EUVD-2017-11337

Malware in sbrugna...

EUVD-2024-49288

Malicious code in bioql PyPI...

Landray OA EKP 安全漏洞

Landray OA EKP Landray EKP is an office collaboration software from China Landray company. A security vulnerability exists in Landray OA EKP v16, which originates from an arbitrary download vulnerability in the /ui/sysuiextend/sysUiExtend.do component, which may result in obtaining the backend...

CVE-2025-48992 Group-Office vulnerable to blind XSS

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored and blind cross-site scripting XSS vulnerability exists in the Name Field of the user profile. A malicious attacker can change their name to a javascript payload, whi...

CVE-2024-8601

This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to unauthorized acce...

PT-2025-22529 · Unknown · Group-Office

Name of the Vulnerable Software and Affected Versions: Group-Office versions prior to 6.8.119 and 25.0.20 Description: The issue is a persistent Cross-Site Scripting XSS vulnerability in Group-Office's tasks comment functionality. This allows attackers to execute arbitrary JavaScript by uploading...

Microsoft Office Elevation of Privilege Vulnerability (CNVD-2025-10661)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. Microsoft Office has an elevation of privilege vulnerability that can be exploited by an attacker to elevat...

Daxi OfficeWeb365 安全漏洞

Daxi OfficeWeb365 is an office software from China Daxi Daxi Company. A security vulnerability exists in Daxi OfficeWeb365 version v.8.6.1.0 and v7.18.23.0, which stems from vulnerability to file upload attacks and allows attackers to execute arbitrary code via the pw/savedraw component...

CVE-2024-8601

This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to unauthorized acce...

CVE-2024-8601

TechExcel Back Office Software is vulnerable in versions prior to 1.0.0 due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this by manipulating a parameter in the API request URL to gain unauthorized access to other users’ sensitive informatio...

CXBSoft Post-Office SQL Injection Vulnerability

CXBSoft Post-Office is a post office system from CXBSoft. A SQL injection vulnerability exists in CXBSoft Post-Office version 1.0, which originates from a SQL injection vulnerability in the parameter version of the file /admin/pages/updatego.php...

Command Execution Vulnerability in WPS Windows Edition of Zhuhai Kingsoft Office Software Co.

WPS is an office software. A command execution vulnerability exists in WPS Windows Edition of Zhuhai Kingsoft Office Software Limited, which can be exploited by attackers to execute arbitrary code...

e-Excellence U-Office Force 安全漏洞

e-Excellence U-Office Force is an e-Office platform from China's First Class Technology e-Excellence. A security vulnerability exists in e-Excellence U-Office Force, which can be exploited to obtain part of the system information from an error message returned by the web service by sending specif...

Remote Code Execution Vulnerability in WPS Office of Zhuhai Kingsoft Office Software Co.

WPS Office is an office software suite from Zhuhai Kingsoft Office Software Co. A remote code execution vulnerability exists in WPS Office of Zhuhai Kingsoft Office Software Co. Ltd, which can be exploited by attackers to gain server privileges...

Microsoft Word Code Execution Vulnerability (CNVD-2025-17485)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...

CVE-2022-39022

U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file...

Huatian Power OA suffers from XML Entity Injection Vulnerability

Huatian Power OA belongs to Dalian Huatian Software Co., Ltd. and is collaborative office software OA. An XML entity injection vulnerability exists in Huatian Power OA, which can be exploited by attackers to obtain sensitive information...

Microsoft Office 安全漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and so on. A security vulnerability exists in Microsoft Office Word. The following products and editions...

CVE-2022-34717

Microsoft Office Remote Code Execution Vulnerability...

Microsoft Windows Autopatch is Now Generally Available for Enterprise Systems

Microsoft on Monday announced the general availability of a feature called Autopatch that automatically keeps Windows and Office software up-to-date on enrolled endpoints. The launch, which comes a day before Microsoft is expected to release its monthly round of security patches, is available for...