Lucene search
K

38455 matches found

CVE
CVE
added 2026/03/19 11:37 p.m.56 views

CVE-2026-22735

CVE-2026-22735 affects Spring MVC and Spring WebFlux applications via Server-Sent Events (SSE) stream handling. Concrete details in the connected documents show impact on Spring Framework components: Spring Foundation versions 5.3.0–5.3.46, 6.1.0–6.1.25, 6.2.0–6.2.16, and 7.0.0–7.0.5 experience s...

2.6CVSS5.8AI score0.00112EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/19 11:37 p.m.5 views

CVE-2026-22735

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...

2.6CVSS5.8AI score0.00112EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/19 10:54 p.m.5 views

EUVD-2026-13364

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. A Critical Remote Code Execution RCE vulnerability exists in SuiteCRM 7.15.0 and 8.9.2, allowing authenticated administrators to execute arbitrary system commands. This vulnerability is a direc...

9.1CVSS6.2AI score0.00497EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/19 10:54 p.m.5 views

CVE-2026-29103 SuiteCRM Vulnerable to Remote Code Execution via Module Loader Package Scanner Bypass

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. A Critical Remote Code Execution RCE vulnerability exists in SuiteCRM 7.15.0 and 8.9.2, allowing authenticated administrators to execute arbitrary system commands. This vulnerability is a direc...

9.1CVSS6.2AI score0.00497EPSS
Exploits0References2
CVE
CVE
added 2026/03/19 10:54 p.m.17 views

CVE-2026-29103

CVE-2026-29103 affects SuiteCRM 7.15.0 and 8.9.2, enabling authenticated administrators to trigger remote code execution via a Patch Bypass of CVE-2024-49774. The root cause is a flaw in ModuleScanner.php’s PHP token parsing that resets its internal state (checkFunction) on single-character token...

9.1CVSS6.2AI score0.00497EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:53 p.m.5 views

CVE-2026-32755

Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...

5.7CVSS5.8AI score0.00149EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/19 10:53 p.m.5 views

CVE-2026-32755 Admidio is Missing CSRF Protection on Role Membership Date Changes

Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...

5.7CVSS5.8AI score0.00149EPSS
Exploits1References4
OSV
OSV
added 2026/03/19 10:48 p.m.3 views

CVE-2026-29100 SuiteCRM has Reflected HTML Injection in Login Page via default_user_name Parameter

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. SuiteCRM 7.15.0 contains a reflected HTML injection vulnerability in the login page that allows attackers to inject arbitrary HTML content, enabling phishing attacks and page defacement. Versio...

7.1CVSS6AI score0.00164EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/19 10:41 p.m.3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the wcPKCS7DecodeEnvelopedData function when processing a crafted CMS EnvelopedData message containing zero-length encrypted content. An attacker can cause a 1-byte out-of-bounds heap read by supplying such a...

3.3CVSS5.8AI score0.00095EPSS
Exploits0References2
NVD
NVD
added 2026/03/19 10:16 p.m.8 views

CVE-2026-4159

1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...

3.3CVSS0.00095EPSS
Exploits0References1
OSV
OSV
added 2026/03/19 10:16 p.m.5 views

DEBIAN-CVE-2026-4159

1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...

3.3CVSS5.3AI score0.00095EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/19 10:16 p.m.5 views

CVE-2026-4159

1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...

3.3CVSS5.8AI score0.00095EPSS
Exploits0References2
OSV
OSV
added 2026/03/19 10:16 p.m.5 views

UBUNTU-CVE-2026-4159

1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...

3.3CVSS5.8AI score0.00095EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/03/19 9:17 p.m.3 views

CVE-2026-4159

1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...

3.3CVSS5.2AI score0.00095EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/19 9:17 p.m.3 views

CVE-2026-4159 wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read

1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...

2.1CVSS5.8AI score0.00095EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/19 9:17 p.m.27 views

CVE-2026-4159 wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read

1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...

2.1CVSS0.00095EPSS
Exploits0References1
CVE
CVE
added 2026/03/19 9:17 p.m.19 views

CVE-2026-4159

CVE-2026-4159: A 1-byte out-of-bounds heap read in wolfSSL’s wc_PKCS7_DecodeEnvelopedData can be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Affected software: wolfSSL 5.8.4 and earlier; root cause is a 1-byte OOB read during enveloped data decoding. Impac...

3.3CVSS5.8AI score0.00095EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/19 9:17 p.m.6 views

CVE-2026-4159

1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...

3.3CVSS5.2AI score0.00095EPSS
Exploits0
NVD
NVD
added 2026/03/19 9:17 p.m.3 views

CVE-2026-33302

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function AclMain::zhAclCheck only checks for the presence of any "allow" user or group. It never checks for explicit "deny" allowed=0. As a result,...

8.6CVSS0.00315EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/19 8:23 p.m.7 views

EUVD-2026-13221

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function AclMain::zhAclCheck only checks for the presence of any "allow" user or group. It never checks for explicit "deny" allowed=0. As a result,...

8.6CVSS5.8AI score0.00315EPSS
Exploits1References2
Rows per page
Query Builder