Lucene search
K

56 matches found

NVD
NVD
β€’added 2 days agoβ€’5 views

CVE-2026-58409

ChurchCRM is an open-source church management system. Prior to version 7.4.0, an authenticated administrator can achieve Remote Code Execution RCE on the server by installing a malicious plugin ZIP archive containing a PHP webshell. The application explicitly includes 'php' in its ALLOWEDEXTENSIO...

9.1CVSS0.00456EPSS
Exploits0References1
OSV
OSV
β€’added 2026/06/20 4:43 p.m.β€’4 views

CVE-2026-5366 Git Argument Injection in prefecthq/prefect

Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the GitRepository storage class. The commitsha parameter, which is passed to git commands, lacks validation and does not include a -- separator to distinguish user input from git...

9.9CVSS8AI score0.00874EPSS
Exploits3References3
NVD
NVD
β€’added 2026/06/12 2:16 p.m.β€’16 views

CVE-2026-46342

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /nuxtisland/ endpoint accepts attacker-controlled props query/body...

5.4CVSS0.00091EPSS
Exploits0References2
EUVD
EUVD
β€’added 2026/06/12 12:50 p.m.β€’15 views

EUVD-2026-36418

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /nuxtisland/ endpoint accepts attacker-controlled props query/body...

2.3CVSS5.1AI score0.00091EPSS
Exploits0References2
CVE
CVE
β€’added 2026/06/12 12:50 p.m.β€’35 views

CVE-2026-46342

Nuxt (Vue.js framework) versions 3.1.0–3.21.5 and 4.0.0-alpha.1–4.4.5 are affected by CVE-2026-46342 due to the /__nuxt_island/* endpoint not binding responses to the request props, allowing attacker-controlled props to influence island component rendering via an unverified URL-resident hash. Thi...

5.4CVSS5.1AI score0.00091EPSS
Exploits0References2Affected Software2
Veracode
Veracode
β€’added 2026/04/16 7:35 a.m.β€’9 views

Arbitrary File Deletion

Gin-vue-admin is vulnerable to arbitrary file deletion. The vulnerability is due to improper validation of the FileMd5 parameter, which allows an attacker to manipulate file paths and delete arbitrary files or folders on the server...

9.1CVSS5.9AI score0.00506EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
β€’added 2026/03/26 2:59 p.m.β€’6 views

CVE-2026-31839

Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered...

8.2CVSS5.8AI score0.00118EPSS
Exploits0References1
SUSE Linux
SUSE Linux
β€’added 2026/03/23 4:34 p.m.β€’8 views

Security update for python-Authlib

This update for python-Authlib fixes the following issues: CVE-2026-27962: JWS deserializecompact allows for signature bypass by accepting user-controlled embedded JWK as verification key bsc1259738. CVE-2026-28490: cryptographic padding oracle in JWE RSA15 key management algorithm bsc1259736...

9.1CVSS5.8AI score0.00548EPSS
Exploits3References12
NVD
NVD
β€’added 2026/03/16 6:16 p.m.β€’6 views

CVE-2026-28498

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect OIDC ID Tokens. Specifically, the internal hash verification logic verifyhash...

9.1CVSS0.00226EPSS
Exploits1References12
NVD
NVD
β€’added 2026/03/11 5:16 p.m.β€’10 views

CVE-2026-31839

Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered...

8.2CVSS0.00118EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
β€’added 2026/03/11 4:46 p.m.β€’9 views

CVE-2026-31839

Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered...

8.2CVSS5.8AI score0.00118EPSS
Exploits0References3Affected Software1
CVE
CVE
β€’added 2026/03/11 4:46 p.m.β€’17 views

CVE-2026-31839

Summary of CVE-2026-31839 (Striae) : A high-severity integrity bypass existed in Striae’s digital confirmation workflow prior to v3.0.0. Hash-only validation could be bypassed because trusted manifest hash fields could be modified alongside package content, allowing tampered confirmation packages...

8.2CVSS5.8AI score0.00118EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
β€’added 2026/03/11 4:46 p.m.β€’48 views

CVE-2026-31839 Striae has a hash validation utility vulnerability

Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered...

8.2CVSS0.00118EPSS
Exploits0References2
Vulnrichment
Vulnrichment
β€’added 2026/03/11 4:46 p.m.β€’4 views

CVE-2026-31839 Striae has a hash validation utility vulnerability

Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered...

8.2CVSS5.8AI score0.00118EPSS
Exploits0References2
OSV
OSV
β€’added 2026/03/11 4:46 p.m.β€’10 views

CVE-2026-31839 Striae has a hash validation utility vulnerability

Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered...

8.2CVSS5.8AI score0.00118EPSS
Exploits0References4
EUVD
EUVD
β€’added 2026/03/11 2:55 p.m.β€’5 views

EUVD-2026-11240

Striae has a hash validation utility vulnerability...

8.2CVSS5.8AI score0.00118EPSS
Exploits0References2
Github Security Blog
Github Security Blog
β€’added 2026/03/11 2:55 p.m.β€’8 views

Striae has a hash validation utility vulnerability

Summary A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered confirmation packages to pass integrity checks. Impac...

8.2CVSS5.8AI score0.00118EPSS
Exploits0References4Affected Software1
Packet Storm
Packet Storm
β€’added 2025/12/24 12:0 a.m.β€’246 views

πŸ“„ Litespeed Cache 6.4.0.1 Privilege Escalation

WordPress Litespeed Cache plugin version 6.4.0.1 allows attackers to brute-force authentication hashes and create administrative users without any initial credentials...

9.8CVSS7.3AI score0.68266EPSS
Exploits8
RedhatCVE
RedhatCVE
β€’added 2025/12/17 6:2 p.m.β€’10 views

CVE-2023-53894

phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft specific password hashes beginning with 0e or 00e to bypass authentication and upload malicious PHP files to the server...

9.8CVSS7.4AI score0.00554EPSS
Exploits1References1
OSV
OSV
β€’added 2025/12/16 5:3 p.m.β€’6 views

CVE-2023-53894 phpfm 1.7.9 Authentication Bypass via Type Juggling Vulnerability

phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft specific password hashes beginning with 0e or 00e to bypass authentication and upload malicious PHP files to the server...

9.3CVSS6AI score0.00554EPSS
Exploits1References5
Rows per page
Query Builder