Lucene search
K

858 matches found

RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.9 views

CVE-2025-55265

HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present in the system and may use it to craft further attacks...

7.5CVSS5.9AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.6 views

CVE-2026-27091

Missing Authorization vulnerability in UiPress UiPress lite uipress-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: from n/a through = 3.5.09...

6.3CVSS5.9AI score0.00157EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 1:2 a.m.4 views

EUVD-2026-16076

A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted is the function can of the file /workspace/source-code/app/controller/explorer/auth.class.php of the component Password-protected Share Handler. Performing a manipulation results in improper authentication. The attack is...

6.3CVSS4.9AI score0.0048EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/26 12:31 a.m.5 views

Malicious code in @universeorg/dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e1bca28be318e644a718c57c724dac6b6b480889b772e317cda8bb23512515c The package @universeorg/dotenv was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.5 views

SUSE CVE-2026-27945

ZITADEL is an open source identity management platform. Zitadel Action V2 introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0 is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. Zitadel's Action target URLs...

6.5CVSS5.9AI score0.00226EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/24 12:16 a.m.3 views

CVE-2026-4616 bolo-blog Article Title article cross site scripting

A security flaw has been discovered in bolo-blog up to 2.6.4. The affected element is an unknown function of the file /console/article/ of the component Article Title Handler. Performing a manipulation of the argument articleTitle results in cross site scripting. It is possible to initiate the...

4.8CVSS4.3AI score0.00274EPSS
Exploits0References5
CVE
CVE
added 2026/03/22 1:2 p.m.8 views

CVE-2026-4548

CVE-2026-4548 affects mickasmt next-saas-stripe-starter 1.0.0. The vulnerable component is the function updateUserrole in actions/update-user-role.ts, where manipulation of arguments userId/role leads to improper authorization. The impact is described as remote exploit with network access; the vu...

6.5CVSS6.4AI score0.00195EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/22 12:30 a.m.19 views

EUVD-2026-14258

A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/httpproxy.service.ts of the component URL Validation Handler. This manipulation causes server-side request forgery. Remote exploitation ...

7.5CVSS5.4AI score0.003EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/22 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-4115

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was detected in PuTTY 0.83. Affected is the function eddsaverify of the file crypto/ecc- ssh.c of the component Ed25519 Signature Handler. The...

6.3CVSS5.1AI score0.00534EPSS
Exploits1References3
OSV
OSV
added 2026/03/20 4:47 a.m.4 views

MAL-2026-1945 Malicious code in cryptopapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8115fdc278d0fa50691d9381670d65784c4e58c7350c6f039f4cc48900003832 The package cryptopapi was found to contain malicious code. Source: ghsa-malware 36add754a3a299e4d93abe760b631b4a294d017297d11825b1fc1e2363030172 Any...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/17 3:9 a.m.3 views

MAL-2026-1489 Malicious code in asset-delivery (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff566136dd4e76e6bc8da12a23345712a57b375d3d0586ee36922cc0ffbbf880 The package asset-delivery was found to contain malicious code. Source: ghsa-malware ce9daf86327543018f44899bd8967bf2b927d6f1d9267b6726281b5ea0765868...

5.7AI score
Exploits0References1
NVD
NVD
added 2026/03/16 2:20 p.m.4 views

CVE-2026-4221

A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit has...

7.5CVSS0.00284EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/16 12:24 a.m.6 views

Malicious code in vtimmmmmm-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f98c647bcb6a277d8ef94407b1287e79a9840e0956aa955ff01ea19778219c7 The package vtimmmmmm-test was found to contain malicious code. Source: ghsa-malware 7f04d92a8262ba75c225fb58633a5dfbe7c1d4a750b88f634dde448a81e13b63...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/16 12:0 a.m.6 views

Malicious code in dazaar-cli (npm)

The package 'dazaar-cli' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

5.5AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.9 views

PT-2026-25611

A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java of the component SMTP Host Handler. The manipulation results in server-side request forgery. The...

6.5CVSS5.3AI score0.00201EPSS
Exploits0References4
CVE
CVE
added 2026/03/15 11:2 p.m.34 views

CVE-2026-4194

CVE-2026-4194 affects multiple D-Link DNS devices (e.g., DNS-120, DNS-320 family, DNS-1550-04, others) with the vulnerable element in the CGI: /cgi-bin/system_mgr.cgi, function cgi_set_wto. The issue is improper access controls due to manipulating this function, enabling remote exploitation. Mult...

9.8CVSS6.8AI score0.01238EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:44 p.m.10 views

simplesamlphp/xml-security: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

Summary XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts...

8.2CVSS5.8AI score0.00148EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/12 12:2 a.m.2 views

CVE-2026-3967 Alfresco Activiti Process Variable Serialization System SerializableType.java createObjectInputStream deserialization

A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the function deserialize/createObjectInputStream of the file activiti-core/activiti-engine/src/main/java/org/activiti/engine/impl/variable/SerializableType.java of the component Process Variable Serialization...

6.5CVSS6.2AI score0.00242EPSS
Exploits0References4
OSV
OSV
added 2026/03/08 7:16 p.m.6 views

CVE-2026-3762

A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmindeletemanager.php of the component Endpoint. The manipulation of the argument managerid leads to improper authorization. It is possible to initiate th...

9.8CVSS5.4AI score0.00496EPSS
Exploits1References5
NVD
NVD
added 2026/03/08 7:16 a.m.5 views

CVE-2026-3715

A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub40139C of the file /cgi-bin/firewall.cgi. Performing a manipulation of the argument delflag results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made publ...

9CVSS0.00655EPSS
Exploits1References5
Rows per page
Query Builder