Lucene search
K

34370 matches found

EUVD
EUVD
added 2026/03/20 3:13 a.m.4 views

EUVD-2026-13526

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...

5.3CVSS5.7AI score0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 3:13 a.m.3 views

CVE-2026-32114

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...

5.3CVSS5.7AI score0.00211EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 3:13 a.m.2 views

CVE-2026-32114 Discourse's unscoped status lookups leak restricted metadata

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...

5.3CVSS5.7AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/20 3:13 a.m.21 views

CVE-2026-32114 Discourse's unscoped status lookups leak restricted metadata

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...

5.3CVSS0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/20 2:38 a.m.3 views

EUVD-2026-13505

AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an...

7.5CVSS5.8AI score0.00542EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/20 2:38 a.m.24 views

CVE-2026-32933 AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion

AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an...

7.5CVSS0.00542EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/20 2:38 a.m.7 views

CVE-2026-32933 AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion

AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an...

7.5CVSS5.8AI score0.00542EPSS
Exploits1References4
OSV
OSV
added 2026/03/20 2:38 a.m.2 views

CVE-2026-32933 AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion

AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an...

7.5CVSS5.9AI score0.00542EPSS
Exploits1References6
CVE
CVE
added 2026/03/20 2:38 a.m.318 views

CVE-2026-32933

AutoMapper (a .NET object-object mapper) is vulnerable in versions prior to 15.1.1 and 16.1.1 to a Denial of Service via uncontrolled recursion during deep object graph mapping, which can exhaust thread stack memory and trigger a StackOverflowException, terminating the process. The issue is mitig...

7.5CVSS5.8AI score0.00542EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

WordPress plugin TotalContest Lite 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS5.9AI score0.00233EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/03/20 12:0 a.m.89 views

📄 PEGA Infinity Brute Force / Insecure Direct Object Reference

PEGA Infinity suffers from brute forcing and insecure direct object reference vulnerabilities. Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by the brute force issue. Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by the idor issue. SEC Consult Vulnerability Lab...

6.5CVSS5.8AI score0.00405EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.6 views

PT-2026-26506

ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an admin user to edit JSON type system settings to store a JavaScript payload that can execute when any admin views the system settings. The JSON input is left unescaped/unsanitized in SystemSettings.php, leading ...

6.4CVSS5.8AI score0.0032EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.6 views

PT-2026-26549

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. Before versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

WordPress plugin Special Box for Content 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.9CVSS7.1AI score0.00199EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.2 views

PT-2026-26596

CVE-2026-0677 Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite allows Object Injection.This issue affects TotalContest Lite: from n/a through 2.9.1. https://t.co/JVG0kERfsB...

7.2CVSS5.8AI score0.00233EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse prior to 2026.3.0-latest.1, as well as versions before 2026.2.1 and 2026.1.2, have security...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.9 views

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.0.2 contained security vulnerabilities. These vulnerabilities stemmed from improper cleaning of JSON inputs in the SystemSettings.php file, which could lead to cross-site scripting attacks...

6.4CVSS5.6AI score0.0032EPSS
Exploits1References1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/20 12:0 a.m.6 views

Vikunja read-only users can delete project background images via broken object-level authorization

The DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delete its background image...

5.4CVSS5.8AI score0.00211EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.4 views

PT-2026-26758

Name of the Vulnerable Software and Affected Versions MinIO versions prior to RELEASE.2026-03-17T21-25-16Z Description The MinIO AIStor Security Token Service STS AssumeRoleWithLDAPIdentity endpoint is susceptible to LDAP credential brute-forcing. This is due to a combination of distinguishable...

10CVSS5.8AI score0.03256EPSS
Exploits67References151
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.11 views

Red Hat OpenShift AI 安全漏洞

Red Hat OpenShift AI is an AI lifecycle management platform developed by Red Hat Inc. There is a security vulnerability in Red Hat OpenShift AI, which stems from improper endpoint access control at the /save-document endpoint. This vulnerability could allow unverified remote attackers to write...

6AI score
Exploits0References1
Rows per page
Query Builder