← Back

Wps Office

wps_office

Vendor: Wps • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-40399
1Wps
1Wps Office
Jun 17, 2026
May 12, 2022
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote code execu...Show more
An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.Show less
CVE-2022-24934
1Wps
1Wps Office
Jun 17, 2026
Mar 23, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry.
CVE-2014-2271
2Huawei
Wps
2P2 6011 Firmware
Wps Office
Nov 21, 2024
Jan 14, 2020
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-t...Show more
cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic.Show less
CVE-2018-6390
1Wps
1Wps Office
Jun 17, 2026
Jan 29, 2018
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of servi...Show more
The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of service (access violation and application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file.Show less