Lucene search
K

192384 matches found

Cvelist
Cvelist
added 2026/03/11 11:2 p.m.32 views

CVE-2026-3963 perfree go-fastdfs-web Apache Shiro RememberMe ShiroConfig.java rememberMeManager hard-coded key

A security flaw has been discovered in perfree go-fastdfs-web up to 1.3.7. This affects the function rememberMeManager of the file src/main/java/com/perfree/config/ShiroConfig.java of the component Apache Shiro RememberMe. Performing a manipulation results in use of hard-coded cryptographic key...

6.3CVSS0.00355EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/11 10:40 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the upload of .prologue.html file when a crafted URL is accessed. An attacker can execute arbitrary JavaScript in the context of another user's session by uploading a malicious .prologue.html file and tricki...

4.4CVSS5.7AI score0.00162EPSS
Exploits0References2
OSV
OSV
added 2026/03/11 10:16 p.m.9 views

CVE-2026-3961

A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function topilimage of the file manga-image-translator-main/server/requestextraction.py of the component Translate Endpoints. This manipulation causes server-side request forgery. It is...

6.3CVSS5.4AI score0.00251EPSS
Exploits0References12
OSV
OSV
added 2026/03/11 10:16 p.m.3 views

DEBIAN-CVE-2026-3940

Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

5.3CVSS5.3AI score0.00163EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/03/11 10:4 p.m.5 views

CVE-2026-3942

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00177EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/03/11 10:4 p.m.5 views

CVE-2026-3932

Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

7.5CVSS5.3AI score0.00183EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/11 10:4 p.m.1 views

CVE-2026-3927

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00177EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/03/11 10:4 p.m.4 views

CVE-2026-3920

Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.5AI score0.00291EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/03/11 10:4 p.m.4 views

CVE-2026-3918

Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.5AI score0.00325EPSS
Exploits0
CVE
CVE
added 2026/03/11 9:32 p.m.9 views

CVE-2026-3958

Woahai321 ListSync ≤0.6.6 is affected. The vulnerability is in the function requests.post of list-sync-main/api_server.py (JSON Handler) and allows server-side request forgery. It can be exploited remotely; an exploit has been disclosed publicly. Attackers may use the vulnerable server to make un...

6.5CVSS5.3AI score0.00201EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/03/11 8:53 p.m.361 views

claude-code-pentest

claude-code-pentest 6 Claude Code skills that automate th...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/03/11 8:42 p.m.4 views

User Impersonation

Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to User Impersonation in the app registration process. An attacker can gain unauthorized access to sensitive API credentials by exploiting the ability to update the shop-url during...

8.9CVSS5.8AI score0.00267EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/11 8:16 p.m.29 views

CVE-2026-32109 Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`

Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...

3.7CVSS0.00162EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 8:16 p.m.5 views

CVE-2026-32109

Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...

3.7CVSS5.9AI score0.00162EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/03/11 8:16 p.m.10 views

CVE-2026-31979

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...

8.8CVSS0.00196EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/03/11 8:13 p.m.111 views

manchurian-agent-poc

Manchurian Candidate Agent POC ⚠️ SECURITY RESEARCH — EDU...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/03/11 7:47 p.m.8 views

EUVD-2026-11332

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...

8.8CVSS5.9AI score0.00196EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 7:47 p.m.5 views

CVE-2026-31979

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...

8.8CVSS5.9AI score0.00196EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/11 6:23 p.m.5 views

CVE-2019-25466

Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh...

8.6CVSS6.3AI score0.00151EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/11 6:23 p.m.29 views

CVE-2019-25464 InputMapper 1.6.10 Local Denial of Service via Username Field

InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. Attackers can trigger a denial of service by copying a large payload into the username field and double-clicking to proces...

6.7CVSS0.00177EPSS
Exploits0References3
Rows per page
Query Builder