Lucene search
K

509 matches found

CVE
CVE
added 2026/04/09 6:54 p.m.9 views

CVE-2026-28205

Technical details beyond the description are not publicly provided in the supplied documents. Monitor for updates on affected versions, root cause, and remediation.

9.8CVSS5.9AI score0.0045EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/09 6:54 p.m.21 views

CVE-2026-28205 Initialization of a resource with an insecure default in OpenPLC_V3

OpenPLCV3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API...

9.2CVSS0.0045EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 11:16 p.m.12 views

CVE-2026-1752

GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in t...

4.3CVSS0.00311EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/08 7:27 p.m.5 views

EUVD-2026-20592

InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, any users who have staff access permissions can install plugins via the API, without requiring "superuser" account access. This level of permission requirement is out of alignment with other plugin actions such as...

6.6CVSS6AI score0.00216EPSS
Exploits0References3
Imperva Blog
Imperva Blog
added 2026/04/06 10:29 p.m.7 views

Why AI Bot Protection and Control Are Essential for Application Security

AI-driven automation is no longer emerging. It is already integrated and accepted as internet traffic. From AI assistants and crawlers to enterprise automation tools, websites are now routinely accessed by non-human actors operating at scale. Vulnerabilities or weaknesses in your application...

5.5AI score
Exploits0
NVD
NVD
added 2026/04/06 6:16 p.m.8 views

CVE-2026-35046

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, Tandoor Recipes allows authenticated users to inject arbitrary tags into recipe step instructions. The bleach.clean sanitizer explicitly whitelists the tag, causing the backend to...

5.4CVSS0.00173EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/01 9:42 p.m.8 views

SillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6

Details Distinct from CVE-2025-59159 and CVE-2026-26286 all fixed in v1.16.0. This endpoint is still unpatched. In src/endpoints/search.js line 419, the hostname is checked against /^\d+.\d+.\d+.\d+$/. This only matches literal dotted-quad IPv4 e.g. 127.0.0.1, 10.0.0.1. It does not catch: -...

5CVSS6AI score0.00213EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/03/31 9:16 p.m.8 views

CVE-2026-34372

Sulu is an open-source PHP content management system based on the Symfony framework. From versions 1.0.0 to before 2.6.22, and 3.0.0 to before 3.0.5, a user which has permission for the Sulu Admin via at least one role could have access to the sub-entities of contacts via the admin API without ev...

5.3CVSS0.00258EPSS
Exploits0References3
OSV
OSV
added 2026/03/30 7:18 p.m.4 views

GHSA-9P23-P2M4-2R4M Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin

Summary A SQL Injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet database, and inject arbitrary content into team configs v...

8.7CVSS6AI score0.00318EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/03/28 11:40 a.m.180 views

Exploit for CVE-2026-25099

CVE-2026-25099 — Bludit CMS API Unrestricted File Upload to RC...

8.7CVSS5.9AI score0.01919EPSS
Exploits4
NVD
NVD
added 2026/03/27 7:16 p.m.13 views

CVE-2026-34369

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getapivideofile and getapivideo API endpoints in AVideo return full video playback sources direct MP4 URLs, HLS manifests for password-protected videos without verifying the video password. While the normal we...

5.3CVSS0.00376EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/27 6:13 p.m.22 views

CVE-2026-34369 AVIdeo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources Without Password Verification

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getapivideofile and getapivideo API endpoints in AVideo return full video playback sources direct MP4 URLs, HLS manifests for password-protected videos without verifying the video password. While the normal we...

5.3CVSS0.00376EPSS
Exploits1References2
OSV
OSV
added 2026/03/26 8:33 p.m.5 views

GO-2026-4847 Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read in code.vikunja.io/api

Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read in code.vikunja.io/api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is...

6.5CVSS5.9AI score0.0033EPSS
Exploits1References5
CVE
CVE
added 2026/03/26 8:18 a.m.23 views

CVE-2026-4860

The CVE-2026-4860 entry concerns 648540858 wvp-GB28181-pro up to version 2.7.4. It affects the API Endpoint component, specifically the function GenericFastJsonRedisSerializer in src/main/java/com/genersoft/iot/vmp/conf/redis/RedisTemplateConfig.java. The issue enables deserialization, with remot...

7.5CVSS6.6AI score0.00427EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/26 1:52 a.m.1 views

CVE-2026-4835

A security vulnerability has been detected in code-projects Accounting System 1.0. Impacted is an unknown function of the file /myaccount/addcostumer.php of the component Web Application Interface. Such manipulation of the argument costumername leads to cross site scripting. The attack may be...

5.1CVSS3.9AI score0.00195EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.17 views

PT-2026-28299

Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description The software is subject to a Cross-Origin Resource Sharing issue. Improper CORS configurations can lead to the exposure of sensitive user information to attackers, unauthorized...

4.3CVSS5.9AI score0.0018EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/25 11:23 p.m.6 views

CVE-2026-33915 OpenEMR Missing ACL Checks on Insurance Company API Routes

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, five insurance company REST API routes are missing the RestConfig::requestauthorizationcheck call that every other data-modifying route in the standard API uses. This...

5.4CVSS5.8AI score0.00227EPSS
Exploits0References3
OSV
OSV
added 2026/03/25 9:16 a.m.10 views

ALPINE-CVE-2026-3608

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2...

7.5CVSS7.5AI score0.01361EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 8:46 a.m.24 views

CVE-2026-3608 Stack overflow in Kea daemons

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2...

7.5CVSS0.01361EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/25 8:46 a.m.3 views

CVE-2026-3608 Stack overflow in Kea daemons

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2...

7.5CVSS5.8AI score0.01361EPSS
Exploits0References3
Rows per page
Query Builder