Lucene search
K

72892 matches found

CNNVD
CNNVD
added 2026/03/23 12:0 a.m.9 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an integer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on the system...

8.8CVSS6.3AI score0.0034EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/23 12:0 a.m.6 views

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-38063)

In the Linux kernel, the following vulnerability has been resolved: dm: fix unconditional IO throttle caused by REQPREFLUSH When a bio with REQPREFLUSH is submitted to dm, sendemptyflush generates a flushbio with REQOPWRITE | REQPREFLUSH | REQSYNC, which causes the flushbio to be throttled by...

5.5CVSS6.1AI score0.00145EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/23 12:0 a.m.2 views

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-38451)

In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix GPF in bitmapgetstats The commit message of commit 6ec1f0239485 md/md-bitmap: fix stats collection for external bitmaps states: Remove the external bitmap check as the statistics should be available regardless o...

5.5CVSS5.9AI score0.00147EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/22 12:0 a.m.5 views

WWBN AVideo 输入验证错误漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from the redirectUri parameter in the login process being used directly for...

6.1CVSS5.8AI score0.0019EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/21 12:47 p.m.28 views

CVE-2019-25561 Lyric Maker 2.0.1.0 Denial of Service via Buffer Overflow

Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Title field. Attackers can paste a 5000-byte buffer into the Title input field and save the file to trigger a denial of service conditio...

6.9CVSS0.00181EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/21 6:30 a.m.4 views

EUVD-2026-14187

The Appmax plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 1.0.3. This is due to the plugin registering a public REST API webhook endpoint at /webhook-system without implementing webhook signature validation, secret verification, or any...

5.3CVSS5.9AI score0.003EPSS
Exploits0References10
EUVD
EUVD
added 2026/03/21 6:30 a.m.10 views

EUVD-2026-14150

The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...

6.5CVSS6.1AI score0.00254EPSS
Exploits0References8
NVD
NVD
added 2026/03/21 4:17 a.m.6 views

CVE-2026-4004

The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...

6.5CVSS0.00254EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/21 3:27 a.m.2 views

CVE-2026-4004 Task Manager <= 3.0.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via 'task_id' Parameter

The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...

6.5CVSS6.1AI score0.00254EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.5 views

WordPress plugin Wikilookup 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.4CVSS5.7AI score0.00189EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.6 views

WordPress plugin rexCrawler 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.1CVSS5.7AI score0.00265EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.7 views

PT-2026-26892

NetAware 1.20 contains a buffer overflow vulnerability in the User Blocking feature that allows local attackers to crash the application by supplying oversized input. Attackers can paste a malicious buffer of 512 bytes into the 'Add a website or keyword to be filtered' field and trigger a crash...

6.9CVSS6.1AI score0.0019EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.8 views

WordPress plugin Appmax 输入验证错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.8AI score0.003EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.7 views

WordPress plugin Task Manager 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.5CVSS6.2AI score0.00254EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.6 views

WordPress plugin REST API TO MiniProgram 输入验证错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.8AI score0.00324EPSS
Exploits0References7
NVD
NVD
added 2026/03/20 5:16 p.m.5 views

CVE-2025-15608

This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution throug...

9.8CVSS0.00528EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/20 2:35 p.m.4 views

CVE-2026-3029

A flaw was found in PyMuPDF. This vulnerability, involving path traversal, allows an attacker to write arbitrary files to unintended locations on the system. The flaw is present in the embedded get function within the main.py file. Successful exploitation could lead to system compromise or data...

8.2CVSS5.9AI score0.00354EPSS
Exploits0References5
OSV
OSV
added 2026/03/20 9:59 a.m.3 views

CLSA-2026-1773941493 Fix CVE(s): CVE-2025-66614

SECURITY UPDATE: Improper Input Validation vulnerability - debian/patches/CVE-2025-66614.patch: Add protocol host name and SNI host name matching with strictSNI attribute on the Connector. Covers NIO, NIO2, and APR connectors. - CVE-2025-66614...

9.1CVSS6.8AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/20 7:0 a.m.4 views

CVE-2026-32875

A flaw was found in UltraJSON, a fast JSON encoder and decoder. This vulnerability allows a remote attacker to cause a denial of service DoS by providing a specially crafted large positive or negative indent value to the JSON serialization functions. This can lead to a buffer overflow, causing th...

7.5CVSS6.1AI score0.00469EPSS
Exploits1References6
Veracode
Veracode
added 2026/03/20 5:39 a.m.6 views

Improper Input Validation

code.gitea.io/gitea is vulnerable to improper input validation. The vulnerability is due to insufficient validation of attachment file names in the attachment API, which allows an attacker to bypass file extension restrictions by modifying the attachment name...

8.2CVSS7.2AI score0.00295EPSS
Exploits0References5Affected Software3
Rows per page
Query Builder