Lucene search
K

34370 matches found

Vulnrichment
Vulnrichment
added 2026/03/20 10:32 p.m.3 views

CVE-2026-33203 SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on...

7.5CVSS5.9AI score0.00497EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/03/20 8:53 p.m.6 views

WordPress Pelicula theme < 1.10 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Pelicula versions 1.10...

9.8CVSS5.8AI score0.00375EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/03/20 7:57 p.m.4 views

EUVD-2026-13772

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to version 0.16.3, the /ffprobe endpoint accepts arbitrary user-controlled URLs without proper validation, allowing Server-Side Request Forgery SSRF attacks. An attacker can use the Frigate server t...

5CVSS5.9AI score0.00189EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/03/20 6:1 p.m.6 views

WordPress Pendulum theme < 3.1.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Pendulum versions 3.1.5...

8.8CVSS5.8AI score0.00344EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/20 6:1 p.m.10 views

WordPress Vex theme < 1.2.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Vex versions 1.2.9...

8.8CVSS5.8AI score0.00344EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/03/20 5:25 p.m.3 views

GHSA-564F-WX8X-878H Vikunja read-only users can delete project background images via broken object-level authorization

Summary The DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delete its background image. Details The RemoveProjectBackground handler pkg/modules/background/handler/background.g...

5.3CVSS5.8AI score0.00211EPSS
Exploits1References4
Patchstack
Patchstack
added 2026/03/20 5:23 p.m.7 views

WordPress JS Archive List plugin <= 6.1.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin JS Archive List versions = 6.1.7...

8.8CVSS5.8AI score0.00279EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 2:42 p.m.2 views

CVE-2026-33312 Read-only Vikunja users can delete project background images via broken object-level authorization

Vikunja is an open-source self-hosted task management platform. Starting in version 0.20.2 and prior to version 2.2.0, the DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delet...

5.3CVSS5.8AI score0.00211EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 2:24 p.m.5 views

OESA-2026-1657 jtidy security update

JTidy is the Java port for HTML Tidy, which is an HTML syntax checker and a nice printer. JTidy can be used as a tool to clean up misformatted HTML. In addition, JTidy provides a DOM interface to the documents being processed, effectively enabling you to use JTidy as a DOM parser for real HTML...

7.5CVSS5.8AI score0.00866EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/20 12:31 p.m.4 views

EUVD-2026-13657

Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite allows Object Injection.This issue affects TotalContest Lite: from n/a through 2.9.1...

7.2CVSS5.8AI score0.00233EPSS
Exploits0References2
NVD
NVD
added 2026/03/20 10:16 a.m.3 views

CVE-2026-0677

Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite totalcontest-lite allows Object Injection.This issue affects TotalContest Lite: from n/a through = 2.9.1...

6.3CVSS0.00233EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/20 10:15 a.m.4 views

SUSE CVE-2025-12044

Vault and Vault Enterprise “Vault” are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...

7.5CVSS7.5AI score0.00517EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/20 9:31 a.m.23 views

CVE-2026-0677 WordPress TotalContest Lite plugin <= 2.9.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite totalcontest-lite allows Object Injection.This issue affects TotalContest Lite: from n/a through = 2.9.1...

0.00233EPSS
Exploits0References1
CVE
CVE
added 2026/03/20 9:31 a.m.6 views

CVE-2026-0677

CVE-2026-0677 concerns the WordPress plugin TotalContest Lite (

6.3CVSS5.9AI score0.00233EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/20 9:31 a.m.5 views

CVE-2026-0677 WordPress TotalContest Lite plugin <= 2.9.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite totalcontest-lite allows Object Injection.This issue affects TotalContest Lite: from n/a through = 2.9.1...

5.4AI score0.00233EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 9:31 a.m.5 views

CVE-2026-0677

Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite allows Object Injection.This issue affects TotalContest Lite: from n/a through 2.9.1...

7.2CVSS5.8AI score0.00233EPSS
Exploits0References2
OSV
OSV
added 2026/03/20 9:5 a.m.3 views

BIT-CEPH-2020-1760

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input...

6.1CVSS6.7AI score0.01525EPSS
Exploits0References8
OSV
OSV
added 2026/03/20 9:5 a.m.4 views

BIT-CEPH-2020-12059

An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception...

7.5CVSS7.1AI score0.02654EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:52 a.m.4 views

CVE-2026-32701

Qwik is a performance-focused JavaScript framework. Versions prior to 1.19.2 improperly inferred arrays from dotted form field names during FormData parsing. By submitting mixed array-index and object-property keys for the same path, an attacker could cause user-controlled properties to be writte...

7.5CVSS5.9AI score0.00427EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/20 7:34 a.m.3 views

CVE-2026-33061 Jexactyl has Stored DOM Cross-Site Scripting (XSS) via unescaped JSON in Blade template

Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescap...

5.8CVSS5.9AI score0.00165EPSS
Exploits1References4
Rows per page
Query Builder