15523 matches found
CVE-2026-35453 PhpSpreadsheet XSS via number format text substitution in HTML Writer
PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HTML Writer skips htmlspecialchars output escaping when a cell uses a custom number format containin...
CVE-2026-35453
PhpSpreadsheet contains an XSS vulnerability in the HTML Writer when a cell uses a custom number format with an @ placeholder and additional literal text. The formatter returns early and escaping via htmlspecialchars() is skipped, allowing injected HTML/JavaScript in the generated HTML. Affected ...
CVE-2026-33324
SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the LLM prompt without filtering or escaping, and th...
EUVD-2026-27446
SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the LLM prompt without filtering or escaping, and th...
firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics: Text component...
firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics: Text component...
Important: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...
EUVD-2026-27235
An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...
Important: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics: Text component...
CVE-2026-7824
An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...
Important: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabili...
firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics: Text component...
firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics: Text component...
firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics: Text component...
firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics: Text component...
Important: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2026-7824 PaperCut Hive (Ricoh): Plain text password in logs
An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...
CVE-2026-7824 PaperCut Hive (Ricoh): Plain text password in logs
An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...
CVE-2026-7824
An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...