Lucene search
K

648 matches found

Microsoft Security Update
Microsoft Security Update
added 2026/04/14 5:0 p.m.19 views

2026-04 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 22H2 for ARM64 (KB5084068)

2026-04 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 22H2 for ARM64 KB5084068...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32597

Name of the Vulnerable Software and Affected Versions ShopLentor plugin for WordPress versions up to 3.3.5 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and missing output escaping on user-supplied shortcode attributes. Authenticated attackers with...

6.4CVSS5.9AI score0.00296EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.2 views

CVE-2026-39635 WordPress Grand Magazine theme <= 3.5.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThemeGoods Grand Magazine grandmagazine allows Cross Site Request Forgery.This issue affects Grand Magazine: from n/a through = 3.5.5...

5.4CVSS5.9AI score0.00098EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.2 views

Swiss-Bench 003: Evaluating LLM Reliability and Adversarial Security for Swiss Regulatory Contexts

The deployment of large language models LLMs in Swiss financial and regulatory contexts demands empirical evidence of both production reliability and adversarial security, dimensions not jointly operationalized in existing Swiss-focused evaluation frameworks. This paper introduces Swiss-Bench 003...

5.9AI score
Exploits0
Circl
Circl
added 2026/04/04 4:11 a.m.3 views

CVE-2026-3571

creationtimestamp| type| source ---|---|--- 2026-04-04 04:11:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3minejyuzrp25 2026-04-10 10:30:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mj54ixzout2r...

6.5CVSS5.7AI score0.00284EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/01 12:30 a.m.2 views

CVE-2025-71278

XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using OAuth2 clients on any version of XenForo 2.3 prior to 2.3.5, potentially allowing client applications to gain access beyond their intended authorization level...

8.8CVSS5.9AI score0.00265EPSS
Exploits0References3Affected Software1
Circl
Circl
added 2026/03/31 5:25 p.m.4 views

GHSA-6C5X-3H35-VVW2

creationtimestamp| type| source ---|---|--- 2026-03-31 17:25:19+00:00| seen| Telegram/nw5w-ohs-CK0Rjuv5tJSQsl41JpqhSQHTKMS4QN8816OY...

4.8AI score
Exploits0
Circl
Circl
added 2026/03/26 7:16 p.m.5 views

CVE-2026-33536

creationtimestamp| type| source ---|---|--- 2026-03-26 19:16:15+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-33536 2026-05-01 15:50:35+00:00| seen| https://vulnerability.circl.lu/bundle/63ae1405-3878-4622-935b-6ee96a75dc90...

5.1CVSS5.8AI score0.00128EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/24 6:46 p.m.9 views

CVE-2026-30932

Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file...

8.6CVSS5.8AI score0.00544EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/24 6:46 p.m.2 views

CVE-2026-30932 Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API

Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file...

8.6CVSS5.8AI score0.00544EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/24 12:30 p.m.5 views

EUVD-2019-20028

WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Attackers can paste a large payload of 6000 bytes into the Name and Registration Code field to trigge...

6.9CVSS6.1AI score0.00231EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.6 views

WinMPG Video Convert 缓冲区错误漏洞

WinMPG Video Convert is a video file format conversion tool developed by the American company WinMPG. Versions of WinMPG Video Convert 9.3.5 and earlier contained a buffer error vulnerability. This vulnerability stemmed from a buffer overflow in the registration dialog box, which could allow loca...

6.9CVSS6.1AI score0.00231EPSS
Exploits1References4
CVE
CVE
added 2026/03/23 10:25 p.m.17 views

CVE-2026-2412

The CVE-2026-2412 entry documents a SQL Injection vulnerability in the WordPress plugin “Quiz and Survey Master (QSM)” up to version 10.3.5. The root cause is insufficient sanitization of the merged_question parameter: sanitize_text_field() does not block SQL metacharacters, which are directly co...

6.5CVSS5.9AI score0.00318EPSS
Exploits0References5
CVE
CVE
added 2026/03/19 4:27 a.m.7 views

CVE-2026-1238

SlimStat Analytics for WordPress is affected by a Stored Cross-Site Scripting vulnerability via the 'fh' parameter in all versions up to 5.3.5. The issue arises from insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject scripts that execute when users v...

7.2CVSS6AI score0.00319EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/16 6:32 p.m.3 views

EUVD-2025-208745

Cross Site scripting vulnerability XSS in NetBox 4.3.5 "comment" field on object forms. An attacker can inject arbitrary HTML, which will be rendered in the web UI when viewed by other users. This could potentially lead to user interface redress attacks or be escalated to XSS in certain contexts...

6.1CVSS5.8AI score0.00175EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/16 3:30 p.m.3 views

EUVD-2025-208690

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 for tcPDU, 1.67 for LK3...

8.7CVSS5.7AI score0.00275EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/13 9:31 p.m.2 views

EUVD-2026-11913

Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter & Grids: from n/a through = 3.5.1...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.9 views

PT-2026-25299

CVE-2026-32455 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects ... https://t.co/yGGoLxAaYH...

6.5CVSS5.8AI score0.00129EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/10 11:57 p.m.5 views

EUVD-2026-10896

SiYuan has a SVG Sanitizer Bypass via Whitespace in javascript: URI — Unauthenticated XSS...

6.4CVSS5.8AI score0.00505EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/10 11:57 p.m.6 views

EUVD-2026-10897

SiYuan has a SVG Sanitizer Bypass via Whitespace in javascript: URI — Unauthenticated XSS...

6.4CVSS5.8AI score0.00505EPSS
Exploits1References3
Rows per page
Query Builder