393 matches found
CSV Injection
Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to CSV Injection through the postActivityReport process. An attacker can cause arbitrary formula execution in spreadsheet software by injecting a specially crafted User-Agent...
CVE-2026-12097
The User Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify the plugin's...
CVE-2026-12097
The CVE covers the WordPress User Management plugin (versions up to and including 1.2). Affected component: the plugin’s authorization flow; root cause is improper verification of a user’s permission, enabling an authorization bypass. Impact: unauthenticated attackers can modify the plugin’s expo...
CVE-2026-50179 Actual: CSV Formula Injection in Transaction Export via Imported Payee/Notes Fields
Actual is a local-first personal finance tool. Prior to 26.6.0, exportToCSV and exportQueryToCSV in packages/loot-core/src/server/transactions/export/export-to-csv.ts pass user-controlled Payee, Notes, Account, and Category strings to csv-stringify with no cast callback and no formula-prefix...
CVE-2026-48948
An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...
EUVD-2026-42061
An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...
CVE-2026-48948
An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...
PYSEC-2026-1506 Label Studio has a Path Traversal Vulnerability via image Field
Description A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. Label Studio versions before 1.16.0 specified SDK versions prior to 1.0.10 as dependencies, and the issue was confirmed in Label Studio...
PT-2026-56221
Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description An improper access check in the com contact component allows a user to download vCard exports of contacts that should be inaccessible. Recommendations At the moment, there is no...
CVE-2026-11896
The CVE-2026-11896 entry describes a flaw in the WordPress plugin “My Calendar – Accessible Event Manager” (versions up to 3.7.14). The root cause is missing validation on a user-controlled key used by the vcal parameter, enabling Insecure Direct Object Reference. This allows unauthenticated atta...
CVE-2026-11896 My Calendar <= 3.7.14 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure via 'vcal' Parameter
The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.14 via the 'vcal' parameter due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...
CVE-2026-6658
A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...
UBUNTU-CVE-2026-6658
A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...
EUVD-2026-39642
A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...
CVE-2026-6658
A vulnerability in jupyter/nbconvert versions = 7.17.0 allows for Cross-site Scripting XSS via unsanitized text/vnd.mermaid output in HTML exports. The datamermaid block in share/templates/lab/base.html.j2 renders text/vnd.mermaid cell output directly into HTML without escaping, enabling attacker...
CVE-2026-6658
The CVE-2026-6658 issue affects jupyter/nbconvert versions <= 7.17.0. The vulnerability arises because the data_mermaid block in share/templates/lab/base.html.j2 renders text/vnd.mermaid cell output directly into HTML without escaping, enabling Cross-site Scripting (XSS) by breaking out of the...
CVE-2026-54326 Pi: Potential XSS in HTML session exports via Markdown URL sanitization bypass
Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters in the URL scheme could bypass th...
CVE-2026-54326
Pi HTML exports in Pi (pi-coding-agent) from versions 0.74.0–0.78.0 do not consistently reject unsafe Markdown link and image URL schemes, with C0 control characters in the URL scheme able to bypass checks. This can lead to a Cross-Site Scripting (XSS) risk in the exported static HTML if untruste...
samba: Missing access check on reparse point operations
A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...
CVE-2026-12862
Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file...