Lucene search
K

38427 matches found

SUSE CVE
SUSE CVE
added 2026/03/25 4:55 p.m.4 views

SUSE CVE-2026-23379

In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: fix divide by zero in the offload path Offloading ETS requires computing each class' WRR weight: this is done by averaging over the sums of quanta as 'qsum' and 'qpsum'. Using unsigned int, the same integer size a...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References15
OSV
OSV
added 2026/03/25 4:32 p.m.6 views

USN-8124-1 bind9 vulnerabilities

Samy Medjahed discovered that Bind incorrectly handled insecure delegation validation. A remote attacker could possibly use this issue to cause excessive NSEC3 iterations, consuming CPU resources, and leading to a denial of service. CVE-2026-1519 Vitaly Simonovich discovered that Bind incorrectly...

7.5CVSS7.5AI score0.01545EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/25 4:23 p.m.2 views

CVE-2026-3591

A flaw was found in BIND, specifically in the named server's handling of DNS queries signed with SIG0. A remote attacker could exploit this use-after-return vulnerability by sending a specially-crafted DNS request. This could cause an Access Control List ACL to improperly match an IP address,...

5.4CVSS5.8AI score0.0036EPSS
Exploits0References6
CVE
CVE
added 2026/03/25 4:15 p.m.12 views

CVE-2026-32536

CVE-2026-32536 describes an Unrestricted Upload of File with Dangerous Type in the WordPress plugin Green Downloads (halfdata-paypal-green-downloads) up to version

9.9CVSS5.8AI score0.00259EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.24 views

CVE-2026-32493 WordPress JobSearch plugin <= 3.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through = 3.2.0...

7.1CVSS0.00175EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:14 p.m.3 views

CVE-2026-27095

Deserialization of Untrusted Data vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Object Injection.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through = 5.6.0...

5.8AI score0.00375EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.26 views

CVE-2026-27080 WordPress Deston theme <= 1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Deston deston allows PHP Local File Inclusion.This issue affects Deston: from n/a through = 1.0...

8.1CVSS0.00512EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.22 views

CVE-2026-27075 WordPress Belfort theme <= 1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Belfort belfort allows PHP Local File Inclusion.This issue affects Belfort: from n/a through = 1.0...

8.1CVSS0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.2 views

CVE-2026-27071 WordPress WPCafe plugin <= 3.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through = 3.0.7...

5.8AI score0.00302EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.4 views

CVE-2026-25317 WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through = 5.9.0...

7.5CVSS5.8AI score0.00291EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.3 views

CVE-2026-25002 WordPress LearnPress – Sepay Payment plugin <= 4.0.0 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress Sepay Payment learnpress-sepay-payment allows Authentication Abuse.This issue affects LearnPress Sepay Payment: from n/a through = 4.0.0...

5.8AI score0.00271EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.6 views

CVE-2026-24989

CVE-2026-24989 describes a deserialization of untrusted data in the SUMO Affiliates Pro plugin for WordPress (affs), enabling PHP object injection. Affected: SUMO Affiliates Pro versions below 11.4.0. Root cause: deserialization of untrusted input leading to object injection. Impact: according to...

9.8CVSS5.8AI score0.00375EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.2 views

CVE-2025-69358 WordPress EventPrime plugin <= 4.2.6.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through = 4.2.6.0...

7.5CVSS5.8AI score0.00314EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 3:31 p.m.5 views

EUVD-2026-15413

A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly mismatch an IP address. In a default-allow ACL denying only specific IP addresses, this may lead to...

5.4CVSS5.8AI score0.0036EPSS
Exploits0References4
CVE
CVE
added 2026/03/25 3:24 p.m.9 views

CVE-2026-3218

CVE-2026-3218: Drupal Responsive Favicons contains an XSS due to improper filtering of administrator-entered text. Affects versions prior to 2.0.2. Exploitation requires the attacker to have the permission administering responsive favicons. Remediation: update to 2.0.2 or later (as noted in the l...

4.8CVSS5.8AI score0.00185EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/25 3:21 p.m.20 views

CVE-2026-3210 Material Icons - Moderately critical - Access bypass - SA-CONTRIB-2026-011

Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue affects Material Icons: from 0.0.0 before 2.0.4...

0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/25 2:54 p.m.7 views

CVE-2026-23298

A flaw was found in the Linux kernel's CAN Controller Area Network ucan driver. This vulnerability allows a connected ucan device to send a message with a zero-length field. Such a message can trigger an infinite loop within the driver, causing the system to hang. This ultimately leads to a denia...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/25 2:19 p.m.4 views

CVE-2026-23514 Kiteworks Core before 9.2.2 is vulnerable to Improper Ownership Management

Kiteworks is a private data network PDN. Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch...

8.8CVSS5.8AI score0.0104EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 2:16 p.m.3 views

CVE-2026-3591

A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly mismatch an IP address. In a default-allow ACL denying only specific IP addresses, this may lead to...

5.4CVSS0.0036EPSS
Exploits0References3
OSV
OSV
added 2026/03/25 2:16 p.m.3 views

DEBIAN-CVE-2026-3591

A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly mismatch an IP address. In a default-allow ACL denying only specific IP addresses, this may lead to...

5.4CVSS8.5AI score0.0036EPSS
Exploits0References1
Rows per page
Query Builder