Lucene search
K

33 matches found

NVD
NVD
added 6 days ago9 views

CVE-2026-59161

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...

8.7CVSS0.00524EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago28 views

CVE-2026-59162 Excelize: Negative shared-string index causes panic in GetCellValue and GetRows

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with ...

6.9CVSS0.00524EPSS
Exploits0References4
NVD
NVD
added 2026/06/26 3:16 p.m.5 views

CVE-2026-57323

Unauthenticated Broken Access Control in Flash & HTML5 Video = 2.11.0 versions...

5.8CVSS0.00228EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.8 views

CVE-2025-58954

CVE-2025-58954 affects the WordPress Theme HomeRoofer (

8.1CVSS5.2AI score0.00423EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. This issue only affects clients. An integer underflow can lead to a Denial of Service DOS vulnerability, for example, an abort due to WINPRASSERT with default compilation flags. When an...

7.5CVSS6.8AI score0.01385EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/16 4:53 p.m.6 views

EUVD-2026-3124

Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations...

7.7CVSS6.5AI score0.00376EPSS
Exploits0References4
CVE
CVE
added 2026/01/16 4:53 p.m.25 views

CVE-2026-23529

Summary: CVE-2026-23529 affects the Kafka Connect BigQuery Connector (Google BigQuery Sink) before version 2.11.0. The root cause is failure to validate externally-sourced credential configurations prior to passing them to Google authentication libraries during connector setup. An attacker can su...

7.7CVSS6.6AI score0.00376EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/21 3:20 a.m.25 views

CVE-2025-13220 Ultimate Member <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode attributes in all versions up to, and including, 2.11.0 due to insufficient input...

6.4CVSS0.0021EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/12/20 12:0 a.m.8 views

WordPress plugin Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...

5.3CVSS6AI score0.0049EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/12/17 6:21 p.m.31 views

CVE-2025-14081 Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Profile Privacy Setting Bypass

The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all versions up to, and including, 2.11.0. This is due to a flaw in the secure fields mechanism where field keys are stored in the allowed fields list before the requiredperm check is applied during...

4.3CVSS0.00288EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 5:24 p.m.5 views

CVE-2020-11007

In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart. This has been patched in version...

6.5CVSS6.3AI score0.00852EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 2:15 p.m.5 views

CVE-2025-26372

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove users from groups via crafted HTTP requests...

8.1CVSS5.8AI score0.00396EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 2:15 p.m.6 views

CVE-2025-26368

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove user groups via crafted HTTP requests...

8.1CVSS5.8AI score0.00509EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 2:15 p.m.8 views

CVE-2025-1101

A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests...

5.3CVSS5.8AI score0.00709EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.4 views

Q-Free MAXTIME Suite 访问控制错误漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/setup/routes.lua. An...

7.5CVSS6.7AI score0.00539EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.4 views

Q-Free MAXTIME Suite 访问控制错误漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/setup/routes.lua. An...

7.5CVSS6.7AI score0.00539EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.8 views

PT-2025-7160 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to missing authorization, allowing an authenticated attacker with low privileges to add users to groups via crafted HTTP requests. This is due to a problem in the...

8.8CVSS6.3AI score0.00553EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.4 views

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions that stems from a missing authorization in maxprofile/users/routes.lua. An attacker could exploit the vulnerability t...

8.1CVSS6.3AI score0.00509EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.7 views

PT-2025-7130 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to missing authentication for a critical function, allowing an unauthenticated remote attacker to reset arbitrary user passwords via crafted HTTP requests. This is d...

9.8CVSS7.5AI score0.01073EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/26 12:0 a.m.6 views

libxml2 安全漏洞

libxml2 is a GNOME open source library for parsing XML documents. It is written in C and can be called by many languages, such as C, C++, and XSH. A security vulnerability exists in libxml2 versions prior to 2.11.0 due to a post-release reuse vulnerability in the xmlXIncludeAddNode function...

8.1CVSS6.9AI score0.00257EPSS
Exploits0References3
Rows per page
Query Builder