VYPR
Vendor

Suitenumerique

Products
3
CVEs
7
Across products
7
Status
Private

Products

3

Recent CVEs

7
  • CVE-2025-30424CriMar 31, 2025
    risk 0.64cvss 9.8epss 0.01

    A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. Deleting a conversation in Messages may expose user contact information in system logging.

  • CVE-2026-3739MedMar 8, 2026
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be…

  • CVE-2026-42185MedMay 8, 2026
    risk 0.29cvss 5.5epss 0.00

    People is an application to handle users and teams, and distribute permissions across La Suite. Prior to version 1.25.0, a user holding the Administrator role on a mail domain could send a crafted invitation request to promote any existing user (including users with no current…

  • CVE-2026-22867Jan 15, 2026
    risk 0.00cvss epss 0.00

    LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not…

  • CVE-2024-44085Sep 9, 2024
    risk 0.00cvss epss 0.01

    ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 and CVE-2023-50883.

  • CVE-2023-50883Sep 9, 2024
    risk 0.00cvss epss 0.01

    ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for…

  • CVE-2021-39775Mar 30, 2022
    risk 0.00cvss epss 0.00

    In People, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…