Lucene search
K

192467 matches found

Vulnrichment
Vulnrichment
added 2026/03/07 6:32 p.m.2 views

CVE-2026-3669 Freedom Factory dGEN1 com.dgen.alarm AlarmService improper authorization

A security vulnerability has been detected in Freedom Factory dGEN1 up to 20260221. This impacts the function AlarmService of the component com.dgen.alarm. Such manipulation leads to improper authorization. The attack needs to be performed locally. The exploit has been disclosed publicly and may ...

5.3CVSS5.5AI score0.00105EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/07 6:30 p.m.7 views

EUVD-2026-10185

A vulnerability was detected in Mendi Neurofeedback Headset V4. Affected by this vulnerability is an unknown functionality of the component Bluetooth Low Energy Handler. Performing a manipulation results in cleartext transmission of sensitive information. The attack can only be performed from the...

3.1CVSS5.3AI score0.00163EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/07 6:2 p.m.29 views

CVE-2026-2671 Mendi Neurofeedback Headset Bluetooth Low Energy cleartext transmission

A vulnerability was detected in Mendi Neurofeedback Headset V4. Affected by this vulnerability is an unknown functionality of the component Bluetooth Low Energy Handler. Performing a manipulation results in cleartext transmission of sensitive information. The attack can only be performed from the...

3.1CVSS0.00163EPSS
Exploits0References4
NVD
NVD
added 2026/03/07 5:15 p.m.5 views

CVE-2026-30860

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within...

9.9CVSS0.00539EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/07 4:32 p.m.4 views

CVE-2026-30856

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...

5.9CVSS5.9AI score0.00255EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/03/07 4:15 p.m.7 views

CVE-2026-3665

A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xlsxconsumer::readofficedocument of the file source/detail/serialization/xlsxconsumer.cpp of the component XLSX File Parser. The manipulation leads to null pointer dereference. Th...

5.5CVSS0.00205EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/03/07 4:8 p.m.27 views

CVE-2026-29076 cpp-httplib: Stack Overflow Denial of Service (DoS) via std::regex in multipart filename parsing

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep...

5.9CVSS0.00602EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/07 4:2 p.m.3 views

CVE-2026-3668

A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The attack is considered to have high...

3.1CVSS5.4AI score0.0027EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/07 3:32 p.m.3 views

CVE-2026-29786

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Th...

8.2CVSS5.7AI score0.00408EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/03/07 3:32 p.m.32 views

CVE-2026-3667 Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppService improper authorization

A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has...

5.3CVSS0.00132EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/07 3:32 p.m.3 views

CVE-2026-3667 Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppService improper authorization

A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has...

5.3CVSS5.7AI score0.00132EPSS
Exploits0References5
CVE
CVE
added 2026/03/07 3:32 p.m.8 views

CVE-2026-3667

CVE-2026-3667 affects Freedom Factory dGEN1 (up to 20260221) with the vulnerability in the function FakeAppService of the component org.ethosmobile.ethoslauncher. The underlying issue is improper authorization, exploitable from a local attacker. Public exploits exist and the vendor was notified w...

5.3CVSS5.7AI score0.00132EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/07 3:32 p.m.34 views

CVE-2026-3665 xlnt-community xlnt XLSX File xlsx_consumer.cpp read_office_document null pointer dereference

A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xlsxconsumer::readofficedocument of the file source/detail/serialization/xlsxconsumer.cpp of the component XLSX File Parser. The manipulation leads to null pointer dereference. Th...

4.8CVSS0.00205EPSS
Exploits1References6
OSV
OSV
added 2026/03/07 2:16 p.m.6 views

CVE-2026-3662

A vulnerability has been found in Wavlink WL-NU516U1 240425. This vulnerability affects the function usbp910 of the file /cgi-bin/adm.cgi. Such manipulation of the argument Prmode leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

7.2CVSS5.5AI score0.11166EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 p.m.6 views

CVE-2026-3589

The WooCommerce WordPress plugin from versions 5.4.0 to 10.5.2 does not properly handle batch requests, which could allow unauthenticated users to make a logged in admin call non store/WC REST endpoints, and create arbitrary admin users via a CSRF attack for example...

7.5CVSS5.9AI score0.00126EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/07 1:32 p.m.36 views

CVE-2026-3661 Wavlink WL-NU516U1 adm.cgi ota_new_upgrade command injection

A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function otanewupgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor wa...

5.8CVSS0.10863EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/03/07 11:35 a.m.130 views

denkair-lab

DenkAir - Windows AD Pentesting Lab A comprehensive Windows A...

6.2AI score
Exploits0
EUVD
EUVD
added 2026/03/07 9:30 a.m.6 views

EUVD-2026-10128

The Guardian News Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

4.3CVSS5.6AI score0.00126EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/07 7:59 a.m.8 views

CVE-2026-28787

OneUptime is a solution for monitoring and managing online services. In version 10.0.11 and prior, the WebAuthn authentication implementation does not store the challenge on the server side. Instead, the challenge is returned to the client and accepted back from the client request body during...

9CVSS5.8AI score0.00276EPSS
Exploits1References1
NVD
NVD
added 2026/03/07 6:16 a.m.5 views

CVE-2026-30830

Defuddle cleans up HTML pages. Prior to version 0.9.0, the findContentBySchemaText method in src/defuddle.ts interpolates image src and alt attributes directly into an HTML string without escaping. An attacker can use a " in the alt attribute to break out of the attribute context and inject event...

6.1CVSS0.00252EPSS
Exploits1References2
Rows per page
Query Builder