Lucene search
K

29728 matches found

Patchstack
Patchstack
added 2026/01/28 6:44 a.m.12 views

WordPress AI Engine plugin <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by type5afe in WordPress Plugin AI Engine versions = 3.3.2...

6.4CVSS5.9AI score0.00181EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/01/28 4:22 a.m.2 views

firefox: thunderbird: Use-after-free in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...

9.8CVSS5.7AI score0.00423EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/28 4:8 a.m.2 views

firefox: thunderbird: Use-after-free in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...

9.8CVSS5.7AI score0.00423EPSS
Exploits0References5
Fedora
Fedora
added 2026/01/28 1:26 a.m.8 views

[SECURITY] Fedora 42 Update: harfbuzz-10.4.0-2.fc42

HarfBuzz is an implementation of the OpenType Layout engine...

5.3CVSS5.9AI score0.00377EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/01/28 12:38 a.m.4 views

kernel: drm/i915: mark requests for GuC virtual engines to avoid use-after-free

A use-after-free vulnerability was found in the Linux kernel Intel i915 graphics driver's GuC virtual engine request handling. A local user with access to GPU rendering can create requests on GuC virtual engines and trap references via syncfile or dmabuf, causing fence release operations to acces...

7.8CVSS7.2AI score0.00156EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/28 12:33 a.m.4 views

kernel: drm/i915: mark requests for GuC virtual engines to avoid use-after-free

A use-after-free vulnerability was found in the Linux kernel Intel i915 graphics driver's GuC virtual engine request handling. A local user with access to GPU rendering can create requests on GuC virtual engines and trap references via syncfile or dmabuf, causing fence release operations to acces...

7.8CVSS7.2AI score0.00156EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/28 12:26 a.m.9 views

kernel: drm/i915: mark requests for GuC virtual engines to avoid use-after-free

A use-after-free vulnerability was found in the Linux kernel Intel i915 graphics driver's GuC virtual engine request handling. A local user with access to GPU rendering can create requests on GuC virtual engines and trap references via syncfile or dmabuf, causing fence release operations to acces...

7.8CVSS7.2AI score0.00156EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/01/28 12:0 a.m.8 views

Unicornscan 0.4.51

Unicornscan is an information gathering and correlation engine built for and by members of the security research and testing communities. It was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. It is released for the community to use under the terms of the GPL...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.16 views

WordPress Plugin AI Engine – The Chatbot and AI Framework for WordPress Code Issues and Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

7.2CVSS6AI score0.00667EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/28 12:0 a.m.8 views

MiracleLinux 8 : kernel-4.18.0-553.94.1.el8_10 (AXSA:2026-086:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-086:04 advisory. kernel: smb: client: Fix use-after-free in cifsfilldirent CVE-2025-38051 kernel: smb: client: let recvdone verify dataoffset, datalength and...

7.8CVSS7.2AI score0.00183EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/01/27 8:54 p.m.4 views

CVE-2026-24736 Squidex has Server-Side Request Forgery (SSRF) Issue in Webhook Configuration

Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configuration does not appear to validate or restri...

9.1CVSS6AI score0.0042EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/27 8:54 p.m.5 views

CVE-2026-24736

Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configuration does not appear to validate or restri...

9.1CVSS6AI score0.0042EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/01/27 7:16 p.m.9 views

CVE-2026-0746

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'getaudio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

6.4CVSS0.00181EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/27 6:27 p.m.20 views

CVE-2026-0746 AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'getaudio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

6.4CVSS0.00181EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/27 6:27 p.m.5 views

CVE-2026-0746 AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'getaudio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

6.4CVSS5.9AI score0.00181EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/27 6:27 p.m.5 views

EUVD-2026-4785

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'getaudio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

6.4CVSS5.9AI score0.00181EPSS
Exploits0References3
CVE
CVE
added 2026/01/27 6:27 p.m.16 views

CVE-2026-0746

CVE-2026-0746 : The WordPress AI Engine plugin (

6.4CVSS5.9AI score0.00181EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/01/27 6:2 p.m.15 views

Kyverno Denial of Service via Context Variable Amplification in Policy Engine

Summary Unbounded memory consumption in Kyverno's policy engine allows users with policy creation privileges to cause Denial of Serviceby crafting policies that exponentially amplify string data through context variables. Details For example, the random JMESPath function in...

7.7CVSS5.9AI score0.00531EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/01/27 6:2 p.m.5 views

GHSA-R2RJ-WWM5-X6MQ Kyverno Denial of Service via Context Variable Amplification in Policy Engine

Summary Unbounded memory consumption in Kyverno's policy engine allows users with policy creation privileges to cause Denial of Serviceby crafting policies that exponentially amplify string data through context variables. Details For example, the random JMESPath function in...

7.7CVSS5.9AI score0.00531EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2026/01/27 5:30 p.m.7 views

CVE-2026-22260

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for request-body-limit and response-body-limit...

7.5CVSS5.3AI score0.00494EPSS
Exploits0
Rows per page
Query Builder