Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
office vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-48314
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server (rich...
Collaboraoffice Collabora Online
7.5
CVSSv3
CVE-2023-46887
In Dreamer CMS prior to 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability.
Dreamer Cms Project Dreamer Cms
5
CVSSv3
CVE-2023-32063
OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1....
Oroinc Client Relationship Management
4.3
CVSSv3
CVE-2023-32064
OroCommerce package with customer portal and non authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in v...
Oroinc Orocommerce
4.3
CVSSv3
CVE-2023-32062
OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1.
Oroinc Oroplatform
7.8
CVSSv3
CVE-2023-31275
An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerabil...
Kingsoft Wps Office 11.2.0.11537
7.5
CVSSv3
CVE-2023-6276
A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/ct/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. It is possible to initiate the attack remotely. The exp...
Tongda2000 Tongda Office Anywhere
Tongda2000 Tongda Office Anywhere 2017
7.8
CVSSv3
CVE-2023-36045
Microsoft Office Graphics Remote Code Execution Vulnerability
Microsoft 365 Apps -
Microsoft Office Long Term Servicing Channel 2021
Microsoft Office 2019
7.8
CVSSv3
CVE-2023-36037
Microsoft Excel Security Feature Bypass Vulnerability
Microsoft 365 Apps -
Microsoft Excel 2016
Microsoft Office Long Term Servicing Channel 2021
Microsoft Office 2019
6.5
CVSSv3
CVE-2023-36413
Microsoft Office Security Feature Bypass Vulnerability
Microsoft Office 2016
Microsoft Office 2019
Microsoft 365 Apps -
Microsoft Office Long Term Servicing Channel 2021
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »