CVE-2025-65482

An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...

CVE-2025-65482

An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the XML parsing process. An attacker can execute arbitrary code by uploading a specially crafted .docx file containing malicious XML entities. Details XXE Injection is a type of attack against an...

PT-2026-3629

Name of the Vulnerable Software and Affected Versions opensagres XDocReport versions 0.9.2 through 2.0.3 Description An XML External Entity XXE issue exists in opensagres XDocReport. Successful exploitation allows attackers to execute arbitrary code by uploading a specially crafted .docx file. Th...

CVE-2025-65482

An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...

EUVD-2019-7115

Malware in sbrugna...

Ascensio System ONLYOFFICE Document Server Input Validation Error Vulnerability

Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets and presentations, among others. An input validation error vulnerability exists in Ascensio System ONLYOFFICE Document...

Unspecified Vulnerability in Ascensio System ONLYOFFICE Document Server

Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets and presentations, among others. A security vulnerability exists in Ascensio System ONLYOFFICE Document Server version...

CVE-2020-11536

An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the unzip function to rewrite a binary and remotely execute code on a victim's server...

Hancom Office HwordApp.dll Library tfo_common Component Resource Management Error Vulnerability

Hancom Office is a mobile office program from the Korean company Hancom. The program supports viewing and editing documents in many formats. hncbd90 is one of the hncbd90 libraries. A resource management error vulnerability exists in the tfocommon component of the HwordApp.dll library in Hancom...

Hancom Office hncbd90 Resource Management Error Vulnerability

Hancom Office is a mobile office program from the Korean company Hancom. The program supports viewing and editing documents in many formats. hncbd90 is one of the hncbd90 libraries. A resource management error vulnerability exists in hncbd90 in Hancom Office version 9.6.1.9403. An attacker could...

CVE-2019-16338

The tfocommon component in HwordApp.dll in Hancom Office 9.6.1.7634 allows a use-after-free via a crafted .docx file...

CVE-2019-16337

The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-free via an unknown object in a crafted .docx file...

CVE-2019-16338

The CVE-2019-16338 issue affects Hancom Office’s HwordApp.dll (tfo_common) in version 9.6.1.7634, where a crafted .docx enables a use-after-free vulnerability. Public sources in the connected docs describe the flaw and corroborate that it can lead to arbitrary code execution. CVSS data indicates ...

CVE-2019-16338

The tfocommon component in HwordApp.dll in Hancom Office 9.6.1.7634 allows a use-after-free via a crafted .docx file...

Design/Logic Flaw

In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted DOCX document can lead to a use-after-free resulting in direct code execution...