Lucene search
K

7958 matches found

vulnrichment
vulnrichment
added 2026/06/03 12:0 a.m.9 views

CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

5.8AI score0.00228EPSS
Exploits1References1
euvd
euvd
added 2026/06/03 12:0 a.m.18 views

EUVD-2026-34178

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

5.8AI score0.00228EPSS
Exploits1References1
cve
cve
added 2026/06/03 12:0 a.m.25 views

CVE-2026-26824

CVE-2026-26824 affects libxls up to version 1.6.3, where the MSAT (Master Sector Allocation Table) memory allocated during read_MSAT() is not fully initialized before use by ole2_validate_sector_chain() in the OLE container parser. This use-of-uninitialized-memory can cause application crashes or...

6.5CVSS5.8AI score0.00228EPSS
Exploits1References1Affected Software1
cnnvd
cnnvd
added 2026/06/03 12:0 a.m.11 views

libxls 安全漏洞

libxls is an open-source C library designed for reading old binary OLE-formatted Excel files. Versions of libxls 1.6.3 and earlier contain security vulnerabilities. These vulnerabilities stem from the use of uninitialized memory within the OLE container resolver, which could lead to application...

6.5CVSS5.3AI score0.00228EPSS
Exploits1References1
euvd
euvd
added 2026/06/01 5:30 p.m.19 views

EUVD-2026-33725

A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component readfile/writefile. Executing a manipulation of the argument filePath/outputPath can lead to path traversal. It is possible to launch the attack remotely. Th...

6.5CVSS6.2AI score0.00288EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/06/01 5:30 p.m.9 views

CVE-2026-10278 ishayoyo excel-mcp read_file/write_file index.ts path traversal

A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component readfile/writefile. Executing a manipulation of the argument filePath/outputPath can lead to path traversal. It is possible to launch the attack remotely. Th...

6.5CVSS6.2AI score0.00288EPSS
Exploits0References6
cvelist
cvelist
added 2026/06/01 5:30 p.m.33 views

CVE-2026-10278 ishayoyo excel-mcp read_file/write_file index.ts path traversal

A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component readfile/writefile. Executing a manipulation of the argument filePath/outputPath can lead to path traversal. It is possible to launch the attack remotely. Th...

6.5CVSS0.00288EPSS
Exploits0References6
cve
cve
added 2026/06/01 5:30 p.m.20 views

CVE-2026-10278

CVE-2026-10278 affects the project ishayoyo excel-mcp up to 1.0.2. The vulnerability targets the file handling in the component’s src/index.ts, specifically read_file/write_file, where manipulating filePath/outputPath can cause a path traversal. The issue can be triggered remotely, and publicly d...

6.5CVSS6.2AI score0.00288EPSS
Exploits0References6
cnnvd
cnnvd
added 2026/06/01 12:0 a.m.11 views

Excel MCP Server 路径遍历漏洞

Excel MCP Server is an Excel and CSV file reading/writing/analysis tool developed by ishayoyo as a personal project. Versions of Excel MCP Server 1.0.2 and earlier contained a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the filePath/outputPath parameters in...

6.5CVSS6.4AI score0.00288EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/01 12:0 a.m.13 views

PT-2026-45499

A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component read file/write file. Executing a manipulation of the argument filePath/outputPath can lead to path traversal. It is possible to launch the attack remotely...

6.5CVSS5.5AI score0.00288EPSS
Exploits0References7
vulnrichment
vulnrichment
added 2026/05/22 9:10 p.m.12 views

CVE-2026-41073 RT: Spreadsheet downloads vulnerable to CSV/formula injection in Microsoft Excel and similar apps

RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet CSV/formula injection vulnerability. User-controlled data in spreadsheet exports is not sanitized before being written to the output file, which can caus...

4.6CVSS5.7AI score0.00166EPSS
Exploits0References3
rapid7blog
rapid7blog
added 2026/05/22 7:10 p.m.55 views

Metasploit Wrap Up 05/22/2026

Another week, another authentication bypass Our humble Metasploit weeklyish blog has been blessed with a new network component vulnerability. The dynamic duo of @sfewer-r7 and @jburgess-r7 have discovered and authored the admin/networking/ciscosdwanvhubauthbypass module for CVE-2026-20182, a...

10CVSS8AI score0.981EPSS
Exploits74
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Excel .xll add-ins did not have a blocklist entry in Firefox’s executable blocklist, which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2...

4.3CVSS6.5AI score0.00495EPSS
Exploits0References2
packetstorm
packetstorm
added 2026/05/20 12:0 a.m.107 views

📄 Barracuda ESG Spreadsheet::ParseExcel Arbitrary Code Execution

This Metasploit module exploits CVE-2023-7102, an arbitrary code execution vulnerability in Barracuda Email Security Gateway ESG appliances. The vulnerability exists in how the Amavis scanner processes Excel attachments using the Perl Spreadsheet::ParseExcel library. The librarys Utility.pm...

9.8CVSS8AI score0.43323EPSS
Exploits2
metasploit
metasploit
added 2026/05/19 7:0 p.m.323 views

Barracuda ESG Spreadsheet::ParseExcel Arbitrary Code Execution

This module exploits CVE-2023-7102, an arbitrary code execution vulnerability in Barracuda Email Security Gateway ESG appliances. The vulnerability exists in how the Amavis scanner processes Excel attachments using the Perl Spreadsheet::ParseExcel library. The library's Utility.pm contains an...

9.8CVSS8.1AI score0.43323EPSS
Exploits2
vulnrichment
vulnrichment
added 2026/05/19 9:23 a.m.13 views

CVE-2026-46722 XML External Entity Injection in extension "Faceted Search" (ke_search)

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References1
euvd
euvd
added 2026/05/19 9:23 a.m.20 views

EUVD-2026-30859

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/19 9:23 a.m.9 views

CVE-2026-46722

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2026/05/19 12:0 a.m.24 views

PT-2026-41862

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/05/18 1:58 p.m.9 views

CVE-2026-45318

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, his advisory tracks a regression of the original Excel-preview XSS CVE-2026-44549. The same root cause — XLSX.utils.sheettohtml output rendered via @html excelHtml without DOMPurify ...

5.4CVSS5.8AI score0.00209EPSS
Exploits1References1
Rows per page
Query Builder