Lucene search
K

7959 matches found

Nuclei
Nuclei
added yesterday84 views

POS Codekop v2.0 - Broken Authentication

A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data. id: CVE-2023-36347 info: name: POS Codekop v2.0 - Broken Authentication author: princechaddha severity: high description: | A broken authentication mechanism ...

7.5CVSS7AI score0.34293EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-46672

Actual is a local-first personal finance app. Prior to 26.6.0, @actual-app/cli ships a hand-rolled CSV serializer in packages/cli/src/output.ts used whenever the global --format csv option is passed, whose escapeCsv helper only handles RFC 4180 delimiter, quote, and newline escaping and does not...

4.6CVSS6.1AI score0.00188EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.9 views

PT-2026-56158

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...

8.7CVSS6.1AI score0.00524EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.9 views

PT-2026-56159

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with ...

6.9CVSS6.1AI score0.00524EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.10 views

PT-2026-56151

Name of the Vulnerable Software and Affected Versions Excelize versions prior to 2.11.0 Description The checkSheet function in the library uses an attacker-controlled XML attribute value directly as the length argument to makexlsxRow, row without validating it against the Excel row limit. A...

7.5CVSS6.1AI score0.00575EPSS
Exploits0References13
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-331 excel-mcp-server has a Path Traversal issue

Summary A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode the documented way to use this server remotely, an unauthenticated attacker on the network can read, write, and overwrite arbitrary files on...

9.4CVSS6AI score0.00391EPSS
Exploits0References6
NVD
NVD
added 2026/06/22 10:16 a.m.18 views

CVE-2026-12862

Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file...

5.1CVSS0.00226EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 8:26 a.m.4 views

CVE-2026-12862

Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file...

5.1CVSS5.8AI score0.00226EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 8:26 a.m.10 views

EUVD-2026-38220

Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file...

5.1CVSS5.8AI score0.00226EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 8:26 a.m.21 views

CVE-2026-12862

The CVE-2026-12862 entry documents a formula-injection risk in XLSX exports where untrusted user data is passed directly to Excel exports for administrators. Root cause: untrusted data used in the export path enables Excel formulas to be interpreted when the file is opened, potentially compromisi...

5.1CVSS5.8AI score0.00226EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.21 views

PT-2026-51455

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.6.0 Description Actual is a local-first personal finance tool that fails to neutralize formula-trigger characters when exporting data to CSV. The functions exportToCSV and exportQueryToCSV in...

4.2CVSS6.7AI score0.00286EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.10 views

PT-2026-51447

Name of the Vulnerable Software and Affected Versions @actual-app/cli versions prior to 26.6.0 Description The @actual-app/cli tool contains a CSV serialization issue in the escapeCsv function within packages/cli/src/output.ts. When the --format csv option is used, the serializer only handles...

4.6CVSS6.2AI score0.00188EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.16 views

Security Updates for Microsoft Office Products (June 2026) (macOS)

The version of Microsoft Office for Mac installed on the remote host is affected by multiple vulnerabilities as referenced in the june-16-2026 advisory. - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. CVE-2026-44819, CVE-2026-44824,...

8.4CVSS7.5AI score0.00629EPSS
Exploits0References27
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.27 views

Security Updates for Microsoft Excel Products C2R (June 2026)

The Microsoft Excel Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally. CVE-2026-44817, CVE-2026-44818, CVE-2026-44820,...

8.2CVSS5.9AI score0.00629EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.10 views

CVE-2026-45459

Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally...

3.3CVSS5.4AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.10 views

CVE-2026-45455

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network...

4.3CVSS5.4AI score0.00629EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:1 p.m.10 views

CVE-2026-45469

Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

7.8CVSS5.7AI score0.00372EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:1 p.m.11 views

CVE-2026-44822

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network...

8.2CVSS5.4AI score0.00518EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:1 p.m.10 views

CVE-2026-44817

Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

7.8CVSS5.7AI score0.00372EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:1 p.m.9 views

CVE-2026-44818

Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

7CVSS5.7AI score0.00263EPSS
Exploits0References1
Rows per page
Query Builder