Wps

wps

5 CVEs • 3 products

Products (3)

Click to collapse

Toggle

Kingsoft Clip (office Tool)

kingsoft_clip_(office_tool)

Web Portal System

web_portal_system

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-40399 1Wps 1Wps Office Jun 17, 2026 May 12, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote code execu...Show more An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.Show less
CVE-2022-24934 1Wps 1Wps Office Jun 17, 2026 Mar 23, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry.
CVE-2014-2271 2Huawei Wps 2P2 6011 Firmware Wps Office Nov 21, 2024 Jan 14, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-t...Show more cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic.Show less
CVE-2018-6390 1Wps 1Wps Office Jun 17, 2026 Jan 29, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of servi...Show more The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of service (access violation and application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file.Show less
CVE-2014-6692 1Wps 1Kingsoft Clip (office Tool) May 6, 2026 Sep 23, 2014 N/A· v4 N/A· v3 5.4 MEDIUM· v2 The Kingsoft Clip (Office Tool) (aka cn.wps.clip) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informat...Show more The Kingsoft Clip (Office Tool) (aka cn.wps.clip) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.Show less