Lucene search
K

126688 matches found

CVE
CVE
added 2026/03/31 8:39 p.m.12 views

CVE-2026-34394

WWBN AVideo (versions 26.0 and prior) is affected by a CSRF vulnerability in the admin/plugin configuration endpoint (admin/save.json.php). The endpoint processes requests without CSRF token validation (no isGlobalTokenValid/verifyToken check), and the app uses SameSite=None cookies, enabling cro...

8.1CVSS6AI score0.00233EPSS
Exploits1References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/31 8:37 p.m.8 views

Malicious code in latinum-wallet-mcp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 afbe7d2a026f5fb11d3046e061ded50c350b420b146cd446fc0e009cb7190543 Starting version 0.0.32, the code automatically exfiltrates the private key together with other metrics during the buildmcpwalletserver call for the Solana...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/03/31 8:37 p.m.6 views

MAL-2026-2315 Malicious code in latinum-wallet-mcp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 afbe7d2a026f5fb11d3046e061ded50c350b420b146cd446fc0e009cb7190543 Starting version 0.0.32, the code automatically exfiltrates the private key together with other metrics during the buildmcpwalletserver call for the Solana...

5.8AI score
Exploits0References4
EUVD
EUVD
added 2026/03/31 8:31 p.m.5 views

EUVD-2026-17622

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently igno...

7.5CVSS5.7AI score0.00575EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/31 8:31 p.m.1 views

CVE-2026-34381

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently igno...

7.5CVSS5.7AI score0.00575EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/31 8:31 p.m.25 views

CVE-2026-34381 Admidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccess

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently igno...

7.5CVSS0.00575EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/31 8:31 p.m.5 views

CVE-2026-34381 Admidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccess

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently igno...

7.5CVSS5.7AI score0.00575EPSS
Exploits1References2
OSV
OSV
added 2026/03/31 8:31 p.m.7 views

CVE-2026-34381 Admidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccess

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently igno...

7.5CVSS5.8AI score0.00575EPSS
Exploits1References4
CVE
CVE
added 2026/03/31 8:31 p.m.12 views

CVE-2026-34381

Admidio versions 5.0.0–5.0.7 rely on adm_my_files/.htaccess to deny direct access, but the Docker image uses AllowOverride None, so Apache ignores .htaccess. This allows unauthenticated HTTP access to uploaded documents if the path is known; the path is disclosed in the upload response JSON. The ...

7.5CVSS5.7AI score0.00575EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/31 8:16 p.m.3 views

DEBIAN-CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

5.3CVSS5.3AI score0.00317EPSS
Exploits0References1
NVD
NVD
added 2026/03/31 8:16 p.m.17 views

CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

6.5CVSS0.00317EPSS
Exploits0References1
OSV
OSV
added 2026/03/31 8:16 p.m.5 views

UBUNTU-CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

6.5CVSS5.8AI score0.00317EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/31 8:16 p.m.3 views

CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

6.5CVSS5.9AI score0.00317EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2026/03/31 7:50 p.m.7 views

K000160560: OpenSSL vulnerability CVE-2025-69420

Security Advisory Description Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Respons...

7.5CVSS5.9AI score0.00768EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2026/03/31 7:40 p.m.5 views

Asking AI for personal advice is a bad idea, Stanford study shows

Stanford computer scientists just proved what therapists already suspected: AI chatbots will agree with almost anything you say to keep you happy. The researchers caught these systems validating dangerous decisions just to maintain user engagement. That's a worrying development, especially given...

5.9AI score
Exploits0
F5 Networks
F5 Networks
added 2026/03/31 7:20 p.m.8 views

K000160559: BIND vulnerability CVE-2026-3104

Security Advisory Description A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.4...

7.5CVSS5.9AI score0.00698EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/03/31 7:19 p.m.6 views

K000160558: OpenSSL vulnerability CVE-2025-69419

Security Advisory Description Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write ca...

7.4CVSS6AI score0.00444EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/03/31 7:18 p.m.6 views

CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

7.9CVSS5.9AI score0.01535EPSS
Exploits0References2Affected Software4
CVE
CVE
added 2026/03/31 7:18 p.m.53 views

CVE-2026-2950

CVE-2026-2950 affects lodash ≤ 4.17.23, enabling prototype pollution via array-wrapped path segments in _.unset and _.omit. The attack can delete properties from built-in prototypes (Object.prototype, Number.prototype, String.prototype) without overwriting behavior. The issue is patched in lodash...

6.5CVSS6.5AI score0.00317EPSS
Exploits0References1Affected Software4
Debian CVE
Debian CVE
added 2026/03/31 7:18 p.m.5 views

CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

6.5CVSS5.3AI score0.00317EPSS
Exploits0
Rows per page
Query Builder