27 matches found
CVE-2026-34084
PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through 3.10.3, and 4.0.0 through 5.5.0, when the filename argument to IOFactory::load is user-controlled, an attacker can supply a PHP stream...
PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled
The usage of isfile, used to verify if the $filename is indeed an actual file, by all? Reader implementations inside the helper function File::assertFile is php-wrapper aware, for any php wrappers implementing stat. The 3 wrappers ftp://, phar:// and ssh2.sftp://, all satisfy this requirement - 2...
GHSA-Q4Q6-R8WH-5CGH PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled
The usage of isfile, used to verify if the $filename is indeed an actual file, by all? Reader implementations inside the helper function File::assertFile is php-wrapper aware, for any php wrappers implementing stat. The 3 wrappers ftp://, phar:// and ssh2.sftp://, all satisfy this requirement - 2...
ConvertX path traversal vulnerability
ConvertX is a file format conversion tool developed by the ConvertX company. Versions of ConvertX prior to 0.17.0 contained a path traversal vulnerability. This vulnerability stemmed from the POST /delete endpoint using user-controlled filename values to construct file system paths and performing...
EUVD-2023-58577
Malicious code in bioql PyPI...
EUVD-2023-58578
Malicious code in bioql PyPI...
EUVD-2023-55076
Malicious code in bioql PyPI...
EUVD-2023-55077
Malicious code in bioql PyPI...
EUVD-2024-45051
Malicious code in bioql PyPI...
CVE-2023-6335
Improper Link Resolution Before File Access 'Link Following' vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7...
CVE-2024-50054 mySCADA myPRO Path Traversal
The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system...
CVE-2023-6336
Improper Link Resolution Before File Access 'Link Following' vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7...
CVE-2023-6335
Improper Link Resolution Before File Access 'Link Following' vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7...
CVE-2023-6336
Improper Link Resolution Before File Access 'Link Following' vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7...
Input validation
Improper Link Resolution Before File Access 'Link Following' vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7...
Input validation
Improper Link Resolution Before File Access 'Link Following' vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7...
CVE-2023-6336
Improper Link Resolution Before File Access 'Link Following' vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7...
CVE-2023-6336
Improper Link Resolution Before File Access 'Link Following' vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7...
CVE-2023-6335
The CVE-2023-6335 issue is an Improper Link Resolution Before File Access ("Link Following") vulnerability in HYPR Workforce Access on Windows, affecting versions before 8.7. The root cause is a misresolution of file access links that allows a user-controlled filename, potentially enabling unauth...
CVE-2023-6335
Improper Link Resolution Before File Access 'Link Following' vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7...