Lucene search
K

365581 matches found

The Hacker News
The Hacker News
added 2026/02/16 6:38 a.m.8 views

New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released

Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 CVSS score: 8.8, has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim...

8.8CVSS7AI score0.2202EPSS
Exploits16
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.5 views

PT-2026-7485

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.5.13 Roundcube Webmail versions prior to 1.6.13 Description The webmail application allows for Cascading Style Sheets CSS injection due to improper handling of comments. This can potentially lead to...

9.3CVSS5.1AI score0.5281EPSS
Exploits7References41
Patchstack
Patchstack
added 2026/02/04 12:58 p.m.5 views

WordPress Sync Master Sheet – Product Sync with Google Sheet for WooCommerce plugin <= 1.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Sync Master Sheet Product Sync with Google Sheet for WooCommerce versions = 1.1.3...

5.3AI score0.00256EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/04 11:26 a.m.6 views

WordPress WPForms Google Sheet Connector plugin <= 4.0.1 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Denver Jackson in WordPress Plugin WPForms Google Sheet Connector versions = 4.0.1...

5.4AI score0.0037EPSS
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2026/01/27 4:45 p.m.5 views

Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities

Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft. The campaigns have been codenamed Gopher Strike and Sheet Attack by Zscaler ThreatLabz, which identified them in September 2025. "While...

6.4AI score
Exploits0
GithubExploit
GithubExploit
added 2026/01/22 4:44 p.m.143 views

XSS-cheat-sheet-txt-dictionary-by-PortSwigger

XSS cheat sheet dictionary by PortSwigger PortSwigger diction...

5.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/21 8:35 a.m.6 views

CVE-2025-41768

An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation 'Cross-site Scripting'...

5.5CVSS5.8AI score0.00207EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/01/17 3:4 a.m.14 views

AWS VDP: Password Reuse Vulnerability on AWS Sign-in Page via Password Reset Flow leads to Security Policy Violation

Asset URL: ██████ Summary: The AWS sign-in page allows users to reuse old passwords when resetting their password, which violates security best practices outlined in OWASP Authentication Cheat Sheet and NIST 800-63B Digital Identity Guidelines. This misconfiguration could potentially weaken accou...

5.6AI score
Exploits0
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.5 views

Astra Linux – Vulnerability in libxslt

A use-after-free vulnerability was discovered in libxslt while parsing XSL nodes, which may lead to the dereferencing of expired pointers and cause the application to crash...

5.5CVSS5.2AI score0.00161EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.10 views

PT-2026-2257

Name of the Vulnerable Software and Affected Versions Mediawiki - ApprovedRevs Extension versions 1.39 through 1.45 Description The Mediawiki - ApprovedRevs Extension contains a flaw related to improper encoding or escaping of output due to magic word replacement in ParserAfterTidy. This can lead...

2.3CVSS6.5AI score0.00213EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/06 6:7 a.m.13 views

CVE-2025-9543

The FlexTable WordPress plugin before 3.19.2 does not sanitise and escape the imported links from Google Sheet cells, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

3.5CVSS5.4AI score0.00154EPSS
Exploits0References1
NVD
NVD
added 2026/01/05 6:16 a.m.4 views

CVE-2025-9543

The FlexTable WordPress plugin before 3.19.2 does not sanitise and escape the imported links from Google Sheet cells, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

3.5CVSS0.00154EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/05 6:0 a.m.4 views

EUVD-2026-0836

The FlexTable WordPress plugin before 3.19.2 does not sanitise and escape the imported links from Google Sheet cells, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

3.5CVSS4.9AI score0.00154EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/05 6:0 a.m.4 views

CVE-2025-9543 FlexTable Google Sheets Connector < 3.19.2 - Admin+ Stored XSS

The FlexTable WordPress plugin before 3.19.2 does not sanitise and escape the imported links from Google Sheet cells, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

5AI score0.00154EPSS
Exploits0References1
CVE
CVE
added 2026/01/05 6:0 a.m.16 views

CVE-2025-9543

CVE-2025-9543 (FlexTable – Data Table Sync with Google Sheets): A stored cross-site scripting vulnerability exists in FlexTable WordPress plugin versions before 3.19.2 where unfiltered links imported from Google Sheet cells are not properly sanitized/escaped. This could allow a high-privilege use...

3.5CVSS5AI score0.00154EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.4 views

PT-2026-1216

Name of the Vulnerable Software and Affected Versions FlexTable WordPress plugin versions prior to 3.19.2 Description The FlexTable WordPress plugin does not properly sanitise and escape imported links from Google Sheet cells. This could allow users with high privileges, such as administrators, t...

3.5CVSS5AI score0.00154EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.4 views

PT-2026-8021

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 145.0.7632.75/76 and 144.0.7559.75 Linux Description Google Chrome has a high-severity use-after-free vulnerability CVE-2026-2441 in the CSS engine that is actively exploited in the wild. This flaw allows...

9.4CVSS6.3AI score0.2202EPSS
Exploits12References373
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Music Sheet Viewer plugin <= 4.1 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by Peter Thaleikis in WordPress Plugin Music Sheet Viewer versions = 4.1...

7.5CVSS5.5AI score0.0052EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/18 7:22 a.m.24 views

CVE-2025-64231 WordPress WordPress Contact Form 7 PDF, Google Sheet & Database plugin <= 3.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in RedefiningTheWeb WordPress Contact Form 7 PDF, Google Sheet & Database rtwwcfp-wordpress-contact-form-7-pdf allows Using Malicious Files.This issue affects WordPress Contact Form 7 PDF, Google Sheet & Database: from n/a through =...

9.9CVSS0.00272EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 7:22 a.m.11 views

CVE-2025-64231

The CVE-2025-64231 entry concerns the WordPress plugin RTW WordPress Contact Form 7 PDF, Google Sheet & Database (rtwwcfp-wordpress-contact-form-7-pdf) versions up to 3.0.0. The vulnerability is an Unrestricted Upload of File with Dangerous Type, allowing upload of malicious files via the plugin’...

9.9CVSS6.6AI score0.00272EPSS
Exploits0References1
Rows per page
Query Builder