Lucene search
K

38446 matches found

OSV
OSV
added 2026/03/23 6:53 p.m.9 views

CVE-2026-26209 cbor2 has a Denial of Service via Uncontrolled Recursion in cbor2.loads

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...

7.5CVSS5.9AI score0.00417EPSS
Exploits1References6
Patchstack
Patchstack
added 2026/03/23 6:34 p.m.5 views

WordPress Team plugin <= 5.0.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin Team versions = 5.0.11...

7.5CVSS5.8AI score0.00278EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:1 p.m.5 views

WordPress Simple Football Scoreboard plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Simple Football Scoreboard versions = 1.0...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/23 3:30 p.m.2 views

GHSA-HJ7X-HMF2-HC2P Harbor allows the use of the default password for web UI login

Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI...

9.4CVSS5.8AI score0.00498EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/03/23 2:29 p.m.7 views

WordPress Booking and Rental Manager plugin <= 2.6.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by PPzzAArr in WordPress Plugin Booking and Rental Manager versions = 2.6.0...

6.5CVSS5.8AI score0.00305EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/03/23 1:53 p.m.11 views

CVE-2026-33352

CVE-2026-33352 affects WWBN AVideo (pre-26.0). An unauthenticated SQL injection exists in objects/category.php::getAllCategories() via the doNotShowCats parameter. The code only strips single quotes and does not neutralize backslashes, allowing boundary-shifting in the SQL built by string concate...

9.8CVSS5.8AI score0.00431EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/23 1:51 p.m.20 views

CVE-2026-33351 AVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification Bypass

WWBN AVideo is an open source video platform. Prior to version 26.0, a Server-Side Request Forgery SSRF vulnerability exists in plugin/Live/standAloneFiles/saveDVR.json.php. When the AVideo Live plugin is deployed in standalone mode the intended configuration for this file, the...

9.1CVSS0.00431EPSS
Exploits1References2
CVE
CVE
added 2026/03/23 1:46 p.m.8 views

CVE-2026-33297

CVE-2026-33297 affects WWBN AVideo prior to version 26.0. A logic error in CustomizeUser/setPassword.json.php coerces any non-numeric ProfilePassword to 0 via intval(), causing the stored channel password to become 0. This enables any visitor to bypass channel-level access controls by entering 0....

9.1CVSS5.8AI score0.00342EPSS
Exploits1References2Affected Software1
The Hacker News
The Hacker News
added 2026/03/23 1:14 p.m.14 views

⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More

Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories. This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down...

10CVSS7.4AI score0.98412EPSS
Exploits49
RedhatCVE
RedhatCVE
added 2026/03/23 7:3 a.m.8 views

CVE-2026-4598

A flaw was found in jsrsasign. A remote attacker could exploit this vulnerability by providing specially crafted zero or negative inputs to the bnModInverse function within the BigInteger.modInverse implementation. This could lead to an infinite loop, causing a permanent denial of service DoS by...

8.7CVSS5.7AI score0.00554EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/03/23 7:1 a.m.5 views

CVE-2026-4603

A flaw was found in jsrsasign. An attacker can exploit a division by zero vulnerability by supplying a specially crafted JSON Web Key JWK whose modulus decodes to zero. This vulnerability can force RSA public-key operations, such as verification and encryption, to produce deterministic zero...

5.9CVSS5.6AI score0.001EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/03/23 6:30 a.m.9 views

jsrsasign is vulnerable to DoS through Infinite Loop when processing zero or negative inputs

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...

8.7CVSS5.9AI score0.00554EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/23 6:30 a.m.7 views

jsrsasign: Incomplete Comparison Allows DSA Private Key Recovery via Biased Nonce Generation

Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect...

9.3CVSS5.9AI score0.00476EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/23 6:30 a.m.7 views

jsrsasign: Division by Zero Allows Invalid JWK Modulus to Cause Deterministic Zero Output in RSA Operations

Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations e.g., verify and encryption to collapse to...

5.9CVSS5.9AI score0.001EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2026/03/23 6:30 a.m.5 views

EUVD-2026-14371

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...

8.7CVSS5.8AI score0.00554EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/23 6:30 a.m.5 views

EUVD-2026-14377

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature witho...

9.4CVSS5.8AI score0.003EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/23 6:30 a.m.6 views

EUVD-2026-14380

Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations e.g., verify and encryption to collapse to...

5.9CVSS5.8AI score0.001EPSS
Exploits1References5
OSV
OSV
added 2026/03/23 6:30 a.m.5 views

GHSA-8G7P-JF3G-GXCP jsrsasign is vulnerable to DoS through Infinite Loop when processing zero or negative inputs

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...

8.7CVSS5.9AI score0.00554EPSS
Exploits1References6
OSV
OSV
added 2026/03/23 6:30 a.m.5 views

GHSA-464Q-CQXQ-XHGR jsrsasign: Division by Zero Allows Invalid JWK Modulus to Cause Deterministic Zero Output in RSA Operations

Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations e.g., verify and encryption to collapse to...

5.9CVSS5.9AI score0.001EPSS
Exploits1References6
NVD
NVD
added 2026/03/23 6:16 a.m.3 views

CVE-2026-4603

Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations e.g., verify and encryption to collapse to...

5.9CVSS0.001EPSS
Exploits1References4
Rows per page
Query Builder