Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
office vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2024-23941
Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated malicious user to execute an arbitrary script on the web browser of the user who is logging in to the product.
Group-office Group Office
9.8
CVSSv3
CVE-2024-0938
A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file /general/email/inbox/delete_webmail.php. The manipulation of the argument WEBBODY_ID_STR leads to sql injection. The exploit has been disclosed to t...
Tongda2000 Office Anywhere 2017
5.4
CVSSv3
CVE-2024-22418
Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group Office. It allows an malicious user to execute arbitrary JavaScript code by embedding it within a file's name. For in...
Group-office Group Office
9.8
CVSSv3
CVE-2024-0529
A vulnerability has been found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /apps/login_auth.php of the component HTTP POST Request Handler. The manipulation of the argument username_login lead...
Cxbsoft Post-office 1.0
9.8
CVSSv3
CVE-2024-0530
A vulnerability was found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /apps/reg_go.php of the component HTTP POST Request Handler. The manipulation of the argument username_reg leads to sql injectio...
Cxbsoft Post-office 1.0
9.8
CVSSv3
CVE-2024-0528
A vulnerability, which was classified as critical, was found in CXBSoft Post-Office 1.0. Affected is an unknown function of the file /admin/pages/update_go.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to sql injection. The exploit...
Cxbsoft Post-office 1.0
4.3
CVSSv3
CVE-2024-21665
ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has be...
Pimcore E-commerce Framework
1 Github repository
7.8
CVSSv3
CVE-2023-32401
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead to an unexpected app termination or arbitrary code execution.
Apple Macos
7.8
CVSSv3
CVE-2024-20677
A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no ...
Microsoft Office 2019
Microsoft 365 Apps -
Microsoft Office Long Term Servicing Channel 2021
4.8
CVSSv3
CVE-2024-0183
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/students.php of the component NIA Office. The manipulation leads to basic cross site scripting. It is possible to initia...
Nia Rrj Nueva Ecija Engineer Online Portal 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »