CVE-2025-31978

HCL BigFix Service Management SM does not adequately sanitize or safely render spreadsheet files CSV, XLS, XLSX before processing or distributing them. An attacker could populate data fields which, when saved to a CSV file, may attempt information exfiltration or other malicious activity when...

MaxKB 安全漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained a security vulnerability. This vulnerability stemmed from the chat export feature improperly handling formula elements in CSV files, which...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the readofficedocument function. An attacker can cause a denial of service by providing crafted XLSX files that trigger a null pointer dereference during parsing. Remediation There is no fixed version for xln...

Soda PDF Desktop 安全漏洞

Soda PDF Desktop is a professional PDF processing software that integrates reading, editing, creating, converting and managing PDF documents. Soda PDF Desktop suffers from a code execution vulnerability that stems from allowing dangerous scripts to be executed when processing XLS files without us...

PDFsam Enhanced 安全漏洞

PDFsam Enhanced is a PDF editing and management tool from PDFsam, Inc. A security vulnerability exists in PDFsam Enhanced that stems from the processing of XLS files that allows the execution of dangerous scripts without user warnings, which could lead to remote code execution...

EUVD-2010-3765

Malware in sbrugna...

CVE-2025-56267

A CSV injection vulnerability in the /idprofiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file...

Linux Distros Unpatched Vulnerability : CVE-2020-27819

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A NULL pointer dereference vulnerability exists when parsing XL...

UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine

The Computer Emergency Response Team of Ukraine CERT-UA has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing malware. The activity is aimed at military formations, law enforcement agencies, and local self-government bodies, particularly those located...

Cross Site Scripting

SimpleXLSX is vulnerable to Cross Site Scripting. The vulnerability is due to insufficient input validation and sanitization in the toHTMLEx method, allowing the execution of arbitrary JavaScript code when processing Excel XLSx files...

Hackers Use Excel Files to Deliver Remcos RAT Variant on Windows

This article explains the inner workings of the Remcos RAT, a dangerous malware that uses advanced techniques to…...

Ukraine Hit by Cobalt Strike Campaign Using Malicious Excel Files

Beware Macro! Ukrainian users and cyberinfrastructure are being hit by a new malware campaign in which hackers are…...

DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks

Cyber attacks involving the DarkGate malware-as-a-service MaaS operation have shifted away from AutoIt scripts to an AutoHotkey mechanism to deliver the last stages, underscoring continued efforts on the part of the threat actors to continuously stay ahead of the detection curve. The updates have...

[SECURITY] Fedora 38 Update: libxls-1.6.2-14.fc38

This is libxls, a C library for reading Excel files in the old binary OLE format, plus a command-line tool for converting XLS to CSV named, appropriately enough, libxls2csv...

[SECURITY] Fedora 39 Update: libxls-1.6.2-14.fc39

This is libxls, a C library for reading Excel files in the old binary OLE format, plus a command-line tool for converting XLS to CSV named, appropriately enough, libxls2csv...

Fedora: Security Advisory for libxls (FEDORA-2024-8b67e47e43)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Albabat, Kasseika, Kuiper: New Ransomware Gangs Rise with Rust and Golang

Cybersecurity researchers have detected in the wild yet another variant of the Phobos ransomware family known as Faust. Fortinet FortiGuard Labs, which detailed the latest iteration of the ransomware, said it's being propagated by means of an infection that delivers a Microsoft Excel document .XL...

Important: perl-Spreadsheet-ParseExcel

Issue Overview: Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type "eval". Specifically, the issue stems from the...

Fedora 39 : perl-Spreadsheet-ParseExcel (2023-921f6975c2)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-921f6975c2 advisory. Fix for CVE-2023-7101 unvalidated input can lead to arbitrary code execution vulnerability. Tenable has extracted the preceding description block...

CVE-2023-7101

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of...