CVE-2026-40028

Hayabusa versions prior to 3.8.0 contain a cross-site scripting XSS vulnerability in its HTML report output that allows an attacker to execute arbitrary JavaScript when a user scans JSON-exported logs containing malicious content in the Computer field. An attacker can inject JavaScript into the...

CVE-2025-66834

A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadsheet formulas into exported chat logs via crafted Display Name...

EUVD-2022-35070

Malicious code in bioql PyPI...

PT-2022-18965 · WordPress · Helpful Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Helpful WordPress plugin versions prior to 4.5.26 Description: The issue allows attackers to download exported logs and feedbacks due to them being stored in a publicly accessible location with guessable names. This could lead to the...

CVE-2022-2834 Helpful < 4.5.26 - Information Disclosure

The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings...