365581 matches found
EUVD-2026-13543
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...
CVE-2026-32950
CVE-2026-32950 affects SQLBot prior to 1.7.0, where an authenticated user can trigger a critical SQL Injection in the /api/v1/datasource/uploadExcel endpoint. The root cause is unsanitized Excel sheet names concatenated into PostgreSQL table names and embedded into COPY statements via f-strings i...
Mozilla Firefox Security Bypass Vulnerability (CNVD-2026-16601)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a security bypass vulnerability caused by an error in the CSS parsing and calculation component. An attacker can exploit the vulnerability to bypass security restrictions...
PT-2026-25021
Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe safe.ts uses String.includes, which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes'data...
unhead 跨站脚本漏洞
unhead is a document header and template manager developed by UnJS. Versions of unhead prior to 2.1.11 contained a cross-site scripting vulnerability. This vulnerability stemmed from the link.href check being case-sensitive, which could allow attackers to inject arbitrary CSS for UI masking or da...
CVE-2026-28348
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters,...
Dark Reader gives users the ability to request style sheets from local web servers
Description Dark Reader versions prior to 4.9.117 included a behavior where a website could request a style sheet from a locally running web server, for example http://localhost:8080/style.css, If an address was available and returned a text/css content type. Patches The problem was fixed in...
CVE-2025-67979
Improper Control of Generation of Code 'Code Injection' vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.1...
CVE-2025-68834
Missing Authorization vulnerability in Saiful Islam Sync Master Sheet - Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet - Product Sync with Google Sheet for...
CVE-2025-68834
Missing Authorization vulnerability in Saiful Islam Sync Master Sheet – Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet – Product Sync with Google Sheet for...
CVE-2025-67979
Improper Control of Generation of Code 'Code Injection' vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.1...
CVE-2025-68834 WordPress Sync Master Sheet – Product Sync with Google Sheet for WooCommerce plugin <= 1.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Saiful Islam Sync Master Sheet – Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet – Product Sync with Google Sheet for...
CVE-2025-68834
CVE-2025-68834 corresponds to a Missing Authorization vulnerability in the WordPress plugin Sync Master Sheet – Product Sync with Google Sheet for WooCommerce (versions through 1.1.3). Red Hat and CVE records describe it as broken access control that allows exploitation due to incorrectly configu...
CVE-2025-68834 WordPress Sync Master Sheet – Product Sync with Google Sheet for WooCommerce plugin <= 1.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Saiful Islam Sync Master Sheet Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet Product Sync with Google Sheet for WooCommerc...
CVE-2025-67979 WordPress WPForms Google Sheet Connector plugin <= 4.0.1 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.1...
CVE-2025-67979
CVE-2025-67979 affects the WordPress plugin WPForms Google Sheet Connector (gsheetconnector-wpforms) up to version 4.0.1. The vulnerability is described as an improper control of generation of code (Code Injection) that enables remote code execution (RCE). Public sources in the connected data ide...
CVE-2025-67979 WordPress WPForms Google Sheet Connector plugin <= 4.0.1 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.1...
PT-2026-21101
Name of the Vulnerable Software and Affected Versions Sync Master Sheet – Product Sync with Google Sheet for WooCommerce versions through 1.1.3 Description The software contains a missing authorization issue due to incorrectly configured access control security levels. This allows for unauthorize...
PT-2026-21052
Name of the Vulnerable Software and Affected Versions WPForms Google Sheet Connector versions through 4.0.1 Description A code injection issue exists in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms. The issue involves improper control of code generation, potentially allowing...
WordPress plugin Sync Master Sheet – Product Sync with Google Sheet for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...