Lucene search
K

38424 matches found

OpenVAS
OpenVAS
added 2026/03/26 12:0 a.m.3 views

openSUSE Security Advisory (SUSE-SU-2026:0977-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS5.8AI score0.00765EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

Code-Projects Online Food Ordering System SQL注入漏洞

The Code-Projects Online Food Ordering System is an open-source online meal ordering system developed by Code-Projects. Version 1.0 of the Code-Projects Online Food Ordering System contains a SQL injection vulnerability. This vulnerability stems from incorrect handling of the 'del' parameter in t...

7.5CVSS7.2AI score0.00259EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.7 views

Timo 安全漏洞

Timo is a backend management system developed by auntvt. Version Timo 2.0.3 has a security vulnerability, which stems from a cross-site scripting vulnerability in the title field. Attackers can execute attacks through specially crafted links...

6.1CVSS5.7AI score0.00166EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28392

Name of the Vulnerable Software and Affected Versions staffwiki version 7.0.1.19219 Description A cross-site scripting XSS issue exists in staffwiki. This allows attackers to execute arbitrary Javascript in the context of a user's browser through a crafted HTTP request. The vulnerable API endpoin...

6.1CVSS6AI score0.00249EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28600

Name of the Vulnerable Software and Affected Versions Stirling-PDF versions prior to 2.8.0 Description Stirling-PDF is a locally hosted web application designed for PDF file operations. The /api/v1/convert/eml/pdf API endpoint, when used with the downloadHtml=true parameter, returns unsanitized...

6.1CVSS6.1AI score0.0026EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.3 views

PT-2026-28527

Name of the Vulnerable Software and Affected Versions brace-expansion versions prior to 5.0.5 brace-expansion versions prior to 3.0.2 brace-expansion versions prior to 2.0.3 brace-expansion versions prior to 1.1.13 Description The brace-expansion library is susceptible to a denial-of-service...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References349
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

Tandoor Recipes 注入漏洞

Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.6.0 had a injection vulnerability. This vulnerability stemmed from the FDC search endpoint, which directly inserted user-provided...

6.5CVSS5.8AI score0.00467EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.7 views

Wecodex Shipping System CMS SQL注入漏洞

Wecodex Shipping System CMS is a logistics content management system developed by Wecodex Corporation. Version 1.0 of the Wecodex Shipping System CMS has a SQL injection vulnerability. This vulnerability stems from insufficient validation of the username parameter input, which may lead to SQL...

9.8CVSS5.8AI score0.0052EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.10 views

PT-2026-28649

Name of the Vulnerable Software and Affected Versions plank/laravel-mediable versions through 6.4.0 Description The software is susceptible to arbitrary file upload when it accepts or prefers a client-supplied MIME type during file upload handling. An attacker can submit a file containing...

10CVSS6.2AI score0.01279EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.12 views

Laravel-Mediable 安全漏洞

Laravel-Mediable is a Laravel media file management package developed by Plank. Versions of Laravel-Mediable 6.4.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the application accepting or favoring the MIME types provided by the client when processing file uploads...

10CVSS6.2AI score0.01279EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-23397

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check...

7.1CVSS5.9AI score0.00117EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28556

Name of the Vulnerable Software and Affected Versions node-forge versions prior to 1.4.0 Description A Denial of Service DoS issue exists in the node-forge library due to an infinite loop within the BigInteger.modInverse function, inherited from the bundled jsbn library. When modInverse is called...

7.5CVSS5.9AI score0.0058EPSS
Exploits1References13
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

SourceCodester Sales and Inventory System SQL注入漏洞

The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the sid...

8.8CVSS6.7AI score0.00348EPSS
Exploits1References5
Microsoft KB
Microsoft KB
added 2026/03/26 12:0 a.m.7 views

March 26, 2026—KB5079489 (OS Build 28000.1764) Preview

March 26, 2026—KB5079489 OS Build 28000.1764 Preview ​​​​​This non-security update for Windows 11, version 26H1 KB5079489, incudes production-quality improvements. To learn more about differences between security updates, optional non-security preview updates, Out-of-band OOB updates, and...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.1 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glibc (UTSA-2026-006299)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006299 advisory. Calling getnetbyaddr or getnetbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in...

7.5CVSS6AI score0.00564EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.8 views

PT-2026-28563

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.7.0 Description A deadlock in the AMF's SCTP notification handler can cause the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to...

7.5CVSS5.9AI score0.60368EPSS
Exploits18References46
Vulnrichment
Vulnrichment
added 2026/03/25 11:57 p.m.2 views

CVE-2026-30892 Crun incorrectly parses `crun exec` option `-u`, leading to privilege escalation

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

5.8AI score0.00159EPSS
Exploits1References3
CVE
CVE
added 2026/03/25 11:46 p.m.8 views

CVE-2026-34053

OpenEMR prior to version 8.0.0.3 has a missing authorization issue in the AJAX deletion endpoint at interface/forms/procedure_order/handle_deletions.php. This allows any authenticated user, regardless of role, to irreversibly delete procedure orders, answers, and specimens for any patient. Versio...

8.1CVSS5.8AI score0.00415EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 11:41 p.m.4 views

CVE-2026-33934

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing authorization check in portal/sign/lib/show-signature.php that allows any authenticated patient portal user to retrieve the drawn signature image of an...

4.3CVSS6AI score0.00235EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 11:31 p.m.5 views

CVE-2026-33917

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

8.8CVSS5.8AI score0.00445EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder