CVE-2026-46722

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

CVE-2026-46722 XML External Entity Injection in extension "Faceted Search" (ke_search)

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

Exploit for CVE-2026-21509

🛡️ CVE-2026-21509 — Microsoft Office Zero-Day !OFFICEhttps...

EUVD-2022-3406

Malicious code in bioql PyPI...

Researchers Uncover New Iranian Hacking Campaign Targeting Turkish Users

Details have emerged about a previously undocumented malware campaign undertaken by the Iranian MuddyWater advanced persistent threat APT group targeting Turkish private organizations and governmental institutions. "This campaign utilizes malicious PDFs, XLS files and Windows executables to deplo...

DEBIAN-CVE-2019-12415

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity XXE Processing...

UBUNTU-CVE-2019-12415

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity XXE Processing...

RogueRobin Malware Uses Google Drive as C2 Channel

A custom malware used by the APT known as DarkHydrus uses a mix of novel techniques, including using Google Drive as an alternate command-and-control C2 channel. According to Palo Alto’s Unit 42 intelligence division, the targeted attack involved spear-phishing emails written in Arabic sent to...

Apache POI Denial of Service Vulnerability (CNVD-2018-03242)

Apache POI is the United States Apache Apache Software Foundation, an open source library that provides APIs to Java programs can be read and write Microsoft Office format files. There are security vulnerabilities in Apache POI. The vulnerability can be exploited to cause a denial of service out ...

CVE-2016-4047

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions .dtd resources can be placed within .docx and .xslx files. Those resources were requested when parsing certain parts of the generated document. As a result an attacker...

Microsoft Excel REPT Function Integer Overflow (MS08-057) - Ver2 (CVE-2008-4019)

Microsoft Excel is a popular spreadsheet application that is usually released as part of the Microsoft Office suite. The application can create complex spreadsheets with multiple workbooks, formula, and various data sources. The common extension used for Microsoft Excel documents is .xls, .xlsx a...

Microsoft Office Excel REPT Formula Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, or open a malicious file. The specific flaw exists when parsing Microsof...

US-CERT Technical Cyber Security Alert TA06-167A -- Microsoft Excel Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-167A Microsoft Excel Vulnerability Original release date: June 16, 2006 Last revised: -- Source: US-CERT Systems Affected Microsoft Excel 2003 Microsoft Excel XP 2002 Microsoft Excel for...

NAV 5.0 and embedded files

Product: Norton Symantec Antivirus Platform: Win32 Versions: 5.0 Problem: Files 'embedded' in Word and Excel documents appear to evade scanning. I have noticed what appears to me to be a disturbing lapse in the scanning procedure of Norton Antivirus 5.0 Win32. I am looking for corroboration and...