Lucene search
K

224 matches found

NVD
NVD
added 2026/03/31 7:16 a.m.4 views

CVE-2026-3881

The Performance Monitor WordPress plugin through 1.0.6 does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attacks...

5.8CVSS0.00259EPSS
Exploits0References1
CVE
CVE
added 2026/03/31 6:0 a.m.12 views

CVE-2026-3881

The Vulnerability: WordPress Performance Monitor plugin versions

5.8CVSS5.9AI score0.00259EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/31 6:0 a.m.24 views

CVE-2026-3881 Performance Monitor <= 1.0.6 - Unauthenticated Blind SSRF

The Performance Monitor WordPress plugin through 1.0.6 does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attacks...

0.00259EPSS
Exploits0References1
NVD
NVD
added 2026/03/24 8:16 p.m.4 views

CVE-2026-33332

NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.addmediafile and app.addmediafiles media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implementation without...

7.5CVSS0.00599EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/24 7:20 p.m.21 views

CVE-2026-33332 NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion

NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.addmediafile and app.addmediafiles media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implementation without...

6.9CVSS0.00599EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/19 6:48 p.m.6 views

NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion

Summary NiceGUI's app.addmediafile and app.addmediafiles media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implementation without validation, allowing an attacker to bypass chunked streaming and...

7.5CVSS5.8AI score0.00599EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2026/03/11 12:0 a.m.4 views

Tenda AC15 goform/formSetIptv File Command Injection Vulnerability

The Tenda AC15 is a wireless router from the Chinese company Tenda. A command injection vulnerability exists in the Tenda AC15V1.0 V15.03.05.18multi version. The vulnerability stems from the unvalidated s11 parameter in goform/formSetIptv, which can be exploited by an attacker to cause a command...

9.8CVSS5.8AI score0.01671EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/09 8:16 a.m.3 views

CVE-2025-41755

A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter specifying the log file to open e.g., /tmp/weblogsomenumber, but this parameter is not properly validated, allowing an attacker to modify it to...

6.5CVSS5.9AI score0.00498EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.6 views

WordPress plugin Membership Plugin – Restrict Content 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.0035EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.6 views

Tenda W20E 安全漏洞

The Tenda W20E is a router produced by the Chinese company Tenda. The Tenda W20E V4.0brV15.11.0.6 version contains a security vulnerability. This vulnerability stems from the unvalidated pPortMapIndex parameter, which may lead to a buffer overflow...

9.8CVSS6.2AI score0.00624EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.5 views

Tenda AC15 安全漏洞

The Tenda AC15 is a wireless router from the Chinese company Tenda. A command injection vulnerability exists in the Tenda AC15V1.0 V15.03.05.18multi version. The vulnerability stems from the unvalidated s11 parameter in goform/formSetIptv, which can be exploited by an attacker to cause a command...

9.8CVSS5.8AI score0.01671EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.6 views

Tenda W20E 安全漏洞

The Tenda W20E is a router produced by the Chinese company Tenda. The Tenda W20E V4.0brV15.11.0.6 version contains a security vulnerability. This vulnerability stems from the unvalidated use of the usbPartitionName parameter, which may lead to key command injection...

9.8CVSS5.8AI score0.02161EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/02/27 7:41 p.m.3 views

CVE-2026-27734

Beszel is a server monitoring platform. Prior to version 0.18.2, the hub's authenticated API endpoints GET /api/beszel/containers/logs and GET /api/beszel/containers/info pass the user-supplied "container" query parameter to the agent without validation. The agent constructs Docker Engine API URL...

6.5CVSS6AI score0.00484EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.10 views

PT-2026-22382

Name of the Vulnerable Software and Affected Versions Beszel versions prior to 0.18.2 Beszel versions 0.18.2 through 0.18.3 Description Beszel is a server monitoring platform. The platform’s authenticated API endpoints, specifically ''/api/beszel/containers/logs'' and...

9.9CVSS6AI score0.22162EPSS
Exploits68References138
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.11 views

PT-2026-21960

Name of the Vulnerable Software and Affected Versions BigBlueButton versions prior to 3.0.20 Description BigBlueButton is a virtual classroom platform. Versions of the 3.x branch before 3.0.20 contain an Open Redirect issue. The errorRedirectUrl string is not properly validated, and is directly...

6.1CVSS5.2AI score0.00147EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/02/22 6:0 a.m.3 views

CVE-2026-1369

The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

5.5AI score0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/22 6:0 a.m.27 views

CVE-2026-1369 Conditional CAPTCHA <= 4.0.0 - Open Redirect

The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

0.00156EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.9 views

CodeAstro Membership Management System 安全漏洞

The CodeAstro Membership Management System is a member management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Membership Management System has a security vulnerability. This vulnerability stems from the lack of validation for the ID parameter in the printmembershipcard.php fil...

9.8CVSS5.8AI score0.00351EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.8 views

PT-2026-8169

CVE-2026-26087 - Apache HTTP Server Unvalidated Request Parameter CVE ID : CVE-2026-26087 Published : Feb. 12, 2026, 5:17 a.m. | 2 hours, 9 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, an...

5.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/01 12:15 p.m.5 views

CVE-2021-47915

PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...

8.6CVSS6.2AI score0.00527EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder