Lucene search
K

34374 matches found

Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.5 views

PT-2026-26248

🟠 CVE-2026-27096 - High Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme allows Object Injection.This issue affects ColorFolio - Freelance Designer Word... https://t.co/HOIbh9qxFx https://t.co/LcmJdGrhq3...

8.1CVSS5.8AI score0.00324EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.8 views

PT-2026-26276

Name of the Vulnerable Software and Affected Versions WishList Member X versions through 3.29.0 Description The software contains a flaw related to the deserialization of untrusted data, which allows for object injection. This issue impacts the application's ability to securely handle incoming...

8.8CVSS5.9AI score0.00301EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.5 views

WordPress和WordPress plugin 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

9.8CVSS5.9AI score0.00386EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.11 views

PT-2026-26268

🚨 CVE-2025-60233: WordPress Zuut theme = 1.4.2 - ... PHP object injection in WordPress themes = instant RCE playground for attackers who can craft malicious serialized payl... https://t.co/IgpaLoPW1V netsec vulnerability CVE sysadmin zeroday...

9.8CVSS5.8AI score0.00386EPSS
Exploits0References5
NVD
NVD
added 2026/03/18 11:17 p.m.4 views

CVE-2026-32736

The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...

4.3CVSS0.00207EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/18 11:14 p.m.7 views

CVE-2026-31898

A flaw was found in jsPDF, a JavaScript library used for generating PDF documents. This vulnerability allows a remote attacker to inject arbitrary PDF objects, including JavaScript actions, into a generated PDF. This can occur if unsanitized user input is provided to the createAnnotation method's...

8.1CVSS6.2AI score0.00356EPSS
Exploits0References7
OSV
OSV
added 2026/03/18 10:6 p.m.5 views

CVE-2026-32736 Hytale Modding Wiki has Insecure Direct Object Reference / GDPR PII Exposure

The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...

4.3CVSS5.9AI score0.00207EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/18 10:6 p.m.2 views

CVE-2026-32736

The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...

4.3CVSS5.8AI score0.00207EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/18 10:6 p.m.9 views

CVE-2026-32736

The Hytale Modding Wiki has an IDOR vulnerability in versions before 1.0.0 that allows any authenticated user to access authors’ full names and email addresses by visiting a mod page via its slug. Affected software: Hytale Modding Wiki (pre-1.0.0). Impact: exposure of PII with MEDIUM severity (CV...

4.3CVSS5.8AI score0.00207EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/18 10:6 p.m.5 views

EUVD-2026-12981

The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...

4.3CVSS5.8AI score0.00207EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/18 10:6 p.m.22 views

CVE-2026-32736 Hytale Modding Wiki has Insecure Direct Object Reference / GDPR PII Exposure

The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...

4.3CVSS0.00207EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/18 8:10 p.m.3 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview deepdiff is a Deep Difference and Search of any Python object/data. Recreate objects by adding adding deltas to each other. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the RestrictedUnpickler...

8.7CVSS5.8AI score0.00452EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/18 8:8 p.m.9 views

dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver

Summary Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in configuration values without a sandboxed environment. If an attacker can...

8.1CVSS6.1AI score0.00526EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/03/18 3:30 p.m.5 views

EUVD-2026-12821

Deserialization of Untrusted Data vulnerability in Shinetheme Traveler allows Object Injection.This issue affects Traveler: from n/a before 3.2.8.1...

9.8CVSS5.8AI score0.00322EPSS
Exploits0References2
NVD
NVD
added 2026/03/18 2:16 p.m.9 views

CVE-2026-25449

Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler allows Object Injection.This issue affects Traveler: from n/a through 3.2.8.1...

9.8CVSS0.00322EPSS
Exploits0References1
CVE
CVE
added 2026/03/18 1:12 p.m.12 views

CVE-2026-25449

CVE-2026-25449 : The WordPress Traveler theme (Shinetheme Traveler) is affected prior to version 3.2.8.1 by a PHP object injection vulnerability caused by deserialization of untrusted data. The issue affects Traveler components (described as before 3.2.8.1) and is rated critical (CVSS 3.1 base sc...

9.8CVSS5.9AI score0.00322EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/18 1:12 p.m.1 views

CVE-2026-25449 WordPress Traveler theme < 3.2.8.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Shinetheme Traveler allows Object Injection.This issue affects Traveler: from n/a before 3.2.8.1...

9.8CVSS5.8AI score0.00322EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/18 1:12 p.m.30 views

CVE-2026-25449 WordPress Traveler theme < 3.2.8.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler allows Object Injection.This issue affects Traveler: from n/a through 3.2.8.1...

9.8CVSS0.00322EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/18 1:12 p.m.5 views

CVE-2026-25449

Deserialization of Untrusted Data vulnerability in Shinetheme Traveler allows Object Injection.This issue affects Traveler: from n/a before 3.2.8.1...

9.8CVSS5.8AI score0.00322EPSS
Exploits0References2
CVE
CVE
added 2026/03/18 12:55 p.m.11 views

CVE-2026-32694

The CVE-2026-32694 vulnerability affects Juju (versions 3.0.0 through 3.6.18). It arises when a secret owner grants a secret to a grantee and relies solely on a predictable secret XID to verify ownership. A malicious grantee who can request secrets can predict past secrets granted by the same own...

6.6CVSS5.8AI score0.00269EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder