EUVD-2024-52835

Malicious code in bioql PyPI...

Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)

Titles: Microsoft Excel LTSC 2024 - Remote Code Execution RCE Author: nu11secur1ty Date: 06/16/2025 Vendor: Microsoft Software: https://www.microsoft.com/en/microsoft-365/excel?market=af Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27751 CVE-2025-47957 Versions: Microsoft...

Microsoft Excel Use After Free - Local Code Execution

Titles: Microsoft Excel Use After Free - Local Code Execution Author: nu11secur1ty Date: 06/09/2025 Vendor: Microsoft Software: https://www.microsoft.com/en/microsoft-365/excel?market=af Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27751 Versions: MS Excel 2016, MS Office...

📄 Microsoft Excel Remote Code Execution

Microsoft Excel appears to suffer from a remote code execution vulnerability via a malicious macro. Titles: Microsoft Excel Local Code Execution Vulnerability Author: nu11secur1ty Date: 06/09/2025 Vendor: Microsoft Software: https://www.microsoft.com/en/microsoft-365/excel?market=af Reference:...

CVE-2020-11536

An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the unzip function to rewrite a binary and remotely execute code on a victim's server...

CVE-2020-11534

An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the NSFileDownloader function to pass parameters to a binary such as curl or wget and remotely execute code on a victim's server...

CVE-2024-55652 PwnDoc Server-Side Template Injection vulnerability - Sandbox Escape to RCE using custom filters

PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the...

Exploit for CVE-2022-30190

CVE-2022-30190 Microsoft Office Word Rce 复现CVE-2022-30190...

Exploit for Path Traversal in Microsoft

This repository is an exploit module for CVE-2021-40444, a remote code execution vulnerability in Microsoft Office Word. The exploit is a malicious docx generator that creates a document that, when opened, will execute a malicious DLL file. The exploit is based on some reverse engineering over a...

HawkEye Credential Theft Malware Distributed in Recent Phishing Campaign

A wide variety of threat actors began distributing HawkEye malware through high-volume email campaigns after it became available for purchase via a public-facing website. The actors behind the phishing campaigns typically used email themes based on current events and media reports that would piqu...

FIN7 Evolution and the Phishing LNK

FIN7 is a financially-motivated threat group that has been associated with malicious operations dating back to late 2015. FIN7 is referred to by many vendors as “Carbanak Group”, although we do not equate all usage of the CARBANAK backdoor with FIN7. FireEye recently observed a FIN7 spear phishin...