Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

54 matches found

The Hacker News
The Hacker Newsadded 2026/01/27 10:36 a.m.9 views

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution. The vulnerability, tracked as CVE-2026-24002 CVSS score: 9.1, has been codenamed Cellbreak by Cyera Research Lab...

9.9CVSS6.8AI score0.00035EPSS
Exploits4
RedhatCVE
RedhatCVEadded 2026/01/23 6:19 a.m.3 views

CVE-2026-24002

Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodide on node does not have a useful sandbox...

9.6CVSS5.7AI score0.00032EPSS
Exploits0References1
NVD
NVDadded 2026/01/22 3:15 a.m.2 views

CVE-2026-24002

Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodide on node does not have a useful sandbox...

9.6CVSS0.00032EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/01/22 2:26 a.m.22 views

CVE-2026-24002 pyodide sandbox option is insecure

Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodide on node does not have a useful sandbox...

9CVSS0.00032EPSS
Exploits0References2
CVE
CVEadded 2026/01/22 2:26 a.m.17 views

CVE-2026-24002

CVE-2026-24002 – Grist sandbox escape vulnerability affects Grist Core (Grist open-source self-hosted spreadsheet/database). The issue arises when running formulas in the Pyodide sandbox on Node.js, where the sandbox barrier is insufficient, allowing an untrusted spreadsheet to escape to host exe...

9.6CVSS5.7AI score0.00032EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2026/01/22 2:26 a.m.2 views

CVE-2026-24002 pyodide sandbox option is insecure

Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodide on node does not have a useful sandbox...

9CVSS5.7AI score0.00032EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/01/22 2:26 a.m.2 views

CVE-2026-24002 pyodide sandbox option is insecure

Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodide on node does not have a useful sandbox...

9CVSS5.7AI score0.00032EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/01/22 2:26 a.m.1 views

CVE-2026-24002

Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodide on node does not have a useful sandbox...

9CVSS5.8AI score0.00032EPSS
Exploits0References3Affected Software1
EUVD
EUVDadded 2026/01/22 2:26 a.m.2 views

EUVD-2026-4212

Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodide on node does not have a useful sandbox...

9CVSS5.7AI score0.00032EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/01/22 12:0 a.m.1 views

Grist injection vulnerability

Grist is a modern relational spreadsheet developed by Grist Open Source. Versions of Grist prior to 1.7.9 had an injection vulnerability, which was caused by insufficient pyodide sandbox barriers. This vulnerability could allow for the execution of arbitrary processes on the server...

9.6CVSS6.2AI score0.00032EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/01/22 12:0 a.m.3 views

PT-2026-3906

Name of the Vulnerable Software and Affected Versions Grist versions prior to 1.7.9 Description Grist is spreadsheet software that utilizes Python as its formula language. When configured to run formulas in the Pyodide sandbox GRIST SANDBOX FLAVOR set to pyodide, a crafted spreadsheet formula can...

9CVSS6AI score0.00032EPSS
Exploits0References29
RedhatCVE
RedhatCVEadded 2025/11/14 10:1 p.m.5 views

CVE-2025-64752

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with access to any document on a Grist installation can use a feature for fetching from a URL that is executed on the server. The privileged network access of server-side requests could offer opportunities for attack...

6.8CVSS6.6AI score0.00034EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/11/14 10:1 p.m.2 views

CVE-2025-64753

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...

6.5CVSS6.5AI score0.0003EPSS
Exploits0References1
NVD
NVDadded 2025/11/13 10:15 p.m.1 views

CVE-2025-64753

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...

6.5CVSS0.0003EPSS
Exploits0References2
NVD
NVDadded 2025/11/13 10:15 p.m.4 views

CVE-2025-64752

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with access to any document on a Grist installation can use a feature for fetching from a URL that is executed on the server. The privileged network access of server-side requests could offer opportunities for attack...

6.8CVSS0.00034EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/11/13 9:46 p.m.5 views

CVE-2025-64753 grist-core has insufficient access control in endpoints for comparisons between documents and versions

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...

5.3CVSS0.0003EPSS
Exploits0References2
CVE
CVEadded 2025/11/13 9:46 p.m.5 views

CVE-2025-64753

CVE-2025-64753 Summary : Grist-core versions prior to 1.7.7 expose the full version history and change details to users with partial read access via the /compare endpoint. Root cause: insufficient access control on document/version comparisons. Impact: disclosure of changes that may include data ...

6.5CVSS6.1AI score0.0003EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2025/11/13 9:46 p.m.2 views

CVE-2025-64753 grist-core has insufficient access control in endpoints for comparisons between documents and versions

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...

5.3CVSS6.1AI score0.0003EPSS
Exploits0References2
OSV
OSVadded 2025/11/13 9:46 p.m.2 views

CVE-2025-64753 grist-core has insufficient access control in endpoints for comparisons between documents and versions

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...

5.3CVSS6.4AI score0.0003EPSS
Exploits0References4
EUVD
EUVDadded 2025/11/13 9:46 p.m.3 views

EUVD-2025-177187

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...

5.3CVSS6AI score0.0003EPSS
Exploits0References2
Rows per page
Query Builder