PT-2025-53411

Name of the Vulnerable Software and Affected Versions ONLYOFFICE Docs versions prior to 9.2.1 Description The software contains a flaw that allows for cross-site scripting XSS. This occurs through manipulation of the Font field within the Multilevel list settings window. The issue is related to t...

PT-2025-53379

Name of the Vulnerable Software and Affected Versions ONLYOFFICE Docs versions prior to 9.2.1 Description The software contains a flaw that allows for Cross-Site Scripting XSS within the textarea of the comment editing form. This issue is related to the DocumentServer component. Recommendations...

PT-2025-53412

Name of the Vulnerable Software and Affected Versions ONLYOFFICE Docs versions prior to 9.2.1 Description ONLYOFFICE Docs contains a flaw that allows for Cross-Site Scripting XSS through the Color theme name within DocumentServer. Recommendations Update to version 9.2.1 or later...

EUVD-2021-12714

Malware in sbrugna...

EUVD-2021-12712

Malware in sbrugna...

EUVD-2021-12715

Malware in sbrugna...

EUVD-2021-12713

Malware in sbrugna...

EUVD-2021-12716

Malware in sbrugna...

EUVD-2023-34611

Malicious code in bioql PyPI...

EUVD-2023-34612

Malicious code in bioql PyPI...

CVE-2023-30187

An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file...

CVE-2021-25829

An improper binary stream data handling issue was found in the core module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Using this bug, an attacker is able to produce a denial of service attack that can eventually shut down the target server...

CVE-2021-25830

A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote...

CVE-2021-25832

A heap buffer overflow vulnerability inside of BMP image processing was found at core module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnerability, an attacker is able to gain remote code executions on DocumentServer...

CVE-2021-25833

A file extension handling issue was found in server module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability, a remote attacker can obtain remote code executi...

CVE-2021-25831

A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote...

The vulnerability of the JavaScript File Handler component in the office online package ONLYOFFICE DocumentServer allows a hacker to trigger a service failure.

The vulnerability of the JavaScript File Handler component in the ONLYOFFICE DocumentServer online package is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause a service failure by executing a specially crafted JavaScript file...

The vulnerability of the JavaScript File Handler component in the office online package ONLYOFFICE DocumentServer allows a hacker to execute arbitrary code.

The vulnerability of the JavaScript File Handler component in the ONLYOFFICE DocumentServer online package relates to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code by launching a specially crafted JavaScri...

The vulnerability of the JavaScript File Handler component in the office online package ONLYOFFICE DocumentServer allows a hacker to execute arbitrary code.

The vulnerability of the JavaScript File Handler component in the ONLYOFFICE DocumentServer office online package is related to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by running a specially crafted JavaScript file...

CVE-2023-30187

An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file...