Lucene search
K

121649 matches found

CNNVD
CNNVD
added 2026/03/28 12:0 a.m.4 views

WordPress plugin Restaurant Cafeteria 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS6AI score0.0022EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.7 views

PT-2026-28257

EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets...

9.8CVSS6.8AI score0.00822EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/28 12:0 a.m.7 views

WordPress plugin Oxygen Theme 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS6AI score0.0019EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-28369

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the...

9.1CVSS5.6AI score0.00677EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-28367

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request...

9.1CVSS5.5AI score0.00706EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-33870

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strin...

7.5CVSS6.6AI score0.0064EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-28368

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by...

9.1CVSS5.5AI score0.00704EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/27 11:27 p.m.2 views

CVE-2026-33870

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

7.5CVSS5.8AI score0.0064EPSS
Exploits1References7
GithubExploit
GithubExploit
added 2026/03/27 11:4 p.m.188 views

websec-payloads

Web Security Payloads & Exploitation Reference Comprehensiv...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.4 views

CVE-2026-33537

Lychee is a free, open-source photo-management tool. The patch introduced for GHSA-cpgw-wgf3-xc6v SSRF via Photo::fromUrl contains an incomplete IP validation check that fails to block loopback addresses and link-local addresses. Prior to version 7.5.1, an authenticated user can still reach...

5.3CVSS5.9AI score0.0026EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.6 views

CVE-2026-33619

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the v0.8.3...

4.1CVSS5.9AI score0.00249EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.11 views

CVE-2026-32857

Firecrawl version 2.8.0 and prior contain a server-side request forgery SSRF protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations. Attackers can supply an...

8.6CVSS5.9AI score0.00407EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.5 views

CVE-2026-33682

Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...

4.8CVSS5.8AI score0.00282EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.7 views

CVE-2026-4902

A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is n...

9CVSS8AI score0.00632EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.4 views

CVE-2026-4903

A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. Th...

9CVSS7.9AI score0.05461EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/27 10:12 p.m.7 views

CVE-2026-33992 pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery SSRF attacks. An authenticated attacker can exploit this to access internal network service...

9.3CVSS6AI score0.00397EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 10:10 p.m.4 views

CVE-2026-33991

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

8.8CVSS5.9AI score0.00392EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/27 10:10 p.m.5 views

EUVD-2026-16884

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

8.8CVSS5.9AI score0.00392EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/27 10:10 p.m.4 views

CVE-2026-33991 WeGIA has SQL Injection in deletar_tag.php

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

8.8CVSS5.9AI score0.00392EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 10:10 p.m.4 views

CVE-2026-33991 WeGIA has SQL Injection in deletar_tag.php

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

8.8CVSS5.9AI score0.00392EPSS
Exploits1References3
Rows per page
Query Builder