Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1236

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

283 vulnerabilities with CWE-1236

CVE-2026-31049 CRITICAL

Hostbill 2025-11-24/2025-12-01 - Privilege Escalation

CVE-2026-39424 MEDIUM

MaxKB has CSV Injection in its Application Chat Export Functionality

CVE-2026-24447 MEDIUM

Movable Type - Code Injection

CVE-2026-23873 CRITICAL

hustoj - CSV Injection

CVE-2025-67851 MEDIUM

Moodle - Code Injection

CVE-2025-61873 LOW

Best Practical RT <4.4.9-6.0.2 - Code Injection

CVE-2025-66834 HIGH

TrueConf Server <5.5.2.10813 - Formula Injection

CVE-2025-14229 MEDIUM

SourceCodester Inventory Management System 1.0 - Code Injection

CVE-2025-51735 HIGH

HCL Technologies Ltd. Unica 12.0.0. - Code Injection

CVE-2025-13133 MEDIUM

Simple User Import Export <1.1.7 - Code Injection

CVE-2025-12249 MEDIUM

Axosoft Scrum and Bug Tracking 22.1.1.11545 - Code Injection

CVE-2025-11576 MEDIUM

AI Chatbot Free Models - Customer Support, Live Chat, Virtual Assis...

CVE-2025-60852 MEDIUM

Instant Developer Foundation <25.0.9600 - Code Injection

CVE-2025-62417 HIGH

Bagisto - Info Disclosure

CVE-2025-11498 MEDIUM

B&R Automation Runtime <6.4 - Info Disclosure

CVE-2025-11254 MEDIUM

Contest Gallery <27.0.3 - Code Injection

CVE-2025-11279 MEDIUM

Axosoft Scrum and Bug Tracking 22.1.1.11545 - CSV Injection

CVE-2025-35033 MEDIUM

Medical Informatics Engineering Enterprise Health - CSV Injection

CVE-2025-56267 CRITICAL

Avigilon ACM <7.10.0.20 - Code Injection

CVE-2025-58855 HIGH

AP HoneyPot WP <1.4 - XSS

CVE-2025-39245 MEDIUM

HikCentral Master Lite - Command Injection

CVE-2025-55745 HIGH

UnoPim <0.3.0 - Code Injection

CVE-2025-9241 MEDIUM

elunez eladmin <2.7 - CSV Injection

CVE-2025-52386 MEDIUM

CycloneDX Sunshine <0.9 - Code Injection

CVE-2025-8767 MEDIUM

AnWP Football Leagues <0.16.17 - Code Injection

Page 1 of 12 Next

Details

Vulnerabilities 283

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy