Lucene search
K

11 matches found

NVD
NVD
added yesterday7 views

CVE-2026-59161

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...

8.7CVSS
Exploits0References4
NVD
NVD
added yesterday5 views

CVE-2026-59162

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with ...

6.9CVSS
Exploits0References4
NVD
NVD
added yesterday6 views

CVE-2026-54063

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet function in github.com/xuri/excelize/v2 uses an attacker-controlled XML attribute value directly as the length argument to makexlsxRow, row without validating it against the Exc...

7.5CVSS0.0007EPSS
Exploits0References2
CVE
CVE
added yesterday16 views

CVE-2026-54063

Excelize CVE-2026-54063: The library vulnerable due to checkSheet() using attacker-controlled row attribute to allocate memory for xlsxRow slices without enforcing the Excel row limit. This can cause (A) out-of-memory leading to process kill and (B) runtime panic from out-of-bounds indexing when ...

7.5CVSS6.1AI score0.0007EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday14 views

CVE-2026-54063 Excelize: Unbounded Row Index Allocation in Worksheet Parser (checkSheet OOM/Panic DoS)

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet function in github.com/xuri/excelize/v2 uses an attacker-controlled XML attribute value directly as the length argument to makexlsxRow, row without validating it against the Exc...

7.5CVSS0.0007EPSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-42938

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet function in github.com/xuri/excelize/v2 uses an attacker-controlled XML attribute value directly as the length argument to makexlsxRow, row without validating it against the Exc...

7.5CVSS6.1AI score0.0007EPSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-42937

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with ...

6.9CVSS6.1AI score
Exploits0References4
CVE
CVE
added yesterday12 views

CVE-2026-59162

The CVE concerns the Go-based Excelize library (v2.x) where, prior to 2.11.0, shared-string cell values could be indexed with -1, causing a panic in GetCellValue and GetRows. The issue stems from parsing shared-strings with strconv.Atoi and only an upper bound check before indexing the sharedStri...

6.9CVSS6.1AI score
Exploits0References4
Cvelist
Cvelist
added yesterday14 views

CVE-2026-59162 Excelize: Negative shared-string index causes panic in GetCellValue and GetRows

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with ...

6.9CVSS
Exploits0References4
CVE
CVE
added yesterday13 views

CVE-2026-59161

CVE-2026-59161 affects the Go library Excelize. The streaming worksheet reader used by Rows/GetRows could bypass the TotalRows limit, enabling an attacker-controlled index to cause unbounded memory and CPU usage by generating empty rows beyond 1048576. The issue is fixed in version 2.11.0; upgrad...

8.7CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56159

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with ...

6.9CVSS6.1AI score
Exploits0References6
Rows per page
Query Builder