Lucene search
K

74007 matches found

Vulnrichment
Vulnrichment
added 2026/03/26 12:0 a.m.6 views

CVE-2026-29905

Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service DoS via a malformed image upload. The application fails to properly validate the return value of the PHP getimagesize function. When the system attempts to process this file for...

5.8AI score0.00445EPSS
Exploits1References3
CNVD
CNVD
added 2026/03/26 12:0 a.m.1 views

OpenClaw Access Control Error Vulnerability (CNVD-2026-16052)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that can be exploited by an attacker to cause a local process to capture a gateway authentication token...

6.8CVSS5.9AI score0.00126EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.7 views

EVerest 缓冲区错误漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions prior to EVerest 2026.02.0 contained a buffer error vulnerability. This vulnerability stems from the function ISO15118chargerImpl::handleupdateenergytransfermodes, which copies a variable-leng...

9.1CVSS6AI score0.00197EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/26 12:0 a.m.4 views

Beyond Content Safety: Real-Time Monitoring for Reasoning Vulnerabilities in Large Language Models

Large language models LLMs increasingly rely on explicit chain-of-thought CoT reasoning to solve complex tasks, yet the safety of the reasoning process itself remains largely unaddressed. Existing work on LLM safety focuses on content safety--detecting harmful, biased, or factually incorrect...

6.1AI score
Exploits0
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.11 views

EVerest 缓冲区错误漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions of EVerest prior to 2026.02.0 contained a buffer error vulnerability, which was caused by out-of-bounds access, potentially leading to remote crashes or memory corruption...

7.5CVSS6AI score0.00367EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.5 views

HCL Aftermarket DPC 安全漏洞

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from an Access Control Error vulnerability that can be exploited by an attacker to elevate their privileges and compromise the application...

9.8CVSS5.8AI score0.00319EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.6 views

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-18 and 6.9.13-43 contained a buffer error vulnerability. This vulnerability stemmed from...

5.5CVSS6AI score0.00141EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

crun 安全漏洞

Crun is an OCI container runtime library developed by Containers in C language. Versions of Crun from 1.19 to 1.26 and earlier contain security vulnerabilities. These vulnerabilities stem from errors in parsing the crun exec option with the -u parameter, which may allow processes to run with...

7.8CVSS5.8AI score0.00159EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.4 views

Ory polis 输入验证错误漏洞

Ory Polis is an open-source enterprise single-sign-on and directory synchronization solution developed by Ory. Versions of Ory Polis prior to 26.2.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from improper trust in URL parameters with the callbackUrl...

8.8CVSS5.6AI score0.00428EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28243

Name of the Vulnerable Software and Affected Versions KomSeo Cart version 1.3 Description An SQL injection flaw allows attackers to inject SQL commands via the my item search parameter in the 'edit.php' endpoint. By submitting POST requests with malicious payloads, attackers can extract sensitive...

8.8CVSS5.9AI score0.00245EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.5 views

PT-2026-28242

ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive...

8.8CVSS6AI score0.00267EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.6 views

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-18 and 6.9.13-43 contained a buffer error vulnerability. This vulnerability stemmed from incorrect...

5.1CVSS6AI score0.00128EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/26 12:0 a.m.2 views

OpenClaw Access Control Error Vulnerability (CNVD-2026-16041)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that stems from the BlueBubbles webhook handler containing a passwordless fallback authentication path, which can be exploited by an attacker to cause an...

6.5CVSS5.9AI score0.00249EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.7 views

EVerest 资源管理错误漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions prior to EVerest 2026.02.0 contained a resource management vulnerability caused by data competition, which could lead to reusing resources after release...

4.2CVSS5.8AI score0.00134EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.10 views

WordPress plugin Elementor Website Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.7 views

SiYuan 缓冲区错误漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.6.2 contained a buffer error vulnerability. This vulnerability stemmed from the use of the/api/file/readDir interface to retrieve document IDs, which could lead to information...

9.8CVSS6.6AI score0.00523EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.13 views

PT-2026-28530

Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.2 Description OpenBao, an open source identity-based secrets management system, is susceptible to Reflected Cross-Site Scripting XSS through the error description parameter during failed authentication attempts wh...

10CVSS5.9AI score0.03256EPSS
Exploits28References155
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.10 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. OpenEMR versions 8.0.0.3 and earlier contain security...

7.7CVSS5.8AI score0.00271EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.3 views

SUSE SLES15 Security Update : kernel (Live Patch 45 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2026:0997-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0997-1 advisory. This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.179 fixes various security issues The following security issues were fixed: ...

7.1CVSS6.8AI score0.00196EPSS
Exploits0References28
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

libpng 缓冲区错误漏洞

libpng is an open-source PNG reference library developed by The PNG Development Group. It allows for the creation, reading, and writing of PNG graphic files. Versions of LIBPNG from 1.6.36 to 1.6.55 contain a buffer error vulnerability. This vulnerability stems from out-of-bound read and write...

7.6CVSS6.5AI score0.00585EPSS
Exploits0References3
Rows per page
Query Builder