49 matches found
CVE-2025-65482
The CVE-2025-65482 XXE vulnerability affects opensagres XDocReport versions 0.9.2 through 2.0.3, allowing arbitrary code execution via crafted .docx uploads. Root cause relates to XML data processing within the library, enabling an attacker to trigger code execution when processing external entit...
CVE-2019-16338
The tfocommon component in HwordApp.dll in Hancom Office 9.6.1.7634 allows a use-after-free via a crafted .docx file...
EUVD-2019-7115
Malware in sbrugna...
EUVD-2023-31863
Malicious code in bioql PyPI...
EUVD-2023-31862
Malicious code in bioql PyPI...
EUVD-2023-31861
Malicious code in bioql PyPI...
Microsoft Excel Use After Free - Local Code Execution
Titles: Microsoft Excel Use After Free - Local Code Execution Author: nu11secur1ty Date: 06/09/2025 Vendor: Microsoft Software: https://www.microsoft.com/en/microsoft-365/excel?market=af Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27751 Versions: MS Excel 2016, MS Office...
📄 Microsoft Excel Remote Code Execution
Microsoft Excel appears to suffer from a remote code execution vulnerability via a malicious macro. Titles: Microsoft Excel Local Code Execution Vulnerability Author: nu11secur1ty Date: 06/09/2025 Vendor: Microsoft Software: https://www.microsoft.com/en/microsoft-365/excel?market=af Reference:...
CVE-2023-28150
An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external entity XXE injection via a remote DTD in a DOCX file...
CVE-2023-28151
An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. The API is prone to XML external entity XXE injection via a remote DTD in a DOCX file...
CVE-2023-28152
An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external entity XXE injection via a remote DTD in a DOCX file...
CVE-2020-11536
An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the unzip function to rewrite a binary and remotely execute code on a victim's server...
CVE-2020-11534
An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the NSFileDownloader function to pass parameters to a binary such as curl or wget and remotely execute code on a victim's server...
CVE-2025-0184
A Server-Side Request Forgery SSRF vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype value is requested as a URL using the 'requests...
CVE-2025-0184
A Server-Side Request Forgery SSRF vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype value is requested as a URL using the 'requests...
CVE-2025-0184 Server-Side Request Forgery (SSRF) in langgenius/dify
A Server-Side Request Forgery SSRF vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype value is requested as a URL using the 'requests...
CVE-2025-0184 Server-Side Request Forgery (SSRF) in langgenius/dify
A Server-Side Request Forgery SSRF vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype value is requested as a URL using the 'requests...
Microsoft Office Word DOCX File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...
Server Side Request Forgery(SSRF) on WordExtractor in langgenius/dify
Summary The vulnerability occurs when uploading DOCX files in the "Create Knowledge" section. If an external relationship exists in the DOCX file, the reltype value is requested as a URL. Requests are sent using the 'requests' module instead of the 'ssrfproxy', which can lead to an SSRF...
Security Bulletin: GNOME libxml2 vulnerability affects IBM Safer Payments (CVE-2023-29469)
Summary Libxml2 is used by IBM Safer Payments as part of PMML models, external queries, and docx file templates for Outgoing Channel Configurations. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-29469 DESCRIPTION: GNOME libxml2 is vulnerable to a denial of service,...