4 matches found
CVE-2026-41880
CVE-2026-41880: R-SOFT DMS OCR module is vulnerable to OS Command Injection via unsanitized user-controllable file paths passed to the system shell through SSH. An authenticated attacker triggering OCR on an uploaded file can execute commands as root. The issue is mitigated by fixes in v3.19-2862...
CVE-2026-41880
R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition OCR module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding...
Memory Corruption Vulnerability in WPS Office ocr Module Handling GIF Images
WPS Office is an office software suite independently developed by Kingsoft Corporation Limited, which can realize the most commonly used text, table, presentation and many other functions of office software. A memory corruption vulnerability exists in the OCR module Image to Text of WPS Office wh...
Heap Overflow Vulnerability in WPS Office ocr Module
WPS Office is an office software suite independently developed by Kingsoft Corporation Limited, which can realize the most commonly used text, table, presentation and many other functions of office software. A heap overflow vulnerability exists in the OCR module Image to Text of WPS OFFICE when...