Lucene search
K

192478 matches found

EUVD
EUVD
added 2026/03/06 3:31 p.m.7 views

EUVD-2018-21626

EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the admin/editsource endpoint with crafted SQL UNION statements to extract database...

8.8CVSS6.1AI score0.00281EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/06 3:18 p.m.3 views

CVE-2026-20748 Everon api.everon.io Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS5.8AI score0.00252EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/06 3:16 p.m.30 views

CVE-2026-24696 Everon api.everon.io Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

8.7CVSS0.00357EPSS
Exploits0References2
CVE
CVE
added 2026/03/06 3:16 p.m.16 views

CVE-2026-24696

Technical details (affected products, versions, exploit information) are not publicly provided in the connected documents. Monitor for updates.

8.7CVSS5.8AI score0.00357EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/06 3:5 p.m.4 views

CVE-2026-20882

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

8.7CVSS5.8AI score0.00437EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/06 3:5 p.m.4 views

CVE-2026-20882 Mobiliti e-mobi.hu Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

8.7CVSS5.8AI score0.00437EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/06 3:4 p.m.29 views

CVE-2026-2752

Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticated attacker can send crafted requests to trigger an unhandled exception, causing the server to return verbose .NET stack traces. These error messages expose internal class names, method calls, and...

5.3CVSS0.00261EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/06 2:37 p.m.9 views

CVE-2026-27750

Avira Internet Security contains a time-of-check time-of-use TOCTOU vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan phase and subsequently deletes them during a separate cleanup phase without revalidating the target...

8.5CVSS5.8AI score0.00102EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/06 2:33 p.m.4 views

CVE-2026-3540

An inappropriate implementation flaw was found in the WebAudio component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=484088917...

8.8CVSS5.7AI score0.003EPSS
Exploits0References5
NVD
NVD
added 2026/03/06 1:15 p.m.5 views

CVE-2018-25163

BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php and login.php. Attackers can submit crafted POST requests with SQL UNION statements to...

8.8CVSS0.00245EPSS
Exploits0References2
OSV
OSV
added 2026/03/06 12:41 p.m.7 views

OESA-2026-1507 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django versions before 6.0.2, before 5.2.11, and before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsg...

8.5CVSS6.4AI score0.09436EPSS
Exploits2References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/06 11:34 a.m.10 views

Malicious code in fastapis-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 69baeb910fc47c2e92e2a25cb1db7b5148b4773d193f15aecef4d708f69b1f6d The package clones a legitimate library and contains hidden code that executes remote scripts. During the analysis, the remote code was no longer available ---...

6AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/03/06 11:0 a.m.9 views

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

8.5CVSS7.2AI score0.09436EPSS
Exploits4References18
ATTACKERKB
ATTACKERKB
added 2026/03/06 9:11 a.m.5 views

CVE-2026-3589

The WooCommerce WordPress plugin from versions 5.4.0 to 10.5.2 does not properly handle batch requests, which could allow unauthenticated users to make a logged in admin call non store/WC REST endpoints, and create arbitrary admin users via a CSRF attack for example...

7.5CVSS5.9AI score0.00126EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/06 9:11 a.m.38 views

CVE-2026-3589

CVE-2026-3589 affects the WordPress WooCommerce plugin, versions 5.4.0 through 10.5.2. The issue arises from improper handling of batch requests, enabling unauthenticated users to invoke admin-level REST endpoints and potentially create arbitrary admin users via CSRF. Evidence from multiple sourc...

7.5CVSS5.9AI score0.00126EPSS
Exploits0References2
CVE
CVE
added 2026/03/06 7:23 a.m.73 views

CVE-2026-29074

CVE-2026-29074 affects SVGO (SVG Optimizer), a Node.js library/CLI for optimizing SVGs. Versions 2.1.0–before 2.8.1, 3.0.0–before 3.3.3, and before 4.0.1 accept XML with custom entities without guards against entity expansion/recursion, enabling DoS via entity expansion that can stall or crash th...

7.5CVSS5.7AI score0.00612EPSS
Exploits1References28Affected Software1
OSV
OSV
added 2026/03/06 7:16 a.m.5 views

UBUNTU-CVE-2026-28804

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5...

6.9CVSS5.7AI score0.00399EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/06 6:30 a.m.5 views

EUVD-2026-10001

The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could allow attackers to make a logged in admin remove them via a CSRF attack...

4.3CVSS5.9AI score0.00098EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/06 6:0 a.m.5 views

CVE-2026-1128 WP eCommerce <= 3.15.1 - Coupon Deletion via CSRF

The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could allow attackers to make a logged in admin remove them via a CSRF attack...

5.8AI score0.00098EPSS
Exploits0References1
NVD
NVD
added 2026/03/06 5:16 a.m.7 views

CVE-2026-28683

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, if a malicious authenticated user uploads SVG and creates a hotlink for it, they can achieve stored XSS. This issue has been patched in version 2.2.3...

8.7CVSS0.00189EPSS
Exploits0References2
Rows per page
Query Builder