Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
excel vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-11294
An issue exists in Adobe Shockwave 12.2.9.199 and previous versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
Adobe Shockwave
1 Article
9.8
CVSSv3
CVE-2017-2790
When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. This results in a heap-based buffer overflo...
Justsystems Ichitaro
9.8
CVSSv3
CVE-2008-0081
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote malicious users to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CV...
Microsoft Excel Viewer 2003
Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Office 2004
1 EDB exploit
9.6
CVSSv3
CVE-2019-19676
A CSV injection in arxes-tolina 3.0.0 allows malicious users to gain remote control of other computers. By entering formula code in the following columns: Kundennummer, Firma, Street, PLZ, Ort, Zahlziel, and Bemerkung, an attacker can create a user with a name that contains malic...
Arxes-tolina Arxes-tolina 3.0.0
9.6
CVSSv3
CVE-2018-15474
CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and previous versions allows remote malicious users to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV expo...
Dokuwiki Dokuwiki
8.8
CVSSv3
CVE-2023-40923
MyPrestaModules ordersexport before v5.0 exists to contain multiple SQL injection vulnerabilities at send.php via the key and save_setting parameters.
Myprestamodules Orders \\(csv\\, Excel\\) Export
8.8
CVSSv3
CVE-2022-41106
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Office Web Apps Server 2013
Microsoft Office Online Server -
Microsoft Office 2019
Microsoft 365 Apps -
Microsoft Office 2021
8.8
CVSSv3
CVE-2022-1539
The Exports and Reports WordPress plugin prior to 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks.
Exports And Reports Project Exports And Reports
8.8
CVSSv3
CVE-2022-32119
Arox School ERP Pro v1.0 exists to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1finance_master.inc.php.
Arox School Erp Pro 1.0
1 Github repository
8.8
CVSSv3
CVE-2022-24770
`gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers from Improper Neutralization of Formula Elements in a CSV File. The `gradio` library has a flagging functionality which saves input/output da...
Gradio Project Gradio
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »