Lucene search
K

365581 matches found

Snyk
Snyk
added 2026/05/08 10:26 p.m.10 views

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS in the process that previews Excel file attachments using the sheettohtml function. An attacker can execute arbitrary scripts in the context of the victim's browser by uploading a...

8.7CVSS5.8AI score0.00318EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.14 views

PT-2026-39266

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.0 Description Excel file attachments are previewed unsafely. A crafted XLSX file can cause the sheet to html function to embed a Cross-Site Scripting XSS payload into the generated HTML. This content is then...

7.3CVSS5.8AI score0.00318EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.7 views

RHCOS 4 : OpenShift Container Platform 4.13.8 (RHSA-2023:4459)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4459 advisory. - golang: net/http, net/textproto: denial of service from excessive memory allocation CVE-2023-24534 - golang: html/template: improp...

7.5CVSS7AI score0.01888EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:27 a.m.5 views

CVE-2026-41305

PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape tags,...

6.1CVSS5.8AI score0.00205EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

PostCSS 跨站脚本漏洞

PostCSS is an open-source style transformation tool developed by PostCSS. Versions of PostCSS prior to 8.5.10 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of escaping of the sequence during CSS stringification using the CSS AST. As a result, when the...

6.1CVSS5.7AI score0.00205EPSS
Exploits0References2
NVD
NVD
added 2026/04/03 5:16 a.m.5 views

CVE-2026-35540

An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts...

6.5CVSS0.0031EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/01 6:31 a.m.3 views

EUVD-2026-17781

Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3CVSS6.2AI score0.00291EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.4 views

CVE-2026-32120

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the fee sheet product save logic library/FeeSheet.class.php allows any authenticated user with fee sheet ACL...

6.5CVSS6AI score0.00254EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.4 views

CVE-2026-32950

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...

8.8CVSS6.2AI score0.00878EPSS
Exploits1References1
NVD
NVD
added 2026/03/25 11:17 p.m.5 views

CVE-2026-32120

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the fee sheet product save logic library/FeeSheet.class.php allows any authenticated user with fee sheet ACL...

6.5CVSS0.00254EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/25 10:27 p.m.19 views

CVE-2026-32120 OpenEMR has IDOR in Fee Sheet Product Save

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the fee sheet product save logic library/FeeSheet.class.php allows any authenticated user with fee sheet ACL...

6.5CVSS0.00254EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:27 p.m.4 views

CVE-2026-32120

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the fee sheet product save logic library/FeeSheet.class.php allows any authenticated user with fee sheet ACL...

6.5CVSS6AI score0.00254EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 10:27 p.m.2 views

CVE-2026-32120 OpenEMR has IDOR in Fee Sheet Product Save

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the fee sheet product save logic library/FeeSheet.class.php allows any authenticated user with fee sheet ACL...

6.5CVSS6AI score0.00254EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/25 10:27 p.m.4 views

EUVD-2026-16010

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the fee sheet product save logic library/FeeSheet.class.php allows any authenticated user with fee sheet ACL...

6.5CVSS6AI score0.00254EPSS
Exploits1References3
CVE
CVE
added 2026/03/25 10:27 p.m.10 views

CVE-2026-32120

OpenEMR prior to version 8.0.0.3 contains an Insecure Direct Object Reference (IDOR) in the fee sheet product save logic. The vulnerability, located in library/FeeSheet.class.php, lets any authenticated user with fee sheet ACL access delete, modify, or read drug_sales records for other patients b...

6.5CVSS6AI score0.00254EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/25 10:27 p.m.3 views

CVE-2026-32120 OpenEMR has IDOR in Fee Sheet Product Save

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the fee sheet product save logic library/FeeSheet.class.php allows any authenticated user with fee sheet ACL...

6.5CVSS6.1AI score0.00254EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.5 views

PT-2026-28136

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0.3 Description OpenEMR is an electronic health records and medical practice management application. A flaw exists in the fee sheet product save logic within library/FeeSheet.class.php that allows authenticated...

6.5CVSS5.8AI score0.00254EPSS
Exploits1References5
NVD
NVD
added 2026/03/20 5:16 a.m.8 views

CVE-2026-32950

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...

8.8CVSS0.00878EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/20 4:14 a.m.6 views

CVE-2026-32950

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...

8.6CVSS6.3AI score0.00878EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/20 4:14 a.m.20 views

CVE-2026-32950 SQLBot: RCE via SQL Injection in Excel Upload Endpoint

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...

8.6CVSS0.00878EPSS
Exploits1References3
Rows per page
Query Builder