Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-24 | CVE-2022-26249 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Surveyking Project Surveyking 0.3.0 Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack. | 9.8 |
| 2022-03-17 | CVE-2022-24770 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Gradio Project Gradio `gradio` is an open source framework for building interactive machine learning models and demos. | 8.8 |
| 2022-03-10 | CVE-2021-39022 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0 IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. | 8.8 |
| 2022-02-11 | CVE-2021-46363 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Magnolia-Cms Magnolia CMS An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. | 7.8 |
| 2022-02-04 | CVE-2022-22689 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Broadcom CA Harvest Software Change Manager CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands. | 8.8 |
| 2022-01-10 | CVE-2022-22121 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Xgenecloud Nocodb In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). | 8.0 |
| 2021-11-26 | CVE-2021-23654 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Html-To-Csv Project Html-To-Csv This affects all versions of package html-to-csv. | 9.8 |
| 2021-11-24 | CVE-2021-41270 | Improper Neutralization of Formula Elements in a CSV File vulnerability in multiple products Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. | 6.5 |
| 2021-11-23 | CVE-2021-36334 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Dell EMC Cloud Link Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. | 6.8 |
| 2021-11-03 | CVE-2021-38424 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Deltaww Dialink 1.2.4.0 The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. | 7.8 |