Lucene search
K

365581 matches found

EUVD
EUVD
added 2026/03/20 4:14 a.m.4 views

EUVD-2026-13543

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...

8.6CVSS6.3AI score0.00878EPSS
Exploits1References3
CVE
CVE
added 2026/03/20 4:14 a.m.9 views

CVE-2026-32950

CVE-2026-32950 affects SQLBot prior to 1.7.0, where an authenticated user can trigger a critical SQL Injection in the /api/v1/datasource/uploadExcel endpoint. The root cause is unsanitized Excel sheet names concatenated into PostgreSQL table names and embedded into COPY statements via f-strings i...

8.8CVSS6.3AI score0.00878EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2026/03/16 12:0 a.m.10 views

Mozilla Firefox Security Bypass Vulnerability (CNVD-2026-16601)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a security bypass vulnerability caused by an error in the CSS parsing and calculation component. An attacker can exploit the vulnerability to bypass security restrictions...

6.5CVSS5.8AI score0.00112EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.9 views

PT-2026-25021

Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe safe.ts uses String.includes, which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes'data...

5.9AI score0.00237EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

unhead 跨站脚本漏洞

unhead is a document header and template manager developed by UnJS. Versions of unhead prior to 2.1.11 contained a cross-site scripting vulnerability. This vulnerability stemmed from the link.href check being case-sensitive, which could allow attackers to inject arbitrary CSS for UI masking or da...

6.1CVSS5.8AI score0.00237EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 7:49 p.m.5 views

CVE-2026-28348

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters,...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 6:18 p.m.7 views

Dark Reader gives users the ability to request style sheets from local web servers

Description Dark Reader versions prior to 4.9.117 included a behavior where a website could request a style sheet from a locally running web server, for example http://localhost:8080/style.css, If an address was available and returned a text/css content type. Patches The problem was fixed in...

3.4CVSS5.9AI score0.00108EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.6 views

CVE-2025-67979

Improper Control of Generation of Code 'Code Injection' vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.1...

9.9CVSS5.5AI score0.0037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.5 views

CVE-2025-68834

Missing Authorization vulnerability in Saiful Islam Sync Master Sheet - Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet - Product Sync with Google Sheet for...

7.5CVSS5.5AI score0.00256EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 4:22 p.m.3 views

CVE-2025-68834

Missing Authorization vulnerability in Saiful Islam Sync Master Sheet – Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet – Product Sync with Google Sheet for...

7.5CVSS0.00256EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 4:22 p.m.7 views

CVE-2025-67979

Improper Control of Generation of Code 'Code Injection' vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.1...

9.9CVSS0.0037EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.26 views

CVE-2025-68834 WordPress Sync Master Sheet – Product Sync with Google Sheet for WooCommerce plugin <= 1.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saiful Islam Sync Master Sheet – Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet – Product Sync with Google Sheet for...

7.5CVSS0.00256EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:46 p.m.11 views

CVE-2025-68834

CVE-2025-68834 corresponds to a Missing Authorization vulnerability in the WordPress plugin Sync Master Sheet – Product Sync with Google Sheet for WooCommerce (versions through 1.1.3). Red Hat and CVE records describe it as broken access control that allows exploitation due to incorrectly configu...

7.5CVSS5.1AI score0.00256EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.5 views

CVE-2025-68834 WordPress Sync Master Sheet – Product Sync with Google Sheet for WooCommerce plugin <= 1.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saiful Islam Sync Master Sheet Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet Product Sync with Google Sheet for WooCommerc...

7.5CVSS5.1AI score0.00256EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.23 views

CVE-2025-67979 WordPress WPForms Google Sheet Connector plugin <= 4.0.1 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.1...

9.9CVSS0.0037EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:46 p.m.16 views

CVE-2025-67979

CVE-2025-67979 affects the WordPress plugin WPForms Google Sheet Connector (gsheetconnector-wpforms) up to version 4.0.1. The vulnerability is described as an improper control of generation of code (Code Injection) that enables remote code execution (RCE). Public sources in the connected data ide...

9.9CVSS5.5AI score0.0037EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.4 views

CVE-2025-67979 WordPress WPForms Google Sheet Connector plugin <= 4.0.1 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.1...

9.9CVSS6AI score0.0037EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.7 views

PT-2026-21101

Name of the Vulnerable Software and Affected Versions Sync Master Sheet – Product Sync with Google Sheet for WooCommerce versions through 1.1.3 Description The software contains a missing authorization issue due to incorrectly configured access control security levels. This allows for unauthorize...

5.3AI score0.00256EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.8 views

PT-2026-21052

Name of the Vulnerable Software and Affected Versions WPForms Google Sheet Connector versions through 4.0.1 Description A code injection issue exists in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms. The issue involves improper control of code generation, potentially allowing...

5.5AI score0.0037EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

WordPress plugin Sync Master Sheet – Product Sync with Google Sheet for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

7.5CVSS5.8AI score0.00256EPSS
Exploits0References1
Rows per page
Query Builder