Lucene search
+L

1071 matches found

NVD
NVD
added 2026/03/31 10:16 a.m.12 views

CVE-2026-4317

SQL inyection SQLi vulnerability in Umami Software web application through an improperly sanitized parameter, which could allow an authenticated attacker to execute arbitrary SQL commands in the database.Specifically, they could manipulate the value of the 'timezone' request parameter by includin...

9.3CVSS0.00345EPSS
Exploits0References1
CVE
CVE
added 2026/03/31 9:53 a.m.13 views

CVE-2026-4317

CVE-2026-4317 describes an SQL injection in the Umami Software web application where an improperly sanitized timezone parameter is interpolated directly into SQL queries (potentially via prisma.rawQuery/prisma.$queryRawUnsafe or raw queries with ClickHouse). This authenticated-access vulnerabilit...

9.3CVSS6.2AI score0.00345EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.5 views

EUVD-2026-15485

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub.. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00351EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.9 views

CVE-2026-20719

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub.. Mattermost Advisory ID:...

7.5CVSS0.00351EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.14 views

PT-2026-27810

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.4.0 and earlier Mattermost versions 11.3.1 and earlier Mattermost versions 11.2.3 and earlier Mattermost versions 10.11.11 and earlier Description The software does not properly prevent the rendering of external Scalable...

7.5CVSS5.9AI score0.00351EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/24 12:48 p.m.6 views

Malicious code in fancode-web-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e56c163153700b6fef7090e078a98b7c2403088e5c5f487344dc419af8adaa7 The package fancode-web-app was found to contain malicious code. Source: ghsa-malware a933e6c673f3cf2c4cb0e768570b64dcf627ac59e6b29c2e9afd5a5fb3d4396...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/03/24 12:48 p.m.5 views

Malicious Package

Overview fancode-web-app is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/03/24 12:48 p.m.11 views

MAL-2026-2130 Malicious code in fancode-web-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e56c163153700b6fef7090e078a98b7c2403088e5c5f487344dc419af8adaa7 The package fancode-web-app was found to contain malicious code. Source: ghsa-malware a933e6c673f3cf2c4cb0e768570b64dcf627ac59e6b29c2e9afd5a5fb3d4396...

5.8AI score
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/03/23 3:41 p.m.8 views

FriendlyDealer mimics official app stores to push unvetted gambling apps

We’ve identified a huge social-engineering campaign designed to steer people into online gambling sites under the impression they’re installing a legitimate app. We’re calling it FriendlyDealer. It’s been observed across at least 1,500 domains, each hosting a website that impersonates the Google...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/18 4:16 p.m.151 views

web-app-security-project

🛡️ Web Application Security Project 📌 Overview This projec...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/18 1:4 p.m.13 views

Malicious code in proleis-web-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afd065de5d26ebde43c9fef2003ea3ffbc21bfa47120965cf1c6a893da876d33 The package proleis-web-app was found to contain malicious code...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/18 1:4 p.m.4 views

MAL-2026-1825 Malicious code in proleis-web-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afd065de5d26ebde43c9fef2003ea3ffbc21bfa47120965cf1c6a893da876d33 The package proleis-web-app was found to contain malicious code...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/16 10:12 a.m.2 views

CVE-2026-3023

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/pets/print-tags'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting NoSQL commands,...

5.3CVSS5.9AI score0.00329EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.5 views

PT-2026-25671

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose o...

7.1CVSS5.9AI score0.00215EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.10 views

PT-2026-25673

Stored Cross-Site Scripting XSS vulnerability in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/configuracion/agenda/modelo-formulario-evento'. A user with permission to create personalized accounts could exploit this vulnerability simply by creating a malicious survey...

4.8CVSS5.8AI score0.00133EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/03/14 1:20 a.m.5 views

Chromium: CVE-2026-3935 Incorrect security UI in WebAppInstalls

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.5CVSS5.8AI score0.00161EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/12 2:4 p.m.5 views

SUSE CVE-2026-3935

Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References3
CVE
CVE
added 2026/03/11 10:4 p.m.36 views

CVE-2026-3935

CVE-2026-3935 affects Google Chrome/Chromium on multiple platforms due to an incorrect security UI in WebAppInstalls, enabling UI spoofing via a crafted HTML page. Affected versions before 146.0.7680.71 (Chrome/Chromium upstream) are susceptible; fixes are delivered in Chromium 146.0.7680.71 and ...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/11 10:4 p.m.4 views

CVE-2026-3935

Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00161EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/11 10:4 p.m.7 views

CVE-2026-3935

Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00161EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder