Lucene search
K

103222 matches found

OSV
OSV
added 2026/03/12 6:32 p.m.4 views

GHSA-5HXF-C7J4-279C Tina: Path Traversal in Media Upload Handle

Affected Package | Field | Value | |-------|-------| | Package | @tinacms/cli | | Version | 2.0.5 latest at time of discovery | | Vulnerable File | packages/@tinacms/cli/src/next/commands/dev-command/server/media.ts | | Vulnerable Lines | 42-43 | --- Summary A path traversal vulnerability CWE-22...

7.4CVSS6AI score0.00325EPSS
Exploits1References3
NVD
NVD
added 2026/03/12 6:16 p.m.7 views

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

8.8CVSS0.00453EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/03/12 5:47 p.m.132 views

Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect

Mirth Connect PoC Script Simple Python script for security re...

9.8CVSS7.5AI score0.82708EPSS
Exploits21
SUSE Linux
SUSE Linux
added 2026/03/12 2:50 p.m.5 views

Security update for curl

This update for curl fixes the following issues: CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. CVE-2026-3783: token leak with redirect and netrc bsc1259363. CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. CVE-2026-3805: use after free in SMB connection...

7.5CVSS5.8AI score0.00715EPSS
Exploits4References16
Github Security Blog
Github Security Blog
added 2026/03/12 2:47 p.m.9 views

AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass

VULNERABILITY: HTTP/2 Cleartext h2c Upgrade Authentication Bypass ======================================================================== Severity: CRITICAL CVSS 3.1: 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE: CWE-287 Improper Authentication Component: internal/home/web.go Affected:...

9.8CVSS5.9AI score0.00735EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2026/03/12 1:46 p.m.9 views

OPENSUSE-SU-2026:20350-1 Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation bypas...

9.1CVSS5.8AI score0.00498EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/03/12 12:38 p.m.3 views

cpython: wsgiref.headers.Headers allows header newline injection in Python

Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...

5.9CVSS5.7AI score0.00463EPSS
Exploits0References7
OSV
OSV
added 2026/03/12 10:4 a.m.1 views

SUSE-SU-2026:0879-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...

7.5CVSS5.8AI score0.00715EPSS
Exploits4References9
OSV
OSV
added 2026/03/12 10:4 a.m.2 views

SUSE-SU-2026:20668-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...

7.5CVSS5.8AI score0.00715EPSS
Exploits4References9
ATTACKERKB
ATTACKERKB
added 2026/03/12 2:2 a.m.3 views

CVE-2026-3974

A vulnerability was identified in Tenda W3 1.0.0.32204. This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the component HTTP Handler. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be performed from remote. Th...

9CVSS6.4AI score0.00632EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/12 2:2 a.m.1 views

CVE-2026-3974 Tenda W3 HTTP exeCommand formexeCommand stack-based overflow

A vulnerability was identified in Tenda W3 1.0.0.32204. This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the component HTTP Handler. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be performed from remote. Th...

9CVSS8AI score0.00632EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/12 1:32 a.m.6 views

EUVD-2026-11503

A vulnerability was found in Tenda W3 1.0.0.32204. Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcpara1 results in stack-based buffer overflow. The attack can only be performed from the local network...

8.8CVSS6.3AI score0.00706EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/12 1:32 a.m.1 views

CVE-2026-3972

A vulnerability was found in Tenda W3 1.0.0.32204. Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcpara1 results in stack-based buffer overflow. The attack can only be performed from the local network...

8.8CVSS6.3AI score0.00706EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.4 views

PT-2026-24914

A vulnerability was identified in Tenda W3 1.0.0.32204. This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the component HTTP Handler. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be performed from remote. Th...

9CVSS6.4AI score0.00632EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.4 views

capnproto 环境问题漏洞

Capnproto is an open-source Proto serialization/RPC system—including core tools and C++ libraries. Versions of Capnproto prior to 1.4.0 contained environmental vulnerabilities. These vulnerabilities stemmed from the use of chunked transmission encoding, where the block size parsing values were...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-25080

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 allows unauthenticated attackers to cause a Denial of Service by using a specially crafted HTTP request that leads to a reboot of the device, provided they hav...

7.5CVSS5.8AI score0.00483EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/12 12:0 a.m.4 views

CVE-2026-25819

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 allows unauthenticated attackers to cause a Denial of Service by using a specially crafted HTTP request that leads to a reboot of the device, provided they hav...

5.8AI score0.00483EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-25069

Name of the Vulnerable Software and Affected Versions Cap'n Proto versions prior to 1.4.0 Description Cap'n Proto is a data interchange format and capability-based RPC system. Prior to version 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size was parsed to a value of 2^64 or larger,...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.12 views

PT-2026-26412

Summary Gateway auth for plugin channel endpoints can be bypassed when path canonicalization differs between the gateway guard and plugin handler routing. Details On affected versions, server-http only applies gateway auth when raw requestPath matches exactly: - /api/channels - /api/channels/ If ...

6.3CVSS5.8AI score0.00192EPSS
Exploits0References6
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/12 12:0 a.m.6 views

AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass

An unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext h2c. Once the upgrade is accepted, the resulting HTTP/2 connection is handled by the inner mux, which has no authentication middleware...

9.8CVSS5.9AI score0.00735EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder