CVE-2026-53474

A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicious SQL embedded within a spreadsheet cell is executed when cluster names are processed. This SQL...

UBUNTU-CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

CVE-2026-26824

CVE-2026-26824 affects libxls up to version 1.6.3, where the MSAT (Master Sector Allocation Table) memory allocated during read_MSAT() is not fully initialized before use by ole2_validate_sector_chain() in the OLE container parser. This use-of-uninitialized-memory can cause application crashes or...

CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

Microsoft Office Remote Code Execution

Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object...

EUVD-2011-3225

Malware in sbrugna...

EUVD-2025-27159

Malicious code in bioql PyPI...

CVE-2025-56267

A CSV injection vulnerability in the /idprofiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file...

CVE-2025-56267

CVE-2025-56267 affects Avigilon ACM v7.10.0.20, in the /id_profiles API, where CSV injection via a crafted Excel file can lead to arbitrary code execution. The vulnerability is documented across multiple feeds (NVD, Red Hat, CNNVD, etc.) with a CVSS v3.1 base score of 9.8 (CRITICAL), network-expo...

CVE-2025-56267

A CSV injection vulnerability in the /idprofiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file...

PT-2025-36486

Name of the Vulnerable Software and Affected Versions: Avigilon ACM version 7.10.0.20 Description: A CSV injection vulnerability exists in the /id profiles API endpoint of the software. This allows attackers to execute arbitrary code by supplying a crafted Excel file. Recommendations: As a...

Linux Distros Unpatched Vulnerability : CVE-2017-12108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable integer overflow vulnerability exists in the xlspreparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS...

CVE-2022-33043

A cross-site scripting XSS vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file...

SUSE CVE-2023-38852

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicodedecodewcstombs function in xlstool.c:266...

SUSE CVE-2023-38856

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the getstring function in xlstool.c:411...

DEBIAN-CVE-2023-38853

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xlsparseWorkBook function in xls.c:1015...

UBUNTU-CVE-2023-38856

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the getstring function in xlstool.c:411...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when it contained a free of uninitialized pointer in the xlsxioreadsheetlistclose function. Exploiting this vulnerability is possible via a crafted XLSX file. Details Denial of Service DoS describes a family of...

CVE-2023-34795

xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitialized pointer in the xlsxioreadsheetlistclose function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted XLSX file...

Formula Injection vulnerability in CSV export feature

Description The admidio application is vulnerable to Formula Injection/CSV injection via the Firstname, Lastname input fields. These vulnerabilities allow unauthenticated attackers to execute arbitrary code via a a crafted excel file. Proof of Concept 1. Create a member with role Associations boa...