Lucene search
K

7947 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.8 views

Security Updates for Microsoft Office Online Server (June 2026)

The Microsoft Office Online Server or Office Web Apps installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

8.2CVSS5.9AI score0.00629EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.9 views

CVE-2026-10278

A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component readfile/writefile. Executing a manipulation of the argument filePath/outputPath can lead to path traversal. It is possible to launch the attack remotely. Th...

6.5CVSS6.2AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.10 views

CVE-2026-42267

Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLEUSER can create a tag with a formula string as its name e.g. =SUM54+51 via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue joi...

6.8CVSS5.3AI score0.0022EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.9 views

CVE-2026-0814

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vszcf7exporttoexcel' function in all versions up to, and including, 2.0.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

4.3CVSS5.5AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.10 views

CVE-2026-40576

excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode the documented way to use this server remotely, an unauthenticated...

9.4CVSS5.6AI score0.00391EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/05 3:14 a.m.11 views

SUSE CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

6.5CVSS5.8AI score0.00228EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/05 3:14 a.m.13 views

SUSE CVE-2026-26825

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xlsparseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2read. The flaw is detectable with MemorySanitizer MSAN and can lead to...

5.3CVSS5.8AI score0.00214EPSS
Exploits1References3
OSV
OSV
added 2026/06/04 6:46 p.m.5 views

GHSA-XF4V-W5X5-PV79 Spree: CSV Formula Injection in Customer Export

Summary CSV formula injection also known as formula injection or CSV injection affects customer export. User-controlled values customer names, email addresses, and shipping addresses. When an administrator opens a crafted Export in Microsoft Excel or LibreOffice Calc, formulas embedded in user da...

5.2CVSS6AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/04 6:46 p.m.24 views

Spree: CSV Formula Injection in Customer Export

Summary CSV formula injection also known as formula injection or CSV injection affects customer export. User-controlled values customer names, email addresses, and shipping addresses. When an administrator opens a crafted Export in Microsoft Excel or LibreOffice Calc, formulas embedded in user da...

6AI score
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/04 12:11 a.m.16 views

CVE-2026-26825

A flaw was found in libxls. This use-of-uninitialized memory vulnerability occurs when the software processes specially crafted XLS files. An attacker could exploit this by providing a malformed XLS file, which may lead to undefined behavior, incorrect parsing logic, or potential information...

5.3CVSS5.6AI score0.00214EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.7 views

PT-2026-49156

Summary CSV formula injection also known as formula injection or CSV injection affects customer export. User-controlled values customer names, email addresses, and shipping addresses. When an administrator opens a crafted Export in Microsoft Excel or LibreOffice Calc, formulas embedded in user da...

5.2CVSS5.8AI score
Exploits0References6
Snyk
Snyk
added 2026/06/03 10:23 p.m.8 views

Use of Uninitialized Variable

Overview Affected versions of this package are vulnerable to Use of Uninitialized Variable in the readMSAT function. An attacker can cause application crashes or potentially disclose sensitive information by submitting a specially crafted XLS file. Remediation There is no fixed version for libxls...

6.9CVSS5.2AI score0.00228EPSS
Exploits1References2
OSV
OSV
added 2026/06/03 8:16 p.m.9 views

UBUNTU-CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

6.5CVSS5.4AI score0.00228EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/03 4:2 p.m.7 views

CVE-2026-46722

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 12:0 a.m.22 views

CVE-2026-26824

CVE-2026-26824 affects libxls up to version 1.6.3, where the MSAT (Master Sector Allocation Table) memory allocated during read_MSAT() is not fully initialized before use by ole2_validate_sector_chain() in the OLE container parser. This use-of-uninitialized-memory can cause application crashes or...

6.5CVSS5.8AI score0.00228EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.8 views

libxls 安全漏洞

libxls is an open-source C library designed for reading old binary OLE-formatted Excel files. Versions of libxls 1.6.3 and earlier contain security vulnerabilities. These vulnerabilities stem from the use of uninitialized memory within the OLE container resolver, which could lead to application...

6.5CVSS5.3AI score0.00228EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/03 12:0 a.m.8 views

CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

5.8AI score0.00228EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/03 12:0 a.m.15 views

EUVD-2026-34178

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

5.8AI score0.00228EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/01 5:30 p.m.7 views

CVE-2026-10278 ishayoyo excel-mcp read_file/write_file index.ts path traversal

A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component readfile/writefile. Executing a manipulation of the argument filePath/outputPath can lead to path traversal. It is possible to launch the attack remotely. Th...

6.5CVSS6.2AI score0.00288EPSS
Exploits0References6
CVE
CVE
added 2026/06/01 5:30 p.m.17 views

CVE-2026-10278

CVE-2026-10278 affects the project ishayoyo excel-mcp up to 1.0.2. The vulnerability targets the file handling in the component’s src/index.ts, specifically read_file/write_file, where manipulating filePath/outputPath can cause a path traversal. The issue can be triggered remotely, and publicly d...

6.5CVSS6.2AI score0.00288EPSS
Exploits0References6
Rows per page
Query Builder