Lucene search
K

1396 matches found

RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.3 views

CVE-2026-28433

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/03/11 3:43 a.m.4 views

postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code

A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...

8.8CVSS6.1AI score0.00785EPSS
Exploits0References5
OSV
OSV
added 2026/03/11 12:9 a.m.4 views

GHSA-364Q-W7VH-VHPC OliveTin's unsafe parsing of UniqueTrackingId can be used to write files

When the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the StartAction API request. This value is not validated or sanitized before being used in a file...

8.5CVSS6.5AI score0.00712EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.3 views

PT-2026-24786

🚨 CVE-2026-31879 Frappe is a full-stack web application framework. Prior to 14.100.2, 15.101.0, and 16.10.0, due to a lack of validation and improper permission checks, users could modify other user's private workspaces. Specially crafted requests could lead to stored XSS here. This vulnerability...

5.4CVSS5.8AI score0.00136EPSS
Exploits0References6
OSV
OSV
added 2026/03/10 8:20 p.m.4 views

CVE-2026-30949 Parse Server is missing audience validation in Keycloak authentication adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.5 and 8.6.18, the Keycloak authentication adapter does not validate the azp authorized party claim of Keycloak access tokens against the configured client-id. A valid acces...

7.6CVSS5.8AI score0.00426EPSS
Exploits0References5
NVD
NVD
added 2026/03/10 6:18 p.m.3 views

CVE-2026-25605

A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission to remove, potentially resulting in...

7.1CVSS0.00123EPSS
Exploits0References1
OSV
OSV
added 2026/03/10 6:18 p.m.4 views

CVE-2026-25570

A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. The SICAM SIAPP SDK does not perform checks on input values potentially resulting in stack overflow. This could allow an attacker to perform code execution and denial of service...

7.8CVSS6.5AI score0.00142EPSS
Exploits0References1
OSV
OSV
added 2026/03/10 5:6 p.m.6 views

CVE-2026-30959 OneUptime has WhatsApp Resend Verification Authorization Bypass

OneUptime is a solution for monitoring and managing online services. The resend-verification-code endpoint allows any authenticated user to trigger a verification code resend for any UserWhatsApp record by ID. Ownership is not validated unlike the verify endpoint. This affects the...

5.3CVSS5.9AI score0.00371EPSS
Exploits1References4
OSV
OSV
added 2026/03/10 1:15 a.m.2 views

GHSA-CW6X-MW64-Q6PV OneUptime has WhatsApp Resend Verification Authorization Bypass

Description The resend-verification-code endpoint allows any authenticated user to trigger a verification code resend for any UserWhatsApp record by ID. Ownership is not validated unlike the verify endpoint. Affected Source - Endpoint: UserWhatsAppAPI.ts - Service: UserWhatsAppService.ts - Verify...

5.3CVSS5.9AI score0.00371EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.6 views

LinkAce 代码问题漏洞

LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. LinkAce has code vulnerabilities; these vulnerabilities arise from the lack of the NoPrivateIpRule validation rule during link creation, which may lead to server-side request...

7.7CVSS5.9AI score0.00218EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/09 9:21 p.m.5 views

EUVD-2026-10370

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...

2.3CVSS5.8AI score0.00221EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/03/09 2:27 p.m.3 views

postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...

8.8CVSS6.3AI score0.01079EPSS
Exploits0References5
OSV
OSV
added 2026/03/09 9:15 a.m.3 views

CVE-2025-41757

A low-privileged remote attacker can abuse the backup restore functionality of UBR ubr-restore which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system...

8.8CVSS6AI score0.00542EPSS
Exploits0References1
NVD
NVD
added 2026/03/09 9:15 a.m.8 views

CVE-2025-41755

A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter specifying the log file to open e.g., /tmp/weblogsomenumber, but this parameter is not properly validated, allowing an attacker to modify it to...

6.5CVSS0.00498EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/08 7:56 a.m.4 views

CVE-2026-2433

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, 5.0.11. This is due to the plugin's admin-shell.js registering a global message event listener...

6.1CVSS6AI score0.00209EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/07 7:22 a.m.4 views

CVE-2026-1087 The Guardian News Feed <= 1.2 - Cross-Site Request Forgery to Settings Update

The Guardian News Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

4.3CVSS5.6AI score0.00126EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/07 1:21 a.m.7 views

CVE-2026-2494

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.8.2. This is due to missing nonce validation on the membership request management page approve and decline actions. This makes it...

4.3CVSS5.6AI score0.00131EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.10 views

PT-2026-23837

The Font Pairing Preview For Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS5.6AI score0.00126EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/05 8:22 p.m.2 views

CVE-2026-29077 Frappe: Broken Access Control in DocShare

Frappe is a full-stack web application framework. Prior to versions 15.98.0 and 14.100.0, due to a lack of validation when sharing documents, a user could share a document with a permission that they themselves didn't have. This issue has been patched in versions 15.98.0 and 14.100.0...

7.1CVSS5.7AI score0.00193EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/05 8:22 p.m.28 views

CVE-2026-29077 Frappe: Broken Access Control in DocShare

Frappe is a full-stack web application framework. Prior to versions 15.98.0 and 14.100.0, due to a lack of validation when sharing documents, a user could share a document with a permission that they themselves didn't have. This issue has been patched in versions 15.98.0 and 14.100.0...

7.1CVSS0.00193EPSS
Exploits0References1
Rows per page
Query Builder