Lucene search
K

16144 matches found

Cvelist
Cvelist
added 2026/03/25 4:14 p.m.28 views

CVE-2026-22500 WordPress m2 | Construction and Tools Store theme <= 1.1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through = 1.1.2...

9.8CVSS0.0051EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.6 views

CVE-2026-22500

CVE-2026-22500 describes a PHP Object Injection flaw due to deserialization of untrusted data in the WordPress theme m2-ce (axiomthemes m2 | Construction and Tools Store), affected versions from n/a up to and including 1.1.2. Public Red Hat and CVE records confirm a deserialization/ object inject...

9.8CVSS5.8AI score0.0051EPSS
Exploits0References1
OSV
OSV
added 2026/03/25 10:10 a.m.2 views

SUSE-SU-2026:1011-1 Security update 5.0.7 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: - Non-customer-facing optimization and update golang-github-boynux-squidexporter: - Version update from 1.6.0 to 1.13.0 with the following highlighted changes and fixes jscPED-14971: Added compatibility for Squi...

7.8CVSS5.8AI score0.00324EPSS
Exploits1References11
Patchstack
Patchstack
added 2026/03/25 8:26 a.m.6 views

WordPress WP DSGVO Tools (GDPR) plugin <= 3.1.38 - Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users vulnerability

Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users vulnerability discovered by shark3y in WordPress Plugin WP DSGVO Tools GDPR versions = 3.1.38...

9.1CVSS5.8AI score0.00431EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.4 views

PT-2026-27822

Name of the Vulnerable Software and Affected Versions axiomthemes m2 | Construction and Tools Store versions n/a through 1.1.2 Description An issue exists in axiomthemes m2 | Construction and Tools Store that allows for object injection due to deserialization of untrusted data. This impacts the...

9.8CVSS5.9AI score0.0051EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

WordPress plugin m2 | Construction and Tools Store 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

9.8CVSS5.9AI score0.0051EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2026/03/24 8:0 p.m.8 views

New Whitepaper: Exploiting Cellular-based IoT Devices

Rapid7 has released a whitepaper titled “The Weaponization of Cellular Based IoT Technology,” by Deral Heiland, principal security researcher, IoT, at Rapid7, and Carlota Bindner, lead product security researcher at Thermo Fisher Scientific. The paper examines how attackers with physical access c...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/24 3:40 p.m.10 views

Malicious code in codecoverage-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77e8adaf551291b58aa99518bd0d9c4817709eb0e987acb0f318405926c8f6a1 The package codecoverage-tools was found to contain malicious code...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/24 3:40 p.m.5 views

MAL-2026-2345 Malicious code in codecoverage-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77e8adaf551291b58aa99518bd0d9c4817709eb0e987acb0f318405926c8f6a1 The package codecoverage-tools was found to contain malicious code...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/03/24 6:31 a.m.4 views

EUVD-2026-14735

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the super-unsubscribe AJAX action accepting a processnow parameter from unauthenticated users, which bypasses the intended email-confirmation...

9.1CVSS5.8AI score0.00431EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/03/24 4:27 a.m.5 views

CVE-2026-4283

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the super-unsubscribe AJAX action accepting a processnow parameter from unauthenticated users, which bypasses the intended email-confirmation...

9.1CVSS5.8AI score0.00431EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/03/24 4:27 a.m.30 views

CVE-2026-4283 WP DSGVO Tools (GDPR) <= 3.1.38 - Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the super-unsubscribe AJAX action accepting a processnow parameter from unauthenticated users, which bypasses the intended email-confirmation...

9.1CVSS0.00431EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.10 views

PT-2026-27328

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the super-unsubscribe AJAX action accepting a process now parameter from unauthenticated users, which bypasses the intended email-confirmatio...

9.1CVSS5.8AI score0.00431EPSS
Exploits0References8
CNVD
CNVD
added 2026/03/24 12:0 a.m.3 views

OpenClaw has an unspecified vulnerability (CNVD-2026-14832)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that is caused by failing to pass the senderIsOwner flag when processing Discord voice transcription in agentCommand. An attacker could exploit the vulnerability to cause a voi...

5.9CVSS5.9AI score0.00139EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/24 12:0 a.m.7 views

SoK: The Attack Surface of Agentic AI -- Tools, and Autonomy

Recent AI systems combine large language models with tools, external knowledge via retrieval-augmented generation RAG, and even autonomous multi-agent decision loops. This agentic AI paradigm greatly expands capabilities - but also vastly enlarges the attack surface. In this systematization, we m...

6.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2026/03/23 4:58 p.m.6 views

Securing Applications Anywhere: Breaking Down the Wall of Confusion

Application development has changed dramatically. Enterprises now release software faster, operate more digital services, and deploy applications across a mix of public cloud, private cloud, APIs, containers, and on-premises infrastructure. As application delivery has accelerated and architecture...

5.5AI score
Exploits0
CVE
CVE
added 2026/03/23 1:37 p.m.24 views

CVE-2026-4647

The CVE-2026-4647 issue affects the GNU Binutils BFD library when handling XCOFF object files. A relocation type value is not properly validated before use, allowing an out-of-bounds read. This can cause tools that process XCOFF binaries to crash or expose unintended memory contents, leading to d...

6.1CVSS5.7AI score0.00168EPSS
Exploits0References4Affected Software3
RedhatCVE
RedhatCVE
added 2026/03/23 1:37 p.m.4 views

CVE-2026-4647

A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can caus...

6.1CVSS5.6AI score0.00168EPSS
Exploits0References4
CVE
CVE
added 2026/03/23 12:7 p.m.14 views

CVE-2026-31847

CVE-2026-31847 concerns Nexxt Solutions Nebula 300+ devices running firmware up to 12.01.01.37. A hidden functionality in the /goform/setSysTools endpoint can remotely enable Telnet, which then exposes a privileged diagnostic management interface over the network. This increases attack surface an...

8.8CVSS5.9AI score0.00424EPSS
Exploits0References2Affected Software1
HackRead
HackRead
added 2026/03/23 11:1 a.m.9 views

Why Your Weather-Powered Design Tool Needs More Than Just an API Key

Weather-powered design tools need more than an API key. Learn how authentication, access control, and server-side calls keep…...

5.8AI score
Exploits0
Rows per page
Query Builder