Lucene search
K

38448 matches found

Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.3 views

CVE-2026-1378 WP Posts Re-order <= 1.0 - Cross-Site Request Forgery to Settings Update

The WP Posts Re-order plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the cptpluginoptions function. This makes it possible for unauthenticated attackers to update the plugin settings including...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.8 views

WordPress plugin Contact List 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.6AI score0.00272EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/03/21 12:0 a.m.16 views

MiracleLinux 8 : glibc-2.28-251.el8_10.31 (AXSA:2026-341:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-341:02 advisory. glibc: glibc: Information disclosure via zero-valued network query CVE-2026-0915 glibc: wordexp with WRDEREUSE and WRDEAPPEND may return uninitialize...

7.5CVSS5.9AI score0.00564EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.4 views

PT-2026-26942

Name of the Vulnerable Software and Affected Versions Suricata affected versions not specified Description Security issues have been resolved in the libsuricata8 0 4-8.0.4-1.1 package on openSUSE Tumbleweed. Recommendations At the moment, there is no information about a newer version that contain...

7.5CVSS5.8AI score0.00351EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.8 views

WordPress plugin Smarter Analytics 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00302EPSS
Exploits0References3
NVD
NVD
added 2026/03/20 11:16 p.m.3 views

CVE-2026-33180

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.0, when setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP...

8.2CVSS0.00264EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/20 10:19 p.m.21 views

CVE-2026-33180 HAPI FHIR HTTP authentication leak in redirects

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.0, when setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP...

7.5CVSS0.00264EPSS
Exploits0References1
OSV
OSV
added 2026/03/20 10:19 p.m.5 views

CVE-2026-33180 HAPI FHIR HTTP authentication leak in redirects

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.0, when setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP...

7.5CVSS5.9AI score0.00264EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/20 9:39 p.m.26 views

CVE-2026-33171 Statamic has a path traversal in file dictionary fieldtype

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, authenticated Control Panel users could read arbitrary .json, .yaml, and .csv files from the server by manipulating the file dictionary's filename configuration parameter in the fieldtype's...

4.3CVSS0.00348EPSS
Exploits0References1
OSV
OSV
added 2026/03/20 9:17 p.m.5 views

UBUNTU-CVE-2025-63261

AWStats 8.0 is vulnerable to Command Injection via the open function...

7.8CVSS5.8AI score0.01046EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/20 6:31 p.m.3 views

EUVD-2025-208897

A weak authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later...

7CVSS5.8AI score0.00197EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/03/20 5:39 p.m.10 views

WordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Supakiad S. m3ez in WordPress Plugin RegistrationMagic versions = 6.0.7.6...

7.5CVSS5.8AI score0.00287EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 4:21 p.m.3 views

CVE-2025-62844

A weak authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later...

7CVSS5.8AI score0.00197EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/20 3:31 p.m.4 views

EUVD-2024-55479

SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd...

6AI score0.00505EPSS
Exploits0References3
NVD
NVD
added 2026/03/20 3:16 p.m.5 views

CVE-2026-33312

Vikunja is an open-source self-hosted task management platform. Starting in version 0.20.2 and prior to version 2.2.0, the DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delet...

5.4CVSS0.00211EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 12:0 p.m.2 views

RUSTSEC-2026-0061 `tokio-fs` is unmaintained

The tokio-fs crate is unmaintained. It was part of the Tokio 0.1 ecosystem and has been superseded by the main tokio crate...

5.7AI score
Exploits0References3
OSV
OSV
added 2026/03/20 11:37 a.m.14 views

BIT-PARSE-2026-32886 Parse Server's Cloud function dispatch crashes server via prototype chain traversal

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0 and 8.6.47, remote clients can crash the Parse Server process by calling a cloud function endpoint with a crafted function name that traverses the JavaScript prototype chain of a...

8.2CVSS6AI score0.00512EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/20 9:41 a.m.5 views

CVE-2026-33129 h3 has an observable timing discrepancy in basic auth utils

H3 is a minimal HTTP framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server...

5.9CVSS5.8AI score0.00319EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/20 9:32 a.m.4 views

EUVD-2026-13610

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtIDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call modtimer on timer-timer. If the label was created first by revision 1 with XTIDLETIMERALARM...

5.7AI score0.00123EPSS
Exploits0References4
NVD
NVD
added 2026/03/20 9:16 a.m.8 views

CVE-2026-33066

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the backend renderREADME function uses lute.New without calling SetSanitizetrue, allowing raw HTML embedded in Markdown to pass through unmodified. The frontend then assigns the rendered HTML to innerHTML without any...

9CVSS0.00584EPSS
Exploits1References2
Rows per page
Query Builder