A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file.
Deserialization of Untrusted Data vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Object Injection.This issue affects Connector for Gravit
A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick a
A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file.
PHPJabbers Meeting Room Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation
PHPJabbers Night Club Booking Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation
PHPJabbers Event Booking Calendar v4.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on La
A vulnerability, which was classified as problematic, has been found in joelittlejohn jsonschema2pojo 1.2.2. This issue affects the function apply of the file org/jsonschema2pojo/rules/SchemaRule.java
Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attackers to inject malicious scripts through filename parameters in multipart form data. Attackers can upl
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.
This issue affects PlexTrac: from 1.61.3 before 2.8.1.
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. One of the sample scripts in PhpSpreadsheet is susceptible to a cross-site scripting (XSS) vulnerability due to improper
A vulnerability was found in Incorta 2023.4.3. It has been classified as problematic. Affected is an unknown function of the component Edit Insight Handler. The manipulation of the argument Service Na
A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicio
Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data i
A vulnerability has been found in OpenClinica Community Edition up to 3.12.2/3.13. Affected by this issue is some unknown functionality of the file /ImportCRFData?action=confirm of the component CRF D
A security vulnerability has been detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This affects an unknown part of the file /restructured/csv.
diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Unsanitized user input in POST parameters such as ES_PA
A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in "Something went wrong!" error page includes the exception message and exception traceback witho