CVE-2026-24737

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or...

EUVD-2021-16999

Malware in sbrugna...

CVE-2021-30055

A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'paryear' parameter when running a report...

Design/Logic Flaw

XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds...

Knowage SQL注入漏洞

Knowage is a suite of open source tools for modern business analytics. A SQL injection vulnerability exists in the documentexecution/url analysis driver component of Knowage prior to version 7.4 when running reports. An attacker can exploit this vulnerability to execute arbitrary SQL commands on ...

Microsoft Word does not adequately validate macros embedded within malformed Word documents

Overview There is a vulnerability caused by a failure to detect macros embedded in Microsoft Word documents. This vulnerability may allow the author of a malicious document to execute arbitrary commands as the user who opens the document. Description Microsoft Word versions including Word 2002,...

Дырка в Word и Excel

При открытии документа запускаются файлы riched20.dll и msi.dll из расоложения документа...