Lucene search
K

21946 matches found

EUVD
EUVD
added 2026/04/06 5:48 p.m.8 views

EUVD-2026-19420

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users with post editing permissions Edit Post, Edit Draft, Edit Own Post, Edit Own Draft to modify posts they do not own and do not have...

6.5CVSS5.9AI score0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/06 4:15 p.m.19 views

CVE-2026-5668 Cyber-III Student-Management-System add%20notice.php cross site scripting

A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown part of the file /admin/Add%20notice/add%20notice.php. This manipulation of the argument $SERVER'PHPSELF' causes cross site scripting. It is possible to initiate th...

4.8CVSS0.00206EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/06 3:49 p.m.29 views

CVE-2026-34940 KubeAI has an OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods

KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript function in internal/modelcontroller/engineollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components ref, modelParam. This shell command is executed via bash ...

8.7CVSS0.00448EPSS
Exploits3References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 3:27 p.m.2 views

CVE-2026-34402

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39330. Reason: This candidate is a duplicate of CVE-2026-39330. Notes: All CVE users should reference CVE-2026-39330 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/06 12:48 p.m.121 views

Exploit for CVE-2026-35678

Vulnerability Research Report: All Eduplus ERP Insecure Direct...

6AI score
Exploits1
Debian CVE
Debian CVE
added 2026/04/06 7:38 a.m.2 views

CVE-2026-31408

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in scorecvframe due to missing sockhold scorecvframe reads conn-sk under scoconnlock but immediately releases the lock without holding a reference to the socket. A concurrent close can free the...

8.8CVSS5.3AI score0.003EPSS
Exploits0
OSV
OSV
added 2026/04/06 2:46 a.m.3 views

CLEANSTART-2026-LR09759 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4

Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...

5.9AI score
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/04/06 12:0 a.m.8 views

VulnCheck KEV: CVE-2026-3965

A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. The attack may be initiated remotely. The...

6.5CVSS5.3AI score0.00441EPSS
In wildExploits0References12
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.10 views

Brave CMS 安全漏洞

Brave CMS is a blog and news content management system developed by Razvan Zamfir. Versions of Brave CMS prior to 2.0.6 contained security vulnerabilities. These vulnerabilities stemmed from an insecure direct object reference in the article image deletion function, which could allow authenticate...

7.1CVSS5.8AI score0.00201EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/04/06 12:0 a.m.3 views

CVE-2026-31408

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in scorecvframe due to missing sockhold scorecvframe reads conn-sk under scoconnlock but immediately releases the lock without holding a reference to the socket. A concurrent close can free the...

8.8CVSS5.7AI score0.003EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.3 views

PT-2026-30576

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description The Linux kernel contains a use-after-free issue in the sco recv frame function within the Bluetooth SCO Synchronous Connection-Oriented subsystem. The function reads conn-sk under sco...

8.8CVSS5.8AI score0.003EPSS
Exploits0References98
OSV
OSV
added 2026/04/05 7:0 p.m.0 views

MINI-MM75-G8VH-J5R4

Bulletin has no description...

7.1CVSS5.8AI score0.00308EPSS
Exploits0
OSV
OSV
added 2026/04/05 6:29 p.m.3 views

MINI-R64X-MHJM-P9W3

Bulletin has no description...

8.1CVSS5.8AI score0.00692EPSS
Exploits1
OSV
OSV
added 2026/04/05 6:29 p.m.2 views

MINI-Q66W-F7X6-GRQH

Bulletin has no description...

5.9AI score
Exploits0
OSV
OSV
added 2026/04/05 6:29 p.m.2 views

MINI-HQGJ-W9JW-HX2F

Bulletin has no description...

8.2CVSS5.8AI score0.00291EPSS
Exploits1
OSV
OSV
added 2026/04/05 6:28 p.m.3 views

MINI-M899-QJH2-G987

Bulletin has no description...

5.9AI score
Exploits0
OSV
OSV
added 2026/04/05 6:27 p.m.3 views

MINI-47XC-CP6V-542P

Bulletin has no description...

5.9AI score
Exploits0
OSV
OSV
added 2026/04/05 6:26 p.m.2 views

MINI-3J8J-829C-3V77

Bulletin has no description...

9.8CVSS5.9AI score0.01973EPSS
Exploits0
OSV
OSV
added 2026/04/05 4:46 p.m.0 views

MINI-PG4P-8P25-256H

Bulletin has no description...

8.8CVSS7.3AI score0.00454EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/05 10:55 a.m.9 views

CVE-2026-4896

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...

8.1CVSS5.9AI score0.00351EPSS
Exploits0References1
Rows per page
Query Builder