Lucene search
K

344 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-2584

Malicious code in bioql PyPI...

8.8CVSS9.2AI score0.0057EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-3140

Malicious code in bioql PyPI...

7.1CVSS6.3AI score0.00466EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2024-3153

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00792EPSS
Exploits1References6
Veracode
Veracode
added 2025/09/18 7:48 a.m.44 views

Server-Side Request Forgery (SSRF)

phpoffice/phpspreadsheet is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper input validation because the setPath method in the PhpOffice\PhpSpreadsheet\Worksheet\Drawing class allows attackers to craft requests to internal resources...

8.7CVSS7AI score0.00741EPSS
Exploits0References9Affected Software1
GithubExploit
GithubExploit
added 2025/09/05 5:59 a.m.181 views

Exploit for Cross-site Scripting in Phpoffice Phpspreadsheet

CVE-2025-22131 POC CVE-2025...

6.1CVSS6.5AI score0.00371EPSS
Exploits4
GithubExploit
GithubExploit
added 2025/09/03 6:26 a.m.569 views

Exploit for Cross-site Scripting in Phpoffice Phpspreadsheet

CVE-2025-22131-PoC PoC for CVE-2025-22131 PhpSpreadsheet...

6.1CVSS7.3AI score0.00371EPSS
Exploits4
Snyk
Snyk
added 2025/08/25 2:42 p.m.4 views

Server-side Request Forgery (SSRF)

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the setPath method of the PhpOffice\PhpSpreadsheet\Worksheet\Drawing class, where a user...

8.7CVSS6.9AI score0.00741EPSS
Exploits0References2
OSV
OSV
added 2025/08/25 2:32 p.m.4 views

GHSA-RX7M-68VC-PPXH PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

Product: PhpSpreadsheet Version: 3.8.0 CWE-ID: CWE-918: Server-Side Request Forgery SSRF CVSS vector v.3.1: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS vector v.4.0: 8.7 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Description: SSRF occurs when a processed HTML document is read and...

8.7CVSS6.3AI score0.00741EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2025/08/25 2:32 p.m.11 views

PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

Product: PhpSpreadsheet Version: 3.8.0 CWE-ID: CWE-918: Server-Side Request Forgery SSRF CVSS vector v.3.1: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS vector v.4.0: 8.7 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Description: SSRF occurs when a processed HTML document is read and...

8.7CVSS7.1AI score0.00741EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2025/08/25 2:15 p.m.12 views

CVE-2025-54370

PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the...

8.7CVSS0.00741EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/08/25 2:8 p.m.3 views

CVE-2025-54370 PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the...

8.7CVSS6.8AI score0.00741EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/08/25 2:8 p.m.9 views

CVE-2025-54370 PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the...

8.7CVSS0.00741EPSS
Exploits0References6
CVE
CVE
added 2025/08/25 2:8 p.m.41 views

CVE-2025-54370

CVE-2025-54370 affects PhpSpreadsheet. The SSRF vulnerability resides in PhpOffice\PhpSpreadsheet\Worksheet\Drawing::setPath, where a user-supplied string read by the HTML reader can cause server-side requests. Affected versions include prior to 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0; patches a...

8.7CVSS6.8AI score0.00741EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/08/25 12:0 a.m.5 views

PhpSpreadsheet 代码问题漏洞

PhpSpreadsheet is an open source PHP library from PHPOffice for reading and writing spreadsheet files. A code issue vulnerability exists in PhpSpreadsheet versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and prior to 5.0.0, which stems from a server-side request forgery during HTML document processing...

8.7CVSS7.7AI score0.00741EPSS
Exploits0References8
Hacker One
Hacker One
added 2025/07/13 5:57 a.m.9 views

Nextcloud: Path Traversal Vulnerability in Nextcloud Tables Enables Arbitrary File Exfiltration of Any Files Supported by PhpSpreadsheet Library

A path traversal vulnerability was discovered in Nextcloud Tables. This vulnerability allowed the exfiltration of any files supported by the PhpSpreadsheet library...

6.5CVSS7AI score0.00485EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 11:38 a.m.7 views

CVE-2025-22131

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Cross-Site Scripting XSS vulnerability in the code which translates the XLSX file into a HTML representation and displays it in the response...

6.1CVSS5.9AI score0.00371EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:39 a.m.10 views

CVE-2024-45291

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with $writer-setEmbedImagestrue; those files will be included in th...

8.8CVSS7.7AI score0.00792EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 9:8 a.m.11 views

CVE-2024-56366

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the Accounting.php file. Using the...

8.3CVSS6.3AI score0.00325EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:7 a.m.3 views

CVE-2024-56409

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the Currency.php file. Using the /vendor/phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Currency.php...

8.3CVSS6.3AI score0.00325EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:57 a.m.6 views

CVE-2024-56410

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting XSS vulnerability in custom properties. The HTML page is generated without clearing custom properties. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7...

5.4CVSS5.6AI score0.00322EPSS
Exploits1References1
Rows per page
Query Builder