5670 matches found
WordPress Admin Word Count Column 2.2 - Local File Inclusion
The plugin does not validate the path parameter given to readfile, which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique. id:...
Jenkins build-metrics 1.3 - Cross-Site Scripting
Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...
CVE-2026-55142
Numeric truncation error in Microsoft Office Word allows an unauthorized attacker to disclose information locally...
CVE-2026-55134
Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-55128
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-55130
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-55127
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-55132
Double free in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-55124
Improper validation of specified type of input in Microsoft Office Word allows an unauthorized attacker to disclose information locally...
CVE-2026-55050
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally...
CVE-2026-55055
Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-55038
Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-55033
Integer overflow or wraparound in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-55032
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-55128 Microsoft Word Remote Code Execution Vulnerability
...
CVE-2026-55128
CVE-2026-55128 is a Use-after-free in Microsoft Word that enables local code execution by an unauthenticated attacker who powers the exploit via a crafted file/link. Affected product scope is Microsoft Word/Office as per Microsoft advisories; document does not specify exact vulnerable builds or p...
CVE-2026-55128 Microsoft Word Remote Code Execution Vulnerability
...
CVE-2026-55130 Microsoft Word Remote Code Execution Vulnerability
...
CVE-2026-55130
CVE-2026-55130 describes a heap-based buffer overflow in Microsoft Word (Office) that allows an authenticated attacker to achieve local code execution . The CVE entry lists a LOCAL attack vector, with user interaction required and high impact on confidentiality, integrity, and availability. Conne...
CVE-2026-55142 Microsoft Word Information Disclosure Vulnerability
...