Lucene search
+L

392 matches found

Cvelist
Cvelist
added 2026/04/22 7:45 a.m.29 views

CVE-2026-4090 Inquiry cart <= 3.4.2 - Cross-Site Request Forgery via Settings Form

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rdicsettingspage function when processing settings form submissions. This makes it possible for unauthenticated attackers...

6.1CVSS0.00243EPSS
Exploits0References17
EUVD
EUVD
added 2026/04/08 9:31 a.m.4 views

EUVD-2026-20172

Missing Authorization vulnerability in Jordy Meow AI Engine Pro ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine Pro: from n/a through 3.4.2...

5.9AI score0.00165EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.2 views

CVE-2026-39506

Missing Authorization vulnerability in Jordy Meow AI Engine Pro ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine Pro: from n/a through 3.4.2...

5.9AI score0.00165EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.7 views

WordPress plugin AI Engine (Pro) 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.13 views

PT-2026-31135

Missing Authorization vulnerability in Jordy Meow AI Engine Pro ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine Pro: from n/a through 3.4.2...

5.9AI score0.00165EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.10 views

PT-2026-30586

Name of the Vulnerable Software and Affected Versions SDL image affected versions not specified Description The SDL image library has an issue where pixel index values from decoded XCF tile data are used directly as colormap indices without validation against the colormap size. A crafted .xcf fil...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References6
OSV
OSV
added 2026/04/01 9:34 a.m.21 views

CLEANSTART-2026-SY28275 Security fixes for CVE-2025-0913, CVE-2025-4673, CVE-2025-47907, CVE-2026-24051, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-9h8m-3fm2-qjrq, ghsa-fw7p-63qq-7hpr, ghsa-p77j-4mvh-x3m3 applied in versions: 3.3.2-r0, 3.3.3-r3, 3.3.3-r4, 3.4.2-r0

Multiple security vulnerabilities affect the kyverno-policy-reporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.9AI score0.01557EPSS
Exploits1References23
Patchstack
Patchstack
added 2026/03/28 7:7 a.m.7 views

WordPress AI Engine (Pro) plugin < 3.4.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin AI Engine Pro versions 3.4.2...

4.3CVSS5.9AI score0.00165EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.6 views

CVE-2026-33730

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...

6.5CVSS5.9AI score0.00277EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:30 a.m.3 views

CVE-2026-33730

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...

6.5CVSS5.8AI score0.00277EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.9 views

PT-2026-28516

Name of the Vulnerable Software and Affected Versions Open Source Point of Sale opensourcepos versions prior to 3.4.2 Description The application is a web-based point of sale system written in PHP using the CodeIgniter framework. A security issue exists where an authenticated user with limited...

6.5CVSS5.9AI score0.00277EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/03/21 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-33228

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direc...

9.8CVSS6.2AI score0.00808EPSS
Exploits1References3
OSV
OSV
added 2026/03/20 11:16 p.m.3 views

DEBIAN-CVE-2026-33228

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

9.8CVSS5.8AI score0.00808EPSS
Exploits1References1
NVD
NVD
added 2026/03/20 11:16 p.m.6 views

CVE-2026-33228

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

9.8CVSS0.00808EPSS
Exploits1References9
UbuntuCve
UbuntuCve
added 2026/03/20 11:16 p.m.5 views

CVE-2026-33228

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

9.8CVSS6.1AI score0.00808EPSS
Exploits1References4
CVE
CVE
added 2026/03/20 11:6 p.m.80 views

CVE-2026-33228

Flatted (JSON circular parser) is affected. Prior to 3.4.2, its parse() could treat attacker-controlled string values as direct array index keys, and using the key proto on the internal Array could expose Array.prototype to the output, enabling prototype pollution. The issue has been patched in v...

9.8CVSS6AI score0.00808EPSS
Exploits1References9Affected Software1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.11 views

flatted 安全漏洞

Flatted is a lightweight and fast cycle-based JSON parser developed by Andrea Giammarchi. Versions of Flatted prior to 3.4.2 contained a security vulnerability. This vulnerability stemmed from the parse function not verifying whether the string values controlled by the attacker were actually...

9.8CVSS6.1AI score0.00808EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.6 views

CVE-2025-70341

Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files...

7.8CVSS6AI score0.00216EPSS
Exploits2References1
NVD
NVD
added 2026/03/04 4:16 p.m.10 views

CVE-2025-59787

2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts...

6.5CVSS0.00191EPSS
Exploits0References1
OSV
OSV
added 2026/03/04 4:16 p.m.5 views

CVE-2025-59787

2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts...

6.5CVSS5.8AI score0.00191EPSS
Exploits0References1
Rows per page
Query Builder