Lucene search
K

38410 matches found

Cvelist
Cvelist
added 2026/03/28 11:58 a.m.28 views

CVE-2018-25224 PMS 0.42 Stack-Based Buffer Overflow via Configuration File

PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffer and execute she...

8.6CVSS0.00191EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2026/03/28 8:39 a.m.131 views

Exploit for CVE-2025-31337

CVE-2025-31337 Security Advisory CVE ID: CVE-2025-313...

6.5AI score
Exploits1
EUVD
EUVD
added 2026/03/28 3:31 a.m.4 views

EUVD-2026-16905

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

7.5CVSS5.9AI score0.00256EPSS
Exploits0References3
NVD
NVD
added 2026/03/28 2:16 a.m.5 views

CVE-2026-4987

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

7.5CVSS0.00256EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/28 1:25 a.m.36 views

CVE-2026-4987 SureForms <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id'

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

7.5CVSS0.00256EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/28 1:25 a.m.3 views

CVE-2026-4987

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

7.5CVSS5.9AI score0.00256EPSS
Exploits0References3
CVE
CVE
added 2026/03/28 1:25 a.m.16 views

CVE-2026-4987

The CVE affects the SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress (all versions up to 2.5.2). The root cause is that create_payment_intent() validates the payment amount using a user-controlled parameter, enabling unauthenticated attackers to bypass confi...

7.5CVSS5.9AI score0.00256EPSS
Exploits0References2
Fedora
Fedora
added 2026/03/28 1:6 a.m.6 views

[SECURITY] Fedora 42 Update: dotnet9.0-9.0.115-1.fc42

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

7.5CVSS5.7AI score0.01373EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.3 views

SUSE CVE-2026-32953

Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets USS to be silently ignored, producing the same Compound Device Identifier CDI-and thus the same key...

4.7CVSS5.9AI score0.00246EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.5 views

SUSE CVE-2026-33313

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, an authenticated user can read any task comment by ID, regardless of whether they have access to the task the comment belongs to, by substituting the task ID in the API URL with a task they do have access to...

5.3CVSS5.9AI score0.00254EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.10 views

SUSE CVE-2026-33535

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 display interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the issue...

4CVSS5.9AI score0.00141EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.5 views

PT-2026-28706

Name of the Vulnerable Software and Affected Versions SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress versions up to and including 2.5.2 Description The SureForms plugin is susceptible to a Payment Amount Bypass issue. This occurs because the create payment...

7.5CVSS5.9AI score0.00256EPSS
Exploits0References9
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/28 12:0 a.m.3 views

Security update for tomcat11 (important)

openSUSE security update: security update for tomcat11 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20414-1 Rating: important References: bsc1253460 bsc1258371 bsc1258385 bsc1258387 Cross-References: CVE-2025-66614 CVE-2026-24733 CVE-2026-24734...

8.7CVSS6.8AI score0.00494EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/28 12:0 a.m.7 views

Security update for vim (important)

openSUSE security update: security update for vim ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20403-1 Rating: important References: bsc1246602 bsc1258229 bsc1259051 Cross-References: CVE-2025-53906 CVE-2026-26269 CVE-2026-28417 CVSS scores:...

5.4CVSS7AI score0.01162EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/27 10:23 p.m.6 views

EUVD-2026-16324

path-to-regexp vulnerable to Denial of Service via sequential optional groups...

7.5CVSS5.9AI score0.00455EPSS
Exploits0References3
NVD
NVD
added 2026/03/27 10:16 p.m.2 views

CVE-2026-33979

Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. A vulnerability has been identified in versions prior to 2.0.2 where restrictive sanitization configurations are...

8.2CVSS0.00382EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/27 10:12 p.m.3 views

CVE-2026-33891

A flaw was found in the node-forge library, a JavaScript implementation of Transport Layer Security. This vulnerability, inherited from the bundled jsbn library, allows a remote attacker to cause a Denial of Service DoS. When the BigInteger.modInverse function is called with a zero value, it ente...

7.5CVSS5.8AI score0.00365EPSS
Exploits1References5
NVD
NVD
added 2026/03/27 9:17 p.m.6 views

CVE-2026-33891

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

7.5CVSS0.00365EPSS
Exploits1References9
NVD
NVD
added 2026/03/27 9:17 p.m.6 views

CVE-2026-33875

Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...

9.3CVSS0.00265EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/27 9:17 p.m.1 views

CVE-2026-33891

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

7.5CVSS5.9AI score0.00365EPSS
Exploits1References3
Rows per page
Query Builder