Lucene search
K

606 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 4:42 p.m.5 views

Security Bulletin: A vulnerability in Apache Commons FileUpload may affect IBM Jazz Reporting Service (CVE-2025-48976)

Summary Apache Commons FileUpload is used by IBM Jazz Reporting Service. IBM Jazz Reporting Service has addressed the applicable CVECVE-2025-48976 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS...

7.5CVSS6.9AI score0.64718EPSS
Exploits1Affected Software1
Cvelist
Cvelist
added 2026/04/14 7:44 p.m.30 views

CVE-2026-27312 Bridge | Heap-based Buffer Overflow (CWE-122)

Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00259EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/11 12:0 a.m.7 views

WordPress plugin wpForo Forum 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.1CVSS5.9AI score0.00499EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

runZero Platform 安全漏洞

runZero Platform is an asset discovery and attack surface management platform developed by the US company runZero. Versions of runZero Platform prior to 4.0.260203.0 contained security vulnerabilities. These vulnerabilities were due to improper authorization, which could allow the MCP proxy to...

3CVSS5.8AI score0.00118EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/04 11:16 a.m.2 views

CVE-2025-14938

The Listeo Core plugin for WordPress is vulnerable to unauthenticated arbitrary media upload in all versions up to, and including, 2.0.27 via the "listeocorehandledroppedmedia" function. This is due to missing authorization and capability checks on the AJAX endpoint handling file uploads. This...

5.3CVSS6.1AI score0.00304EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/03 12:0 a.m.10 views

Oracle Linux 8 : mysql:8.4 (ELSA-2026-6391)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6391 advisory. mecab mecab-ipadic mysql 8.4.8-1 - Rebase to 8.4.8 Tenable has extracted the preceding description block directly from the Oracle Linux security...

6.5CVSS7.1AI score0.00337EPSS
Exploits0References7
OSV
OSV
added 2026/04/01 9:5 a.m.6 views

CLEANSTART-2026-EB74978 Security fixes for CVE-2020-8912, CVE-2025-61732, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 3.0.2-r0, 3.0.2-r1

Multiple security vulnerabilities affect the grafana-mimir package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7.1AI score0.01557EPSS
Exploits3References19
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.6 views

OpenViking 安全漏洞

OpenViking is an open-source artificial intelligence proxy context database developed by Volcengine. Versions of OpenViking prior to 0.2.14 contained security vulnerabilities. These vulnerabilities stemmed from a lack of authentication in the bot proxy router, allowing unauthorized attackers to...

6.9CVSS5.8AI score0.00418EPSS
Exploits0References4
NVD
NVD
added 2026/03/27 10:16 p.m.4 views

CVE-2026-33979

Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. A vulnerability has been identified in versions prior to 2.0.2 where restrictive sanitization configurations are...

8.2CVSS0.00382EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.4 views

CVE-2026-33304

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the dated reminders log allows any authenticated non-admin user to view reminder messages belonging to other users, including associated patient...

6.5CVSS5.9AI score0.00312EPSS
Exploits1References1
CVE
CVE
added 2026/03/25 3:24 p.m.9 views

CVE-2026-3218

CVE-2026-3218: Drupal Responsive Favicons contains an XSS due to improper filtering of administrator-entered text. Affects versions prior to 2.0.2. Exploitation requires the attacker to have the permission administering responsive favicons. Remediation: update to 2.0.2 or later (as noted in the l...

4.8CVSS5.8AI score0.00185EPSS
Exploits0References1Affected Software1
Schneier on Security
Schneier on Security
added 2026/03/25 11:2 a.m.6 views

Sen. Wyden Warns of Another Section 702 Abuse

Sen. Ron Wyden is warning us of an abuse of Section 702: Wyden took to the Senate floor to deliver a lengthy speech, ostensibly about the since approved with support of many Democrats nomination of Joshua Rudd to lead the NSA. Wyden was protesting that nomination, but in the context of Rudd being...

5.8AI score
Exploits0
CVE
CVE
added 2026/03/25 8:46 a.m.33 views

CVE-2026-3608

CVE-2026-3608 affects Kea daemons (kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, kea-dhcp6). A maliciously crafted message over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow. Affected versions: 2.6.0–2.6.4 and 3.0.0–3.0.2. Exploitation details a...

7.5CVSS5.8AI score0.01361EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/03/24 6:40 p.m.20 views

CVE-2026-33768 Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`

Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path header and xastropath query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel...

6.5CVSS0.00331EPSS
Exploits1References4
CVE
CVE
added 2026/03/24 6:40 p.m.18 views

CVE-2026-33768

Astro: Unauthenticated Path Override via x-astro-path/x_astro_path affects Astro 5.18.1 + @astrojs/vercel 9.0.4 and Astro 6.0.3 + @astrojs/vercel 10.0.0, with patch in 10.0.2. The vulnerable code rewrites the internal request path from a caller-supplied header or query parameter without authentic...

9.1CVSS5.8AI score0.00331EPSS
Exploits1References4Affected Software1
vulnersOsv
vulnersOsv
added 2026/03/21 12:34 p.m.3 views

cy-ai-trainer (>=0.0.1 <=0.0.2), llama-index-packs-vanna (>=0.0.1 <=0.3.0) +2 more potentially affected by CVE-2026-4513 via vanna (>=0.0.30 <=2.0.2)

vanna PYPI version =0.0.30, =0.0.1, =0.0.1, =1.0.0, =2.0.0 Source cves: CVE-2026-4513 Source advisory: SNYK:PYTHON-VANNA-15756488...

6.5CVSS6.5AI score0.00196EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:27 a.m.1 views

CVE-2026-4004

The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...

6.5CVSS6.1AI score0.00254EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/03/20 1:26 a.m.3 views

CVE-2026-32711

pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, b...

7.8CVSS5.8AI score0.00279EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 1:4 a.m.2 views

CVE-2026-32880

ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an admin user to edit JSON type system settings to store a JavaScript payload that can execute when any admin views the system settings. The JSON input is left unescaped/unsanitized in SystemSettings.php, leading ...

6.4CVSS5.8AI score0.0032EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/03/19 9:17 p.m.5 views

CVE-2026-33302

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function AclMain::zhAclCheck only checks for the presence of any "allow" user or group. It never checks for explicit "deny" allowed=0. As a result,...

8.6CVSS0.00315EPSS
Exploits1References2
Rows per page
Query Builder