CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1070 matches found

ATTACKERKB•added 2026/03/21 3:26 a.m.•3 views

CVE-2026-1851

The iVysilani Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' shortcode attribute in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.00045EPSS

Exploits0References5

Cvelist•added 2026/03/21 3:26 a.m.•20 views

CVE-2026-1851 iVysilani Shortcode <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'width' Shortcode Attribute

6.4CVSS0.00045EPSS

Exploits0References4

Positive Technologies•added 2026/03/21 12:0 a.m.•1 views

PT-2026-26854

The Wikilookup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Popup Width' setting in all versions up to, and including, 1.1.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00039EPSS

Exploits0References4

Positive Technologies•added 2026/03/21 12:0 a.m.•1 views

PT-2026-26903

Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a large string of characters into the New Width or New Height field to trigger a buffer...

6.9CVSS6.1AI score0.00017EPSS

Exploits1References4

Positive Technologies•added 2026/03/21 12:0 a.m.•1 views

PT-2026-26818

6.4CVSS6AI score0.00045EPSS

Exploits0References5

Positive Technologies•added 2026/03/21 12:0 a.m.•3 views

PT-2026-26901

TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a malicious string into the New Width or New Height field to trigger a buffer...

6.9CVSS6.1AI score0.0002EPSS

Exploits1References4

CNNVD•added 2026/03/21 12:0 a.m.•2 views

Pixarra TwistedBrush Pro Studio 缓冲区错误漏洞

Pixarra TwistedBrush Pro Studio is a digital painting software developed by the American company Pixarra. Version 24.06 of Pixarra TwistedBrush Pro Studio has a buffer overflow vulnerability. This vulnerability arises from the excessive length of the buffer entered during the image size adjustmen...

6.9CVSS6AI score0.0002EPSS

Exploits1References3

CNNVD•added 2026/03/18 12:0 a.m.•5 views

DiceBear 安全漏洞

DiceBear is an open-source library for generating random avatars. Versions of DiceBear prior to 9.4.0 contained a security vulnerability. This vulnerability stemmed from the ensureSize function, which read the width and height properties from the input SVG to determine the output canvas size. Thi...

7.5CVSS5.8AI score0.00063EPSS

Exploits0References3

SUSE CVE•added 2026/03/15 12:23 a.m.•0 views

SUSE CVE-2026-31806

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdisurfacebits function processes SURFACEBITSCOMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height values provided by the server are not properly...

8.8CVSS6.3AI score0.00033EPSS

Exploits1References14

NVD•added 2026/03/13 7:54 p.m.•0 views

CVE-2026-31806

9.8CVSS0.00033EPSS

Exploits1References2

OSV•added 2026/03/13 7:54 p.m.•1 views

UBUNTU-CVE-2026-31806

9.8CVSS6.2AI score0.00033EPSS

Exploits1References4

UbuntuCve•added 2026/03/13 7:54 p.m.•1 views

CVE-2026-31806

9.8CVSS6AI score0.00033EPSS

Exploits1References3

ATTACKERKB•added 2026/03/13 5:40 p.m.•7 views

CVE-2026-31806

9.3CVSS6.3AI score0.00033EPSS

Exploits1References3Affected Software1

AlpineLinux•added 2026/03/13 5:40 p.m.•0 views

CVE-2026-31806

9.8CVSS6.3AI score0.00033EPSS

Exploits1

Cvelist•added 2026/03/13 5:26 p.m.•20 views

CVE-2026-29774 FreeRDP has a heap-buffer-overflow in avc420_yuv_to_rgb via OOB regionRects

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap buffer overflow occurs in the FreeRDP client's AVC420/AVC444 YUV-to-RGB conversion path due to missing horizontal bounds validation of H.264 metablock regionRects coordinates. In yuv.c, the clamp...

5.3CVSS0.00103EPSS

Exploits1References2

CNNVD•added 2026/03/13 12:0 a.m.•2 views

FreeRDP 安全漏洞

FreeRDP is an open-source implementation of the Remote Desktop Protocol RDP by the FreeRDP team. Versions of FreeRDP prior to 3.24.0 contained security vulnerabilities. These vulnerabilities stemmed from the gdisurfacebits function not properly verifying the bmp.width and bmp.height values provid...

9.8CVSS6.1AI score0.00033EPSS

Exploits1References3

SUSE CVE•added 2026/03/10 12:29 a.m.•2 views

SUSE CVE-2026-3713

A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function dopnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local...

5.3CVSS6AI score0.00019EPSS

Exploits0References3

RedhatCVE•added 2026/03/09 8:5 a.m.•3 views

CVE-2026-3713

A flaw was found in libpng. A local attacker could exploit this vulnerability by manipulating the width/height arguments in the dopnm2png function of the pnm2png component. This manipulation causes a heap-based buffer overflow, which could lead to information disclosure and denial of service DoS...

5.3CVSS6AI score0.00019EPSS

Exploits0References9