Lucene search
K

752 matches found

NVD
NVD
added 2026/03/25 5:16 p.m.4 views

CVE-2026-32489

Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through 2.0.30...

6.5CVSS0.00235EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:15 p.m.15 views

CVE-2026-32536

CVE-2026-32536 describes an Unrestricted Upload of File with Dangerous Type in the WordPress plugin Green Downloads (halfdata-paypal-green-downloads) up to version

9.9CVSS5.8AI score0.00259EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/03/21 12:34 p.m.3 views

cy-ai-trainer (>=0.0.1 <=0.0.2), llama-index-packs-vanna (>=0.0.1 <=0.3.0) +2 more potentially affected by CVE-2026-4513 via vanna (>=0.0.30 <=2.0.2)

vanna PYPI version =0.0.30, =0.0.1, =0.0.1, =1.0.0, =2.0.0 Source cves: CVE-2026-4513 Source advisory: SNYK:PYTHON-VANNA-15756488...

6.5CVSS6.5AI score0.00196EPSS
Exploits0
EUVD
EUVD
added 2026/03/21 6:30 a.m.3 views

EUVD-2026-14015

The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0. This is due to missing authentication and capability checks on the configuration reset functionality in the global scope of smarter-analytics.php. This makes it possible for...

5.3CVSS5.8AI score0.00302EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/21 3:27 a.m.4 views

CVE-2026-2501 Ed's Social Share <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Ed's Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's socialshare shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00193EPSS
Exploits0References4
CVE
CVE
added 2026/03/21 3:27 a.m.10 views

CVE-2026-2501

CVE-2026-2501 : The Ed's Social Share WordPress plugin is vulnerable to Stored Cross-Site Scripting via the plugin’s social_share shortcode in all versions up to and including 2.0. The root cause is insufficient input sanitization and output escaping on user-supplied attributes. This enables auth...

6.4CVSS6AI score0.00193EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.10 views

WordPress plugin Smarter Analytics 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00302EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/20 3:31 p.m.5 views

EUVD-2024-55479

SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd...

6AI score0.00505EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.7 views

Vanna SQL注入漏洞

Vanna is a personalized AI SQL proxy from Vanna Corporation. Versions of Vanna 2.0.2 and earlier had a SQL injection vulnerability. This vulnerability stemmed from improper handling of the updatesql function in the src/vanna/legacy/flask/init.py file of the component endpoint, which could lead to...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.8 views

Vanna SQL注入漏洞

Vanna is a personalized AI SQL proxy from Vanna Inc. Versions of Vanna 2.0.2 and earlier had an SQL injection vulnerability. This vulnerability stemmed from improper handling of the parameter ID in the function removetrainingdata located in the file src/vanna/legacy/google/bigqueryvector.py. An S...

7.5CVSS7.1AI score0.00254EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.6 views

EulerOS 2.0 SP10 : gdb (EulerOS-SA-2026-1307)

According to the versions of the gdb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component...

7.8CVSS5.5AI score0.00251EPSS
Exploits5References6
OpenVAS
OpenVAS
added 2026/03/16 12:0 a.m.8 views

Huawei EulerOS: Security Advisory for libtasn1 (EulerOS-SA-2026-1343)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.8AI score0.01109EPSS
Exploits0References2
NVD
NVD
added 2026/03/13 7:53 p.m.5 views

CVE-2025-13777

Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...

8.3CVSS0.00228EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.6 views

PT-2026-25216

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RadiusTheme Medilink-Core medilink-core allows PHP Local File Inclusion.This issue affects Medilink-Core: from n/a through 2.0.7...

5.8AI score0.00381EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/12 6:32 p.m.24 views

CVE-2026-32138 NEXULEAN API Key Leak

NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services...

8.2CVSS0.00256EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.9 views

PT-2026-25031

Shopware is an open commerce platform. /api/ info/config route exposes information about active security fixes. This vulnerability is fixed in 2.0.16, 3.0.12, and 4.0.7...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/11 5:11 p.m.4 views

CVE-2026-31854

Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instructions, the model may attempt to follow them in order to “assist” the user. When combined with a bypass of the command whitelist mechanism, such indirect prompt injections...

8.7CVSS5.8AI score0.00276EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2026/03/11 12:17 a.m.7 views

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-30948 via parse-server (>=2.0.8 <=7.5.4)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-30948 Source advisory: OSV:GHSA-HCJ7-6GXH-24WW...

8.3CVSS5.8AI score0.00216EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.10 views

SAPIDO RB-1732 安全漏洞

SAPIDO RB-1732 is a wireless router produced by SAPIDO Company in Taiwan, China. The SAPIDO RB-1732 V2.0.43 version has a security vulnerability. This vulnerability stems from the formSysCmd endpoint, which allows remote command execution, potentially enabling unverified attackers to execute...

9.8CVSS6.1AI score0.08359EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/05 6:30 a.m.6 views

EUVD-2026-9741

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Run Gran run-gran allows PHP Local File Inclusion.This issue affects Run Gran: from n/a through = 2.0...

8.1CVSS5.9AI score0.00403EPSS
Exploits0References2
Rows per page
Query Builder