Lucene search
K

365581 matches found

OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-9301 Malicious code in @sellerly-kit/dropdown-bottom-sheet (npm)

The package @sellerly-kit/dropdown-bottom-sheet was found to contain malicious code...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in @sellerly-kit/dropdown-bottom-sheet (npm)

The package @sellerly-kit/dropdown-bottom-sheet was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.1 views

Malicious code in @sellerly-kit/bottom-sheet (npm)

The package @sellerly-kit/bottom-sheet was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-7056 Malicious code in @amber-team/export-events-to-sheet (npm)

The package @amber-team/export-events-to-sheet was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-9295 Malicious code in @sellerly-kit/bottom-sheet (npm)

The package @sellerly-kit/bottom-sheet was found to contain malicious code...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/07/18 10:59 a.m.8 views

CVE-2025-54030

Cross-Site Request Forgery CSRF vulnerability in WesternDeal WooCommerce Google Sheet Connector wc-gsheetconnector allows Cross Site Request Forgery.This issue affects WooCommerce Google Sheet Connector: from n/a through = 1.3.20...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/07/16 12:15 p.m.6 views

WordPress WooCommerce Google Sheet Connector plugin <= 1.3.20 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WooCommerce Google Sheet Connector versions = 1.3.20...

4.3CVSS6.6AI score0.00128EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/07/16 10:36 a.m.12 views

CVE-2025-54030 WordPress WooCommerce Google Sheet Connector plugin <= 1.3.20 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in WesternDeal WooCommerce Google Sheet Connector wc-gsheetconnector allows Cross Site Request Forgery.This issue affects WooCommerce Google Sheet Connector: from n/a through = 1.3.20...

4.3CVSS0.00128EPSS
Exploits0References1
CVE
CVE
added 2025/07/16 10:36 a.m.15 views

CVE-2025-54030

CVE-2025-54030 describes a CSRF vulnerability in the WordPress plugin “GSheetConnector” (WooCommerce Google Sheet Connector). The issue affects versions n/a through 1.3.20 and could allow an authenticated attacker to perform actions on behalf of a logged-in user. Connected sources confirm the ven...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/16 10:36 a.m.4 views

CVE-2025-54030 WordPress WooCommerce Google Sheet Connector plugin <= 1.3.20 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in GSheetConnector by WesternDeal WooCommerce Google Sheet Connector allows Cross Site Request Forgery. This issue affects WooCommerce Google Sheet Connector: from n/a through 1.3.20...

4.3CVSS7.2AI score0.00128EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/03 8:54 p.m.13 views

CVE-2025-49000 InvenTree has uncontrolled memory allocation via built-in label-sheet plugin

InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...

3.5CVSS3.7AI score0.00281EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/06/03 8:54 p.m.15 views

CVE-2025-49000 InvenTree has uncontrolled memory allocation via built-in label-sheet plugin

InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...

3.5CVSS0.00281EPSS
Exploits0References3
OSV
OSV
added 2025/06/03 8:54 p.m.7 views

CVE-2025-49000 InvenTree has uncontrolled memory allocation via built-in label-sheet plugin

InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...

3.5CVSS6.6AI score0.00281EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/06/03 12:0 a.m.5 views

InvenTree 安全漏洞

InvenTree is an open source inventory management system from InvenTree Open Source. It provides powerful low-level inventory control and parts tracking. A security vulnerability exists in InvenTree versions prior to 0.17.13, which stems from an uncapped skip field in the built-in label-sheet...

5.7CVSS6.4AI score0.00281EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/30 12:0 a.m.5 views

WordPress plugin OpenSheetMusicDisplay 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS6AI score0.0024EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/23 9:40 a.m.6 views

CVE-2024-1562

The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the executepostdata function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin...

5.3CVSS6.7AI score0.00431EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:59 a.m.5 views

CVE-2024-6532

The Sheet to Table Live Sync for Google Sheet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STWTSheetTable shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS5.8AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:35 a.m.9 views

CVE-2024-13670

The Music Sheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pnmsv' shortcode in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:5 a.m.6 views

CVE-2023-49943

Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS by a low-privileged technician via a task's name in a time sheet...

5.4CVSS5.8AI score0.01759EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:17 a.m.5 views

CVE-2023-2329

The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...

8.8CVSS8.5AI score0.00386EPSS
Exploits2References1
Rows per page
Query Builder