34 matches found
CVE-2026-39424
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file .xlsx via the...
CVE-2026-39424
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file .xlsx via the...
CVE-2026-39424 MaxKB has CSV Injection in its Application Chat Export Functionality
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file .xlsx via the...
CVE-2026-39424
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file .xlsx via the...
EUVD-2026-22186
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file .xlsx via the...
CVE-2026-39424
MaxKB (1Panel-dev) has a CSV-injection vulnerability in the chat export feature for versions 2.7.1 and earlier. When exporting chat history to .xlsx via /admin/api/workspace/{workspace_id}/application/{application_id}/chat/export, strings beginning with formula characters are written without sani...
CVE-2026-39424 MaxKB has CSV Injection in its Application Chat Export Functionality
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file .xlsx via the...
Apache OpenOffice External File Loading Vulnerability
Apache OpenOffice is an open source office software suite from the American Apache Apache Foundation. A security vulnerability exists in Apache OpenOffice, which stems from improper authorization checking, and can be exploited by remote attackers to automatically load external files containing DD...
EUVD-2025-124972
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, Calc spreadsheet containing DDE links to...
CVE-2025-64405
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, Calc spreadsheet containing DDE links to...
CVE-2025-64405
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, Calc spreadsheet containing DDE links to...
CVE-2025-64405 Apache OpenOffice: Remote documents loaded without prompt via DDE function
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, Calc spreadsheet containing DDE links to...
CVE-2025-64405 Apache OpenOffice: Remote documents loaded without prompt via DDE function
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, Calc spreadsheet containing DDE links to...
CVE-2025-64405
CVE-2025-64405 affects Apache OpenOffice up to version 4.1.15. The issue is a missing authorization check when handling external links, specifically in Calc spreadsheets with DDE links to external files, which could cause the external contents to be loaded without user prompt. The combined set of...
Apache OpenOffice 安全漏洞
Apache OpenOffice is an open source office software suite from the American Apache Apache Foundation. A security vulnerability exists in Apache OpenOffice, which stems from improper authorization checking, and can be exploited by remote attackers to automatically load external files containing DD...
EUVD-2001-0015
Malware in sbrugna...
CVE-2025-46579
There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed...
ZTE GoldenDB 安全漏洞
ZTE GoldenDB is a financial-grade transactional distributed database from China's ZTE Corporation ZTE. It is used in finance, government and enterprise, telecom and other industries to provide highly available data services. ZTE GoldenDB suffers from a DDE injection vulnerability, which can be...
May 10, 2022—KB5013952 (OS Build 14393.5125) - EXPIRED
May 10, 2022—KB5013952 OS Build 14393.5125 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- Note: To improve th...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
PoC exploit for CVE-2017-11826, a Microsoft Office Word vulnerability allowing arbitrary code execution through DDE injection. The exploit targets Microsoft Office Word, specifically the vulnerability class of remote code execution RCE via DDE Dynamic Data Exchange injection. The probable entry...