Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File

DATE CVE VULNERABILITY TITLE RISK
2024-09-25 CVE-2021-38963 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability.
network
low complexity
ibm CWE-1236
8.0
2024-09-12 CVE-2024-27320 Improper Neutralization of Formula Elements in a CSV File vulnerability in Refuel Autolabel
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files.
local
low complexity
refuel CWE-1236
7.8
2024-09-12 CVE-2024-27321 Improper Neutralization of Formula Elements in a CSV File vulnerability in Refuel Autolabel
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files.
local
low complexity
refuel CWE-1236
7.8
2024-08-06 CVE-2024-41226 Improper Neutralization of Formula Elements in a CSV File vulnerability in Automationanywhere Automation 360 21094
A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload.
local
low complexity
automationanywhere CWE-1236
7.8
2024-07-09 CVE-2024-27785 Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Fortiaiops 2.0.0
An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiAIOps version 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports.
network
low complexity
fortinet CWE-1236
6.5
2024-06-18 CVE-2023-5527 Improper Neutralization of Formula Elements in a CSV File vulnerability in Businessdirectoryplugin Business Directory
The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file.
network
low complexity
businessdirectoryplugin CWE-1236
8.0
2024-06-07 CVE-2023-5424 Improper Neutralization of Formula Elements in a CSV File vulnerability in Westguardsolutions WS Form
The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217.
network
low complexity
westguardsolutions CWE-1236
8.8
2024-04-04 CVE-2024-25007 Improper Neutralization of Formula Elements in a CSV File vulnerability in Ericsson Network Manager 21.2/22.1/22.2
Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure.
low complexity
ericsson CWE-1236
7.1
2024-03-12 CVE-2023-47534 Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Forticlient Endpoint Management Server
A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 allows attacker to execute unauthorized code or commands via specially crafted packets.
network
low complexity
fortinet CWE-1236
8.8
2024-02-06 CVE-2023-47022 Improper Neutralization of Formula Elements in a CSV File vulnerability in NCR Terminal Handler 1.5.1
Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.
network
low complexity
ncr CWE-1236
6.5