Lucene search
K

2138 matches found

vulnrichment
vulnrichment
added 2026/04/10 5:6 a.m.2 views

CVE-2026-5477 Prefix-substitution forgery via integer overflow in wolfCrypt CMAC

An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge CMAC tags. The function wcCmacUpdate used the guard if cmac-totalSz != 0 to skip XOR-chaining on the first block where digest is all-zeros and the XOR is a no-op. However, totalSz is word32 and wrap...

8.2CVSS5.9AI score0.0042EPSS
Exploits0References1
nessus
nessus
added 2026/04/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-5477

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge CMAC tags. The function wcCmacUpdate used the guard if...

8.2CVSS5.5AI score0.0042EPSS
Exploits0References3
qualysblog
qualysblog
added 2026/04/09 4:10 p.m.19 views

Scaling Modern AppSec: Moving from Static Profiles to AI-Powered Scan Optimization

Key Highlights The Scale Challenge: As application portfolios grow and release cycles accelerate, traditional scanning models create a forced trade-off between coverage, cost, and velocity – leading to silent gaps that only surface during audits or incidents. The AI Solution: AI-powered scan...

5.8AI score
Exploits0
attackerkb
attackerkb
added 2026/04/09 12:28 p.m.2 views

CVE-2026-2519

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due to the plugin trusting a user-supplied input without server-side validation against the configure...

5.3CVSS5.8AI score0.00452EPSS
Exploits0References7
nvd
nvd
added 2026/04/08 9:16 a.m.6 views

CVE-2026-39651

Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through = 4.12.0...

6.5CVSS0.00184EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/04/08 8:30 a.m.3 views

CVE-2026-39651

Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through = 4.12.0...

5.9AI score0.00184EPSS
Exploits0References2
cve
cve
added 2026/04/08 8:30 a.m.9 views

CVE-2026-39651

The connected documents confirm a concrete issue: WordPress Total Poll Lite plugin, version

6.5CVSS5.9AI score0.00184EPSS
Exploits0References1
cvelist
cvelist
added 2026/04/08 8:30 a.m.21 views

CVE-2026-39651 WordPress Total Poll Lite plugin <= 4.12.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through = 4.12.0...

6.5CVSS0.00184EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/04/08 8:30 a.m.4 views

CVE-2026-39651 WordPress Total Poll Lite plugin <= 4.12.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through = 4.12.0...

5.8AI score0.00184EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/04/08 12:0 a.m.7 views

WordPress plugin Total Poll Lite 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.8AI score0.00184EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/04/03 10:57 a.m.5 views

CVE-2026-5032

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...

7.5CVSS6.3AI score0.00956EPSS
Exploits0References1
nvd
nvd
added 2026/04/02 8:16 a.m.6 views

CVE-2026-5032

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...

7.5CVSS0.00956EPSS
Exploits0References3
cvelist
cvelist
added 2026/04/02 7:39 a.m.35 views

CVE-2026-5032 W3 Total Cache <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...

7.5CVSS0.00956EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/04/02 7:39 a.m.3 views

CVE-2026-5032

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...

7.5CVSS6.4AI score0.00956EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/04/02 7:39 a.m.1 views

CVE-2026-5032 W3 Total Cache <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...

7.5CVSS5.8AI score0.00956EPSS
Exploits0References3
cve
cve
added 2026/04/02 7:39 a.m.20 views

CVE-2026-5032

CVE-2026-5032 affects the WordPress plugin W3 Total Cache (versions

7.5CVSS6.4AI score0.00956EPSS
Exploits0References3
patchstack
patchstack
added 2026/04/02 7:21 a.m.5 views

WordPress W3 Total Cache plugin <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header vulnerability

Unauthenticated Security Token Exposure via User-Agent Header vulnerability discovered by wesley wcraft in WordPress Plugin W3 Total Cache versions = 2.9.3...

7.5CVSS5.9AI score0.00956EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2026/04/02 5:4 a.m.4 views

CVE-2026-30573

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

7.5CVSS5.9AI score0.0025EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/04/02 12:0 a.m.9 views

WordPress plugin W3 Total Cache 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.8AI score0.00956EPSS
Exploits0References3
euvd
euvd
added 2026/04/01 3:31 p.m.5 views

EUVD-2026-17901

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

7.5CVSS5.9AI score0.0025EPSS
Exploits1References2
Rows per page
Query Builder