Lucene search
K

7921 matches found

Cvelist
Cvelist
added 2026/03/18 3:28 p.m.24 views

CVE-2026-2992 KiviCare <= 4.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via Setup Wizard

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the /wp-json/kivicare/v1/setup-wizard/clinic REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated...

8.2CVSS0.00248EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/18 3:28 p.m.6 views

CVE-2026-2992 KiviCare <= 4.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via Setup Wizard

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the /wp-json/kivicare/v1/setup-wizard/clinic REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated...

8.2CVSS5.8AI score0.00248EPSS
Exploits0References4
CVE
CVE
added 2026/03/18 3:28 p.m.11 views

CVE-2026-2992

The vulnerability affects the KiviCare – Clinic & Patient Management System (EHR) WordPress plugin up to version 4.1.2. A missing authorization flaw exists on the REST endpoint /wp-json/kivicare/v1/setup-wizard/clinic, enabling unauthenticated attackers to create a new clinic and a WordPress user...

8.2CVSS5.8AI score0.00248EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/18 2:16 p.m.2 views

CVE-2026-32694

In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the...

6.6CVSS6.4AI score0.00269EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/18 12:55 p.m.26 views

CVE-2026-32694 Insecure Direct Object Reference attack via predictable secret ID in Juju

In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the...

6.6CVSS0.00269EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.6 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a mistake in the cleanup loop of the setupnicdevices function in the liquidio driver. This mistak...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.6 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a mistake in the cleanup loop of the setupnicdevices function in the liquidio driver’s PF. This...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.14 views

WordPress plugin KiviCare 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.2CVSS5.8AI score0.00248EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-23256

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: liquidio: Fix off-by-one error in VF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The...

5.5CVSS5.9AI score0.00114EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-23257

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: liquidio: Fix off-by-one error in PF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The...

5.5CVSS6.1AI score0.00114EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-23261

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvme-fc: release admin tagset if init fails nvmefabrics creates an NVMe/FC controller in following path: nvmfdevwrite - nvmfcreatectrl - nvmefccreatectrl -...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-23258

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: liquidio: Initialize netdev pointer before queue setup In setupnicdevices, the netdev is allocated using allocetherdevmq. However, the pointer to this...

5.5CVSS6.1AI score0.00114EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-23254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the encapsulation flag zeroed. Such assumption i...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/03/17 10:48 a.m.113 views

Exploit for Classic Buffer Overflow in Freefloat Freefloat_Ftp_Server

CVE-2025-5548 Security research and reprod...

9.8CVSS6.2AI score0.10139EPSS
Exploits12
Snyk
Snyk
added 2026/03/16 8:40 p.m.2 views

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management. An attacker can gain unauthorized privileges by replaying a valid setup code before approval, allowing escalation of pending device pairing scopes...

9.8CVSS5.9AI score0.00351EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/03/16 7:37 p.m.6 views

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI packages — by...

6.3AI score
Exploits0
CVE
CVE
added 2026/03/16 4:55 p.m.6 views

CVE-2026-29521

CVE-2026-29521 affects Hereta ETH-IMC408M devices with firmware 1.0.15 and earlier, where missing CSRF protections in setup.cgi allow cross-site request forgery. An attacker hosting malicious pages can submit forged requests using automatically-included HTTP Basic Authentication credentials to mo...

5.1CVSS5.7AI score0.0011EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/16 4:55 p.m.2 views

CVE-2026-29521 Hereta ETH-IMC408M CSRF via Configuration Setup

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a cross-site request forgery vulnerability that allows attackers to modify device configuration by exploiting missing CSRF protections in setup.cgi. Attackers can host malicious pages that submit forged requests using...

5.1CVSS5.7AI score0.0011EPSS
Exploits0References2
NVD
NVD
added 2026/03/16 2:20 p.m.3 views

CVE-2026-4192

A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and m...

6.5CVSS0.01301EPSS
Exploits0References6
NVD
NVD
added 2026/03/16 2:19 p.m.3 views

CVE-2026-3556

Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The...

8.8CVSS0.00514EPSS
Exploits0References1
Rows per page
Query Builder