365581 matches found
New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released
Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 CVSS score: 8.8, has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim...
PT-2026-7485
Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.5.13 Roundcube Webmail versions prior to 1.6.13 Description The webmail application allows for Cascading Style Sheets CSS injection due to improper handling of comments. This can potentially lead to...
WordPress Sync Master Sheet – Product Sync with Google Sheet for WooCommerce plugin <= 1.1.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Sync Master Sheet Product Sync with Google Sheet for WooCommerce versions = 1.1.3...
WordPress WPForms Google Sheet Connector plugin <= 4.0.1 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by Denver Jackson in WordPress Plugin WPForms Google Sheet Connector versions = 4.0.1...
Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities
Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft. The campaigns have been codenamed Gopher Strike and Sheet Attack by Zscaler ThreatLabz, which identified them in September 2025. "While...
XSS-cheat-sheet-txt-dictionary-by-PortSwigger
XSS cheat sheet dictionary by PortSwigger PortSwigger diction...
CVE-2025-41768
An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation 'Cross-site Scripting'...
AWS VDP: Password Reuse Vulnerability on AWS Sign-in Page via Password Reset Flow leads to Security Policy Violation
Asset URL: ██████ Summary: The AWS sign-in page allows users to reuse old passwords when resetting their password, which violates security best practices outlined in OWASP Authentication Cheat Sheet and NIST 800-63B Digital Identity Guidelines. This misconfiguration could potentially weaken accou...
Astra Linux – Vulnerability in libxslt
A use-after-free vulnerability was discovered in libxslt while parsing XSL nodes, which may lead to the dereferencing of expired pointers and cause the application to crash...
PT-2026-2257
Name of the Vulnerable Software and Affected Versions Mediawiki - ApprovedRevs Extension versions 1.39 through 1.45 Description The Mediawiki - ApprovedRevs Extension contains a flaw related to improper encoding or escaping of output due to magic word replacement in ParserAfterTidy. This can lead...
CVE-2025-9543
The FlexTable WordPress plugin before 3.19.2 does not sanitise and escape the imported links from Google Sheet cells, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2025-9543
The FlexTable WordPress plugin before 3.19.2 does not sanitise and escape the imported links from Google Sheet cells, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
EUVD-2026-0836
The FlexTable WordPress plugin before 3.19.2 does not sanitise and escape the imported links from Google Sheet cells, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2025-9543 FlexTable Google Sheets Connector < 3.19.2 - Admin+ Stored XSS
The FlexTable WordPress plugin before 3.19.2 does not sanitise and escape the imported links from Google Sheet cells, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2025-9543
CVE-2025-9543 (FlexTable – Data Table Sync with Google Sheets): A stored cross-site scripting vulnerability exists in FlexTable WordPress plugin versions before 3.19.2 where unfiltered links imported from Google Sheet cells are not properly sanitized/escaped. This could allow a high-privilege use...
PT-2026-1216
Name of the Vulnerable Software and Affected Versions FlexTable WordPress plugin versions prior to 3.19.2 Description The FlexTable WordPress plugin does not properly sanitise and escape imported links from Google Sheet cells. This could allow users with high privileges, such as administrators, t...
PT-2026-8021
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 145.0.7632.75/76 and 144.0.7559.75 Linux Description Google Chrome has a high-severity use-after-free vulnerability CVE-2026-2441 in the CSS engine that is actively exploited in the wild. This flaw allows...
WordPress Music Sheet Viewer plugin <= 4.1 - Unauthenticated Arbitrary File Read vulnerability
Unauthenticated Arbitrary File Read vulnerability discovered by Peter Thaleikis in WordPress Plugin Music Sheet Viewer versions = 4.1...
CVE-2025-64231 WordPress WordPress Contact Form 7 PDF, Google Sheet & Database plugin <= 3.0.0 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in RedefiningTheWeb WordPress Contact Form 7 PDF, Google Sheet & Database rtwwcfp-wordpress-contact-form-7-pdf allows Using Malicious Files.This issue affects WordPress Contact Form 7 PDF, Google Sheet & Database: from n/a through =...
CVE-2025-64231
The CVE-2025-64231 entry concerns the WordPress plugin RTW WordPress Contact Form 7 PDF, Google Sheet & Database (rtwwcfp-wordpress-contact-form-7-pdf) versions up to 3.0.0. The vulnerability is an Unrestricted Upload of File with Dangerous Type, allowing upload of malicious files via the plugin’...