CVE-2026-26825

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xlsparseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2read. The flaw is detectable with MemorySanitizer MSAN and can lead to...

PT-2026-46058

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls parseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2 read. The flaw is detectable with MemorySanitizer MSAN and can lead t...

CVE-2026-44549

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the sheetjs function sheettohtml to embed an XSS payload into the generated...

KB5091158 - Description of the security update for SQL Server 2022 GDR: May 12, 2026

KB5091158 - Description of the security update for SQL Server 2022 GDR: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update More information File information ​​​​​​​Information about protection and security Summary...

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS in the process that previews Excel file attachments using the sheettohtml function. An attacker can execute arbitrary scripts in the context of the victim's browser by uploading a...

PhpSpreadsheet has CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions

Summary The XLSX reader's ColumnAndRowAttributes::readRowAttributes method reads row numbers from XML attributes without validating them against the spreadsheet maximum row limit AddressRange::MAXROW = 1,048,576. An attacker can craft a minimal XLSX file 1.6KB containing a element that inflates...

Local File Inclusion (LFI)

pythonmistralclient is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper validation of file paths in the 'Create Workbook' feature, which allows an attacker to include and read arbitrary local files from the system...

Linux Distros Unpatched Vulnerability : CVE-2021-4472

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of...

SUSE CVE-2021-4472

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content...

EUVD-2021-34723

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content...

OpenStack's Mistral Client has a local file inclusion vulnerability

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content...

GHSA-75HX-6R6J-HW56 OpenStack's Mistral Client has a local file inclusion vulnerability

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content...

CVE-2021-4472

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content...

DEBIAN-CVE-2021-4472

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content...

UBUNTU-CVE-2021-4472

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content...

CVE-2021-4472

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the...

CVE-2021-4472

CVE-2021-4472 affects the OpenStack Mistral ecosystem, specifically the mistral-dashboard plugin and related python-mistralclient. A local file inclusion (LFI) vulnerability via the Create Workbook feature could disclose arbitrary local file contents. Public advisories confirm this issue across d...

CVE-2021-4472 Python-mistralclient: mistral-dashboard: local file inclusion through the 'create workbook' feature

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content...

CVE-2021-4472

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content...

CVE-2021-4472 Python-mistralclient: mistral-dashboard: local file inclusion through the 'create workbook' feature

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content...