Lucene search
K

34363 matches found

Cvelist
Cvelist
added 2026/03/25 4:14 p.m.24 views

CVE-2026-22480 WordPress Product Feed for WooCommerce plugin <= 2.3.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through = 2.3.3...

7.2CVSS0.00503EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.1 views

CVE-2026-22480 WordPress Product Feed for WooCommerce plugin <= 2.3.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through = 2.3.3...

7.2CVSS5.8AI score0.00503EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.1 views

CVE-2025-69347 WordPress WPSubscription plugin <= 1.8.10 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through = 1.8.10...

8.6CVSS5.8AI score0.00364EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.26 views

CVE-2025-69347 WordPress WPSubscription plugin <= 1.8.10 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through = 1.8.10...

8.6CVSS0.00364EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.9 views

CVE-2025-69347

CVE-2025-69347 is an IDOR vulnerability in Convers Lab WPSubscription for WordPress WPSubscription plugin versions up to 1.8.10, enabling a user-controlled key to bypass authorization and access objects/resources that should be restricted. Public sources (NVD/Red Hat/EUVD) describe an Authorizati...

8.6CVSS5.8AI score0.00364EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/25 3:18 p.m.2 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in Node.js HTTP request handling. The flaw triggers when an incoming request includes a header named proto and the server application accesses req.headersDistinct. This causes dest"proto" to incorrectly resolve to...

8.7CVSS5.9AI score0.26356EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 12:30 p.m.5 views

EUVD-2026-15235

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop When a standalone IPv6 nexthop object is created with a loopback device e.g., "ip -6 nexthop add id 100 dev lo", fib6nhinit misclassifies it as a reject route...

5.7AI score0.00123EPSS
Exploits0References7
OSV
OSV
added 2026/03/25 11:16 a.m.3 views

UBUNTU-CVE-2026-23300

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop When a standalone IPv6 nexthop object is created with a loopback device e.g., "ip -6 nexthop add id 100 dev lo", fib6nhinit misclassifies it as a reject route...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References9
OSV
OSV
added 2026/03/25 10:27 a.m.4 views

CVE-2026-23348 cxl: Fix race of nvdimm_bus object when creating nvdimm objects

In the Linux kernel, the following vulnerability has been resolved: cxl: Fix race of nvdimmbus object when creating nvdimm objects Found issue during running of cxl-translate.sh unit test. Adding a 3s sleep right before the test seems to make the issue reproduce fairly consistently. The...

4.7CVSS5.8AI score0.00088EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:27 a.m.7 views

CVE-2026-23330

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nciclosedevice, complete any pending data exchange before closing. The data exchange callback e.g. rawsockdataexchangecomplete holds a socket reference. NIPA occasionall...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:26 a.m.2 views

CVE-2026-23300

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop When a standalone IPv6 nexthop object is created with a loopback device e.g., "ip -6 nexthop add id 100 dev lo", fib6nhinit misclassifies it as a reject route...

5.7AI score0.00123EPSS
Exploits0References9Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/25 12:28 a.m.7 views

SUSE CVE-2026-25921

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. This issue has been patched in version 0.14.2...

9.3CVSS6.6AI score0.00327EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.5 views

SUSE CVE-2026-27900

The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider debug logging is not enabled by default. This issue is exposed when debug/provider logs are...

7.7CVSS6.1AI score0.00469EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.4 views

WordPress plugin Gracey 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS5.9AI score0.00172EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.6 views

WordPress plugin Apicona 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.8CVSS5.9AI score0.00344EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.12 views

WordPress plugin Vex 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

8.8CVSS5.9AI score0.00344EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.3 views

PT-2026-27890

Name of the Vulnerable Software and Affected Versions Tasty Daily versions prior to 1.27 Description An issue exists in Tasty Daily that allows for object injection due to deserialization of untrusted data. This could potentially allow an attacker to inject malicious objects. Recommendations Upda...

9.8CVSS5.9AI score0.00375EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.4 views

PT-2026-28027

Name of the Vulnerable Software and Affected Versions JS Archive List versions through 6.1.7 Description A flaw exists in the deserialization of untrusted data within the jquery-archive-list-widget component of JS Archive List, potentially allowing for object injection. Recommendations Update JS...

8.8CVSS5.8AI score0.00279EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.5 views

PT-2026-28112

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...

5.7CVSS5.8AI score0.00327EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.7 views

PT-2026-27944

Name of the Vulnerable Software and Affected Versions Nexa Blocks versions through 1.1.1 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. This issue impacts Nexa Blocks. Recommendations Update Nexa Blocks to a version later than...

9.8CVSS5.9AI score0.00375EPSS
Exploits0References4
Rows per page
Query Builder