Lucene search
+L

775 matches found

NVD
NVD
added last week8 views

CVE-2026-54063

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet function in github.com/xuri/excelize/v2 uses an attacker-controlled XML attribute value directly as the length argument to makexlsxRow, row without validating it against the Exc...

7.5CVSS0.00575EPSS
Exploits1References2
CVE
CVE
added last week19 views

CVE-2026-59162

CVE-2026-59162 affects the Go library Excelize (reading/writing Excel spreadsheets). Before 2.11.0, shared-string values are parsed with strconv.Atoi and only the upper bound is checked when indexing the shared string slice, which allows a -1 index to be used (sharedStrings[-1]) and causes a pani...

7.5CVSS6.1AI score0.00524EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/07/06 4:41 p.m.5 views

GHSA-55F6-PF8R-C2F4 Open Babel has out-of-bounds write in MOPAC translationVectors[] (UNIT CELL TRANSLATION)

Summary A memory-safety vulnerability in Open Babel's MOPAC output parser allowed an out-of-bounds write into the translationVectors array when reading the "UNIT CELL TRANSLATION" block of a crafted input file. Details The MOPAC output reader stored translation vectors from the UNIT CELL...

7.8CVSS6.6AI score0.00816EPSS
Exploits1References6
OSV
OSV
added 2026/07/06 8:3 a.m.15 views

PYSEC-2026-944 Missing validation causes denial of service via `LSTMBlockCell`

Impact The implementation of tf.rawops.LSTMBlockCell does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf tf.rawops.LSTMBlockCell x=tf.constant0.837607, shape=28,29, dtype=tf.float32,...

5.5CVSS6.2AI score0.00317EPSS
Exploits1References11
NVD
NVD
added 2026/06/24 10:16 p.m.9 views

CVE-2026-54158

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view database cell renderer genAVValueHTML interpolates cell content raw in four of its branches: text, url, phone, and mAsset. A cell value like or " breaks out of its surrounding tag and runs arbitrary...

9.9CVSS0.00289EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:20 p.m.16 views

CVE-2026-50551 SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting XSS vulnerability in the Attribute View database asset cell renderer that escalates to remote code execution RCE in the Electron desktop client. This vulnerability is fixed...

9.9CVSS0.0044EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:20 p.m.7 views

CVE-2026-50551

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting XSS vulnerability in the Attribute View database asset cell renderer that escalates to remote code execution RCE in the Electron desktop client. This vulnerability is fixed...

9.9CVSS6.4AI score0.0044EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/24 9:20 p.m.11 views

CVE-2026-50551

CVE-2026-50551 affects SiYuan prior to 3.7.0, where a stored XSS in the Attribute View (database) asset cell renderer can escalate to remote code execution in the Electron desktop client. The issue is fixed in 3.7.0. CVSS~3.1 metrics indicate high impact on confidentiality, integrity, and availab...

9.9CVSS6.4AI score0.0044EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 9:20 p.m.3 views

CVE-2026-50551 SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting XSS vulnerability in the Attribute View database asset cell renderer that escalates to remote code execution RCE in the Electron desktop client. This vulnerability is fixed...

9.9CVSS6.5AI score0.0044EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 9:19 p.m.4 views

CVE-2026-54158 SiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML()

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view database cell renderer genAVValueHTML interpolates cell content raw in four of its branches: text, url, phone, and mAsset. A cell value like or " breaks out of its surrounding tag and runs arbitrary...

9.9CVSS6.1AI score0.00289EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 9:19 p.m.12 views

CVE-2026-54158

SiYuan CVE-2026-54158: A stored XSS in the attribute-view cell renderer (genAVValueHTML) can break out of its tag with crafted values in text/url/phone/mAsset, potentially leading to RCE in Electron if nodeIntegration is enabled. The issue persists in AV files under the workspace and propagates a...

9.9CVSS6AI score0.00289EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 5:17 p.m.6 views

CVE-2026-53064

In the Linux kernel, the following vulnerability has been resolved: dm cache: fix null-deref with concurrent writes in passthrough mode In passthrough mode, when dm-cache starts to invalidate a cache entry and bio prison cell lock fails due to concurrent write to the same cached block, mg-cell...

0.00176EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 4:30 p.m.8 views

CVE-2026-53064

Summary: CVE-2026-53064 affects the Linux kernel dm-cache when operating in passthrough mode. A race between cache invalidation and concurrent writes can leave mg->cell as NULL, causing a NULL pointer dereference in the unlock path during invalidate_complete(), triggering a KASAN null-ptr-dere...

5.7AI score0.00176EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.15 views

PT-2026-52111

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description The attribute-view cell renderer genAVValueHTML fails to properly sanitize cell content in the text, url, phone, and mAsset branches. This allows an attacker with write access to a synced workspace to...

9.9CVSS6.2AI score0.00289EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.16 views

PT-2026-51958

Name of the Vulnerable Software and Affected Versions Linux kernel version 6.19.0-rc7 Description In passthrough mode, a null pointer dereference occurs when dm-cache attempts to invalidate a cache entry while a concurrent write to the same cached block causes the bio prison cell lock to fail. In...

5.6CVSS6AI score0.00176EPSS
Exploits0References17
Debian CVE
Debian CVE
added 2026/06/15 4:23 p.m.9 views

CVE-2026-8357

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

7.8CVSS5.6AI score0.00139EPSS
Exploits0
EUVD
EUVD
added 2026/06/11 6:33 p.m.11 views

EUVD-2026-36283

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

6.9CVSS5.7AI score0.00303EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 6:17 p.m.17 views

CVE-2026-46642

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. The vulnerability is not in the label sanitizer which works correctly on the rendering path but in...

6.1CVSS0.00221EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/10 5:42 p.m.34 views

CVE-2026-46642 draw.io: XSS via crafted cell label when opening a .drawio file

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. The vulnerability is not in the label sanitizer which works correctly on the rendering path but in...

6.1CVSS0.00221EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/10 5:42 p.m.10 views

CVE-2026-46642 draw.io: XSS via crafted cell label when opening a .drawio file

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. The vulnerability is not in the label sanitizer which works correctly on the rendering path but in...

6.1CVSS5.9AI score0.00221EPSS
Exploits1References2
Rows per page
Query Builder