Lucene search
+L

7058 matches found

OSV
OSV
added 2026/03/27 7:9 a.m.3 views

BIT-DISCOURSE-2026-27570 Discourse Vulnerable to Stored XSS via Shared AI Conversation Onebox

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, the onebox method in the SharedAiConversation model renders the conversation title directly into HTML without proper sanitization. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. As a...

6.1CVSS5.8AI score0.00347EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/26 9:39 p.m.5 views

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information via the /status/config endpoint. An attacker can obtain plaintext S3 Server-Side Encryption with Customer-Provided Keys by sending a request to this endpoint, potentially allowing unauthorized...

8.7CVSS5.9AI score0.00155EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.4 views

CVE-2026-4270

Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To...

6.8CVSS5.9AI score0.00131EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 2:16 p.m.19 views

UBUNTU-CVE-2026-33413

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...

8.8CVSS5.8AI score0.00249EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/26 1:36 p.m.3 views

CVE-2026-33413 etcd: Authorization bypasses in multiple APIs

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...

8.8CVSS5.8AI score0.00249EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.5 views

PT-2026-28400

Name of the Vulnerable Software and Affected Versions Daylight Studio FuelCMS version 1.5.2 Description FuelCMS version 1.5.2 contains a SQL injection issue through the /controllers/Login.php component. The vulnerability is located in the /controllers/Login.php component and allows for potential...

7.7CVSS5.9AI score0.00309EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/03/25 12:27 a.m.10 views

SUSE CVE-2026-25963

Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet's certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...

6.5CVSS5.7AI score0.00191EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/23 7:24 p.m.3 views

CVE-2026-32879 New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...

4.9CVSS5.8AI score0.00289EPSS
Exploits0References1
NVD
NVD
added 2026/03/20 5:16 a.m.14 views

CVE-2026-33025

AVideo is a video-sharing Platform. Versions prior to 8.0 contain a SQL Injection vulnerability in the getSqlFromPost method of Object.php. The $POST'sort' array keys are used directly as SQL column identifiers inside an ORDER BY clause. Although realescapestring was applied, it only escapes...

8.8CVSS0.00398EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/18 5:26 p.m.15 views

Out-of-Bounds Slice Access in free5GC CHF Leading to DoS

Impact This is an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic in github.com/free5gc/chf/internal/sbi.Server.RechargePut... due t...

7.1CVSS5.8AI score0.00404EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/03/17 8:33 p.m.7 views

EUVD-2026-12474

AWS API MCP File Access Restriction Bypass...

6.8CVSS5.8AI score0.00131EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/03/12 12:0 a.m.3 views

Microsoft Windows 11 Build 26200 File Explorer Auditor

This Metasploit module provides a defensive pre-execution assessment for the Windows vulnerability where File Explorer fails to properly restrict access to sensitive system locations...

7.2CVSS5.8AI score0.0491EPSS
Exploits1
Cvelist
Cvelist
added 2026/03/11 8:49 p.m.28 views

CVE-2026-32123 OpenEMR: Therapy Group Sensitivity ACL No Longer Enforced

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, sensitivity checks for group encounters are broken because the code only consults formencounter for sensitivity, while group encounters store sensitivity in...

7.7CVSS0.00252EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/10 1:18 a.m.4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the REST and WebSocket endpoints due to lack of authentication enforcement. An attacker can gain unauthorized access and interact with sensitive server functionality by sending requests...

9.8CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/01 12:0 a.m.14 views

PT-2026-22498

Name of the Vulnerable Software and Affected Versions Tenda F453 version 1.0.0.3 Description A flaw exists in the fromqossetting function of the /goform/qossetting file. Manipulation of the qos argument can lead to a buffer overflow. The attack can be launched remotely. Recommendations Update to ...

9CVSS7.6AI score0.00655EPSS
Exploits1References16
NVD
NVD
added 2026/02/25 4:23 p.m.9 views

CVE-2026-27700

Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter hono/aws-lambda behind an Application Load Balancer ALB, the getConnInfo function incorrectly selected the first value from the X-Forwarded-For...

8.2CVSS0.00244EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/25 3:1 p.m.5 views

CVE-2026-27700 Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo

Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter hono/aws-lambda behind an Application Load Balancer ALB, the getConnInfo function incorrectly selected the first value from the X-Forwarded-For...

8.2CVSS5.9AI score0.00244EPSS
Exploits0References3
OSV
OSV
added 2026/02/23 8:28 p.m.4 views

ALPINE-CVE-2026-21863

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious actor with access to the Valkey clusterbus port can send an invalid packet that may cause an out bound read, which might result in the system crashing. The Valkey clusterbus packet processin...

7.5CVSS6AI score0.00552EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.12 views

PT-2026-21518

Name of the Vulnerable Software and Affected Versions UTT HiPER 810G versions up to 1.7.7-171114 Description A buffer overflow issue exists in UTT HiPER 810G due to the manipulation of the except argument within the strcpy function located in the file /goform/formP2PLimitConfig. Remote exploitati...

9CVSS8.2AI score0.00691EPSS
Exploits1References15
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.7 views

CVE-2026-24126

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...

9.1CVSS5.5AI score0.00447EPSS
Exploits3References1
Rows per page
Query Builder