Lucene search
K

760 matches found

CVE
CVE
added 2026/03/17 5:19 p.m.26 views

CVE-2026-32294

JetKVM before 0.5.4 fails to verify downloaded firmware authenticity, enabling an attacker-in-the-middle or compromised update server to modify firmware and its SHA256 hash to pass verification. Impact is limited to local impact with high integrity risk, per CVSS 3.1/4.0 metrics: local access, hi...

7CVSS5.8AI score0.00128EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/03/11 3:31 p.m.2 views

EUVD-2026-11164

Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References2
NVD
NVD
added 2026/03/11 3:16 p.m.6 views

CVE-2026-30900

Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access...

7.8CVSS0.00125EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

Zoom Clients for Windows 安全漏洞

Zoom Clients for Windows is a video conferencing software developed by the American company Zoom. There is a security vulnerability in Zoom Clients for Windows, which stems from improper version checking in the update function. This vulnerability could allow authenticated users to gain elevated...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.7 views

CVE-2026-28452

OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the extractArchive function within src/infra/archive.ts that allows attackers to consume excessive CPU, memory, and disk resources through high-expansion ZIP and TAR archives. Remote attackers can trigger resource...

6.7CVSS5.8AI score0.00319EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/05 9:59 p.m.4 views

EUVD-2026-9901

OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the extractArchive function within src/infra/archive.ts that allows attackers to consume excessive CPU, memory, and disk resources through high-expansion ZIP and TAR archives. Remote attackers can trigger resource...

6.7CVSS5.9AI score0.00319EPSS
Exploits0References4
NVD
NVD
added 2026/03/04 10:16 p.m.8 views

CVE-2026-27898

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, an authenticated regular user can specify another user’s cipherid and call "PUT /api/ciphers/id/partial" Even though the standard retrieval API correctly denies access...

5.4CVSS0.00167EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/27 4:28 a.m.6 views

CVE-2026-1442

Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker or anyone paying attention, the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models...

7.8CVSS5.7AI score0.00153EPSS
Exploits1References4
CVE
CVE
added 2026/02/22 7:32 a.m.15 views

CVE-2026-2933

YiFang CMS

4.8CVSS3.2AI score0.00198EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/22 12:0 a.m.16 views

PT-2026-21422

A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/D friendLinkGroup.php of the component Extended Management Module. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the...

4.8CVSS3.2AI score0.00257EPSS
Exploits1References5
Patchstack
Patchstack
added 2026/02/19 12:2 a.m.10 views

WordPress OneClick Chat to Order plugin <= 1.0.9 - Missing Authorization to Authenticated (Editor+) Plugin Settings Update vulnerability

Missing Authorization to Authenticated Editor+ Plugin Settings Update vulnerability discovered by Mohammad Amin Hajian mamadrce in WordPress Plugin OneClick Chat to Order versions = 1.0.9...

2.7CVSS5.5AI score0.00314EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 11:58 p.m.6 views

WordPress Remove Post Type Slug plugin <= 1.0.2 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Remove Post Type Slug versions = 1.0.2...

4.3CVSS5.5AI score0.00151EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:55 p.m.7 views

WordPress Keybase.io Verification plugin <= 1.4.5 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Keybase.io Verification versions = 1.4.5...

4.3CVSS5.5AI score0.00156EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/16 7:8 a.m.6 views

CVE-2026-1750

The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.0.7. This is due to a missing capability check in the 'savecustomuserprofilefields' function. This makes it possible for authenticated attackers, with...

8.8CVSS5.5AI score0.00272EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/13 9:23 p.m.2 views

CVE-2025-15157 Starfish Review Generation & Marketing for WordPress <= 3.1.19 - Authenticated (Subscriber+) Arbitrary Options Update via srm_restore_options_defaults

The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srmrestoreoptionsdefaults' function in all versions up to, and including, 3.1.19. This...

8.8CVSS5.6AI score0.00316EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/11 1:33 a.m.10 views

CVE-2026-25961

SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification INTERNETFLAGIGNORECERTCNINVALID and executes installers without signature checks. A network attacker with any valid TLS certificate e.g., Let's Encrypt can...

7.5CVSS5.8AI score0.00445EPSS
Exploits4References1
Cvelist
Cvelist
added 2026/02/09 12:2 a.m.38 views

CVE-2026-2196 code-projects Online Reviewer System exam-update.php sql injection

A vulnerability was found in code-projects Online Reviewer System 1.0. This issue affects some unknown processing of the file /system/system/admins/assessments/pretest/exam-update.php. The manipulation of the argument testid results in sql injection. The attack may be performed from remote. The...

7.5CVSS0.00381EPSS
Exploits1References5
Patchstack
Patchstack
added 2026/02/02 8:50 a.m.8 views

WordPress Getwid plugin <= 2.0.10 - Missing Authorization to Google API key update vulnerability

Missing Authorization to Google API key update vulnerability discovered by Peter Thaleikis in WordPress Plugin Getwid versions = 2.0.10...

5.3CVSS5.3AI score0.00298EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/30 7:36 a.m.11 views

WordPress EventON < 2.2.8 - Unauthenticated Arbitrary Post Metadata Update vulnerability

Unauthenticated Arbitrary Post Metadata Update vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 2.2.8...

6.1CVSS5.9AI score0.00373EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/01/28 11:23 a.m.23 views

CVE-2026-1380

CVE-2026-1380 affects the Bitcoin Donate Button WordPress plugin (

4.3CVSS5.8AI score0.00124EPSS
Exploits0References3
Rows per page
Query Builder