Lucene search
K

569 matches found

Github Security Blog
Github Security Blog
added 2026/03/25 7:40 p.m.5 views

PrestaShop: Improper Use of Validation Framework

Impact Fix improper use of validation framework Patches Patched in 8.2.5 and 9.1.0 Workarounds None References none...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/25 7:40 p.m.2 views

GHSA-283W-XF3Q-788V PrestaShop: Improper Use of Validation Framework

Impact Fix improper use of validation framework Patches Patched in 8.2.5 and 9.1.0 Workarounds None References none...

2CVSS5.8AI score0.00237EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.3 views

CVE-2026-24364 WordPress WP User Frontend plugin <= 4.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.5...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.9 views

PT-2026-28175

Name of the Vulnerable Software and Affected Versions PrestaShop versions prior to 8.2.5 PrestaShop versions prior to 9.1.0 Description PrestaShop, an open source e-commerce web application, experiences an issue due to improper use of its validation framework. No workarounds are currently...

2CVSS5.8AI score0.00237EPSS
Exploits0References8
EUVD
EUVD
added 2026/03/24 6:31 a.m.3 views

EUVD-2026-14704

Use After Free vulnerability in No-Chicken Echo-Mate ‎SDK/rv1106-sdk/sysdrv/source/kernel/mm modules. This vulnerability is associated with program files rmap.C‎. This issue affects Echo-Mate: before V250329...

8.8CVSS5.8AI score0.00088EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/24 12:0 a.m.3 views

CVE-2026-29840

JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting XSS vulnerability in the release function within app/home/c/UserController.php. The application attempts to sanitize input by filtering...

5.8AI score0.00165EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.10 views

Tabs Mail Carrier 缓冲区错误漏洞

Tabs Mail Carrier is an email server software for email sending and mailing list management developed by the Tabs company. Version 2.5.1 of Tabs Mail Carrier contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the MAIL FROM SMTP command, which could allow a...

9.8CVSS6.4AI score0.00912EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.8 views

JIZHICMS 安全漏洞

JIZHICMS is an open-source content management system developed by JIZHI Corporation in China. JIZHICMS versions 2.5.6 and earlier contained security vulnerabilities. These vulnerabilities were caused by insufficient input cleaning in the publish function of the app/home/c/UserController.php file,...

5.4CVSS5.7AI score0.00165EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.7 views

File Thingie 安全漏洞

File Thingie is a file manager personally developed by Frances Leese. Version 2.5.7 of File Thingie has a security vulnerability, which stems from the improper handling of the function for creating folders from URLs. This vulnerability may lead to directory traversal attacks...

4.3CVSS5.8AI score0.00612EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.9 views

Jenkins 安全漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.554 and earlier, as well as LTS 2.541.2 and earlier, have security vulnerabilitie...

8.8CVSS6.1AI score0.01161EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/16 2:19 p.m.8 views

CVE-2026-4185

A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swfdefbitsjpeg of the file src/scenemanager/swfparse.c of the component MP4Box. The manipulation of the argument szName results in stack-based buffer overflow. It is possible to laun...

6.5CVSS6.8AI score0.00252EPSS
Exploits0References2
CVE
CVE
added 2026/03/16 12:0 a.m.9 views

CVE-2025-69768

The provided connected documents confirm a concrete vulnerability in Chyrp: SQL Injection in the Admin.php component affecting Chyrp v2.5.2 and earlier. The root cause is an SQLi flaw in Admin.php that could allow a remote attacker to obtain sensitive information. The CVSS details from the Initia...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.7 views

Anchore Enterprise SQL注入漏洞

Anchore Enterprise is a container image security analysis and compliance management platform developed by Anchore Company in the United States. Versions of Anchore Enterprise prior to 5.25.1 contained a SQL injection vulnerability. This vulnerability stemmed from the GraphQL Reports API’s SQL...

8.5CVSS5.9AI score0.00317EPSS
Exploits0References3
OSV
OSV
added 2026/03/12 12:0 a.m.6 views

ALSA-2026:4455 Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.125 and .NET Runtime...

7.5CVSS5.8AI score0.02818EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/06 7:54 a.m.7 views

CVE-2026-27326

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme window-ac-services allows PHP Local File Inclusion.This issue affects AC Services | HVAC, Air...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 5:54 a.m.4 views

CVE-2026-28081 WordPress Windsor theme <= 2.5.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Windsor windsor allows PHP Local File Inclusion.This issue affects Windsor: from n/a through = 2.5.0...

8.1CVSS5.9AI score0.00415EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 5:53 a.m.4 views

CVE-2026-27326 WordPress AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme theme <= 1.2.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme window-ac-services allows PHP Local File Inclusion.This issue affects AC Services | HVAC, Air...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.3 views

CVE-2025-69328 WordPress Booking and Rental Manager plugin <= 2.5.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Manager: from n/a through = 2.5.9...

5.4AI score0.00344EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/19 8:44 p.m.7 views

Pannellum has a XSS vulnerability in hot spot attributes

Impact The hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hosting the standalone viewer HTML file and any other use of untrusted JSON config files bypassing the...

6.1CVSS6.1AI score0.00319EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/02/19 8:26 a.m.9 views

CVE-2026-25008

The CVE-2026-25008 entry concerns WordPress Ninja Tables (ninja-tables) versions up to and including 5.2.5. The issue is described as an Insertion of Sensitive Information Into Sent Data vulnerability that enables retrieval of embedded sensitive data from Ninja Tables. All connected sources consi...

4.3CVSS5.4AI score0.00215EPSS
Exploits0References1
Rows per page
Query Builder