CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

165 matches found

RedhatCVE•added 2026/06/05 7:36 p.m.•8 views

CVE-2026-41034

ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion via pictFmla.cbBufInCtlStm and other vectors, leading to an information leak and ASLR bypass...

5CVSS5.5AI score0.00295EPSS

Exploits0References1

ATTACKERKB•added 2026/04/28 7:45 p.m.•3 views

CVE-2026-7314

A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function getdocpath of the file src/spiredocmcp/api/base.py. Performing a manipulation of the argument documentname results in path traversal. The attack can be initiated remotely. The exploit is now public and...

7.5CVSS7.2AI score0.0041EPSS

Exploits0References5Affected Software1

EUVD•added 2025/12/25 9:30 p.m.•4 views

EUVD-2025-205392

ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer...

6.4CVSS5.7AI score0.00178EPSS

Exploits0References2

EUVD•added 2025/12/25 9:30 p.m.•3 views

EUVD-2025-205393

ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer...

6.4CVSS5.7AI score0.00178EPSS

Exploits0References2

OSV•added 2025/12/25 8:15 p.m.•4 views

CVE-2025-68936

ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer...

6.1CVSS6.1AI score

Exploits0References1

CVE•added 2025/12/25 8:7 p.m.•10 views

CVE-2025-68936

Summary: CVE-2025-68936 affects ONLYOFFICE Docs prior to 9.2.1 (DocumentServer relation) and is referenced across multiple feeds as a cross-site scripting (XSS) vulnerability. Affected software: ONLYOFFICE Docs (DocumentServer component referenced in the CVE). Vulnerability details: XSS via the C...

6.4CVSS5.8AI score0.00178EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/12/25 8:7 p.m.•2 views

CVE-2025-68936

ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer...

6.4CVSS5.8AI score0.00178EPSS

Exploits0References1

OSV•added 2025/12/24 9:16 p.m.•4 views

CVE-2025-68917

ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer...

6.4CVSS6.2AI score

Exploits0References1

NVD•added 2025/12/24 9:16 p.m.•4 views

CVE-2025-68917

ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer...

6.4CVSS0.00151EPSS

Exploits0References1

CVE•added 2025/12/24 8:19 p.m.•11 views

CVE-2025-68917

CVE-2025-68917 affects ONLYOFFICE Docs (DocumentServer) prior to version 9.2.1. The issue is a cross-site scripting (XSS) vulnerability in the textarea of the comment editing form. Root cause details are not elaborated beyond the XSS in the description, but multiple sources confirm the affected p...

6.4CVSS5.9AI score0.00151EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-3887

Malware in sbrugna...

9.8CVSS9.2AI score0.02318EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2021-26539

Malware in sbrugna...

9.8CVSS9.4AI score0.08215EPSS

Exploits1References4