CVE-2026-3715

creationtimestamp| type| source ---|---|--- 2026-03-08 06:16:13+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-3715 2026-03-08 08:30:29+00:00| seen| https://infosec.exchange/users/offseq/statuses/116192616692133181 2026-03-22 19:40:09+00:00| seen|...

CVE-2026-2431

The CM Custom Reports plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datefrom' and 'dateto' parameters in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

SourceCodester Employee Task Management System SQL注入漏洞

SourceCodester Employee Task Management System is an open-source employee task management system developed by SourceCodester. Versions of the SourceCodester Employee Task Management System prior to 1.0 contained a SQL injection vulnerability. This vulnerability stemmed from the handling of the Da...

PT-2026-23958

Name of the Vulnerable Software and Affected Versions SourceCodester Employee Task Management System version 1.0 Description A flaw exists in SourceCodester Employee Task Management System that allows for SQL injection. The issue is located in the GET Parameter Handler component, specifically...

openSUSE 16 Security Update : virtiofsd (openSUSE-SU-2026:20326-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20326-1 advisory. This update for virtiofsd fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stac...

CVE-2026-30851

creationtimestamp| type| source ---|---|--- 2026-03-07 19:40:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgilg5x2xm2u...

CVE-2026-3670

creationtimestamp| type| source ---|---|--- 2026-03-07 18:15:49+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-3670 2026-03-07 21:29:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgirifcq7n2k...

CVE-2026-2721

creationtimestamp| type| source ---|---|--- 2026-03-07 03:28:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mggv37wbek27...

CVE-2026-2431

CVE-2026-2431 affects the CM Custom Reports plugin for WordPress. All versions up to and including 1.2.7 are vulnerable due to insufficient input sanitization and output escaping on the date_from/date_to parameters, enabling a reflected Cross-Site Scripting (XSS) attack. This allows unauthenticat...

CVE-2026-2431 CM Custom Reports <= 1.2.7 - Reflected Cross-Site Scripting via 'date_from' and 'date_to' Parameters

The CM Custom Reports plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datefrom' and 'dateto' parameters in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

PT-2026-23815

The CM Custom Reports plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'date from' and 'date to' parameters in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

WordPress plugin CM Custom Reports 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Freedom Factory dGEN1 授权问题漏洞

The Freedom Factory dGEN1 is a Ethereum mobile device produced by the Freedom Factory company. Versions of Freedom Factory dGEN1 dated back to 20260221 and earlier contained an authorization issue vulnerability. This vulnerability stemmed from incorrect operations on the FakeAppProvider function...

Freedom Factory dGEN1 授权问题漏洞

The Freedom Factory dGEN1 is a Ethereum mobile device produced by the Freedom Factory company. Versions of the Freedom Factory dGEN1 dated 20260221 and earlier have a licensing issue vulnerability. This vulnerability stems from incorrect operations on the AlarmService function in the com.dgen.ala...

CVE-2026-30244

creationtimestamp| type| source ---|---|--- 2026-03-06 23:48:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mggisvjt5g2y 2026-03-07 09:05:57+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mghhx5epgt2u...

GHSA-MQ4R-H2GH-QV7X Flowise Allows Mass Assignment in `/api/v1/leads` Endpoint

Summary A Mass Assignment vulnerability in the /api/v1/leads endpoint allows any unauthenticated user to control internal entity fields id, createdDate, chatId by including them in the request body. The endpoint uses Object.assign to copy all properties from the request body to the Lead entity...

Flowise Allows Mass Assignment in `/api/v1/leads` Endpoint

Summary A Mass Assignment vulnerability in the /api/v1/leads endpoint allows any unauthenticated user to control internal entity fields id, createdDate, chatId by including them in the request body. The endpoint uses Object.assign to copy all properties from the request body to the Lead entity...

CVE-2026-30846

creationtimestamp| type| source ---|---|--- 2026-03-06 21:04:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgg7mjmbwh2n...

CVE-2026-30847

creationtimestamp| type| source ---|---|--- 2026-03-06 20:54:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgg72mcthh2d...

GHSA-W6VW-MRGV-69VF

creationtimestamp| type| source ---|---|--- 2026-03-06 20:09:04+00:00| seen| https://github.blog/security/how-to-scan-for-vulnerabilities-with-github-security-labs-open-source-ai-powered-framework/ 2026-03-10 23:10:58+00:00| seen|...