Lucene search
K

5563 matches found

CVE
CVE
added 2026/03/23 11:25 p.m.8 views

CVE-2026-4056

The CVE-2026-4056 entry concerns the WordPress plugin “User Registration & Membership.” The vulnerability arises from a missing capability check in the Content Access Rules REST API endpoints, where the code path only validates the edit_posts permission instead of an administrator-level capabilit...

5.4CVSS5.8AI score0.00182EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/03/23 4:6 p.m.5 views

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

6CVSS6.7AI score0.0056EPSS
Exploits0References9
CVE
CVE
added 2026/03/23 1:53 p.m.51 views

CVE-2026-3635

CVE-2026-3635 : In Fastify (affected: fastify

6.1CVSS5.8AI score0.0012EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/23 7:1 a.m.4 views

CVE-2026-32595

A flaw was found in Traefik. An unauthenticated attacker can exploit a timing attack vulnerability in the BasicAuth middleware. By observing the time it takes for the middleware to respond, an attacker can determine if a submitted username is valid or not. This information disclosure allows for...

6.3CVSS5.7AI score0.00385EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/03/23 2:53 a.m.9 views

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

6CVSS6.7AI score0.0056EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/03/23 2:19 a.m.5 views

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

6CVSS6.7AI score0.0056EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/03/23 1:32 a.m.7 views

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

6CVSS6.7AI score0.0056EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.6 views

PT-2026-27267

Name of the Vulnerable Software and Affected Versions User Registration & Membership plugin for WordPress versions 5.0.1 through 5.1.4 Description The plugin has a flaw allowing unauthorized data modification. This is due to an insufficient capability check on the Content Access Rules REST API...

5.4CVSS5.8AI score0.00182EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/20 10:23 p.m.3 views

CVE-2026-33186 gRPC-Go has an authorization bypass via missing leading slash in :path

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References1
Microsoft Secure
Microsoft Secure
added 2026/03/20 4:19 p.m.118 views

CTI-REALM: A new benchmark for end-to-end detection rule generation with AI agents

Excerpt: CTI-REALM is Microsoft’s open-source benchmark for evaluating AI agents on real-world detection engineering—turning cyber threat intelligence CTI into validated detections. Instead of measuring “CTI trivia,” CTI-REALM tests end-to-end workflows: reading threat reports, exploring telemetr...

5.7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/20 1:52 a.m.3 views

CVE-2026-32811 Heimdall: Path received via Envoy gRPC corrupted when containing query string

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. When using Heimdall in envoy gRPC decision API mode with versions 0.7.0-alpha through 0.17.10, wrong encoding of the query URL string allows rules with non-wildcard path expressions to be bypassed. Envoy splits t...

8.2CVSS5.7AI score0.003EPSS
Exploits1References4
OSV
OSV
added 2026/03/20 1:52 a.m.10 views

CVE-2026-32811 Heimdall: Path received via Envoy gRPC corrupted when containing query string

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. When using Heimdall in envoy gRPC decision API mode with versions 0.7.0-alpha through 0.17.10, wrong encoding of the query URL string allows rules with non-wildcard path expressions to be bypassed. Envoy splits t...

8.2CVSS6.2AI score0.003EPSS
Exploits1References6
NVD
NVD
added 2026/03/20 12:16 a.m.7 views

CVE-2026-32758

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.2 and below are vulnerable to Path Traversal through the resourcePatchHandler http/resource.go. The destination path in resourcePatchHandler is...

6.5CVSS0.00387EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the xtIDLETIMER module allowing rev0 rules to reuse ALARM type timer labels. This could lead to a...

7.8CVSS5.8AI score0.00123EPSS
Exploits0References5
CVE
CVE
added 2026/03/19 11:22 p.m.15 views

CVE-2026-32758

The CVE-2026-32758 entry concerns File Browser, where versions 2.61.2 and earlier are vulnerable to Path Traversal via the resourcePatchHandler in http/resource.go. The flaw allows an authenticated user with Create or Rename permissions to bypass deny rules by injecting .. sequences in the destin...

6.5CVSS5.7AI score0.00387EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/19 11:22 p.m.23 views

CVE-2026-32758 File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.2 and below are vulnerable to Path Traversal through the resourcePatchHandler http/resource.go. The destination path in resourcePatchHandler is...

6.5CVSS0.00387EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/19 11:22 p.m.3 views

CVE-2026-32758 File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.2 and below are vulnerable to Path Traversal through the resourcePatchHandler http/resource.go. The destination path in resourcePatchHandler is...

6.5CVSS5.7AI score0.00387EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/19 11:22 p.m.4 views

CVE-2026-32758

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.2 and below are vulnerable to Path Traversal through the resourcePatchHandler http/resource.go. The destination path in resourcePatchHandler is...

6.5CVSS5.7AI score0.00387EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/19 11:22 p.m.3 views

CVE-2026-32758 File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.2 and below are vulnerable to Path Traversal through the resourcePatchHandler http/resource.go. The destination path in resourcePatchHandler is...

6.5CVSS6.2AI score0.00387EPSS
Exploits0References5
Fedora
Fedora
added 2026/03/19 12:55 a.m.6 views

[SECURITY] Fedora 43 Update: libtasn1-4.21.0-1.fc43

A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding functi ons...

7.5CVSS5.8AI score0.01109EPSS
Exploits0
Rows per page
Query Builder