EUVD-2026-23199

ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion via pictFmla.cbBufInCtlStm and other vectors, leading to an information leak and ASLR bypass...

CVE-2026-41034

ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion via pictFmla.cbBufInCtlStm and other vectors, leading to an information leak and ASLR bypass...

CVE-2026-41034

ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion via pictFmla.cbBufInCtlStm and other vectors, leading to an information leak and ASLR bypass...

CVE-2026-41034

ONLYOFFICE DocumentServer prior to 9.3.0 contains an untrusted pointer dereference in XLS processing/conversion (via pictFmla.cbBufInCtlStm and related vectors), causing information leakage and an ASLR bypass. Affected product: ONLYOFFICE DocumentServer. Root cause: untrusted pointer dereference ...

PT-2026-33272

ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion via pictFmla.cbBufInCtlStm and other vectors, leading to an information leak and ASLR bypass...

EUVD-2021-12712

Malware in sbrugna...

EUVD-2021-12714

Malware in sbrugna...

EUVD-2021-12715

Malware in sbrugna...

EUVD-2021-12713

Malware in sbrugna...

EUVD-2021-12716

Malware in sbrugna...

EUVD-2023-34611

Malicious code in bioql PyPI...

EUVD-2023-34612

Malicious code in bioql PyPI...

CVE-2023-30187

An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file...

CVE-2021-25829

An improper binary stream data handling issue was found in the core module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Using this bug, an attacker is able to produce a denial of service attack that can eventually shut down the target server...

CVE-2021-25830

A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote...

CVE-2021-25832

A heap buffer overflow vulnerability inside of BMP image processing was found at core module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnerability, an attacker is able to gain remote code executions on DocumentServer...

CVE-2021-25833

A file extension handling issue was found in server module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability, a remote attacker can obtain remote code executi...

CVE-2021-25831

A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote...

CVE-2023-30187

An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file...

CVE-2023-30186

A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file...