Lucene search
+L

174 matches found

nessus
nessus
added 2 days ago3 views

Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS : LibreOffice vulnerabilities (USN-8534-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8534-1 advisory. It was discovered that LibreOffice incorrectly handled importing DXF drawings. An attacker could use this issue to cause...

7.8CVSS6.9AI score0.00171EPSS
Exploits0References7
rocky
rocky
added 6 days ago6 views

libreoffice security update

An update is available for libreoffice. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibreOffice is an open source, community-developed office productivity...

7.8CVSS6.5AI score0.00139EPSS
Exploits0
redhat
redhat
added 2026/07/06 5:38 a.m.5 views

libreoffice: LibreOffice Calc: Arbitrary code execution via heap buffer overflow in formula compilation

A vulnerability has been identified in LibreOffice Calc. An application crash may occur if a user opens a malicious spreadsheet that contains excessively long formulas. Successful exploitation of this vulnerability could result in a denial of service or potentially lead to arbitrary code executio...

7.8CVSS6.1AI score0.00139EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/06/18 10:51 a.m.13 views

CVE-2026-8357

A vulnerability has been identified in LibreOffice Calc. An application crash may occur if a user opens a malicious spreadsheet that contains excessively long formulas. Successful exploitation of this vulnerability could result in a denial of service or potentially lead to arbitrary code executio...

7.8CVSS5.5AI score0.00139EPSS
Exploits0References4
nvd
nvd
added 2026/06/15 6:16 p.m.17 views

CVE-2026-8357

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

7.8CVSS0.00139EPSS
Exploits0References6
debiancve
debiancve
added 2026/06/15 4:23 p.m.8 views

CVE-2026-8357

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

7.8CVSS5.6AI score0.00139EPSS
Exploits0
vulnrichment
vulnrichment
added 2026/06/15 4:23 p.m.10 views

CVE-2026-8357 Heap buffer overflow in Calc formula compilation

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

6.9CVSS5.6AI score0.00139EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/07 8:59 a.m.16 views

CVE-2026-9673

A flaw was found in json-2-csv. An attacker can bypass the preventCsvInjection option to inject malicious formulas into CSV Comma Separated Values files. When these manipulated CSV files are opened in spreadsheet applications, the injected formulas can execute, potentially leading to arbitrary co...

7CVSS5.8AI score0.00166EPSS
Exploits0References7
snyk
snyk
added 2026/06/04 6:46 p.m.11 views

CSV Injection

Overview Affected versions of this package are vulnerable to CSV Injection via the CSV Presenter export. An attacker can execute arbitrary spreadsheet formulas by registering with crafted input values, which are then exported and opened by an administrator in spreadsheet software. This can result...

7.9CVSS6.1AI score
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/28 5:0 a.m.10 views

CVE-2026-9673

Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are opened in spreadsheet applications...

7CVSS5.9AI score0.00166EPSS
Exploits0References5
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in LibreOffice

Improper validation of the array index vulnerability in The Document Foundation LibreOffice’s spreadsheet component allows an attacker to create a spreadsheet document that causes an array index underflow upon loading. In the affected versions of LibreOffice, certain malformed spreadsheet formula...

7.8CVSS6.8AI score0.003EPSS
Exploits0References2
nvd
nvd
added 2026/05/08 4:16 a.m.16 views

CVE-2026-42267

Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLEUSER can create a tag with a formula string as its name e.g. =SUM54+51 via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue joi...

6.8CVSS0.0022EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2026/05/08 3:28 a.m.8 views

CVE-2026-42267 Kimai: Formula Injection via tag names in XLSX export

Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLEUSER can create a tag with a formula string as its name e.g. =SUM54+51 via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue joi...

6.8CVSS5.7AI score0.0022EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/05/05 11:24 a.m.3 views

CVE-2023-54348

ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to inject spreadsheet formulas into vendor name fields that execute on the workstation of users who open the exported CSV in a spreadsheet application. Attackers can add malicious formulas like =10+20+cmd|' ...

8.8CVSS5.9AI score0.00352EPSS
Exploits0References4Affected Software1
susecve
susecve
added 2026/03/11 4:20 p.m.4 views

SUSE CVE-2026-1229

The CombinedMult function in the CIRCL ecc/p384 package secp384r1 curve produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3...

7CVSS5.8AI score0.00397EPSS
Exploits0References7
euvd
euvd
added 2026/02/25 7:17 p.m.8 views

EUVD-2026-7384

CIRCL has an incorrect calculation in secp384r1 CombinedMult...

6.3CVSS5.2AI score0.00397EPSS
Exploits0References5
github
github
added 2026/02/25 7:17 p.m.12 views

CIRCL has an incorrect calculation in secp384r1 CombinedMult

The CombinedMult function in the CIRCL ecc/p384 package secp384r1 curve produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3...

9.8CVSS5.4AI score0.00397EPSS
Exploits0References5Affected Software1
packetstorm
packetstorm
added 2026/02/25 12:0 a.m.118 views

📄 Moodle TeX Formula Rendering Denial of Service

A denial of service vulnerability was identified in the TeX formula rendering component of Moodle. The issue occurs when rendering TeX content using the mimetex engine without enforcing sufficient execution time or resource limitations. By submitting specially crafted TeX formulas designed to...

5.8AI score
Exploits0
cvelist
cvelist
added 2026/02/24 7:58 a.m.22 views

CVE-2026-1229 Incorrect calculation in CIRCL secp384r1 CombinedMult

The CombinedMult function in the CIRCL ecc/p384 package secp384r1 curve produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3...

6.3CVSS0.00397EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/02/24 7:58 a.m.8 views

CVE-2026-1229

The CombinedMult function in the CIRCL ecc/p384 package secp384r1 curve produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3...

6.3CVSS5.3AI score0.00397EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder