CVE-2025-68936

ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer...

CVE-2025-68936

Summary: CVE-2025-68936 affects ONLYOFFICE Docs prior to 9.2.1 (DocumentServer relation) and is referenced across multiple feeds as a cross-site scripting (XSS) vulnerability. Affected software: ONLYOFFICE Docs (DocumentServer component referenced in the CVE). Vulnerability details: XSS via the C...

CVE-2025-68935

ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer...

CVE-2025-68935

ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer...

CVE-2025-68935

ONLYOFFICE Docs prior to version 9.2.1 is affected by a cross-site scripting (XSS) vulnerability in the Multilevel list settings window’s Font field, related to DocumentServer. The issue is confirmed across multiple sources (including Red Hat, EUVD, NVD, OSV, CVE lists) and lists the vulnerable c...

ONLYOFFICE Docs 跨站脚本漏洞

ONLYOFFICE Docs is an online office software from ONLYOFFICE, Inc. A cross-site scripting vulnerability exists in versions of ONLYOFFICE Docs prior to 9.2.1, which stems from improper handling of the Font field in the Multi-Level List Settings window, which could lead to a cross-site scripting...

ONLYOFFICE Docs 跨站脚本漏洞

ONLYOFFICE Docs is an online office software from ONLYOFFICE, Inc. A cross-site scripting vulnerability exists in versions of ONLYOFFICE Docs prior to 9.2.1, which stems from mishandling of Color subject names and could lead to cross-site scripting attacks...

CVE-2025-68917

ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer...

CVE-2025-68917

ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer...

CVE-2025-68917

ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer...

CVE-2025-68917

CVE-2025-68917 affects ONLYOFFICE Docs (DocumentServer) prior to version 9.2.1. The issue is a cross-site scripting (XSS) vulnerability in the textarea of the comment editing form. Root cause details are not elaborated beyond the XSS in the description, but multiple sources confirm the affected p...

ONLYOFFICE Docs 跨站脚本漏洞

ONLYOFFICE Docs is an online office software from ONLYOFFICE, Inc. A cross-site scripting vulnerability exists in ONLYOFFICE Docs versions prior to 9.2.1, which stems from cross-site scripting in the textarea of the comment edit form...

Malicious Package

Overview secure-docs-app is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this this package'...

Malicious code in hiro-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88d9fa34d301fc54a2088114411b7016fb25c8f3b581c52f9e0613b103edda15 The package hiro-docs was found to contain malicious code...

MAL-2025-192801 Malicious code in hiro-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88d9fa34d301fc54a2088114411b7016fb25c8f3b581c52f9e0613b103edda15 The package hiro-docs was found to contain malicious code...

Fedora: Security Advisory (FEDORA-2025-7ec743931c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for golang-github-prometheus-alertmanager

This update for golang-github-prometheus-alertmanager fixes the following issues: Update to version 0.28.1 jscPED-13285: Improved performance of inhibition rules when using Equal labels. Improve the documentation on escaping in UTF-8 matchers. Update alertmanagerconfighash metric help to document...

@c0va23/react-router-dev (=7.8.3-alpha.2), @catmint/cli (>=0.0.0-prealpha.1 <=0.0.0-prealpha.26) +38 more potentially affected by CVE-2025-68155 via @vitejs/plugin-rsc (>=0.4.11 <=0.5.26)

@vitejs/plugin-rsc NPM version =0.4.11, =0.0.0-prealpha.1, =0.0.0-prealpha.1, =0.2.0, =0.2.3, =0.2.4, =0.0.1-alpha.0, =16.2.6, =0.0.9, =0.6.0, =0.5.0, =0.0.0-experimental.1, =0.1.0, =0.0.1, =0.0.0-1ae0b37, =0.0.0-fff5d2d and more Source cves: CVE-2025-68155 Source advisory:...

[SECURITY] Fedora 43 Update: python3.13-3.13.11-1.fc43

Python 3.13 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.13 package provides the "python3.13" executable:...

[SECURITY] Fedora 43 Update: python3-docs-3.14.2-1.fc43

The python3-docs package contains documentation on the Python 3 programming language and interpreter...