | ||
| PHPJabbers Event Booking Calendar v4.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | |||||
| CVE-2023-41798 | 1 Wpwax | 1 Directorist | 2025-02-19 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in wpWax Directorist – WordPress Business Directory Plugin with Classified Ads Listing.This issue affects Directorist – WordPress Business Directory Plugin with Classified Ads Listings: from n/a through 7.7.1. | |||||
| CVE-2022-45810 | 1 Icegram | 1 Icegram Express | 2025-02-19 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce: from n/a through 5.5.2. | |||||
| CVE-2022-45370 | 1 Webtoffee | 1 Wordpress Comments Import And Export | 2025-02-19 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1. | |||||
| CVE-2024-47572 | 2025-02-18 | N/A | 9.0 CRITICAL | ||
| An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file | |||||
| CVE-2023-25983 | 1 Logon | 1 Kb Support | 2025-02-11 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84. | |||||
| CVE-2023-46400 | 1 Kwhotel | 1 Kwhotel | 2025-02-07 | N/A | 9.8 CRITICAL |
| KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function. | |||||
| CVE-2022-3600 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-02-07 | N/A | 9.8 CRITICAL |
| The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection. | |||||