Lucene search
K

3320 matches found

github
github
added 2026/04/03 3:28 a.m.15 views

Go JOSE Panics in JWE decryption

Impact Decrypting a JSON Web Encryption JWE object will panic if the alg field indicates a key wrapping algorithm one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW and the encryptedkey field is empty. The panic happens when cipher.KeyUnwrap in keywrap.go attempts to...

7.5CVSS6AI score0.00651EPSS
Exploits0References4Affected Software3
cisco
cisco
added 2026/04/01 4:0 p.m.21 views

Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to execute arbitrary code or commands on the underlying operating system of an affected system and elevate privileges to root. For more...

8.8CVSS6.2AI score0.00929EPSS
Exploits0References1
thn
thn
added 2026/04/01 12:46 p.m.4 views

Block the Prompt, Not the Work: The End of "Doctor No"

There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say "No." No to ChatGPT. No to DeepSeek. No to the file-sharing tool the product team swears by. For years, this...

6AI score
Exploits0
redhatcve
redhatcve
added 2026/03/28 11:9 p.m.3 views

CVE-2026-33874

Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when victims open a malicious file. Update the gematik...

7.8CVSS6.1AI score0.00282EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/28 11:9 p.m.7 views

CVE-2026-33875

Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...

9.3CVSS5.9AI score0.00265EPSS
Exploits0References1
susecve
susecve
added 2026/03/28 12:27 a.m.11 views

SUSE CVE-2026-32254

Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...

7.1CVSS5.9AI score0.00297EPSS
Exploits1References3
redhatcve
redhatcve
added 2026/03/27 10:51 p.m.5 views

CVE-2026-33674

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available...

5.3CVSS5.9AI score0.00237EPSS
Exploits0References1
cve
cve
added 2026/03/27 9:11 p.m.119 views

CVE-2026-33940

CVE-2026-33940 affects Handlebars runtimes from 4.0.0 through 4.7.8, where a crafted object in the template context can bypass guards in resolvePartial() and cause invokePartial() to return undefined. This leads the runtime to treat an unresolved partial as a source to be compiled, feeding a vali...

8.1CVSS5.9AI score0.00703EPSS
Exploits1References8Affected Software1
osv
osv
added 2026/03/27 8:25 p.m.5 views

CVE-2026-33875 Authenticator Vulnerable to Authentication Flow Hijack

Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...

9.3CVSS5.9AI score0.00265EPSS
Exploits0References4
osv
osv
added 2026/03/27 7:11 a.m.6 views

BIT-DISCOURSE-2026-33423 Discourse staff can modify any user's group notification level

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, staff can modify any user's group notification level. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available...

5.3CVSS5.9AI score0.00198EPSS
Exploits0References2
osv
osv
added 2026/03/27 7:10 a.m.3 views

BIT-DISCOURSE-2026-27936 Discourse discloses restricted post-action counts to non-privileged users

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, a restriction bypass allows restricted post action counts to be disclosed to non-privileged users through a carefully crafted request. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. No...

6.9CVSS5.8AI score0.00306EPSS
Exploits0References2
nvd
nvd
added 2026/03/26 10:16 p.m.5 views

CVE-2026-33674

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available...

5.3CVSS0.00237EPSS
Exploits0References3
cve
cve
added 2026/03/26 9:42 p.m.23 views

CVE-2026-33674

PrestaShop versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. The issue is addressed by a fix in 8.2.5 and 9.1.0; no public workarounds are listed. Upgrading to 8.2.5, 9.1.0, or newer versions is recommended. The available documents do not provide exploit details or in-the...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/03/26 9:42 p.m.4 views

CVE-2026-33674 PrestaShop: Improper Use of Validation Framework

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available...

2CVSS5.9AI score0.00237EPSS
Exploits0References5
cvelist
cvelist
added 2026/03/26 9:42 p.m.23 views

CVE-2026-33674 PrestaShop: Improper Use of Validation Framework

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available...

2CVSS0.00237EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/03/26 9:42 p.m.3 views

CVE-2026-33674

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available...

2CVSS5.8AI score0.00237EPSS
Exploits0References4Affected Software1
cve
cve
added 2026/03/26 9:41 p.m.16 views

CVE-2026-33673

PrestaShop cases: Versions prior to 8.2.5 and 9.1.0 are affected by stored XSS in the back-office (BO) templates due to unprotected Template variables. An attacker with database access or a pre-existing vulnerability can inject data into the BO, enabling exploitation of unprotected variables in t...

7.6CVSS5.8AI score0.0027EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/03/26 7:40 p.m.2 views

CVE-2026-33531

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6, a path traversal vulnerability in the report template engine allows a staff-level user to read arbitrary files from the server filesystem via crafted template tags. Affected functions: encodesvgimage, asset, and...

7.1CVSS5.9AI score0.00293EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2026/03/26 7:30 p.m.27 views

CVE-2026-33631 ClearanceKit: opfilter policy bypass via non-open file operations

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. In versions on the 4.1 branch and earlier, the opfilter Endpoint Security system extension enforced file access policy exclusively by intercepting ESEVENTTYPEAUTHOPEN events. Seven additional file...

8.7CVSS0.00101EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/03/26 3:18 p.m.16 views

CVE-2026-30888

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allow a moderator to edit site policy documents ToS, guidelines, privacy policy that they are explicitly prohibited from modifying. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 conta...

5.5CVSS5.7AI score0.00213EPSS
Exploits0References1
Rows per page
Query Builder