82 matches found
EUVD-2026-36735
A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...
CVE-2026-6040 Heap use-after-free in ODF number-format blank-width parsing
A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...
CVE-2026-6040 Heap use-after-free in ODF number-format blank-width parsing
A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...
CVE-2026-6040
A heap use-after-free vulnerability (CVE-2026-6040) occurs when importing blank-width characters in an ODF number format. A position value read from the document could be used beyond the length of the format-code string, leading to memory access outside the string. The issue is mitigated in fixed...
PT-2026-49263
A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...
Linux Distros Unpatched Vulnerability : CVE-2026-6040
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against...
JLSEC-2026-583 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an...
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...
CVE-2026-40296
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a cell has a custom number format containing the text placeholder @ along with any additional literal...
SUSE CVE-2023-7101
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of...
BIT-JRE-2025-24855
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...
CVE-2026-40296
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a cell has a custom number format containing the text placeholder @ along with any additional literal...
CVE-2026-40296 PhpSpreadsheet vulnerable to XSS in HTML writer via custom number format codes
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a cell has a custom number format containing the text placeholder @ along with any additional literal...
EUVD-2026-28221
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a cell has a custom number format containing the text placeholder @ along with any additional literal...
CVE-2026-40296 PhpSpreadsheet vulnerable to XSS in HTML writer via custom number format codes
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a cell has a custom number format containing the text placeholder @ along with any additional literal...
CVE-2026-40296
PhpSpreadsheet is affected by a stored XSS in the HTML writer when a cell uses a custom number format containing the text placeholder @. If the formatted value diverges from the original value (e.g., formats like ". @", "@ ", or "x@"), htmlspecialchars() escaping is skipped, allowing unescaped HT...
BIT-JAVA-2025-24855
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...
CVE-2026-35453 PhpSpreadsheet XSS via number format text substitution in HTML Writer
PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HTML Writer skips htmlspecialchars output escaping when a cell uses a custom number format containin...
CVE-2026-35453
PhpSpreadsheet contains an XSS vulnerability in the HTML Writer when a cell uses a custom number format with an @ placeholder and additional literal text. The formatter returns early and escaping via htmlspecialchars() is skipped, allowing injected HTML/JavaScript in the generated HTML. Affected ...
CVE-2026-35453
PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HTML Writer skips htmlspecialchars output escaping when a cell uses a custom number format containin...
CVE-2026-35453 PhpSpreadsheet XSS via number format text substitution in HTML Writer
PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HTML Writer skips htmlspecialchars output escaping when a cell uses a custom number format containin...