Export limit exceeded: 34516 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-35281 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2025-04-09 | 5.5 Medium |
| IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335. | ||||
| CVE-2022-42285 | 1 Nvidia | 2 Dgx A100, Sbios | 2025-04-07 | 6 Medium |
| DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering. | ||||
| CVE-2025-1921 | 1 Google | 1 Chrome | 2025-04-01 | 6.5 Medium |
| Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2022-23005 | 2 Jedec, Westerndigital | 4 Universal Flash Storage, Inand Eu311 Mobile Mc Ufs, Inand Eu312 Automotive Xa At Ufs and 1 more | 2025-04-01 | 8.7 High |
| Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UFS Boot feature to boot from UFS compliant storage devices. The UFS Boot feature, as specified in the UFS standard, is provided by UFS devices to support platforms that need to download the system boot loader from external non-volatile storage locations. Several scenarios have been identified in which adversaries may disable the boot capability, or revert to an old boot loader code, if the host boot ROM code is improperly implemented. UFS Host Boot ROM implementers may be impacted by this vulnerability. UFS devices are only impacted when connected to a vulnerable UFS Host and are not independently impacted by this vulnerability. When present, the vulnerability is in the UFS Host implementation and is not a vulnerability in Western Digital UFS Devices. Western Digital has provided details of the vulnerability to the JEDEC standards body, multiple vendors of host processors, and software solutions providers. | ||||
| CVE-2024-2607 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-04-01 | 8.1 High |
| Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | ||||
| CVE-2024-29375 | 2025-03-28 | 9.8 Critical | ||
| CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name (inside Input Triangles) and Yield Curve Name parameters. | ||||
| CVE-2024-36877 | 1 Msi | 7 Am4, Am5, Intel 300 and 4 more | 2025-03-13 | 8.2 High |
| Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where condition in the in the SW handler for SMI 0xE3. Motherboard's with the following chipsets are affected: Intel 300, Intel 400, Intel 500, Intel 600, Intel 700, AMD 300, AMD 400, AMD 500, AMD 600 and AMD 700. | ||||
| CVE-2024-47485 | 1 Hikvision | 2 Hikcentral Master, Hikcentral Master Lite | 2025-03-13 | 9.8 Critical |
| There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file. | ||||
| CVE-2025-1836 | 2025-03-03 | 4.3 Medium | ||
| A vulnerability was found in Incorta 2023.4.3. It has been classified as problematic. Affected is an unknown function of the component Edit Insight Handler. The manipulation of the argument Service Name leads to csv injection. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-41791 | 1 Metagauss | 1 Profilegrid | 2025-02-20 | 6.5 Medium |
| Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress. | ||||
| CVE-2022-38061 | 1 Apasionados | 1 Export Post Info | 2025-02-20 | 6.2 Medium |
| Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at WordPress. | ||||
| CVE-2022-27858 | 1 Activity Log Project | 1 Activity Log | 2025-02-20 | 7.4 High |
| CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. | ||||
| CVE-2023-41798 | 1 Wpwax | 1 Directorist | 2025-02-19 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in wpWax Directorist – WordPress Business Directory Plugin with Classified Ads Listing.This issue affects Directorist – WordPress Business Directory Plugin with Classified Ads Listings: from n/a through 7.7.1. | ||||
| CVE-2022-45810 | 1 Icegram | 1 Icegram Express | 2025-02-19 | 9.8 Critical |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce: from n/a through 5.5.2. | ||||
| CVE-2022-45370 | 1 Webtoffee | 1 Wordpress Comments Import And Export | 2025-02-19 | 9.8 Critical |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1. | ||||
| CVE-2023-20593 | 4 Amd, Debian, Redhat and 1 more | 147 Athlon Gold 7220u, Athlon Gold 7220u Firmware, Epyc 7232p and 144 more | 2025-02-13 | 5.5 Medium |
| An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. | ||||
| CVE-2022-38143 | 1 Openimageio | 1 Openimageio | 2025-02-13 | 9.8 Critical |
| A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to arbitrary out of bounds memory, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2023-25983 | 1 Logon | 1 Kb Support | 2025-02-11 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84. | ||||
| CVE-2023-46400 | 1 Kwhotel | 1 Kwhotel | 2025-02-07 | 4.3 Medium |
| KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function. | ||||
| CVE-2019-16120 | 1 Liquidweb | 1 Event Tickets | 2025-02-07 | 8.8 High |
| CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature. | ||||