Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1236

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

292 vulnerabilities with CWE-1236

CVE-2026-5242 HIGH

Code Injection in Mia Technologies' Pizzy Library

CVE-2026-10248 MEDIUM

SourceCodester Pharmacy Sales and Inventory System Supplier Creation export create_supplier csv injection

CVE-2026-9673 MEDIUM

json-2-csv < 5.5.11 - Improper Neutralization of Formula Elements in a CSV File

CVE-2026-41073 MEDIUM

RT: Spreadsheet downloads vulnerable to CSV/formula injection in Microsoft Excel and similar apps

CVE-2026-35157 MEDIUM

Dell ECS 3.8.1.0-3.8.1.7 and ObjectScale < 4.3.0.0 - Unauthenticated Remote Code Execution via CSV Formula Injection

CVE-2026-42267 MEDIUM

Kimai: Formula Injection via tag names in XLSX export

CVE-2026-27644 MEDIUM

traccar allows CSV formula injection via exported position data

CVE-2026-31049 CRITICAL

Hostbill 2025-11-24/2025-12-01 - Privilege Escalation

CVE-2026-39424 MEDIUM

MaxKB has CSV Injection in its Application Chat Export Functionality

CVE-2026-24447 MEDIUM

Movable Type 8.0.2-8.0.8, 8.8.0-8.8.1, 9.0.4-9.0.5 - CSV Injection

CVE-2026-23873 CRITICAL

hustoj < 26.01.31 - CSV Injection via Contest Rank Export Nickname Field

CVE-2025-52612 HIGH

HCL iControl was affected by Export CSV - CSV Injection vulnerability.

CVE-2025-67851 MEDIUM

moodle < 4.1.22 - Formula Injection via CSV Export

CVE-2025-61873 LOW

Best Practical RT <4.4.9-6.0.2 - Code Injection

CVE-2025-66834 HIGH

TrueConf Server <5.5.2.10813 - Formula Injection

CVE-2025-14229 MEDIUM

SourceCodester Inventory Management System 1.0 - Code Injection

CVE-2025-51735 HIGH

HCL Technologies Ltd. Unica 12.0.0. - Code Injection

CVE-2025-13133 MEDIUM

Simple User Import Export <1.1.7 - Code Injection

CVE-2025-12249 MEDIUM

Axosoft Scrum and Bug Tracking 22.1.1.11545 - Code Injection

CVE-2025-11576 MEDIUM

AI Chatbot Free Models - Customer Support, Live Chat, Virtual Assis...

CVE-2025-60852 MEDIUM

Instant Developer Foundation <25.0.9600 - Code Injection

CVE-2025-62417 HIGH

Bagisto < 2.3.8 - CSV Formula Injection via Product Data Export

CVE-2025-11498 MEDIUM

B&R Automation Runtime <6.4 - Info Disclosure

CVE-2025-11254 MEDIUM

Contest Gallery <27.0.3 - Code Injection

CVE-2025-11279 MEDIUM

Axosoft Scrum and Bug Tracking 22.1.1.11545 - CSV Injection

Page 1 of 12 Next

Details

Vulnerabilities 292

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy