151 matches found
CVE-2026-46722
The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...
USN-8352-1: LibreOffice vulnerability
Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code...
XML External Entity (XXE) Injection
Overview tpwd/kesearch is a search extension for TYPO3, including faceting search functions. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the OOXML parsing of the file indexer, external entity resolution is not disabled. A crafted XLSX or PPTX document...
CVE-2026-46722
The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...
Unity Linux 20.1060e / 20.1070e Security Update: clamav (UTSA-2026-017364)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017364 advisory. A vulnerability in the OOXML parsing module in Clam AntiVirus ClamAV Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an...
LibreOffice 25.8.x < 25.8.7 / 26.2.x < 26.2.3 Heap Buffer Overflow (CVE-2026-4430)
The version of LibreOffice installed on the remote host is prior to 25.8.7 or 26.2.3. It is, therefore, affected by a heap buffer overflow vulnerability: - An out-of-bounds write vulnerability exists in the AgileEngine component of LibreOffice. An attacker can exploit this by crafting a malicious...
[SECURITY] [DSA 6251-1] libreoffice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6251-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 07, 2026 https://www.debian.org/security/faq -...
CVE-2026-4430
Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7...
Linux Distros Unpatched Vulnerability : CVE-2026-4430
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue...
Security update for dovecot22
This update for dovecot22 fixes the following issues: CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. CVE-2025-59032: pigeonhole: ManageSieve panic occurs with sieve-connect as a client bsc1260902. CVE-2026-27855: OTP drive...
SUSE SLES16 Security Update : dovecot24 (SUSE-SU-2026:21208-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21208-1 advisory. - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031:...
SUSE-SU-2026:21208-1 Security update for dovecot24
This update for dovecot24 fixes the following issues: - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. -...
CVE-2025-59031
Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided...
SAP BusinessObjects Business Intelligence Platform Deserialization (3617142)
The version of SAP BusinessObjects Business Intelligence Platform installed on the remote host is prior to 2025 SP000 000500, 4.3 SP004 001400, or 4.3 SP005 000200. It is, therefore, affected by a vulnerability as referenced in the 3617142 advisory. - Improper Input Validation vulnerability in...
EUVD-2013-4081
Malware in sbrugna...
EUVD-2018-0507
Malware in sbrugna...
EUVD-2021-20194
Malware in sbrugna...
EUVD-2022-2955
Malicious code in bioql PyPI...
EUVD-2025-10668
Malicious code in bioql PyPI...
EUVD-2022-25948
Malicious code in bioql PyPI...