648 matches found
2026-04 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 22H2 for ARM64 (KB5084068)
2026-04 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 22H2 for ARM64 KB5084068...
PT-2026-32597
Name of the Vulnerable Software and Affected Versions ShopLentor plugin for WordPress versions up to 3.3.5 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and missing output escaping on user-supplied shortcode attributes. Authenticated attackers with...
CVE-2026-39635 WordPress Grand Magazine theme <= 3.5.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in ThemeGoods Grand Magazine grandmagazine allows Cross Site Request Forgery.This issue affects Grand Magazine: from n/a through = 3.5.5...
Swiss-Bench 003: Evaluating LLM Reliability and Adversarial Security for Swiss Regulatory Contexts
The deployment of large language models LLMs in Swiss financial and regulatory contexts demands empirical evidence of both production reliability and adversarial security, dimensions not jointly operationalized in existing Swiss-focused evaluation frameworks. This paper introduces Swiss-Bench 003...
CVE-2026-3571
creationtimestamp| type| source ---|---|--- 2026-04-04 04:11:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3minejyuzrp25 2026-04-10 10:30:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mj54ixzout2r...
CVE-2025-71278
XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using OAuth2 clients on any version of XenForo 2.3 prior to 2.3.5, potentially allowing client applications to gain access beyond their intended authorization level...
GHSA-6C5X-3H35-VVW2
creationtimestamp| type| source ---|---|--- 2026-03-31 17:25:19+00:00| seen| Telegram/nw5w-ohs-CK0Rjuv5tJSQsl41JpqhSQHTKMS4QN8816OY...
CVE-2026-33536
creationtimestamp| type| source ---|---|--- 2026-03-26 19:16:15+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-33536 2026-05-01 15:50:35+00:00| seen| https://vulnerability.circl.lu/bundle/63ae1405-3878-4622-935b-6ee96a75dc90...
CVE-2026-30932
Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file...
CVE-2026-30932 Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API
Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file...
EUVD-2019-20028
WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Attackers can paste a large payload of 6000 bytes into the Name and Registration Code field to trigge...
WinMPG Video Convert 缓冲区错误漏洞
WinMPG Video Convert is a video file format conversion tool developed by the American company WinMPG. Versions of WinMPG Video Convert 9.3.5 and earlier contained a buffer error vulnerability. This vulnerability stemmed from a buffer overflow in the registration dialog box, which could allow loca...
CVE-2026-2412
The CVE-2026-2412 entry documents a SQL Injection vulnerability in the WordPress plugin “Quiz and Survey Master (QSM)” up to version 10.3.5. The root cause is insufficient sanitization of the merged_question parameter: sanitize_text_field() does not block SQL metacharacters, which are directly co...
CVE-2026-1238
SlimStat Analytics for WordPress is affected by a Stored Cross-Site Scripting vulnerability via the 'fh' parameter in all versions up to 5.3.5. The issue arises from insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject scripts that execute when users v...
EUVD-2025-208745
Cross Site scripting vulnerability XSS in NetBox 4.3.5 "comment" field on object forms. An attacker can inject arbitrary HTML, which will be rendered in the web UI when viewed by other users. This could potentially lead to user interface redress attacks or be escalated to XSS in certain contexts...
EUVD-2025-208690
Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 for tcPDU, 1.67 for LK3...
EUVD-2026-11913
Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter & Grids: from n/a through = 3.5.1...
PT-2026-25299
CVE-2026-32455 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects ... https://t.co/yGGoLxAaYH...
EUVD-2026-10896
SiYuan has a SVG Sanitizer Bypass via Whitespace in javascript: URI — Unauthenticated XSS...
EUVD-2026-10897
SiYuan has a SVG Sanitizer Bypass via Whitespace in javascript: URI — Unauthenticated XSS...