CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/03/13 7:54 p.m.•5 views

CVE-2026-2879

The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2. This is due to missing validation on the id parameter in the create method of the GetGenieChat REST API endpoint. The method accepts a user-controlled post ID and, when...

5.4CVSS0.00018EPSS

Github Security Blog•added 2026/03/13 4:10 p.m.•6 views

Locutus vulnerable to RCE via unsanitized input in create_function()

Summary The createfunctionargs, code function passes both parameters directly to the Function constructor without any sanitization, allowing arbitrary code execution. This is distinct from CVE-2026-29091 GHSA-fp25-p6mj-qqg6 which was calluserfuncarray using eval in v2.x. This finding affects...

9.8CVSS6.2AI score0.00161EPSS

Exploits1References4Affected Software1

ATTACKERKB•added 2026/03/13 8:25 a.m.•5 views

CVE-2026-2879

5.4CVSS5.9AI score0.00018EPSS

Exploits0References5

CVE•added 2026/03/13 8:25 a.m.•10 views

CVE-2026-2879

The CVE-2026-2879 entry concerns GetGenie (WordPress) plugin

5.4CVSS5.9AI score0.00018EPSS

Vulnrichment•added 2026/03/13 8:25 a.m.•2 views

CVE-2026-2879 GetGenie <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Post Overwrite/Deletion

5.4CVSS5.9AI score0.00018EPSS

Redos•added 2026/03/13 12:0 a.m.•3 views

ROS-20260313-73-0025

A vulnerability in the kvmvmioctlcreatevcpu function of the Linux operating system kernel is caused by a race condition. Exploitation of the vulnerability may allow an attacker to cause a denial of service...

5.5CVSS5.8AI score0.0007EPSS

Exploits0

Redos•added 2026/03/13 12:0 a.m.•4 views

ROS-20260313-73-0026

A vulnerability in the ipmicreateuser function of the Linux operating system kernel is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

7.8CVSS6AI score0.00083EPSS

Exploits0

CNNVD•added 2026/03/13 12:0 a.m.•2 views

WordPress plugin GetGenie 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS5.8AI score0.00018EPSS

CNNVD•added 2026/03/13 12:0 a.m.•3 views

Locutus 代码注入漏洞

Locutus is an open-source JavaScript library developed by Locutus. Versions of Locutus prior to 3.0.14 contained a code injection vulnerability. This vulnerability stemmed from the createfunction function not properly cleaning parameters, which could allow arbitrary code to execute...

Snyk•added 2026/03/12 10:38 p.m.•2 views

Arbitrary Code Injection

Overview locutus is a Locutus other languages' stadard libraries to JavaScript for fun and educational purposes Affected versions of this package are vulnerable to Arbitrary Code Injection via the createfunctionargs, code function. An attacker can execute arbitrary code by supplying unsanitized...

9.8CVSS6.2AI score0.00161EPSS

CVE•added 2026/03/12 9:24 p.m.•9 views

CVE-2026-32304

Locutus (CVE-2026-32304) contains an RCE in create_function(args, code) where the two parameters are passed directly to the Function constructor without sanitization prior to 3.0.14. This allows arbitrary code execution if untrusted input reaches create_function, as the code path uses new Functio...

Exploits1References2Affected Software1

OSV•added 2026/03/12 9:24 p.m.•2 views

CVE-2026-32304 Locutus: RCE via unsanitized input in create_function()

Cvelist•added 2026/03/12 9:24 p.m.•31 views

Exploits1References4

CVE-2026-32304 Locutus: RCE via unsanitized input in create_function()

9.8CVSS0.00161EPSS

ATTACKERKB•added 2026/03/12 9:24 p.m.•0 views

CVE-2026-32304

9.8CVSS6AI score0.00506EPSS

Exploits2References3Affected Software1

Vulnrichment•added 2026/03/12 9:24 p.m.•0 views

CVE-2026-32304 Locutus: RCE via unsanitized input in create_function()

OSV•added 2026/03/12 8:57 p.m.•1 views

GO-2026-4668 zot’s create-only policy allows overwrite attempts of existing latest tag (update permission not required) in zotregistry.dev/zot

zot’s create-only policy allows overwrite attempts of existing latest tag update permission not required in zotregistry.dev/zot. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

7.7CVSS5.8AI score0.00044EPSS

Exploits1References3

Snyk•added 2026/03/12 2:49 p.m.•4 views

Authorization Bypass Through User-Controlled Key

Overview @withstudiocms/api-spec is an API Specification for StudioCMS Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the create-reset-link process. An attacker can gain unauthorized access to higher-privileged accounts by generating a...

7.2CVSS5.8AI score0.00019EPSS

Snyk•added 2026/03/12 2:49 p.m.•5 views

Authorization Bypass Through User-Controlled Key

Overview @withstudiocms/effect is an Effect-TS Utilities for Astro Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the create-reset-link process. An attacker can gain unauthorized access to higher-privileged accounts by generating a password...

7.2CVSS5.8AI score0.00019EPSS