Lucene search
K

121631 matches found

Debian CVE
Debian CVE
added 2026/03/31 9:21 p.m.4 views

CVE-2026-34441

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

6.5CVSS5.7AI score0.00196EPSS
Exploits1
CVE
CVE
added 2026/03/31 9:21 p.m.26 views

CVE-2026-34441

cpp-httplib (C++11 single-file header-only HTTP/HTTPS library) is vulnerable to HTTP Request Smuggling prior to version 0.40.0. The server’s static file handler serves GET responses without consuming the request body, so on HTTP/1.1 keep-alive connections unread body bytes remain on the TCP strea...

6.5CVSS5.7AI score0.00196EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/03/31 9:16 p.m.7 views

CVE-2026-34366

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Payment receipt PDF generation module. User-supplied HTML in the payment Notes...

8.1CVSS0.00245EPSS
Exploits1References2
CVE
CVE
added 2026/03/31 8:57 p.m.11 views

CVE-2026-34740

WWBN AVideo (versions 26.0 and prior) contains a stored SSRF in the EPG link feature. Authenticated users with upload permissions can store arbitrary URLs that the server fetches on each EPG page visit. The URL validation relies only on PHP FILTER_VALIDATE_URL, which accepts internal network addr...

6.5CVSS6AI score0.00323EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 8:42 p.m.2 views

CVE-2026-34611

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/emailAllUsers.json.php allows administrators to send HTML emails to every registered user on the platform. While the endpoint verifies admin session status, it does not validate a CSRF token...

6.5CVSS6AI score0.00157EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 8:39 p.m.2 views

CVE-2026-34394

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's admin plugin configuration endpoint admin/save.json.php lacks any CSRF token validation. There is no call to isGlobalTokenValid or verifyToken before processing the request. Combined with the application's explicit...

8.1CVSS6AI score0.00233EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/31 8:34 p.m.11 views

CVE-2026-34384

Admidio vulnerability CVE-2026-34384: Before 5.0.8, the approval modes create_user, assign_member, and assign_user in modules/registration.php accepted GET-based requests with no CSRF validation, allowing an attacker with a pending registration and a rol_approve_users right to auto-approve or mer...

7.3CVSS5.8AI score0.00169EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/31 8:34 p.m.5 views

CVE-2026-34384 Admidio: Missing CSRF Protection on Registration Approval Actions

Admidio is an open-source user management solution. Prior to version 5.0.8, the createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which...

4.5CVSS5.8AI score0.00169EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/31 8:33 p.m.26 views

CVE-2026-34383 Admidio: CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter

Admidio is an open-source user management solution. Prior to version 5.0.8, the inventory module's itemsave endpoint accepts a user-controllable POST parameter imported that, when set to true, completely bypasses both CSRF token validation and server-side form validation. An authenticated user ca...

4.3CVSS0.00133EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/31 8:32 p.m.5 views

CVE-2026-34382

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, the delete mode handler in mylistfunction.php permanently deletes list configurations without validating a CSRF token. An attacker who can lure an authenticated user to a malicious page can silently...

4.6CVSS5.8AI score0.00123EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/31 8:16 p.m.25 views

CVE-2026-34367 InvoiceShelf: SSRF in Invoice PDF Rendering via Unsanitised HTML in Notes Field

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Invoice PDF generation module. User-supplied HTML in the invoice Notes field i...

7.6CVSS0.00261EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/31 8:5 p.m.3 views

CVE-2026-34366

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Payment receipt PDF generation module. User-supplied HTML in the payment Notes...

7.6CVSS5.8AI score0.00245EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 8:5 p.m.5 views

CVE-2026-34366 InvoiceShelf: SSRF in Payment Receipt PDF Rendering via Unsanitised HTML in Notes Field

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Payment receipt PDF generation module. User-supplied HTML in the payment Notes...

7.6CVSS5.8AI score0.00245EPSS
Exploits1References2
CVE
CVE
added 2026/03/31 8:5 p.m.8 views

CVE-2026-34366

CVE-2026-34366 affects InvoiceShelf prior to v2.2.0. An SSRF exists in the Payment receipt PDF generation module where user-supplied HTML in the Notes field is passed unsanitised to the Dompdf renderer, allowing remote resources to be fetched. The issue is exploitable directly via the PDF receipt...

8.1CVSS5.8AI score0.00245EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/31 7:44 p.m.6 views

EUVD-2026-17606

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Estimate PDF generation module. User-supplied HTML in the estimate Notes field...

7.6CVSS5.8AI score0.00245EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/31 7:44 p.m.1 views

CVE-2026-34365 InvoiceShelf: SSRF in Estimate PDF Rendering via Unsanitised HTML in Notes Field

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Estimate PDF generation module. User-supplied HTML in the estimate Notes field...

7.6CVSS5.8AI score0.00245EPSS
Exploits1References2
NVD
NVD
added 2026/03/31 7:16 p.m.5 views

CVE-2026-30521

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this...

6.5CVSS0.00313EPSS
Exploits1References1
NVD
NVD
added 2026/03/31 6:16 p.m.5 views

CVE-2026-32951

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated user can obtain shared draft topic titles by sending an inline onebox request with a categoryid parameter...

4.3CVSS0.00201EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/31 5:41 p.m.2 views

EUVD-2026-17565

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated user can obtain shared draft topic titles by sending an inline onebox request with a categoryid parameter...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/31 5:0 p.m.6 views

CVE-2026-4315

A Cross-Site Request Forgery CSRF vulnerability in the WatchGuard Fireware OS WebUI could allow a remote attacker to trigger a denial-of-service DoS condition in the Fireware Web UI by convincing an authenticated administrator into visiting a malicious web page.This issue affects Fireware OS: 11....

7.1CVSS5.9AI score0.00223EPSS
Exploits0References1
Rows per page
Query Builder