|
691
|
- |
|
-
|
-
|
LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The import…
|
CWE-787
CWE-843
Out-of-bounds Write
Type Confusion
|
CVE-2026-8358
|
2026-06-16 03:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
692
|
- |
|
-
|
-
|
LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting dep…
|
CWE-193
CWE-787
Off-by-one Error
Out-of-bounds Write
|
CVE-2026-8357
|
2026-06-16 03:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
693
|
- |
|
-
|
-
|
LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the fil…
|
CWE-121
CWE-787
Stack-based Buffer Overflow
Out-of-bounds Write
|
CVE-2026-8356
|
2026-06-16 03:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
694
|
- |
|
-
|
-
|
LibreOffice can import documents in the OOXML format (DOCX). A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one typ…
|
CWE-787
CWE-843
Out-of-bounds Write
Type Confusion
|
CVE-2026-6047
|
2026-06-16 03:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
695
|
- |
|
-
|
-
|
LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the f…
|
CWE-190
CWE-787
Integer Overflow or Wraparound
Out-of-bounds Write
|
CVE-2026-6045
|
2026-06-16 03:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
696
|
- |
|
-
|
-
|
A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, …
|
CWE-416
CWE-787
Use After Free
Out-of-bounds Write
|
CVE-2026-6040
|
2026-06-16 03:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
697
|
- |
|
-
|
-
|
LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit val…
|
CWE-197
CWE-787
Numeric Truncation Error
Out-of-bounds Write
|
CVE-2026-6039
|
2026-06-16 03:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
698
|
8.7 |
HIGH
Network
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the `@apostrophecms/seo` package injects the Google Analytics Tracking ID (`seoGoogleTrackingI…
|
CWE-79
Cross-site Scripting
|
CVE-2026-53608
|
2026-06-16 03:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
699
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before version 2.0.14, private services (`EnableShowInService: false`) are enumer…
|
CWE-200
CWE-285
CWE-863
Information Exposure
Improper Authorization
Incorrect Authorization
|
CVE-2026-49397
|
2026-06-16 03:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
700
|
7.1 |
HIGH
Network
|
-
|
-
|
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule…
|
CWE-862
CWE-863
Missing Authorization
Incorrect Authorization
|
CVE-2026-47120
|
2026-06-16 03:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
