CVE-2026-26824

A flaw was found in libxls. This vulnerability, a use of uninitialized memory, occurs in the OLE container parser when processing a specially crafted XLS file. An attacker could exploit this by providing a malicious XLS file, which may lead to application crashes or the potential disclosure of...

CVE-2025-31978

CVE-2025-31978 : HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. The underlying issue may allow an attacker to craft data fields that, when saved to a CSV, could trigger information exfiltr...

Cross-site Scripting (XSS)

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS through the readRowAttributes process. An attacker can exhaust CPU and memory resources by submitting a...

CVE-2026-3664 xlnt-community xlnt Encrypted XLSX File compound_document.cpp read_directory out-of-bounds

A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::compounddocument::readdirectory of the file source/detail/cryptography/compounddocument.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to out-of-bounds rea...

ROS-20251117-02

The vulnerability of the LDAP web-based administration tool phpLDAPAPadmin is related to the lack of neutralization of special elements that can be interpreted as a command when opening a file in a spreadsheet editor. spreadsheet editor. Exploitation of the vulnerability could allow an attacker...

Linux Distros Unpatched Vulnerability : CVE-2017-12111

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable out-of-bounds vulnerability exists in the xlsaddCell function of libxls 1.4. A specially crafted XLS file with a formula record can cause memory...

CVE-2022-1226

A Cross-Site Scripting XSS vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include...

CVE-2022-1226 Cross-site Scripting (XSS) in phpipam/phpipam

A Cross-Site Scripting XSS vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include...

CVE-2024-45046 PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style information

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. In affected versions \PhpOffice\PhpSpreadsheet\Writer\Html doesn't sanitize spreadsheet styling information such as font names, allowing an attacker to inject arbitrary JavaScript on the page. As a result an attacker...

CVE-2023-50234

Hancom Office Cell XLS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Cell. User interaction is required to exploit this vulnerability in that the target...

DEBIAN-CVE-2023-38854

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcodelatin1toutf8 function in xlstool.c:296...

CVE-2023-38851

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xlsparseWorkBook function in xls.c:1018...

PT-2023-26635 · Libxls +1 · Libxls +1

Name of the Vulnerable Software and Affected Versions: libxlsv version 1.6.2 Description: A Buffer Overflow issue allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcode latin1 to utf8 function in xlstool.c. Recommendations: For...

USN-6144-1: LibreOffice vulnerabilities

It was discovered that LibreOffice did not properly validate the number of parameters passed to the formula interpreter, leading to an array index underflow attack. If a user were tricked into opening a specially crafted spreadsheet file, an attacker could possibly use this issue to execute...

SUSE CVE-2017-2923

An exploitable heap based buffer overflow vulnerability exists in the 'readbiffnextrecord function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability...

Libxls 代码问题漏洞

libxls is a C library that can read Excel xls files. libxls version 1.6.2 contains a null pointer dereference vulnerability in the xlsgetWorkSheet function in xls.c. An attacker could exploit the vulnerability to cause a denial of service via a specially crafted XLS file...

PT-2021-2723 · Microsoft · Office +4

Name of the Vulnerable Software and Affected Versions: Microsoft Excel affected versions not specified Microsoft Office affected versions not specified Microsoft Office Web Apps Server affected versions not specified Microsoft 365 Apps for Enterprise affected versions not specified Microsoft Offi...

libreoffice: Remote arbitrary file disclosure vulnerability via WEBSERVICE formula

A flaw was found in libreoffice before 5.4.5 and before 6.0.1. Arbitrary remote file disclosure may be achieved by the use of the WEBSERVICE formula in a specially crafted ODS file...

Memory corruption vulnerability in WPS Office 2016 forms excelrw module (CNVD-2018-04738)

WPS office is an office software suite independently developed by Kingsoft Corporation. A memory corruption vulnerability exists in the excelrw module of WPS Formset.exe in WPS when parsing a specific xls file. An attacker can exploit the vulnerability to cause a denial of service or possibly...

UBUNTU-CVE-2017-5992

Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document...