13 matches found
EUVD-2022-2955
Malicious code in bioql PyPI...
Improper Input Validation
org.apache.poi:poi-ooxml is vulnerable to Improper Input validation. The vulnerability is due to improper input validation due to the lack of checks for duplicate ZIP entry names in OOXML files, which can lead to inconsistent parsing behavior across different products...
CVE-2025-31672
A flaw was found in Apache POI's poi-ooxml component. This vulnerability allows attackers to manipulate file parsing behavior via specially crafted OOXML files containing ZIP entries with duplicate file names. Different systems can interpret these files differently, leading to inconsistent data...
CVE-2025-31672
Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names including the path in the zip. In this cas...
CVE-2025-31672 Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names
Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names including the path in the zip. In this cas...
CVE-2025-31672 Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names
Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names including the path in the zip. In this cas...
PT-2025-15634 · Apache +1 · Apache Poi +1
Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: The issue concerns the parsing of OOXML based files, such as xlsx and docx, by the poi-ooxml component. It can read unexpected data if the underlying zip file has duplicate zip entry...
K57108702: Apache Tika XML External Entity vulnerability CVE-2016-4434
Security Advisory Description Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity XXE attacks via vectors involving 1 spreadsheets in OOXML files and 2 XMP metadata in PDF and other file formats,...
Apache Tika 0.10 - 0.12 XXE Vulnerability
Apache Tika is prone to an XML external entity XXE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tika";...
Xxe
Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity XXE attacks via vectors involving 1 spreadsheets in OOXML files and 2 XMP metadata in PDF and other file formats, a related issue to...
CVE-2016-4434
Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity XXE attacks via vectors involving 1 spreadsheets in OOXML files and 2 XMP metadata in PDF and other file formats, a related issue to...
CVE-2016-4434
Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity XXE attacks via vectors involving 1 spreadsheets in OOXML files and 2 XMP metadata in PDF and other file formats, a related issue to...
CVE-2016-4434
Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity XXE attacks via vectors involving 1 spreadsheets in OOXML files and 2 XMP metadata in PDF and other file formats, a related issue to...