Lucene search
K

356 matches found

CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

Timo 安全漏洞

Timo is a backend management system developed by auntvt. Version Timo 2.0.3 has a security vulnerability, which stems from a cross-site scripting vulnerability in the title field. Attackers can execute attacks through specially crafted links...

6.1CVSS5.7AI score0.00166EPSS
Exploits1References1
CVE
CVE
added 2026/03/25 3:24 p.m.11 views

CVE-2026-3218

CVE-2026-3218: Drupal Responsive Favicons contains an XSS due to improper filtering of administrator-entered text. Affects versions prior to 2.0.2. Exploitation requires the attacker to have the permission administering responsive favicons. Remediation: update to 2.0.2 or later (as noted in the l...

4.8CVSS5.8AI score0.00185EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/25 12:27 a.m.5 views

SUSE CVE-2026-27116

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are blocked, , ,...

6.1CVSS5.9AI score0.00221EPSS
Exploits1References3
Rosalinux
Rosalinux
added 2026/03/22 6:39 p.m.15 views

Advisory ROSA-SA-2026-3223

software: cups-filters 2.0.1 OS: ROSA-CHROME unaffected versions = cups-filters-2.0.1-1 affected versions cups-filters-2.0.1-1 CVE-ID: CVE-2025-64524 BDU-ID: 2026-03142 CVE-Crit: LOW CVE-DESC.: A vulnerability in the CUPS Filters print package is related to an operation exceeding buffer boundarie...

5.5CVSS5.8AI score0.00185EPSS
Exploits1
NVD
NVD
added 2026/03/20 3:16 p.m.7 views

CVE-2026-33312

Vikunja is an open-source self-hosted task management platform. Starting in version 0.20.2 and prior to version 2.2.0, the DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delet...

5.4CVSS0.00211EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/20 9:41 a.m.5 views

CVE-2026-33129 h3 has an observable timing discrepancy in basic auth utils

H3 is a minimal HTTP framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server...

5.9CVSS5.8AI score0.00319EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/16 3:30 p.m.7 views

Vanna has a SQL injection in the remove_training_data function

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

7.5CVSS5.6AI score0.00254EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/03/16 2:20 p.m.7 views

CVE-2026-4255

A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows 64-bit allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library DLL dependencies using the default Windows search order, which includes directories...

8.4CVSS0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/03/16 7:14 a.m.27 views

CVE-2026-4255

The CVE-2026-4255 entry describes a DLL search order hijacking in Thermalright TR-VISION HOME (Windows 64-bit) that allows local privilege escalation via DLL side-loading. Affected: TR-VISION HOME versions up to 2.0.5. Root cause: the application loads DLL dependencies using the default Windows s...

8.4CVSS6.3AI score0.00191EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.7 views

Netartmedia Event Portal SQL注入漏洞

Netartmedia Event Portal is an event registration management system operated by the Bulgarian company Netartmedia. Version 2.0 of Netartmedia Event Portal has a SQL injection vulnerability. This vulnerability stems from SQL injection in email parameters, which could allow unverified attackers to...

8.8CVSS5.8AI score0.00254EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.5 views

PT-2026-24747

Name of the Vulnerable Software and Affected Versions Cursor versions prior to 2.0 Description Cursor is a code editor designed for programming with AI. Prior to version 2.0, if a visited website contained maliciously crafted instructions, the model could attempt to follow them to assist the user...

8.8CVSS5.4AI score0.00276EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/08 12:0 a.m.7 views

ffmate 参数注入漏洞

ffmate is an automated media processing engine open sourced by We Love Media. Versions of ffmate 2.0.15 and earlier had a parameter injection vulnerability. This vulnerability stemmed from incorrect operations on the Execute function in the file /internal/service/ffmpeg/ffmpeg.go, which could lea...

6.5CVSS6.6AI score0.00232EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/05 5:53 a.m.42 views

CVE-2026-24960 WordPress Charety theme < 2.0.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Charety charety allows Using Malicious Files.This issue affects Charety: from n/a through 2.0.2...

9.9CVSS0.00331EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/25 11:7 p.m.7 views

EUVD-2026-8765

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service DoS vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large Content-Length header e.g.,...

8.7CVSS5.7AI score0.00436EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/25 9:40 p.m.29 views

CVE-2026-27819 Vikunja has Path Traversal in CLI Restore

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the restoreConfig function in vikunja/pkg/modules/dump/restore.go of the go-vikunja/vikunja repository fails to sanitize file paths within the provided ZIP archive. A maliciously crafted ZIP can bypass the...

7.2CVSS0.00739EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.11 views

PT-2026-21841

Name of the Vulnerable Software and Affected Versions Bugsink versions prior to 2.0.13 Description Bugsink is a self-hosted error tracking tool affected by a stored cross-site scripting XSS issue. An unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScrip...

9.3CVSS6AI score0.00286EPSS
Exploits1References16
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.10 views

PT-2026-22026

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.0.0 Description Vikunja, a self-hosted task management platform, has a reflected HTML injection issue in the Projects module. The filter URL parameter is rendered into the DOM without proper output encoding when a...

9.9CVSS5.4AI score0.22162EPSS
Exploits70References140
CVE
CVE
added 2026/02/20 3:46 p.m.11 views

CVE-2025-68000

CVE-2025-68000 is a Missing Authorization (Broken Access Control) vulnerability in PickPlugins Testimonial Slider for WordPress, affecting version(s) up to 2.0.15. Public sources (NVD/Red Hat/CVE) confirm the issue and version range. PT-Security recommends upgrading to a version later than 2.0.15...

6.5CVSS5.5AI score0.00315EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 8:27 a.m.4 views

CVE-2026-27055 WordPress Penci AI SmartContent Creator plugin <= 2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in PenciDesign Penci AI SmartContent Creator penci-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Penci AI SmartContent Creator: from n/a through = 2.0...

4.3CVSS5.4AI score0.002EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 3:25 a.m.16 views

CVE-2025-12172

CVE-2025-12172 affects the WordPress plugin Mailchimp List Subscribe Form (

4.3CVSS5.4AI score0.00135EPSS
Exploits0References2
Rows per page
Query Builder