Lucene search
K

529 matches found

CNNVD
CNNVD
added 2026/03/19 12:0 a.m.9 views

WordPress plugin WP eMember 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.7AI score0.00149EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/18 6:31 p.m.4 views

EUVD-2026-12914

Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size...

8.2CVSS5.8AI score0.00618EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/03/18 6:16 p.m.6 views

CVE-2026-26740

Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size...

8.2CVSS5.9AI score0.00618EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.5 views

PT-2026-26041

Name of the Vulnerable Software and Affected Versions WebberZone Contextual Related Posts versions prior to 4.2.2 Description An authorization issue exists in WebberZone Contextual Related Posts due to incorrectly configured access control security levels. This allows for unauthorized access...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/13 11:42 a.m.1 views

CVE-2026-32424

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BoldGrid Sprout Clients sprout-clients allows Stored XSS.This issue affects Sprout Clients: from n/a through = 3.2.2...

5.8AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/11 2:54 p.m.6 views

EUVD-2026-10937

Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks...

7.2CVSS5.8AI score0.00257EPSS
Exploits0References2
NVD
NVD
added 2026/03/10 10:16 p.m.5 views

CVE-2026-31833

Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. Due to an overly permissive attributeNameCheck configuration /.+/ in the UFM DOMPurify instance, event handler...

6.7CVSS0.0026EPSS
Exploits0References1
NVD
NVD
added 2026/03/10 10:16 p.m.6 views

CVE-2026-31834

Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users with permission to manage users, may be able to elevate their privileges due to insufficient...

7.2CVSS0.00257EPSS
Exploits0References1
CVE
CVE
added 2026/03/10 9:49 p.m.11 views

CVE-2026-31832

Umbraco (ASP.NET CMS) has a broken object-level authorization vulnerability in backoffice API endpoints affecting 14.0.0–before 16.5.1 and 17.2.2. An authenticated user can assign domain-related data to content nodes without proper authorization checks due to insufficient enforcement on the affec...

5.4CVSS5.8AI score0.00179EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/10 4:44 p.m.27 views

CVE-2026-24018

A UNIX symbolic link Symlink following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root...

7.8CVSS0.00228EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.7 views

PT-2026-24485

Name of the Vulnerable Software and Affected Versions Umbraco versions 14.0.0 through 16.5.0 Umbraco version 17.2.2 Description Umbraco, an ASP.NET CMS, contains a flaw in a backoffice API endpoint related to object-level authorization. Authenticated users can assign domain-related data to conten...

5.4CVSS5.8AI score0.00179EPSS
Exploits0References4
OSV
OSV
added 2026/03/06 4:45 a.m.6 views

CVE-2026-29061 Gokapi: Privilege escalation via incomplete API-key permission revocation on user rank demotion

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a privilege escalation vulnerability in the user rank demotion logic allows a demoted user's existing API keys to retain ApiPermManageFileRequests and ApiPermManageLogs permission...

5.4CVSS5.7AI score0.00116EPSS
Exploits0References4
CVE
CVE
added 2026/03/06 4:27 a.m.37 views

CVE-2026-28785

Ghostfolio prior to version 2.244.0 is vulnerable to arbitrary SQL execution via the getHistorical() method due to symbol validation bypass, potentially allowing read/modify/delete of sensitive financial data for all users. Affected software: Ghostfolio open source wealth management. Root cause: ...

9.8CVSS6.1AI score0.00367EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/05 5:53 a.m.1 views

CVE-2026-27376 WordPress Claue - Clean, Minimal Elementor WooCommerce Theme theme <= 2.2.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JanStudio Claue - Clean, Minimal Elementor WooCommerce Theme claue allows Reflected XSS.This issue affects Claue - Clean, Minimal Elementor WooCommerce Theme: from n/a through = 2.2.7...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 5:44 a.m.8 views

Security Bulletin: IBM Event Streams is vulnerable to unintended response header modification

Summary IBM Event Streams is vulnerable to unintended response header modification due to a flaw in the on-headers module CVE-2025-7339 Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers...

3.4CVSS5.9AI score0.00174EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/26 4:15 a.m.6 views

CVE-2026-27745

The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because...

8.8CVSS6.4AI score0.00761EPSS
Exploits0References1
OSV
OSV
added 2026/02/24 2:16 a.m.2 views

DEBIAN-CVE-2026-25986

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage coders/yuv.c when processing malicious YUV 4:2:2 NoInterlace images. The pixel-pair loop write...

9.8CVSS8AI score0.00461EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/24 1:44 a.m.4 views

Buffer Access with Incorrect Length Value

Overview Affected versions of this package are vulnerable to Buffer Access with Incorrect Length Value in the processing of YUV 4:2:2 images. An attacker can cause a crash by supplying a malicious image file to an application utilizing the affected process. Workaround This vulnerability can be...

9.8CVSS5.7AI score0.00461EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/24 1:44 a.m.5 views

Buffer Access with Incorrect Length Value

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

9.8CVSS5.7AI score0.00461EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/24 1:44 a.m.4 views

Buffer Access with Incorrect Length Value

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

9.8CVSS5.7AI score0.00461EPSS
Exploits0References2
Rows per page
Query Builder