CVE-2023-30188
Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via c
CVSS
7.5
High
EPSS
1.6%
p73
KEV
—
Exploit Today
22
0-100
Published: Aug 14, 2023 · Last modified: Jul 9, 2026 · CWE-835
1.6%EPSS · 30 days1.8%
2026-06-302026-07-16
Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.
- gist.github.comhttps://gist.github.com/merrychap/25eba8c4dd97c9e545edad1b8f0eadc2
- github.comhttps://github.com/ONLYOFFICE/DocumentServer
- github.comhttps://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/
- github.comhttps://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/embed/NativeControlEmbed.cpp#L110
- github.comhttps://github.com/ONLYOFFICE/core/commit/2b6ad83b36afd9845085b536969d366d1d61150a
- gist.github.comhttps://gist.github.com/merrychap/25eba8c4dd97c9e545edad1b8f0eadc2
- github.comhttps://github.com/ONLYOFFICE/DocumentServer
- github.comhttps://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/
- github.comhttps://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/embed/NativeControlEmbed.cpp#L110
- github.comhttps://github.com/ONLYOFFICE/core/commit/2b6ad83b36afd9845085b536969d366d1d61150a
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-48907.5 HIG93.6%
——28A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.2dCVE-2026-428997.5 HIG82.4%
——25Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.2dCVE-2026-331167.5 HIG80.0%
——24Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.2dCVE-2026-465227.5 HIG76.7%
——23ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and 6.9.13-48 fix the issue.2dCVE-2022-233527.5 HIG72.6%
——22An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).8dCVE-2026-506477.5 HIG61.9%
——19Loop with unreachable exit condition ('infinite loop') in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network.3h