Lucene search
K

38416 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/27 12:0 a.m.1 views

CVE-2026-30531

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the savecategory action. The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious S...

6AI score0.00445EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.9 views

SourceCodester Note Taking App 安全漏洞

SourceCodester Note Taking App is an open-source note-taking application developed by SourceCodester. Versions of SourceCodester Note Taking App prior to version 1.0 contained security vulnerabilities. These vulnerabilities were caused by incorrect operations and could lead to cross-site request...

5.3CVSS5.7AI score0.00155EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.6 views

SourceCodester Online Food Ordering System 安全漏洞

The SourceCodester Online Food Ordering System is an open-source online ordering system developed by SourceCodester. Version 1.0 of the SourceCodester Online Food Ordering System has a security vulnerability. This vulnerability arises from the fact that the category management module on the...

5.4CVSS5.6AI score0.00229EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.6 views

SourceCodester Online Food Ordering System 安全漏洞

The SourceCodester Online Food Ordering System is an open-source online meal ordering system developed by SourceCodester. Version 1.0 of the SourceCodester Online Food Ordering System contains a security vulnerability. This vulnerability arises from the fact that the savecategory operation in the...

8.8CVSS5.8AI score0.00445EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.2 views

PT-2026-28476

GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a result, arbitrary URLs can be included in support emails sent to administrators. Version 5.0.89 patches...

5.1CVSS5.9AI score0.00196EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.4 views

Oracle Linux 8 : mysql:8.0 (ELSA-2026-5580)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-5580 advisory. mecab 0.996-2.12 - Bump version for 'mysql' module rebuild We are moving the 'mecab-devel' RPM from the 'buildroot' repo to the 'AppStream' repo -...

6.5CVSS7.1AI score0.00337EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.7 views

brace-expansion 资源管理错误漏洞

Brace-expansion is a Brace extension in JavaScript developed by Julian Gruber. Versions prior to 5.0.5, 3.0.2, 2.0.3, and 1.1.13 contained a resource management error vulnerability. This vulnerability stemmed from a bracket pattern where the step length was zero, causing the sequence generation t...

7.5CVSS6.2AI score0.0043EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-33897

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root ...

9.9CVSS5.9AI score0.00481EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/26 11:56 p.m.2 views

CVE-2026-27893 vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out

vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode trustremotecode=True when loading sub-components, bypassing the user's explicit --trust-remote-code=False security opt-out. This...

8.8CVSS6.5AI score0.01364EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.4 views

CVE-2026-33909

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are concatenated directly into SQL queries without parameterization or type casting, enabling SQL...

5.9CVSS6AI score0.0033EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/03/26 10:43 p.m.6 views

CVE-2026-33897

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

9.9CVSS6AI score0.00481EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 10:32 p.m.3 views

CVE-2026-33542

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker...

7.1CVSS5.8AI score0.0018EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/03/26 10:16 p.m.1 views

CVE-2026-33664

Kestra is an open-source, event-driven orchestration platform Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields — description, inputs.displayName, inputs.description — through the Markdown.vue component instantiated with html: true. The resulting HTML is injected...

7.3CVSS0.00255EPSS
Exploits1References1
OSV
OSV
added 2026/03/26 10:5 p.m.4 views

GHSA-2328-F5F3-GJ25 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)

Summary pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions. This allows any leaf certificate without these extensions to act as a CA and sign other certificates, which node-for...

7.4CVSS6.9AI score0.00303EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/26 9:57 p.m.6 views

Infinite loop

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Infinite loop via the modInverse function. An attacker can cause the application to hang indefinitely...

8.7CVSS5.9AI score0.0058EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/26 9:57 p.m.2 views

Infinite loop

Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Infinite loop via the modInverse function. An attacker can cause the application to hang indefinitely and consume excessive CPU resources by supplying a zero value as input, resulti...

8.7CVSS5.9AI score0.0058EPSS
Exploits1References2
OSV
OSV
added 2026/03/26 9:57 p.m.1 views

GHSA-5M6Q-G25R-MVWX Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

Summary A Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library. When modInverse is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachab...

7.5CVSS5.8AI score0.0058EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/26 9:57 p.m.6 views

Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

Summary A Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library. When modInverse is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachab...

7.5CVSS5.8AI score0.0058EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/03/26 9:42 p.m.21 views

CVE-2026-33674

PrestaShop versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. The issue is addressed by a fix in 8.2.5 and 9.1.0; no public workarounds are listed. Upgrading to 8.2.5, 9.1.0, or newer versions is recommended. The available documents do not provide exploit details or in-the...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/26 9:42 p.m.4 views

CVE-2026-33674 PrestaShop: Improper Use of Validation Framework

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available...

2CVSS5.9AI score0.00237EPSS
Exploits0References5
Rows per page
Query Builder