Lucene search
K

38417 matches found

OSV
OSV
added 2026/03/26 9:42 p.m.4 views

CVE-2026-33674 PrestaShop: Improper Use of Validation Framework

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available...

2CVSS5.9AI score0.00237EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/26 9:41 p.m.3 views

CVE-2026-33673

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting stored XSS vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability,...

7.6CVSS5.8AI score0.0027EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/26 9:41 p.m.3 views

CVE-2026-33673 PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting stored XSS vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability,...

7.6CVSS5.9AI score0.0027EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/26 9:31 p.m.6 views

EUVD-2026-16330

The API function sshgethexa is vulnerable, when 0-lenght input is provided to this function. This function is used internally in sshgetfingerprinthash and sshprinthexa deprecated, which is vulnerable to the same input length is provided by the calling application. The function is also used...

6.5CVSS5.9AI score0.00582EPSS
Exploits0References3
NVD
NVD
added 2026/03/26 9:17 p.m.2 views

CVE-2026-0966

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS0.00582EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:52 p.m.3 views

CVE-2026-33638

Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to version 4.2.0, GET /api/allusers is mounted as a public endpoint and returns user records without authentication. This allows remote unauthenticated user enumeration and exposure of user profile metadata. ...

5.3CVSS5.8AI score0.00484EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 8:48 p.m.3 views

CVE-2026-33628 Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The...

5.4CVSS6AI score0.00231EPSS
Exploits0References3
CVE
CVE
added 2026/03/26 8:10 p.m.10 views

CVE-2026-4393

The CVE-2026-4393 issue is a CSRF vulnerability in the Drupal Automated Logout module. The Root Cause: the logout routes are not sufficiently protected against CSRF, enabling an authenticated user to trigger unintended actions. Affected software: Drupal Automated Logout module; affected versions ...

4.3CVSS5.8AI score0.00109EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:6 p.m.3 views

CVE-2026-0966

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS6.3AI score0.00582EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/26 8:6 p.m.1 views

CVE-2026-0966 Libssh: libssh: denial of service via zero-length input in ssh_get_hexa()

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

6.5CVSS6.3AI score0.00582EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/03/26 8:6 p.m.2 views

CVE-2026-0966

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS6.3AI score0.00582EPSS
Exploits0
CVE
CVE
added 2026/03/26 7:52 p.m.52 views

CVE-2026-33535

CVE-2026-33535 affects ImageMagick. The issue is an out-of-bounds write of a zero byte in the X11 display interaction path, leading to a crash. Affected releases include pre-patch versions 7.1.2-17/7.1.2-18? and 6.9.13-42/6.9.13-43 according to sources; the advisory notes that versions 7.1.2-18 a...

5.5CVSS5.8AI score0.00141EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 7:52 p.m.10 views

CVE-2026-33535

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 display interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the issue...

4CVSS5.8AI score0.00141EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/26 7:52 p.m.24 views

CVE-2026-33535 ImageMagick has an Out-of-Bounds write of a zero byte in its X11 display interaction

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 display interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the issue...

4CVSS0.00141EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/03/26 7:50 p.m.6 views

vantuz (>=3.3.2 <=3.3.7) potentially affected by unknown CVE via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: unknown CVE Source advisory: OSV:GHSA-48VW-M3QC-WR99...

5.8AI score
Exploits0
NVD
NVD
added 2026/03/26 7:17 p.m.2 views

CVE-2026-4923

Impact: When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path. Unsafe examples: /foo-bar-:baz /a-:b-c-:d...

5.9CVSS0.00353EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 7:17 p.m.3 views

DEBIAN-CVE-2026-4926

Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...

7.5CVSS5.3AI score0.00791EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/26 7:17 p.m.2 views

CVE-2026-4926

Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...

7.5CVSS5.9AI score0.00791EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 7:17 p.m.5 views

UBUNTU-CVE-2026-4926

Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...

7.5CVSS5.8AI score0.00791EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/26 7:7 p.m.23 views

CVE-2026-33152 Tandoor Recipes Vulnerable to Unrestricted Brute-Force via BasicAuthentication

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthentication as one of the default authentication backends. The AllAuth rate limiting configuration...

9.1CVSS0.00513EPSS
Exploits1References2
Rows per page
Query Builder