Lucene search
K

379 matches found

Cvelist
Cvelist
added 2026/03/17 11:16 p.m.33 views

CVE-2026-25937 GLPI has a MFA bypass

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...

6.5CVSS0.00292EPSS
Exploits0References1
OSV
OSV
added 2026/03/17 11:16 p.m.9 views

CVE-2026-25937 GLPI has a MFA bypass

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...

6.5CVSS5.9AI score0.00292EPSS
Exploits0References3
NVD
NVD
added 2026/03/17 8:16 p.m.5 views

CVE-2026-25936

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...

8.8CVSS0.00339EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.7 views

EulerOS Virtualization 2.12.1 : python-pip (EulerOS-SA-2026-1457)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests...

6.1CVSS6.7AI score0.02974EPSS
Exploits3References5
OpenVAS
OpenVAS
added 2026/03/16 12:0 a.m.3 views

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2026-1544)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS5.8AI score0.00438EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/11 6:0 a.m.3 views

CVE-2026-1867 WP Front User Submit < 5.0.6 - Unauthenticated Sensitive Information Exposure

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend...

5.8AI score0.00221EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/11 12:22 a.m.5 views

EUVD-2026-10710

@appium/support has a Zip Slip arbitrary file write in its ZIP extraction...

6.5CVSS5.9AI score0.00388EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.6 views

PT-2026-24585

🚨 CVE-2026-1867 The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting...

5.9CVSS5.8AI score0.00221EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/10 5:33 p.m.3 views

CVE-2026-30973

Appium is an automation framework that provides WebDriver-based automation possibilities for a wide range platforms. Prior to 7.0.6, @appium/support contains a ZIP extraction implementation extractAllTo via ZipExtractor.extract with a path traversal Zip Slip check that is non-functional. The chec...

6.5CVSS5.8AI score0.00388EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/05 6:58 p.m.47 views

CVE-2026-28222

Wagtail CVE-2026-28222 is a stored XSS affecting TableBlock in StreamField. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, an attacker with page creation/edit permissions could craft TableBlock class attributes that render arbitrary JavaScript when viewed by higher-privilege users. This is not...

6.1CVSS5.8AI score0.00418EPSS
Exploits0References9Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/03 1:48 a.m.5 views

CVE-2026-24114

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate pPortMapIndex may lead to buffer overflows when using strcpy...

9.8CVSS6.1AI score0.00624EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/21 6:50 a.m.3 views

CVE-2026-27452 ASN.1 TypeScript Library: Decoding an INTEGER could leak the underlying ArrayBuffer

ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules BER and Distinguished Encoding Rules DER. In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6...

9.2CVSS5.3AI score0.0026EPSS
Exploits0References1
NVD
NVD
added 2026/02/06 6:15 p.m.16 views

CVE-2026-1769

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6. Consider upgrading Xerox® CentreWare Web® to v7.2.2.25 via the software available on Xerox.com...

5.4CVSS0.00146EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/06 5:19 p.m.6 views

EUVD-2026-5635

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6. Consider upgrading Xerox® CentreWare Web® to v7.2.2.25 via the software available on Xerox.com...

5.3CVSS5.3AI score0.00146EPSS
Exploits0References1
CVE
CVE
added 2026/02/06 5:19 p.m.20 views

CVE-2026-1769

Xerox CentreWare Web on Windows is affected by a Stored XSS in CentreWare Web versions through 7.0.6. The vulnerability arises from improper neutralization of input during web page generation, allowing malicious scripts to be stored and potentially executed in the context of other users’ sessions...

5.4CVSS5.4AI score0.00146EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/01/22 10:16 p.m.7 views

UBUNTU-CVE-2026-23953

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...

8.7CVSS7.5AI score0.00471EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:51 p.m.4 views

CVE-2025-67960

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: from n/a through = 1.7.06...

7.1CVSS5.3AI score0.0023EPSS
Exploits0References2
Circl
Circl
added 2026/01/21 8:1 a.m.8 views

CVE-2026-24061

creationtimestamp| type| source ---|---|--- 2026-01-21 08:01:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mcw7ecrteg25 2026-01-21 09:38:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcwers7abk2t 2026-01-21 12:18:21+00:00| seen|...

9.8CVSS7.1AI score0.98871EPSS
Exploits62References168
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004011)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004011 advisory. In the Linux kernel before 5.0.6, there is a NULL pointer dereference in dropsysctltable in fs/proc/procsysctl.c, related to putlinks, aka CID-23da9588037e. Tenable...

5.5CVSS6.6AI score0.00477EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/01/14 7:7 p.m.2 views

CVE-2026-22036

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...

7.5CVSS5.5AI score0.00433EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder