Vulnerabilities in The Document Foundation
35 resultsCVE-2022-3140—Macro URL arbitrary script executionEPSS 4.4%CVE-2021-25631—denylist of executable filename extensions possible to bypass under windowsEPSS 4.2%CVE-2023-2255—Remote documents loaded without prompt via IFrameEPSS 2.2%CVE-2020-12802—remote graphics contained in docx format retrieved in 'stealth mode'EPSS 1.9%CVE-2020-12803—XForms submissions could overwrite local filesEPSS 1.7%CVE-2020-12801—Crash-recovered MSOffice encrypted documents defaulted to not to using encryption on next saveEPSS 1.3%CVE-2022-26307—Weak Master KeysEPSS 1.1%CVE-2023-6185HIGHImproper input validation enabling arbitrary Gstreamer pipeline injectionEPSS 1.0%CVE-2024-3044MEDIUMGraphic on-click binding allows unchecked script executionEPSS 1.0%CVE-2022-26305—Execution of Untrusted Macros Due to Improper Certificate ValidationEPSS 1.0%CVE-2021-25636—Incorrect trust validation of signature with ambiguous KeyInfo childrenEPSS 1.0%CVE-2022-26306—Execution of Untrusted Macros Due to Improper Certificate ValidationEPSS 0.8%CVE-2023-6186HIGHLink targets allow arbitrary script executionEPSS 0.8%CVE-2021-25633—Content Manipulation with Double Certificate AttackEPSS 0.7%CVE-2021-25634—Timestamp Manipulation with Signature WrappingEPSS 0.7%CVE-2024-12426MEDIUMURL fetching can be used to exfiltrate arbitrary INI file values and environment variablesEPSS 0.5%CVE-2024-5261CRITICALTLS certificate are not properly verified when utilizing LibreOfficeKitEPSS 0.4%CVE-2025-0514HIGHExecutable hyperlink Windows path targets executed unconditionally on activationEPSS 0.3%CVE-2021-25630—"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolfoEPSS 0.3%CVE-2023-0950HIGHArray Index UnderFlow in Calc Formula ParsingEPSS 0.3%