CVE-2026-8358 Heap buffer overflow in spreadsheet tracked-changes import

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...

CVE-2026-25197

A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call...