Lucene search
+L

220 matches found

OSV
OSV
added 4 days ago5 views

UBUNTU-CVE-2026-60082

DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row. When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array index. This could be triggered by a caller supplying inconsistent...

9.1CVSS6.1AI score0.00653EPSS
Exploits0References7
NVD
NVD
added 2026/07/10 5:17 p.m.10 views

CVE-2026-59161

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...

8.7CVSS0.00655EPSS
Exploits1References4
CVE
CVE
added 2026/07/10 3:51 p.m.19 views

CVE-2026-59162

CVE-2026-59162 affects the Go library Excelize (reading/writing Excel spreadsheets). Before 2.11.0, shared-string values are parsed with strconv.Atoi and only the upper bound is checked when indexing the shared string slice, which allows a -1 index to be used (sharedStrings[-1]) and causes a pani...

7.5CVSS6.1AI score0.00655EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/07/10 3:47 p.m.16 views

CVE-2026-59161

CVE-2026-59161 affects the Go library Excelize. The streaming worksheet reader used by Rows/GetRows could bypass the TotalRows limit, enabling an attacker-controlled index to cause unbounded memory and CPU usage by generating empty rows beyond 1048576. The issue is fixed in version 2.11.0; upgrad...

8.7CVSS6.1AI score0.00655EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/07/08 2:17 p.m.6 views

CVE-2026-56220

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.manifest INSERT policy that allows read-only org members to insert OTA manifest rows. Attackers with read-only org access can inject malicious manifest entries with arbitrary s3path values that are served to device...

7.1CVSS0.00203EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/08 1:48 p.m.30 views

CVE-2026-56220 Capgo - Unauthorized Manifest Insertion via Read-Only Org Member

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.manifest INSERT policy that allows read-only org members to insert OTA manifest rows. Attackers with read-only org access can inject malicious manifest entries with arbitrary s3path values that are served to device...

7.1CVSS0.00203EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.16 views

PT-2026-55494

Name of the Vulnerable Software and Affected Versions Ninja Forms - File Uploads versions prior to 3.3.30 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. This allows unauthenticated attackers to read all...

5.3CVSS6AI score0.00223EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/23 5:55 p.m.15 views

libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to...

7.6CVSS6.5AI score0.00585EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.9 views

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained a security vulnerability, which stemmed from issues with batch assignment during the creation and updating of DatasetRows. This vulnerability could le...

8.8CVSS5.3AI score0.00342EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-40863

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the SpreadsheetML XML reader Reader\Xml does not validate the ss:Index row attribute against the maximum allowed row count AddressRange::MAXROW = 1,048,576. An attack...

7.5CVSS5.5AI score0.00395EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/27 5:7 p.m.42 views

CVE-2026-45718 Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows

Budibase is an open-source low-code platform. Prior to 3.38.1, the row action trigger endpoint POST /api/tables/:sourceId/actions/:actionId/trigger fails to validate that the user-supplied rowId is within the scope of the view's row filters. A user with access to a filtered view can trigger row...

5.4CVSS0.00146EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 5:7 p.m.9 views

CVE-2026-45718 Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows

Budibase is an open-source low-code platform. Prior to 3.38.1, the row action trigger endpoint POST /api/tables/:sourceId/actions/:actionId/trigger fails to validate that the user-supplied rowId is within the scope of the view's row filters. A user with access to a filtered view can trigger row...

5.4CVSS5.8AI score0.00146EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 10:9 a.m.9 views

CLSA-2026-1779271781 vim: Fix of 6 CVEs

CVE-2022-4292: also check winvalidanytab in didsetspelllang after SpellFileMissing autocmd - CVE-2023-4751: resetVIsualandresel at start of exbufferall to prevent UAF on Visual mark - CVE-2023-0054: bail out of dostringsub when vimregsub returns sublen = 0 - CVE-2022-2206: clamp cmdlinerow/msgrow...

7.8CVSS6.7AI score0.01352EPSS
Exploits6References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Golang-1.19, Golang-1.23

Canceling a query for example, by canceling the context passed to one of the query methods during a call to the Scan method of the returned Rows can lead to unexpected results if other queries are being executed in parallel. This can cause a race condition, which may overwrite the expected result...

7CVSS6.7AI score0.00355EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 2:19 a.m.8 views

CVE-2026-7460

mailcow-dockerized contains a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-controlled Postfix queue fields into DataTables rows, and renders several of those fields as HTML...

7.4CVSS5.6AI score0.0032EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/18 5:44 p.m.18 views

NPM: Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows

NPM: Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows vulnerability discovered by ? in WordPress Npm budibase versions 3.38.1...

5.4CVSS5.8AI score0.00146EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 5:44 p.m.19 views

Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows

Summary The row action trigger endpoint POST /api/tables/:sourceId/actions/:actionId/trigger fails to validate that the user-supplied rowId is within the scope of the view's row filters. A user with access to a filtered view can trigger row actions on any row in the underlying table, including ro...

5.4CVSS5.9AI score0.00146EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/14 6:57 p.m.8 views

libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to...

7.6CVSS6.3AI score0.00585EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/14 1:6 p.m.9 views

libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to...

7.6CVSS6.3AI score0.00585EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/12 10:4 p.m.12 views

CVE-2026-40863

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the SpreadsheetML XML reader Reader\Xml does not validate the ss:Index row attribute against the maximum allowed row count AddressRange::MAXROW = 1,048,576. An attack...

7.5CVSS5.8AI score0.00395EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder