Lucene search
K

93 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 1:55 p.m.13 views

CVE-2026-53474

A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicious SQL embedded within a spreadsheet cell is executed when cluster names are processed. This SQL...

9.6CVSS5.8AI score0.00298EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/03 10:23 p.m.9 views

Use of Uninitialized Variable

Overview Affected versions of this package are vulnerable to Use of Uninitialized Variable in the readMSAT function. An attacker can cause application crashes or potentially disclose sensitive information by submitting a specially crafted XLS file. Remediation There is no fixed version for libxls...

6.9CVSS5.2AI score0.00228EPSS
Exploits1References2
OSV
OSV
added 2026/06/03 8:16 p.m.10 views

UBUNTU-CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

6.5CVSS5.4AI score0.00228EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/03 12:0 a.m.9 views

CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

5.8AI score0.00228EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.8 views

libxls 安全漏洞

libxls is an open-source C library designed for reading old binary OLE-formatted Excel files. Versions of libxls 1.6.3 and earlier contain security vulnerabilities. These vulnerabilities stem from the use of uninitialized memory within the OLE container resolver, which could lead to application...

6.5CVSS5.3AI score0.00228EPSS
Exploits1References1
CVE
CVE
added 2026/06/03 12:0 a.m.24 views

CVE-2026-26824

CVE-2026-26824 affects libxls up to version 1.6.3, where the MSAT (Master Sector Allocation Table) memory allocated during read_MSAT() is not fully initialized before use by ole2_validate_sector_chain() in the OLE container parser. This use-of-uninitialized-memory can cause application crashes or...

6.5CVSS5.8AI score0.00228EPSS
Exploits1References1Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2026/04/14 12:0 a.m.10 views

Microsoft Office Remote Code Execution

Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object...

9.3CVSS6.4AI score0.43063EPSS
In wildExploits4
Snyk
Snyk
added 2026/03/07 6:45 p.m.2 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the readofficedocument function. An attacker can cause a denial of service by providing crafted XLSX files that trigger a null pointer dereference during parsing. Remediation There is no fixed version for xln...

5.5CVSS5.8AI score0.00205EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2011-3225

Malware in sbrugna...

6.8CVSS6.3AI score0.02927EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-3765

Malware in sbrugna...

6.8CVSS6.1AI score0.03863EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-27159

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00673EPSS
Exploits1References3
NVD
NVD
added 2025/09/08 6:15 p.m.19 views

CVE-2025-56267

A CSV injection vulnerability in the /idprofiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file...

9.8CVSS0.00673EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/09/08 12:0 a.m.4 views

CVE-2025-56267

A CSV injection vulnerability in the /idprofiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file...

7.6AI score0.00673EPSS
Exploits1References3
CVE
CVE
added 2025/09/08 12:0 a.m.17 views

CVE-2025-56267

CVE-2025-56267 affects Avigilon ACM v7.10.0.20, in the /id_profiles API, where CSV injection via a crafted Excel file can lead to arbitrary code execution. The vulnerability is documented across multiple feeds (NVD, Red Hat, CNNVD, etc.) with a CVSS v3.1 base score of 9.8 (CRITICAL), network-expo...

9.8CVSS7.6AI score0.00673EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.8 views

PT-2025-36486

Name of the Vulnerable Software and Affected Versions: Avigilon ACM version 7.10.0.20 Description: A CSV injection vulnerability exists in the /id profiles API endpoint of the software. This allows attackers to execute arbitrary code by supplying a crafted Excel file. Recommendations: As a...

9.8CVSS6.2AI score0.00673EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-12108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable integer overflow vulnerability exists in the xlspreparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS...

8.8CVSS8.5AI score0.02771EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:56 p.m.7 views

CVE-2022-33043

A cross-site scripting XSS vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file...

5.4CVSS5.8AI score0.00514EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2024/12/12 12:0 a.m.5 views

The Naumen Service Management Platform’s vulnerability regarding automation of business processes arises from insufficient filtering of input data and lack of measures to protect the structure of web pages. This allows attackers to carry out XSS attacks.

The Naumen Service Management Platform is vulnerable to automation of business processes due to insufficient filtering of input data and lack of measures to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks by loading a specially...

8CVSS5.5AI score
Exploits0Affected Software1
OSV
OSV
added 2023/11/27 4:15 p.m.3 views

CVE-2023-31275

An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

7.8CVSS6.2AI score0.01692EPSS
Exploits0References2
hivepro
hivepro
added 2023/09/08 1:29 p.m.29 views

Agent Tesla’s New Variant Spreads Through Crafted Excel Files

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A phishing campaign has surfaced, disseminating a new iteration of the Agent Tesla malware through a meticulously crafted Microsoft Excel document. This document exploits a longstanding memory corruption...

7AI score
Exploits0
Rows per page
Query Builder