CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

164 matches found

ATTACKERKB•added 2026/04/28 7:45 p.m.•1 views

CVE-2026-7314

A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function getdocpath of the file src/spiredocmcp/api/base.py. Performing a manipulation of the argument documentname results in path traversal. The attack can be initiated remotely. The exploit is now public and...

7.5CVSS7.2AI score0.00089EPSS

Exploits0References5Affected Software1

EUVD•added 2025/12/25 9:30 p.m.•1 views

EUVD-2025-205392

ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer...

6.4CVSS5.7AI score0.00006EPSS

Exploits0References2

EUVD•added 2025/12/25 9:30 p.m.•2 views

EUVD-2025-205393

ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer...

6.4CVSS5.7AI score0.00006EPSS

Exploits0References2

OSV•added 2025/12/25 8:15 p.m.•1 views

CVE-2025-68936

ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer...

6.1CVSS6.1AI score

Exploits0References1

CVE•added 2025/12/25 8:7 p.m.•5 views

CVE-2025-68936

Summary: CVE-2025-68936 affects ONLYOFFICE Docs prior to 9.2.1 (DocumentServer relation) and is referenced across multiple feeds as a cross-site scripting (XSS) vulnerability. Affected software: ONLYOFFICE Docs (DocumentServer component referenced in the CVE). Vulnerability details: XSS via the C...

6.4CVSS5.8AI score0.00006EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/12/25 8:7 p.m.•1 views

CVE-2025-68936

ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer...

6.4CVSS5.8AI score0.00006EPSS

Exploits0References1

NVD•added 2025/12/24 9:16 p.m.•1 views

CVE-2025-68917

ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer...

6.4CVSS0.00032EPSS

Exploits0References1

OSV•added 2025/12/24 9:16 p.m.•1 views

CVE-2025-68917

ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer...

6.4CVSS6.2AI score

Exploits0References1

CVE•added 2025/12/24 8:19 p.m.•5 views

CVE-2025-68917

CVE-2025-68917 affects ONLYOFFICE Docs (DocumentServer) prior to version 9.2.1. The issue is a cross-site scripting (XSS) vulnerability in the textarea of the comment editing form. Root cause details are not elaborated beyond the XSS in the description, but multiple sources confirm the affected p...

6.4CVSS5.9AI score0.00032EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2006-1186

Malware in sbrugna...

2.6CVSS6.4AI score0.00181EPSS

Exploits0References11

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2006-1788

Malware in sbrugna...

2.6CVSS6.4AI score0.02135EPSS

Exploits0References8