Search

Blog Stats Labs CLI MCP API Limits About Privacy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Blog Statistics Labs CLI Tool MCP Server API Documentation Rate Limits About Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1236

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

280 vulnerabilities with CWE-1236

CVE-2026-24447 MEDIUM

Movable Type - Code Injection

CVE-2025-67851 MEDIUM

Moodle - Code Injection

CVE-2020-36962 CRITICAL

Tendenci 12.3.1 - Code Injection

CVE-2021-47901 CRITICAL

Dirsearch 0.4.1 - Code Injection

CVE-2020-36941 CRITICAL

Knockpy 4.1.1 - Code Injection

CVE-2026-23873 CRITICAL

hustoj - CSV Injection

CVE-2025-61873 LOW

Best Practical RT <4.4.9-6.0.2 - Code Injection

CVE-2025-66834 HIGH

TrueConf Server <5.5.2.10813 - Formula Injection

CVE-2023-53929 HIGH

phpMyFAQ 3.1.12 - Code Injection

CVE-2023-53913 HIGH

Rukovoditel 3.3.1 - Code Injection

CVE-2023-53905 HIGH

ProjectSend r1605 - Code Injection

CVE-2025-14229 MEDIUM

SourceCodester Inventory Management System 1.0 - Code Injection

CVE-2025-51735 HIGH

HCL Technologies Ltd. Unica 12.0.0. - Code Injection

CVE-2025-13133 MEDIUM

Simple User Import Export <1.1.7 - Code Injection

CVE-2025-12249 MEDIUM

Axosoft Scrum and Bug Tracking 22.1.1.11545 - Code Injection

CVE-2025-11576 MEDIUM

AI Chatbot Free Models - Customer Support, Live Chat, Virtual Assis...

CVE-2025-60852 MEDIUM

Instant Developer Foundation <25.0.9600 - Code Injection

CVE-2025-62417 HIGH

Bagisto - Info Disclosure

CVE-2025-11498 MEDIUM

B&R Automation Runtime <6.4 - Info Disclosure

CVE-2025-11254 MEDIUM

Contest Gallery <27.0.3 - Code Injection

CVE-2025-11279 MEDIUM

Axosoft Scrum and Bug Tracking 22.1.1.11545 - CSV Injection

CVE-2025-35033 MEDIUM

Medical Informatics Engineering Enterprise Health - CSV Injection

CVE-2025-56267 CRITICAL

Avigilon ACM <7.10.0.20 - Code Injection

CVE-2025-58855 HIGH

AP HoneyPot WP <1.4 - XSS

CVE-2025-39245 MEDIUM

HikCentral Master Lite - Command Injection

Page 1 of 12 Next

Details

Vulnerabilities 280

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy