4441 matches found
CVE-2026-28795
OpenChatBI’s save_report.py contains a path traversal vulnerability caused by insufficient sanitization of the file_format parameter. The issue allows crafted file_format values to traverse directories and write files outside the intended report directory, potentially overwriting critical files (...
CVE-2026-28795 OpenChatBI: Critical Path Traversal Vulnerability in save_report Tool of OpenChatBI
OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal...
CVE-2026-28795 OpenChatBI: Critical Path Traversal Vulnerability in save_report Tool of OpenChatBI
OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal...
OpenChatBI 路径遍历漏洞
OpenChatBI is an intelligent data analysis and visualization tool based on natural language dialogue, developed by Yu Zhong. Versions of OpenChatBI prior to 0.2.2 contained a path traversal vulnerability. This vulnerability stemmed from insufficient cleaning of the fileformat parameter input in t...
CVE-2026-1674
The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the savegutenaformsschema function in all versions up to, and including, 1.6.0. This makes...
SQL Injection
TypeORM is vulnerable to SQL Injection. The vulnerability is due to improper handling of object values in the sqlstring call where stringifyObjects defaults to false, which allows an attacker to inject crafted SQL through requests to repository.save or repository.update...
EUVD-2026-9753
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Save Life save-life allows PHP Local File Inclusion.This issue affects Save Life: from n/a through = 1.2.13...
CVE-2026-28098
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Save Life save-life allows PHP Local File Inclusion.This issue affects Save Life: from n/a through = 1.2.13...
CVE-2026-28098 WordPress Save Life theme <= 1.2.13 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Save Life save-life allows PHP Local File Inclusion.This issue affects Save Life: from n/a through = 1.2.13...
CVE-2026-28098
CVE-2026-28098 is a Local File Inclusion vulnerability in the ThemeREX Save Life WordPress theme (versions up to 1.2.13). The issue arises from improper control of the filename used in PHP include/require statements, allowing an attacker to include local files. Public documentation consistently n...
CVE-2026-28098
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Save Life save-life allows PHP Local File Inclusion.This issue affects Save Life: from n/a through = 1.2.13...
CVE-2026-28098 WordPress Save Life theme <= 1.2.13 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Save Life save-life allows PHP Local File Inclusion.This issue affects Save Life: from n/a through = 1.2.13...
PT-2026-23373
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Save Life save-life allows PHP Local File Inclusion.This issue affects Save Life: from n/a through = 1.2.13...
PT-2026-23129
Name of the Vulnerable Software and Affected Versions Fluent Forms Pro versions up to and including 6.1.17 Description The Fluent Forms Pro plugin for WordPress is susceptible to Stored Cross-Site Scripting through the fluentform step form save data AJAX action. The draft form submission endpoint...
WordPress plugin Fluent Forms Pro 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Save Life 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
DRUPAL-CONTRIB-2026-021
This module moves files to and from private storage depending on the access of its owning entities. The module does not always validate the access logic correctly, resulting in files attached to an entity not being protected in certain circumstances. This vulnerability is mitigated by the fact th...
CVE-2026-1674
The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the savegutenaformsschema function in all versions up to, and including, 1.6.0. This makes...
CVE-2026-1674
CVE-2026-1674 affects Gutena Forms for WordPress (all versions
CVE-2026-1674 Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder <= 1.6.0 - Authenticated (Contributor+) Limited Options Update in save_gutena_forms_schema()
The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the savegutenaformsschema function in all versions up to, and including, 1.6.0. This makes...