Lucene search
+L

347 matches found

Github Security Blog
Github Security Blog
added 2026/01/15 10:40 p.m.11 views

solspace/craft-freeform Vulnerable to XSS in `PhpSpreadsheet` HTML Writer Due to Unsanitized Styling Data

Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. \PhpOffice\PhpSpreadsheet\Writer\Html doesn't sanitize spreadsheet styling...

7.8AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/01/15 10:40 p.m.3 views

GHSA-44JG-MV3H-WJ6G solspace/craft-freeform Vulnerable to XSS in `PhpSpreadsheet` HTML Writer Due to Unsanitized Styling Data

Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. \PhpOffice\PhpSpreadsheet\Writer\Html doesn't sanitize spreadsheet styling...

4.8CVSS6.3AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.25 views

CVE-2025-23210

phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting XSS sanitizer using the javascript protocol and special characters. This issue has been addressed in versions 3.9.0, 2.3.7, 2.1....

4.8CVSS6.1AI score0.00403EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/07 12:45 p.m.164 views

Exploit for CVE-2024-45427

CVE-2024-45427 Exploit Generator This script generates a malic...

6.4AI score
Exploits1
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.6 views

PT-2026-1691

Name of the Vulnerable Software and Affected Versions PhpSpreadsheet affected versions not specified Description A stored cross-site scripting XSS issue exists in PhpSpreadsheet. Exploit code has been released for this issue. The vulnerability allows for the injection of malicious scripts into we...

6AI score
Exploits1References2
NVD
NVD
added 2025/10/16 5:15 p.m.10 views

CVE-2025-58051

Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leake...

6.5CVSS0.00496EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/16 4:48 p.m.3 views

CVE-2025-58051 Nextcloud Tables app allowed to include local file via PhpSpreadsheet when importing a table

Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leake...

6.5CVSS6.3AI score0.00496EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/16 4:48 p.m.11 views

CVE-2025-58051 Nextcloud Tables app allowed to include local file via PhpSpreadsheet when importing a table

Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leake...

6.5CVSS0.00496EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/16 4:48 p.m.4 views

EUVD-2025-34797

Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leake...

6.5CVSS6.2AI score0.00496EPSS
Exploits0References3
OSV
OSV
added 2025/10/16 4:48 p.m.5 views

CVE-2025-58051 Nextcloud Tables app allowed to include local file via PhpSpreadsheet when importing a table

Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leake...

6.5CVSS6.8AI score0.00496EPSS
Exploits0References5
Nextcloud
Nextcloud
added 2025/10/16 6:40 a.m.17 views

Tables app allowed to include local file via PhpSpreadsheet when importing a table

None...

6.5CVSS5.2AI score0.00496EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.24 views

EUVD-2021-0945

Malware in sbrugna...

7.1CVSS6.5AI score0.01301EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.21 views

EUVD-2019-0766

Malware in sbrugna...

8.8CVSS8.6AI score0.07791EPSS
Exploits4References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-0028

Malicious code in bioql PyPI...

8.3CVSS6.3AI score0.00325EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-0039

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.00373EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-0027

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.00352EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-0053

Malicious code in bioql PyPI...

8.3CVSS6.3AI score0.00395EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2584

Malicious code in bioql PyPI...

8.8CVSS9.2AI score0.0057EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-0033

Malicious code in bioql PyPI...

8.3CVSS6.3AI score0.00317EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-3153

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00804EPSS
Exploits1References6
Rows per page
Query Builder