Lucene search
K

121635 matches found

EUVD
EUVD
added 2026/03/31 12:31 p.m.3 views

EUVD-2026-17367

The Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.12. This is due to missing or incorrect nonce validation on the 'minifyhtmlmenuoptions' function. This makes it possible for unauthenticated attackers to update plugin settin...

5.4CVSS5.8AI score0.00154EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/31 12:19 p.m.10 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.4.0 Vulnerability Details CVEID:CVE-2026-1525 DESCRIPTION: Undici allows duplicate HTTP Content-Length headers when they...

9.8CVSS7.3AI score0.0115EPSS
Exploits2Affected Software1
NVD
NVD
added 2026/03/31 12:16 p.m.6 views

CVE-2026-4267

The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$SERVER'REQUESTURI'’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS0.00302EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/31 11:29 a.m.25 views

CVE-2026-4267 Query Monitor <= 3.20.3 - Reflected Cross-Site Scripting via Request URI

The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$SERVER'REQUESTURI'’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS0.00302EPSS
Exploits0References5
CVE
CVE
added 2026/03/31 11:29 a.m.16 views

CVE-2026-4267

The CVE-2026-4267 issue affects the WordPress Query Monitor plugin (versions up to 3.20.3). It allows Reflected Cross-Site Scripting via the $_SERVER['REQUEST_URI'] parameter due to insufficient input sanitization and output escaping, enabling unauthenticated attackers to inject scripts that exec...

7.2CVSS6AI score0.00302EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/31 11:29 a.m.3 views

CVE-2026-4267

The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$SERVER'REQUESTURI'’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS6AI score0.00302EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/31 11:29 a.m.3 views

EUVD-2026-17397

The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$SERVER'REQUESTURI'’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS6AI score0.00302EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/31 11:29 a.m.2 views

CVE-2026-4267 Query Monitor <= 3.20.3 - Reflected Cross-Site Scripting via Request URI

The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$SERVER'REQUESTURI'’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS6AI score0.00302EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/31 9:31 a.m.2 views

EUVD-2026-17333

The Performance Monitor WordPress plugin through 1.0.6 does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attacks...

5.8CVSS5.9AI score0.00259EPSS
Exploits0References2
OSV
OSV
added 2026/03/31 9:1 a.m.6 views

CLSA-2026-1774947708 squid: Fix of 3 CVEs

CVE-2026-33526: fix heap Use-After-Free in ICP traffic handling causing DoS - CVE-2026-33515: fix out-of-bounds read in ICP message handling leaking sensitive information - CVE-2026-32748: fix HttpRequest lifetime in ICP v3 queries preventing Use-After-Free DoS...

9.2CVSS5.8AI score0.08942EPSS
Exploits0References1
OSV
OSV
added 2026/03/31 8:47 a.m.6 views

CLSA-2026-1774946829 squid: Fix of 3 CVEs

CVE-2026-33526: fix heap Use-After-Free in ICP traffic handling causing DoS - CVE-2026-33515: fix out-of-bounds read in ICP message handling leaking sensitive information - CVE-2026-32748: fix HttpRequest lifetime in ICP v3 queries preventing Use-After-Free DoS...

9.2CVSS5.8AI score0.08942EPSS
Exploits0References1
CloudLinux
CloudLinux
added 2026/03/31 8:47 a.m.7 views

squid: Fix of 3 CVEs

CVE-2026-33526: fix heap Use-After-Free in ICP traffic handling causing DoS - CVE-2026-33515: fix out-of-bounds read in ICP message handling leaking sensitive information - CVE-2026-32748: fix HttpRequest lifetime in ICP v3 queries preventing Use-After-Free DoS...

9.2CVSS5.9AI score0.08942EPSS
Exploits0
OSV
OSV
added 2026/03/31 8:46 a.m.4 views

CLSA-2026-1774874764 squid: Fix of 3 CVEs

CVE-2026-33526: fix heap use-after-free due to double rfc1738escape in ICP error handling - CVE-2026-33515: fix validation of ICP packet sizes and URLs to prevent out-of-bounds reads - CVE-2026-32748: fix HttpRequest use-after-free in ICP v3 query handling...

9.2CVSS5.8AI score0.08942EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/31 6:31 a.m.3 views

EUVD-2026-17323

OpenStack Glance =30.0.0 30.1.1, ==31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, the web-download and...

5CVSS5.9AI score0.00258EPSS
Exploits1References3
OSV
OSV
added 2026/03/31 6:16 a.m.3 views

UBUNTU-CVE-2026-34881

OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, th...

7.1CVSS5.8AI score0.00258EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/03/31 6:16 a.m.9 views

CVE-2026-34881

OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, th...

5CVSS5.9AI score0.00258EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/31 6:0 a.m.2 views

CVE-2026-3881

The Performance Monitor WordPress plugin through 1.0.6 does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attacks...

5.9AI score0.00259EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/03/31 5:29 a.m.2 views

CVE-2026-34881

OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, th...

7.1CVSS5.2AI score0.00258EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/03/31 5:28 a.m.2 views

CVE-2026-1877

The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'apsoptionspage' function. This makes it possible for unauthenticated attackers to update settings and inject malicio...

6.1CVSS5.8AI score0.00198EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/31 4:59 a.m.7 views

CVE-2026-29925

Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery SSRF in CheckDatabaseRequest.php...

7.7CVSS5.9AI score0.00315EPSS
Exploits1References1
Rows per page
Query Builder