Lucene search
K

38460 matches found

CVE
CVE
added 2026/03/18 12:48 a.m.18 views

CVE-2026-28674

Product/Context: xiaoheiFS (self-hosted financial/operational system). Vulnerability: In versions ≤ 0.3.15, the AdminPaymentPluginUpload endpoint allows admins to upload any file to plugins/payment/ with only a hardcoded password (qweasd123456) and disregards file content. A background watcher (S...

7.2CVSS5.7AI score0.00341EPSS
Exploits1References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/18 12:24 a.m.4 views

SUSE CVE-2026-32775

libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow...

5.3CVSS5.8AI score0.00193EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.7 views

ONNX 安全漏洞

ONNX Open Neural Network Exchange is an open standard for machine learning interoperability, developed under the ONNX open source framework. Versions of ONNX prior to 1.20.1 contain security vulnerabilities. These vulnerabilities stem from improper logic in the repository trust verification...

9.1CVSS5.8AI score0.00318EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.8 views

PT-2026-26022

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpgmza custom js’ parameter in all versions up to, and including, 10.0.05 due to insufficient input sanitization and output escaping and missing capability check in the 'admin post...

6.4CVSS6AI score0.00156EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.5 views

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 9.6.0-alpha.17 and 8.6.42. These vulnerabilities stemmed from the ability to override fields...

4.3CVSS5.8AI score0.00306EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.6 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. OpenEMR versions 8.0.0 and earlier have security...

6.5CVSS5.8AI score0.00274EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.12 views

DiceBear 安全漏洞

DiceBear is an open-source library for generating random avatars. Versions of DiceBear prior to 9.4.0 contained a security vulnerability. This vulnerability stemmed from the ensureSize function, which read the width and height properties from the input SVG to determine the output canvas size. Thi...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.7 views

PT-2026-26167

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...

8.6CVSS5.8AI score0.10069EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.6 views

PT-2026-26058

🚨 CVE-2026-25449: WordPress Traveler theme 3.2.8... PHP object injection in WordPress Traveler theme with 9.8 CVSS and zero auth requirements - RCE goldmine for mass WordP... https://t.co/VFpIhT0XqE netsec vulnerability CVE sysadmin zeroday...

9.8CVSS5.8AI score0.00322EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.7 views

music-metadata 安全漏洞

music-metadata is an audio file metadata extraction library developed by Borewit’s individual developers. Versions of music-metadata prior to 11.12.3 contained a security vulnerability. This vulnerability stemmed from the ASF parser improperly handling objects with an objectSize of 0, which could...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-28500

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass...

9.1CVSS7.5AI score0.00318EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-71267

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs: ntfs3: fix infinite loop triggered by zero-sized ATTRLIST We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service DoS...

5.5CVSS6AI score0.00118EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.6 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an unvalidated divisor. This vulnerability may lead to zero-division errors and kernel crashes...

5.8AI score0.00114EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ATTRLIST attribute of zero size, potentially triggering an infinite loop and leading to a...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/03/17 11:16 p.m.31 views

CVE-2026-25937 GLPI has a MFA bypass

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...

6.5CVSS0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/17 11:16 p.m.2 views

CVE-2026-25937 GLPI has a MFA bypass

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...

6.5CVSS5.8AI score0.00292EPSS
Exploits0References1
OSV
OSV
added 2026/03/17 11:16 p.m.7 views

CVE-2026-25937 GLPI has a MFA bypass

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...

6.5CVSS5.9AI score0.00292EPSS
Exploits0References3
NVD
NVD
added 2026/03/17 8:16 p.m.4 views

CVE-2026-25936

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...

8.8CVSS0.00339EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/17 8:4 p.m.6 views

Infinite loop

Overview music-metadata is a Music metadata parser for Node.js, supporting virtual any audio and tag format. Affected versions of this package are vulnerable to Infinite loop through the parseExtensionObject process in the ASF parser when handling a sub-object with objectSize = 0. An attacker can...

8.7CVSS5.8AI score0.00366EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/17 8:4 p.m.7 views

music-metadata has an infinite loop vulnerability in ASF parser

Summary music-metadata's ASF parser parseExtensionObject in lib/asf/AsfParser.ts:112-158 enters an infinite loop when a sub-object inside the ASF Header Extension Object has objectSize = 0. Root Cause When objectSize is 0: 1. remaining = 0 - 24 = -24 2. tokenizer.ignore-24 moves the read position...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder