Lucene search
K

11903 matches found

Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.5 views

PT-2026-33122

CVE-2026-34393 Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been fixe… https://t.co/JEJrafhYzJ...

8.8CVSS5.7AI score0.00391EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/13 6:10 p.m.15 views

CVE-2026-40041 Pachno 1.0.6 Cross-Site Request Forgery via State-Changing Endpoints

Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...

5.3CVSS0.00109EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 6:10 p.m.2 views

CVE-2026-40041

Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...

5.3CVSS5.8AI score0.00109EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/04/13 4:3 a.m.33 views

CVE-2026-35553

CVE-2026-35553 concerns Bluetooth ACPI Drivers from Dynabook Inc. with a stack-based buffer overflow that may allow a local attacker with high privileges to execute arbitrary code by modifying certain registry values. Documented details confirm the vulnerability, including CVSS metrics (3.1: base...

8.4CVSS6.5AI score0.00147EPSS
Exploits0References3
CVE
CVE
added 2026/04/10 5:48 p.m.17 views

CVE-2026-32930

Chamilo LMS -- IDOR in the gradebook evaluation edit page affects prior to 1.11.38 and 2.0.0-RC.3. Authenticated teachers could view and modify evaluation settings (name, max score, weight) for other courses by manipulating the editeval GET parameter. The issue is fixed in 1.11.38 and 2.0.0-RC.3....

7.1CVSS5.8AI score0.00193EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.9 views

PT-2026-32009

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38 and prior to 2.0.0-RC.3 Description Chamilo LMS contains an Insecure Direct Object Reference IDOR issue in the gradebook evaluation edit page. An authenticated teacher can view and modify evaluation settin...

7.1CVSS5.8AI score0.00193EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/08 7:15 p.m.9 views

EUVD-2026-20485

CI4MS has stored XSS in Pages Content Due to Missing htmlpurify Sanitization...

5.5CVSS5.9AI score0.00247EPSS
Exploits1References3
CVE
CVE
added 2026/04/08 11:16 a.m.9 views

CVE-2026-1672

The BEAR – Bulk Editor and Products Manager Professional for WordPress (Pluginus.Net) is affected by a Cross-Site Request Forgery in all versions up to 1.1.5. The root cause is missing nonce validation on the woobe_redraw_table_row() function, enabling unauthenticated attackers to modify WooComme...

6.5CVSS5.8AI score0.00176EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/07 8:17 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of Mustache navigation templates when user-controlled values are interpolated into the href attribute without proper URL scheme validation. An attacker can execute arbitrary JavaScript in the...

4.8CVSS5.7AI score0.00176EPSS
Exploits1References2
OSV
OSV
added 2026/04/03 1:27 p.m.3 views

JLSEC-2026-31

A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this...

8.8CVSS6AI score0.0199EPSS
Exploits0References8
OSV
OSV
added 2026/03/27 7:10 a.m.4 views

BIT-DISCOURSE-2026-33408 Discourse has Improper Authorization in "Post Edits" Report For Moderators

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, moderators were able to see the first 40 characters of post edits in PMs and private categories. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available...

2.7CVSS5.9AI score0.00277EPSS
Exploits0References5
OSV
OSV
added 2026/03/27 7:10 a.m.3 views

BIT-DISCOURSE-2026-33394 Discourse leaks PM post edits to moderators

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, the Post Edits admin report /admin/reports/postedits leaked the first 40 characters of raw post content from private messages and secure categories to moderators who shouldn't have access. Version...

2.7CVSS5.9AI score0.00293EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.4 views

CVE-2026-33408

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators were able to see the first 40 characters of post edits in PMs and private categories. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds a...

2.7CVSS5.8AI score0.00277EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.6 views

CVE-2026-2626

The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function, allowing unauthenticated users to modify stored divi-booster WordPress plugin before 5.0.2 options. Furthermore, due to the use of unserialize on the data, this could be furth...

8.1CVSS5.9AI score0.00156EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.4 views

CVE-2026-33394

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the Post Edits admin report /admin/reports/postedits leaked the first 40 characters of raw post content from private messages and secure categories to moderators who shouldn't have access...

2.7CVSS5.8AI score0.00293EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:15 p.m.5 views

CVE-2026-4202

The extension fails to verify, if an authenticated user has permissions to access to redirects resulting in exposure of redirect records when editing a page...

2.3CVSS5.8AI score0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 11:49 p.m.30 views

CVE-2026-34055 OpenEMR has IDOR in Patient Notes Web UI allows unauthorized note access/modification

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in library/pnotes.inc.php perform updates and deletes using WHERE id = ? without verifying that the note belongs to a patient the...

8.1CVSS0.00267EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 11:49 p.m.10 views

CVE-2026-34055

OpenEMR contains an IDOR in the web UI: legacy patient notes updates/deletes in library/pnotes.inc.php use WHERE id = ? without verifying the note belongs to the user’s accessible patient. Multiple web UI callers pass user-controlled note IDs, enabling unauthorized access/modification. Affects ve...

8.1CVSS5.9AI score0.00267EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.9 views

PT-2026-28145

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, five insurance company REST API routes are missing the RestConfig::request authorization check call that every other data-modifying route in the standard API uses. Th...

5.4CVSS5.8AI score0.00227EPSS
Exploits0References4
OSV
OSV
added 2026/03/24 12:16 a.m.6 views

DEBIAN-CVE-2026-33170

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...

6.1CVSS5.3AI score0.00327EPSS
Exploits0References1
Rows per page
Query Builder