Lucene search
K

34370 matches found

Snyk
Snyk
added 2026/03/19 9:31 p.m.3 views

Uncontrolled Recursion

Overview Scriban.Signed is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Affected versions of this package are vulnerable to Uncontrolled Recursion due to the...

8.7CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/19 9:31 p.m.6 views

Scriban has an Infinite Recursion during Object Rendering Leads to Stack Overflow and Process Crash (Denial of Service)

When Scriban renders an object that contains a circular reference, it traverses the object's members infinitely. Because the ObjectRecursionLimit property defaults to unlimited, this behavior exhausts the thread's stack space, triggering an uncatchable StackOverflowException that immediately...

5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/19 9:31 p.m.4 views

GHSA-GRR9-747V-XVCP Scriban has an Infinite Recursion during Object Rendering Leads to Stack Overflow and Process Crash (Denial of Service)

When Scriban renders an object that contains a circular reference, it traverses the object's members infinitely. Because the ObjectRecursionLimit property defaults to unlimited, this behavior exhausts the thread's stack space, triggering an uncatchable StackOverflowException that immediately...

7.5CVSS5.9AI score
Exploits0References3
CVE
CVE
added 2026/03/19 7:41 p.m.17 views

CVE-2026-32119

CVE-2026-32119 affects OpenEMR up to version 8.0.0.1 (fixed in 8.0.0.2). The issue is a DOM-based stored XSS in the jQuery SearchHighlight plugin (library/js/SearchHighlight.js) where an authenticated user with encounter form write access can inject arbitrary JavaScript that executes in another c...

4.4CVSS5.9AI score0.00156EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/19 7:41 p.m.4 views

CVE-2026-32119 OpenEMR has Stored DOM XSS via SearchHighlight text-node reconstruction on Custom Report page

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, DOM-based stored XSS in the jQuery SearchHighlight plugin library/js/SearchHighlight.js allows an authenticated user with encounter form write access to inject arbitrary...

4.4CVSS6AI score0.00156EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2026/03/19 5:43 p.m.8 views

org.webjars.npm:file-entry-cache (>=5.0.1 <=6.0.1), org.webjars.npm:flat-cache (>=2.0.1 <=3.0.4) +6 more potentially affected by CVE-2026-33228 via org.webjars.npm:flatted (>=2.0.1 <=3.3.4)

org.webjars.npm:flatted MAVEN version =2.0.1, =5.0.1, =2.0.1, =3.3.1, =0.3.16, =0.2.107, =1.1.13, =0.1.30, =1.7.6, =2.0.2 Source cves: CVE-2026-33228 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15700434...

9.8CVSS6AI score0.00704EPSS
Exploits1
Snyk
Snyk
added 2026/03/19 5:43 p.m.4 views

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the parse function. An attacker can manipulate the prototype chain by supplying a specially crafted string that causes the returned object to reference Array.prototype, allowing subsequent writes to that property...

9.8CVSS6.6AI score0.00704EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/19 5:43 p.m.4 views

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the parse function. An attacker can manipulate the prototype chain by supplying a specially crafted string that causes the returned object to reference Array.prototype, allowing subsequent writes to that property...

9.8CVSS6.6AI score0.00704EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/19 9:30 a.m.3 views

EUVD-2025-208861

Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n/a through 1.4.2...

9.8CVSS5.8AI score0.00386EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/19 9:30 a.m.8 views

EUVD-2026-13083

Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X allows Object Injection.This issue affects WishList Member X: from n/a through 3.29.0...

8.8CVSS5.8AI score0.00301EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/19 9:30 a.m.4 views

EUVD-2025-208862

Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue affects Finag: from n/a through 1.5.0...

9.8CVSS5.8AI score0.00511EPSS
Exploits0References2
NVD
NVD
added 2026/03/19 9:16 a.m.8 views

CVE-2026-25445

Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X allows Object Injection.This issue affects WishList Member X: from n/a through 3.29.0...

8.8CVSS0.00301EPSS
Exploits0References1
NVD
NVD
added 2026/03/19 9:16 a.m.4 views

CVE-2025-60233

Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n/a through 1.4.2...

9.8CVSS0.00386EPSS
Exploits0References1
NVD
NVD
added 2026/03/19 9:16 a.m.4 views

CVE-2025-60237

Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue affects Finag: from n/a through 1.5.0...

9.8CVSS0.00511EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/19 8:37 a.m.2 views

CVE-2026-25445 WordPress WishList Member X plugin <= 3.29.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X allows Object Injection.This issue affects WishList Member X: from n/a through 3.29.0...

8.8CVSS5.8AI score0.00301EPSS
Exploits0References1
CVE
CVE
added 2026/03/19 8:37 a.m.25 views

CVE-2026-25445

The vulnerability is a PHP object injection in the WordPress plugin WishList Member X (affected versions: up to 3.29.0). It stems from a deserialization of untrusted data, enabling object injection that can impact confidentiality, integrity, and availability. The CVSS 3.1 base score is 8.8 (HIGH)...

8.8CVSS5.2AI score0.00301EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/19 8:37 a.m.23 views

CVE-2026-25445 WordPress WishList Member X plugin <= 3.29.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X allows Object Injection.This issue affects WishList Member X: from n/a through 3.29.0...

8.8CVSS0.00301EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/19 8:37 a.m.6 views

CVE-2026-25445

Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X allows Object Injection.This issue affects WishList Member X: from n/a through 3.29.0...

8.8CVSS5.8AI score0.00301EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/03/19 8:23 a.m.6 views

Security update for jq

This update for jq fixes the following issue: CVE-2025-9403: test suite assertion failure in JSON parsing consistency validation bsc1248600. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...

4.8CVSS5.8AI score0.00194EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/19 8:14 a.m.24 views

CVE-2025-60237 WordPress Finag theme <= 1.5.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue affects Finag: from n/a through 1.5.0...

9.8CVSS0.00511EPSS
Exploits0References1
Rows per page
Query Builder