369 matches found
CVE-2026-39904 Gophish 0.12.1 Denial of Service via Office Document Upload
Gophish through 0.12.1 contains a denial of service vulnerability that allows authenticated users with the User role to exhaust server memory by uploading a crafted Office document as an email template attachment. The ApplyTemplate function in models/attachment.go processes Office documents as ZI...
Exploit for CVE-2022-30190
Explotación de Follina CVE-2022-30190 Follina CVE-2022-3...
PT-2026-38382
Name of the Vulnerable Software and Affected Versions Gotenberg versions 8.31.0 and earlier Description A Server-Side Request Forgery SSRF issue exists in the LibreOffice conversion endpoint "/forms/libreoffice/convert". While some SSRF hardening is present in the Go code, the application passes...
CVE-2026-3665
A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xlsxconsumer::readofficedocument of the file source/detail/serialization/xlsxconsumer.cpp of the component XLSX File Parser. The manipulation leads to null pointer dereference. Th...
EUVD-2026-10173
A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xlsxconsumer::readofficedocument of the file source/detail/serialization/xlsxconsumer.cpp of the component XLSX File Parser. The manipulation leads to null pointer dereference. Th...
CVE-2026-3665
A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xlsxconsumer::readofficedocument of the file source/detail/serialization/xlsxconsumer.cpp of the component XLSX File Parser. The manipulation leads to null pointer dereference. Th...
CVE-2026-3665 xlnt-community xlnt XLSX File xlsx_consumer.cpp read_office_document null pointer dereference
A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xlsxconsumer::readofficedocument of the file source/detail/serialization/xlsxconsumer.cpp of the component XLSX File Parser. The manipulation leads to null pointer dereference. Th...
CVE-2026-3665 xlnt-community xlnt XLSX File xlsx_consumer.cpp read_office_document null pointer dereference
A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xlsxconsumer::readofficedocument of the file source/detail/serialization/xlsxconsumer.cpp of the component XLSX File Parser. The manipulation leads to null pointer dereference. Th...
CVE-2026-3665
The CVE-2026-3665 entry concerns the xlnt-community xlnt XLSX File Parser (up to version 1.6.1). The affected element is xlnt::detail::xlsx_consumer::read_office_document in source/detail/serialization/xlsx_consumer.cpp, where manipulation leads to a null pointer dereference. Exploitation require...
CVE-2018-19448
In Foxit Reader SDK ActiveX Professional 5.4.0.1031, an uninitialized object in IReaderContentProvider::GetDocEventHandler occurs when embedding the control into Office documents. By opening a specially crafted document, an attacker can trigger an out of bounds write condition, possibly leveragin...
CVE-2021-33793
Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion...
EUVD-2011-0234
Malware in sbrugna...
EUVD-2021-20470
Malware in sbrugna...
EUVD-2020-18456
Malware in sbrugna...
EUVD-2011-1423
Malware in sbrugna...
EUVD-2014-1338
Malware in sbrugna...
EUVD-2017-0418
Malware in sbrugna...
CVE-2025-10777
A flaw has been found in JSC R7 R7-Office Document Server up to 20250820. Impacted is an unknown function of the file /downloadas/. Executing manipulation of the argument cmd can lead to path traversal. The attack can be launched remotely. Upgrading to version 2025.3.1.923 is recommended to addre...
CVE-2025-10777
A flaw has been found in JSC R7 R7-Office Document Server up to 20250820. Impacted is an unknown function of the file /downloadas/. Executing manipulation of the argument cmd can lead to path traversal. The attack can be launched remotely. Upgrading to version 2025.3.1.923 is recommended to addre...
CVE-2025-10777 JSC R7 R7-Office Document Server downloadas path traversal
A flaw has been found in JSC R7 R7-Office Document Server up to 20250820. Impacted is an unknown function of the file /downloadas/. Executing manipulation of the argument cmd can lead to path traversal. The attack can be launched remotely. Upgrading to version 2025.3.1.923 is recommended to addre...