Skip to main content

Online

8 CVEs product

Monthly

CVE-2025-66208 CRITICAL PATCH Act Now

Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy. Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php and an intermediate reverse proxy. This vulnerability is fixed in 25.04.702.

PHP Command Injection Online Nextcloud
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-45045 MEDIUM This Month

Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Google Microsoft Online
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-25114 MEDIUM POC This Month

Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Online
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-31145 MEDIUM This Month

Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Nextcloud Information Disclosure XSS +1
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-43817 MEDIUM This Month

Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Online
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-32745 MEDIUM This Month

Collabora Online is a collaborative online office suite. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Online
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-32744 HIGH This Week

Collabora Online is a collaborative online office suite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Online
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-25630 HIGH This Week

"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Online
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy. Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php and an intermediate reverse proxy. This vulnerability is fixed in 25.04.702.

PHP Command Injection Online +1
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Google Microsoft +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Online
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Nextcloud +3
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Online
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

Collabora Online is a collaborative online office suite. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Online
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Collabora Online is a collaborative online office suite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Online
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Online
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy