Lucene search
K

21908 matches found

Snyk
Snyk
added 2026/04/13 3:25 p.m.7 views

Malicious Package

Overview portal-common-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/04/13 2:16 p.m.2 views

CVE-2026-31414

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackexpect: use expect-helper Use expect-helper in ctnetlink and /proc to dump the helper name. Using nfcthelp without holding a reference to the master conntrack is unsafe. Use exp-master-helper in ctnetlink pa...

9.8CVSS0.00381EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/13 1:21 p.m.35 views

CVE-2026-31414 netfilter: nf_conntrack_expect: use expect->helper

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackexpect: use expect-helper Use expect-helper in ctnetlink and /proc to dump the helper name. Using nfcthelp without holding a reference to the master conntrack is unsafe. Use exp-master-helper in ctnetlink pa...

9.8CVSS0.00381EPSS
Exploits0References6
OSV
OSV
added 2026/04/13 1:20 p.m.1 views

JLSEC-2026-90

Poppler is a PDF rendering library. Versions prior to 25.06.0 use std::atomicint for reference counting. Because std::atomicint is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue...

6.9CVSS5.8AI score0.00371EPSS
Exploits1References7
Patchstack
Patchstack
added 2026/04/13 8:37 a.m.5 views

WordPress BuddyPress Groupblog plugin <= 1.9.3 - Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR vulnerability

Authenticated Subscriber+ Privilege Escalation to Administrator via Group Blog IDOR vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin BuddyPress Groupblog versions = 1.9.3...

8.8CVSS5.8AI score0.00406EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/04/13 2:55 a.m.124 views

sigma-audit

Sigma Stack Audit Full-spectrum security audit combining five...

9.1CVSS5.8AI score0.99621EPSS
Exploits58
OSV
OSV
added 2026/04/13 2:32 a.m.3 views

MINI-WG89-M8Q4-HXVJ

Bulletin has no description...

6.1CVSS5.7AI score0.0029EPSS
Exploits0
OSV
OSV
added 2026/04/13 2:32 a.m.3 views

MINI-P6FV-34J8-VPG5

Bulletin has no description...

5.5CVSS5.7AI score0.0029EPSS
Exploits0
OSV
OSV
added 2026/04/13 2:32 a.m.2 views

MINI-HJJH-VC7V-VJ8W

Bulletin has no description...

7.5CVSS5.7AI score0.00349EPSS
Exploits0
OSV
OSV
added 2026/04/13 2:32 a.m.0 views

MINI-F324-QXRQ-JV5R

Bulletin has no description...

9CVSS5.7AI score0.00658EPSS
Exploits0
OSV
OSV
added 2026/04/13 2:32 a.m.0 views

MINI-Q58W-G485-7WPC

Bulletin has no description...

7.5CVSS5.7AI score0.00349EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.8 views

PT-2026-32282

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

5.7AI score0.00339EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.97 views

📄 ChurchCRM Cross Site Scripting

ChurchCRM versions 6.5.2 and below suffer from a persistent cross site scripting vulnerability in the person property assignment functionality. Note that the advisory says versions 6.3.0 and below are affected but the CVE entry states versions prior to 6.5.3. CVE-2025-67875: ChurchCRM has stored...

8.5CVSS5.2AI score0.00164EPSS
Exploits3
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.8 views

EspoCRM 安全漏洞

EspoCRM is an open-source, web-based Customer Relationship Management system CRM developed by EspoCRM. This system offers features such as sales automation, community management, and customer support. EspoCRM versions 9.3.3 and earlier contained security vulnerabilities. These vulnerabilities...

5.4CVSS5.8AI score0.00211EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.5 views

PT-2026-32522

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference IDOR vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from...

5.4CVSS5.8AI score0.00211EPSS
Exploits1References5
Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.105 views

📄 WBCE CMS Privilege Escalation / Insecure Direct Object Reference

WBCE CMS versions prior to 1.6.4 suffers from insecure direct object reference and privilege escalation vulnerabilities. CVE-2025-65094: WBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation IDOR Overview | Field | Details | |---|---| | CVE ID | CVE-2025-65094 | | Severity | HI...

8.8CVSS5.8AI score0.00331EPSS
Exploits3
Patchstack
Patchstack
added 2026/04/12 11:23 p.m.4 views

WordPress Tutor LMS plugin <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Course Content Modification vulnerability discovered by Hunter Jensen skid in WordPress Plugin Tutor LMS versions = 3.9.7...

4.3CVSS5.8AI score0.00358EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/12 11:15 p.m.3 views

WordPress YITH WooCommerce Wishlist plugin < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR vulnerability

Unauthenticated Arbitrary Wishlist Renaming via IDOR vulnerability discovered by Chiao-Lin Yu Steven Meow in WordPress Plugin YITH WooCommerce Wishlist versions 4.13.0...

6.5CVSS5.8AI score0.00226EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/12 8:17 p.m.3 views

MINI-V6HH-PF76-C6H8

Bulletin has no description...

8.8CVSS5.7AI score0.0034EPSS
Exploits0
OSV
OSV
added 2026/04/12 8:17 p.m.2 views

MINI-694W-M6HX-8PVC

Bulletin has no description...

5.5CVSS5.7AI score0.0029EPSS
Exploits0
Rows per page
Query Builder