Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-18 | CVE-2024-47485 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Hikvision Hikcentral Master There is a CSV injection vulnerability in some HikCentral Master Lite versions. | 9.8 |
2024-09-25 | CVE-2021-38963 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2 IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. | 8.0 |
2024-09-12 | CVE-2024-27320 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Refuel Autolabel An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. | 7.8 |
2024-09-12 | CVE-2024-27321 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Refuel Autolabel An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. | 7.8 |
2024-08-06 | CVE-2024-41226 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Automationanywhere Automation 360 21094 A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. | 7.8 |
2024-06-18 | CVE-2023-5527 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Businessdirectoryplugin Business Directory The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. | 8.0 |
2024-06-07 | CVE-2023-5424 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Westguardsolutions WS Form The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. | 8.8 |
2024-04-04 | CVE-2024-25007 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ericsson Network Manager 21.2/22.1/22.2 Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. | 7.1 |
2024-03-12 | CVE-2023-47534 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Forticlient Endpoint Management Server A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 allows attacker to execute unauthorized code or commands via specially crafted packets. | 8.8 |
2024-02-12 | CVE-2024-24337 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Koha CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components. | 8.0 |