Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

11608 matches found

CVE
CVEadded 2026/03/12 4:35 p.m.9 views

CVE-2026-25529

Postal is an open source SMTP server. CVE-2026-25529 affects versions before 3.3.5, where unescaped data could be injected into the admin interface, primarily via the API’s send/raw method. This HTML injection could permit arbitrary HTML and potentially unauthorised JavaScript execution in the ad...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
Packet Storm News
Packet Storm Newsadded 2026/03/12 12:0 a.m.1 views

On the Possible Detectability of Image-In-Image Steganography

This paper investigates the detectability of popular imagein-image steganography schemes 1, 2, 3, 4, 5. In this paradigm, the payload is usually an image of the same size as the Cover image, leading to very high embedding rates. We first show that the embedding yields a mixing process that is...

5.7AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2026/03/12 12:0 a.m.3 views

PT-2026-25008

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References2
OSV
OSVadded 2026/03/11 7:23 p.m.10 views

GHSA-7VVP-J573-5584 Shopware: Unauthenticated data extraction possible through store-api.order endpoint

Summary An insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. Details Data Exposure Depending on the order payload configuration, attackers may retrieve: -...

8.9CVSS5.9AI score0.00237EPSS
Exploits0References3
NVD
NVDadded 2026/03/11 11:16 a.m.4 views

CVE-2026-3784

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

6.5CVSS0.00302EPSS
Exploits1References5
OSV
OSVadded 2026/03/11 11:16 a.m.4 views

ALPINE-CVE-2026-3784

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

6.5CVSS7.1AI score0.00302EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/03/11 10:9 a.m.6 views

CVE-2026-3784

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

5.8AI score0.00302EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/11 9:25 a.m.5 views

CVE-2026-1992

The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the storesettings method in the ExactMetricsOnboarding class accepting a user-supplied triggeredby parameter that is used instead of...

8.8CVSS5.9AI score0.00631EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2026/03/11 12:11 a.m.2 views

EUVD-2026-10909

django-unicorn affected by component state manipulation via unvalidated attribute access...

5.3CVSS5.7AI score0.0021EPSS
Exploits1References1
OSV
OSVadded 2026/03/11 12:11 a.m.3 views

GHSA-FFV6-JJ46-X367 django-unicorn affected by component state manipulation via unvalidated attribute access

Summary Component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modify internal attributes such as templatename or trigger protected methods. Vulnerability...

5.3CVSS5.8AI score0.0021EPSS
Exploits1References3
Github Security Blog
Github Security Blogadded 2026/03/11 12:11 a.m.14 views

django-unicorn affected by component state manipulation via unvalidated attribute access

Summary Component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modify internal attributes such as templatename or trigger protected methods. Vulnerability...

5.3CVSS5.8AI score0.0021EPSS
Exploits1References3Affected Software1
CNNVD
CNNVDadded 2026/03/11 12:0 a.m.5 views

devalue 安全漏洞

devalue is an enhanced JavaScript object serialization library developed by Svelte. Versions of devalue 5.6.3 and earlier contained a security vulnerability. This vulnerability stemmed from the susceptibility of devalue.parse and devalue.unflatten to prototype pollution attacks involving speciall...

7.5CVSS5.8AI score0.00373EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/03/11 12:0 a.m.2 views

PT-2026-24843

Name of the Vulnerable Software and Affected Versions xierongwkhd weimai-wetapp versions prior to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2 Description A security issue exists in xierongwkhd weimai-wetapp. The getAdmins function within the file source-code/src/main/java/com/moke/wp/wx...

5.8CVSS5.8AI score0.00202EPSS
Exploits0References10
Packet Storm News
Packet Storm Newsadded 2026/03/11 12:0 a.m.3 views

Enhancing Network Intrusion Detection Systems: A Multi-Layer Ensemble Approach to Mitigate Adversarial Attacks

Adversarial examples can represent a serious threat to machine learning ML algorithms. If used to manipulate the behaviour of ML-based Network Intrusion Detection Systems NIDS, they can jeopardize network security. In this work, we aim to mitigate such risks by increasing the robustness of NIDS...

5.8AI score
Exploits0
Github Security Blog
Github Security Blogadded 2026/03/10 9:32 p.m.5 views

pdfmake is vulnerable to server-side request forgery (SSRF)

Server-Side Request Forgery SSRF vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy method allowing server operato...

7.5CVSS5.8AI score0.00481EPSS
Exploits2References7Affected Software1
NVD
NVDadded 2026/03/10 8:16 p.m.2 views

CVE-2026-29177

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Craft Commerce Order details. Malicious JavaScript can be injected via the Shipping Method Name, Order Reference, or Site Name. When a user opens the ord...

5.4CVSS0.00211EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/03/10 8:1 p.m.26 views

CVE-2026-29177 Craft Commerce has Stored XSS in Craft Commerce Order Details Slideout

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Craft Commerce Order details. Malicious JavaScript can be injected via the Shipping Method Name, Order Reference, or Site Name. When a user opens the ord...

4.8CVSS0.00211EPSS
Exploits1References2
CVE
CVEadded 2026/03/10 8:1 p.m.8 views

CVE-2026-29177

Summary of vulnerability (CVE-2026-29177) : Craft Commerce for Craft CMS has a stored XSS flaw in the Order Details slideout. User-supplied input in fields such as the Shipping Method Name, Order Reference, or Site Name can inject JavaScript that executes when a user opens the order details via d...

5.4CVSS5.8AI score0.00211EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/10 8:1 p.m.3 views

CVE-2026-29177 Craft Commerce has Stored XSS in Craft Commerce Order Details Slideout

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Craft Commerce Order details. Malicious JavaScript can be injected via the Shipping Method Name, Order Reference, or Site Name. When a user opens the ord...

4.8CVSS5.8AI score0.00211EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/03/10 8:1 p.m.2 views

CVE-2026-29177

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Craft Commerce Order details. Malicious JavaScript can be injected via the Shipping Method Name, Order Reference, or Site Name. When a user opens the ord...

4.8CVSS5.8AI score0.00211EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder