CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/03/21 3:27 a.m.•1 views

CVE-2026-1648 Performance Monitor <= 1.0.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter

ATTACKERKB•added 2026/03/21 3:27 a.m.•0 views

CVE-2026-1648

CVE•added 2026/03/21 3:27 a.m.•7 views

Exploits0References5

CVE-2026-1648

The CVE-2026-1648 entry concerns the WordPress Performance Monitor plugin (versions up to 1.0.6). It describes a Server-Side Request Forgery (SSRF) in the /wp-json/performance-monitor/v1/curl_data endpoint caused by insufficient validation of the 'url' parameter. This allows unauthenticated attac...

Packet Storm News•added 2026/03/21 12:0 a.m.•2 views

Cyber Deception for Mission Surveillance Via Hypergame-Theoretic Deep Reinforcement Learning

Unmanned Aerial Vehicles UAVs are valuable for mission-critical systems like surveillance, rescue, or delivery. Not surprisingly, such systems attract cyberattacks, including Denial-of-Service DoS attacks to overwhelm the resources of mission drones MDs. How can we defend UAV mission systems...

Positive Technologies•added 2026/03/21 12:0 a.m.•1 views

Exploits0

PT-2026-26814

The Performance Monitor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.6. This is due to insufficient validation of the 'url' parameter in the '/wp-json/performance-monitor/v1/curl data' REST API endpoint. This makes it possible for...

CNNVD•added 2026/03/21 12:0 a.m.•2 views

Exploits0References5

WordPress plugin Performance Monitor 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension that can ...

7.2CVSS6.2AI score0.00058EPSS

OSV•added 2026/03/20 3:26 p.m.•3 views

OPENSUSE-SU-2026:20409-1 Security update for harfbuzz

This update for harfbuzz fixes the following issues: Update to version 11.4.5: Security fixes: - CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create bsc1256459. Other fixes: - Bug fixes for “AAT” shaping, and other shaping micro optimizations. - Fix a shaping...

5.3CVSS5.8AI score0.00044EPSS

Exploits1References2

OSV•added 2026/03/20 3:24 p.m.•1 views

SUSE-SU-2026:20922-1 Security update for harfbuzz

5.3CVSS5.9AI score0.00044EPSS

Exploits1References3

OSV•added 2026/03/20 3:24 p.m.•0 views

SUSE-SU-2026:20762-1 Security update for harfbuzz

5.3CVSS5.8AI score0.00044EPSS

Exploits1References3

HackRead•added 2026/03/20 2:3 p.m.•2 views

Why Image Format Conversion Is Becoming a Practical Issue in Web Security and Performance

WebP boosts performance raises compatibility issues, making image format conversion to PNG essential for secure, flexible, and efficient web workflows today...

Tenable Nessus•added 2026/03/20 12:0 a.m.•1 views

Exploits0

Linux Distros Unpatched Vulnerability : CVE-2026-23271

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - perf: Fix perfeventoverflow vs perfremovefromcontext race Make sure that perfeventoverflow runs with IRQs disabled for all possible callchains. Specifically the...

7.8CVSS5.9AI score0.00014EPSS

Microsoft CVE•added 2026/03/19 8:3 a.m.•2 views

perf/core: Fix refcount bug and potential UAF in perf_mmap

...

7.8CVSS5.8AI score0.00017EPSS

Exploits0

OSV•added 2026/03/18 1:7 p.m.•3 views

MAL-2026-1836 Malicious code in react-performance-suite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e8467a722c92d3c846a99ea30e0b092dd93fba781c34f93dae9b05582d4475e The package react-performance-suite was found to contain malicious code...

OSSF Malicious Packages•added 2026/03/18 1:7 p.m.•6 views

Exploits0References1

Malicious code in react-performance-suite (npm)