CVE-2025-5526

The BuddyPress Docs WordPress plugin before 2.2.5 lacks proper access controls and allows a logged in user to view and download files belonging to another user...

CVE-2025-5526

The BuddyPress Docs WordPress plugin before 2.2.5 lacks proper access controls and allows a logged in user to view and download files belonging to another user...

CVE-2025-5526 BuddyPress Docs < 2.2.5 - Subscriber+ Arbitrary Document Read/Update

The BuddyPress Docs WordPress plugin before 2.2.5 lacks proper access controls and allows a logged in user to view and download files belonging to another user...

CVE-2025-5526 BuddyPress Docs < 2.2.5 - Subscriber+ Arbitrary Document Read/Update

The BuddyPress Docs WordPress plugin before 2.2.5 lacks proper access controls and allows a logged in user to view and download files belonging to another user...

CVE-2025-5526

CVE-2025-5526 affects the BuddyPress Docs WordPress plugin prior to 2.2.5. Root cause: insufficient access controls permit a logged-in user to view and download files belonging to another user. Affected versions are

PT-2025-27062 · WordPress · Buddypress Docs

Name of the Vulnerable Software and Affected Versions: BuddyPress Docs WordPress plugin version 2.2.4 and earlier Description: The issue is related to inadequate access controls in the BuddyPress Docs WordPress plugin, allowing a logged-in user to view and download files belonging to another user...

WordPress plugin BuddyPress Docs 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Malicious code in docs-root (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in sentry-docs (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 688bb145ba010593bc53d4870250dfa7bc897a70a613291ed2352ba008314c84 Any computer that has this package installed or running should be considered...

Malicious code in plonkscript-docs (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 97e199a9c3de094417a8d71f5b9efb8075e31759f1d7b8cd5e9230ca6e55cd7c Any computer that has this package installed or running should be considered...

MAL-2025-5451 Malicious code in plonkscript-docs (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 97e199a9c3de094417a8d71f5b9efb8075e31759f1d7b8cd5e9230ca6e55cd7c Any computer that has this package installed or running should be considered...

The vulnerability of the implementation of the WOPI protocol for the ONLYOFFICE Docs office online package allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the WOPI protocol implementation in the ONLYOFFICE Docs online package DocumentServer is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by sending specially...

CVE-2025-5301

ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...

[SECURITY] Fedora 42 Update: python3.11-3.11.13-1.fc42

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable:...

CVE-2025-5301

ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...

CVE-2025-5301

ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...

CVE-2025-5301 Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)

ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...

CVE-2025-5301 Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)

ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...

CVE-2025-5301

ONLYOFFICE Docs (DocumentServer) &lt;= 8.3.1 is affected by a reflected XSS when opening files via WOPI, caused by improper sanitization of crafted HTTP POST requests. The XSS can result in malicious scripts being reflected in the server’s HTML response. Affected product/version: ONLYOFFICE Docs ...

ONLYOFFICE Docs 跨站脚本漏洞

ONLYOFFICE Docs is an online office software from ONLYOFFICE, Inc. A cross-site scripting vulnerability exists in ONLYOFFICE Docs version 8.3.1 and prior versions, which stems from reflected cross-site scripting when opening a file via the WOPI protocol, which could lead to the execution of...