Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

20 matches found

RedhatCVE
RedhatCVEadded 2026/01/06 8:5 a.m.3 views

CVE-2025-15022

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...

4.8CVSS6.3AI score0.00014EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2026/01/05 9:30 a.m.9 views

Vaadin vulnerable to Cross-site Scripting

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...

4.8CVSS6.3AI score0.00014EPSS
Exploits0References5Affected Software3
Snyk
Snykadded 2026/01/05 8:40 a.m.1 views

Cross-site Scripting (XSS)

Overview com.vaadin:vaadin-server is a Java framework for modern Java web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the ContextMenuManager and Action classed, when handling Action captions. An attacker can cause scripts to be executed by injecti...

6.1CVSS5.1AI score0.00014EPSS
Exploits0References2
Snyk
Snykadded 2026/01/05 8:40 a.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the ContextMenuManager and Action classed, when handling Action captions. An attacker can cause scripts to be executed by injecting them into captions. Note: As of version 23, the Action class is only used by...

6.1CVSS5.3AI score0.00014EPSS
Exploits0References2
NVD
NVDadded 2026/01/05 8:15 a.m.2 views

CVE-2025-15022

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...

4.8CVSS0.00014EPSS
Exploits0References2
EUVD
EUVDadded 2026/01/05 7:52 a.m.3 views

EUVD-2026-0820

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...

4.8CVSS5.8AI score0.00014EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/01/05 7:52 a.m.1 views

CVE-2025-15022 Cross-site scripting in Action caption

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...

4.8CVSS5.9AI score0.00014EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/01/05 12:0 a.m.3 views

PT-2026-1225

Name of the Vulnerable Software and Affected Versions Vaadin versions 7.0.0 through 7.7.49 Vaadin versions 8.0.0 through 8.29.1 Vaadin versions 23.1.0 through 23.6.5 Vaadin versions 24.0.0 through 24.8.13 Vaadin versions 24.9.0 through 24.9.6 Description The application allows HTML in action...

4.8CVSS5.9AI score0.00014EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-12935

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.00063EPSS
Exploits0References5
Tenable Nessus
Tenable Nessusadded 2024/06/03 12:0 a.m.27 views

RHEL 9 : libreoffice (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libreoffice: Array index underflow in Calc formula parsing CVE-2023-0950 - Apache OpenOffice versions...

7.8CVSS8.8AI score0.43551EPSS
Exploits2References3
NVD
NVDadded 2024/03/11 10:15 p.m.7 views

CVE-2024-25114

Collabora Online is a collaborative online office suite based on LibreOffice technology. Each document in Collabora Online is opened by a separate "Kit" instance in a different "jail" with a unique directory "jailID" name. For security reasons, this directory name is randomly generated and should...

5.3CVSS3.7AI score0.00229EPSS
Exploits1References2
Prion
Prionadded 2024/03/11 10:15 p.m.25 views

Design/Logic Flaw

Collabora Online is a collaborative online office suite based on LibreOffice technology. Each document in Collabora Online is opened by a separate "Kit" instance in a different "jail" with a unique directory "jailID" name. For security reasons, this directory name is randomly generated and should...

2.1CVSS7.2AI score0.00229EPSS
Exploits1References2
CNNVD
CNNVDadded 2024/03/11 12:0 a.m.2 views

Collabora Online Security Breach

Collabora Online is an application from Collabora UK. A powerful LibreOffice-based online office that supports all major document, spreadsheet and presentation file formats. Collabora Online suffers from a security vulnerability. An attacker can exploit the vulnerability to obtain the path to a...

5.3CVSS6.7AI score0.00229EPSS
Exploits1References3
Veracode
Veracodeadded 2023/08/06 8:17 p.m.21 views

Improper Validation

libreoffice is vulnerable to Improper Validation. The vulnerability exists in the spreadsheet component of The Document Foundation LibreOffice which allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded...

7.8CVSS6.7AI score0.00063EPSS
Exploits0References5Affected Software1
Mageia
Mageiaadded 2023/06/08 7:34 p.m.42 views

Updated libreoffice packages fix security vulnerability

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet...

7.8CVSS7.2AI score0.43551EPSS
Exploits2References3
NVD
NVDadded 2023/05/25 8:15 p.m.13 views

CVE-2023-0950

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet...

7.8CVSS7.8AI score0.00063EPSS
Exploits0References4
UbuntuCve
UbuntuCveadded 2023/05/25 8:15 p.m.45 views

CVE-2023-0950

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet...

7.8CVSS7.1AI score0.00063EPSS
Exploits0References3
CVE
CVEadded 2023/05/25 12:0 a.m.239 views

CVE-2023-0950

CVE-2023-0950 relates to an Improper Validation of Array Index vulnerability in the LibreOffice spreadsheet component (Calc formula parsing). The issue occurs when loading malformed spreadsheet formulas (for example, AGGREGATE) that pass fewer parameters than expected, triggering an array index u...

7.8CVSS7.8AI score0.00063EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVEadded 2023/05/25 12:0 a.m.21 views

CVE-2023-0950

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet...

7.8CVSS7.7AI score0.00063EPSS
Exploits0
securityvulns
securityvulnsadded 2002/04/09 12:0 a.m.41 views

Multiple local files detection issues with OWC in IE (GM#008-IE)

GreyMagic Security Advisory GM008-IE ===================================== By GreyMagic Software, Israel. 08 Apr 2002. Available in HTML format at http://security.greymagic.com/adv/gm008-ie/. Topic: Multiple local files detection issues with OWC in IE. Discovery date: 25 Feb 2002, 05 Mar 2002...

6.5AI score
Exploits0
Rows per page
Query Builder