Lucene search
K

121681 matches found

SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.5 views

SUSE CVE-2026-33064

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending ...

8.7CVSS5.9AI score0.00486EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.4 views

SUSE CVE-2026-33206

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre' handling of images in Markdown and other similar text-based files allowing an attacker to include arbitrary files from the...

8.2CVSS5.9AI score0.00208EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.4 views

SUSE CVE-2026-33211

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the pathInRepo parameter. A tenant with permissi...

9.6CVSS6AI score0.00573EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.4 views

SUSE CVE-2026-33283

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Transport NAS messages without a Request Type. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected...

7.5CVSS5.9AI score0.00365EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:24 a.m.3 views

SUSE CVE-2026-33619

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the v0.8.3...

4.1CVSS5.9AI score0.00249EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:24 a.m.6 views

SUSE CVE-2026-33675

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the migration helper functions DownloadFile and DownloadFileWithHeaders in pkg/modules/migration/helpers.go make arbitrary HTTP GET requests without any SSRF protection. When a user triggers a Todoist or Trell...

6.4CVSS6AI score0.00272EPSS
Exploits1References3
Fedora
Fedora
added 2026/03/28 12:19 a.m.7 views

[SECURITY] Fedora 44 Update: rust-reqsign-core-3.0.0-1.fc44

Signing API requests without effort...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.10 views

PT-2026-28719

Name of the Vulnerable Software and Affected Versions PromtEngineer localGPT versions prior to 4d41c7d1713b16b216d8e062e51a5dd88b20b054 Description A flaw exists in PromtEngineer localGPT that allows for unrestricted file upload. The issue is located in the do POST function within the...

7.5CVSS5.6AI score0.00294EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/03/28 12:0 a.m.4 views

WordPress plugin Restaurant Cafeteria 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS6AI score0.0022EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-33870

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strin...

7.5CVSS6.6AI score0.0064EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-28368

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by...

9.1CVSS5.5AI score0.00704EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-28367

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request...

9.1CVSS5.5AI score0.00706EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-28369

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the...

9.1CVSS5.6AI score0.00677EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/28 12:0 a.m.8 views

WordPress plugin Oxygen Theme 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS6AI score0.0019EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.8 views

PT-2026-28257

EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets...

9.8CVSS6.8AI score0.00822EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/27 11:27 p.m.3 views

CVE-2026-33870

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

7.5CVSS5.8AI score0.0064EPSS
Exploits1References7
GithubExploit
GithubExploit
added 2026/03/27 11:4 p.m.189 views

websec-payloads

Web Security Payloads & Exploitation Reference Comprehensiv...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.4 views

CVE-2026-33537

Lychee is a free, open-source photo-management tool. The patch introduced for GHSA-cpgw-wgf3-xc6v SSRF via Photo::fromUrl contains an incomplete IP validation check that fails to block loopback addresses and link-local addresses. Prior to version 7.5.1, an authenticated user can still reach...

5.3CVSS5.9AI score0.0026EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.6 views

CVE-2026-33619

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the v0.8.3...

4.1CVSS5.9AI score0.00249EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.11 views

CVE-2026-32857

Firecrawl version 2.8.0 and prior contain a server-side request forgery SSRF protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations. Attackers can supply an...

8.6CVSS5.9AI score0.00407EPSS
Exploits0References1
Rows per page
Query Builder