CVE-2026-39904

Gophish 0.12.1 is affected by a denial-of-service in the ApplyTemplate() path that processes Office documents as ZIP archives. The vulnerability arises from ioutil.ReadAll() on each file entry without sized limits, enabling a zip-bomb payload to cause several gigabytes of in-memory expansion and ...

[SECURITY] Fedora 43 Update: python-wsgidav-4.3.4-1.fc43

A generic and extendable WebDAV server written in Python and based on WSGI. Main features: =E2=80=A2 WsgiDAV is a stand-alone WebDAV server with SSL support, that can be installed and run as Python command line script. =E2=80=A2 The python-pam library is needed as extra requirement if pam-login...

EUVD-2025-209090

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided...

ALPINE-CVE-2025-59031

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided...

Open-Xchange OX Dovecot Pro 安全漏洞

Open-Xchange OX Dovecot Pro is a mail storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a security vulnerability, which stems from the insecure handling of zip-format attachments by the attachment-to-text script. This vulnerability may allow...

CVE-2025-30190

Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available...

EUVD-2025-199814

Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available...

CVE-2025-30190

Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available...

CVE-2025-30190

CVE-2025-30190 affects Open-Xchange OX App Suite. Malicious content in office documents can inject script code during document editing, executing unintended actions in the user’s context and potentially exfiltrating sensitive data. No public exploits are known. Root cause involves script injectio...

CVE-2025-30190

Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available...

CVE-2025-30190

Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available...

PT-2025-48256

Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available...

EUVD-2002-1665

Malware in sbrugna...

Malicious code in ecinc-cloud-moaxmpp (npm)

Package exhibits multiple malicious behaviors: Office doc access/encryption, DB interaction, local storage clearing, arbitrary code execution, /dev/shm ref. The code includes a native bridge that allows it to execute arbitrary SQL queries on a mobile device’s database when used within a specific...

Apple macOS Ventura Security Vulnerability

Apple macOS Ventura is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Ventura version 13.4, which originates from parsing Office documents may result in unexpected application termination or arbitrary code execution...

CVE-2023-39342

CVE-2023-39342 affects Dangerzone CLI (dangerzone-cli) prior to 0.4.2. The issue arises because the CLI logs container-output from the sanitization process to the user’s terminal and also logs file names; if the container is compromised, an attacker could return attacker-controlled strings to spo...

The vulnerability of the LibreOffice office software package, related to insufficient validation of requests on the server side, allows a hacker to gain access to the file system.

The vulnerability of the LibreOffice office software package is related to insufficient testing of server-side requests. Exploiting this vulnerability could allow a malicious actor to gain access to the file system using specially crafted ODT files...

PT-2023-8487 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.7.7 macOS versions prior to 12.6.6 macOS versions prior to 13.4 Description: A buffer overflow issue was addressed with improved bounds checking. This issue may lead to an unexpected app termination or arbitrary cod...

Pakistan-based Transparent Tribe Hackers Targeting Indian Educational Institutions

The Transparent Tribe threat actor has been linked to a set of weaponized Microsoft Office documents in intrusions directed against the Indian education sector to deploy a continuously maintained piece of malware called Crimson RAT. While the suspected Pakistan-based threat group is known to targ...

Description of the security update for SharePoint Server 2019: March 14, 2023 (KB5002358)

Description of the security update for SharePoint Server 2019: March 14, 2023 KB5002358 Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see ​​​​Microsoft Common Vulnerabilities and Exposures CVE-2023-23395. Notes:...