CVE-2020-11537

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API...

CVE-2025-27791 Collabora Online Vulnerable to Arbitrary File Write

Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to be written anywhe...

CVE-2023-46988

Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access to sensitive files and potential Denial of Service DoS...

CVE-2023-46988

Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access to sensitive files and potential Denial of Service DoS...

CVE-2023-46988

Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access to sensitive files and potential Denial of Service DoS...

CVE-2023-46988

Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access to sensitive files and potential Denial of Service DoS...

CVE-2023-46988

Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access to sensitive files and potential Denial of Service DoS...

Ascensio System ONLYOFFICE Document Server 安全漏洞

Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from the Latvian company Ascensio System. The product supports viewing and editing of text, spreadsheets and presentations, among other things. A security vulnerability exists in Ascensio System ONLYOFFICE Document...

CVE-2023-46988

CVE-2023-46988 is a path-traversal vulnerability in ONLYOFFICE Document Server prior to 8.0.1. The issue allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter at the /example/editor endpoint, potentially leading to unauthorized access to sensitive files (and DoS)....

PT-2025-14441 · Onlyoffice · Onlyoffice Document Server

Name of the Vulnerable Software and Affected Versions: ONLYOFFICE Document Server versions 7.5.0 and earlier Description: The issue allows a remote attacker to obtain sensitive information via a crafted file upload. This is a result of a Directory Traversal vulnerability. Recommendations: For...

Exploit for CVE-2023-46988

ONLYOFFICE Path Traversal Exploit CVE-2023-46988 📌 Overv...

CVE-2023-30188

Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file...

CVE-2023-30188

Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file...

CVE-2023-30188

Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file...

Ascensio System ONLYOFFICE Document Server Security Vulnerability

Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets and presentations. A security vulnerability exists in ONLYOFFICE Document Server versions 4.0.3 through 7.3.2. An attacke...

CVE-2023-30188

Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file...

CVE-2023-30188

Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file...

PT-2023-4363 · Onlyoffice · Onlyoffice Document Server

Name of the Vulnerable Software and Affected Versions: ONLYOFFICE DocumentServer versions 4.0.3 through 7.3.2 Description: A use after free issue in ONLYOFFICE DocumentServer allows remote attackers to run arbitrary code via a crafted JavaScript file. This issue is related to the JavaScript File...

PT-2023-4392 · Onlyoffice · Onlyoffice Document Server

Name of the Vulnerable Software and Affected Versions: ONLYOFFICE Document Server versions 4.0.3 through 7.3.2 Description: The issue is related to a Memory Exhaustion vulnerability in the JavaScript File Handler component of ONLYOFFICE Document Server. This vulnerability allows remote attackers ...

CVE-2023-30188

The CVE-2023-30188 entry concerns ONLYOFFICE Document Server versions 4.0.3–7.3.2. The vulnerability is a memory exhaustion issue in the JavaScript File Handler component triggered by a crafted JavaScript file, enabling remote attackers to cause a denial of service. No exploit details are provide...