| CVE-2025-22676 |
N/A |
AWS |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in upcasted AWS S3 for WordPress Plugin – Upcasted upcasted-s3-offload allows Stored XSS.This issue affects AWS S3 for WordPress Plugin – Upcasted: from n/a through <= 3.0.3. |
2026-04-01T16:22:30.800 |
https://cve.circl.lu/cve/CVE-2025-22676 |
| CVE-2025-32604 |
N/A |
AWS |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sajjad Aslani AWSA Shipping awsa-shipping allows Reflected XSS.This issue affects AWSA Shipping: from n/a through <= 1.3.0. |
2026-04-01T17:22:39.947 |
https://cve.circl.lu/cve/CVE-2025-32604 |
| CVE-2025-60099 |
N/A |
AWS |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awsm.in Embed Any Document embed-any-document allows Stored XSS.This issue affects Embed Any Document: from n/a through <= 2.7.7. |
2026-04-01T17:27:47.430 |
https://cve.circl.lu/cve/CVE-2025-60099 |
| CVE-2026-31943 |
4.7 |
AWS |
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth/domain.ts` fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests to internal network resources — including cloud metadata services (e.g., AWS `169.254.169.254`), loopback, and RFC1918 ranges. Version 0.8.3 fixes the issue. |
2026-03-31T20:16:27.063 |
https://cve.circl.lu/cve/CVE-2026-31943 |
| CVE-2026-1612 |
N/A |
AWS |
AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket.The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only versions 8.0.21.0610 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. |
2026-03-30T13:26:07.647 |
https://cve.circl.lu/cve/CVE-2026-1612 |
| CVE-2025-54236 |
5.2 |
Adobe |
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction. |
2026-04-01T01:00:01.873 |
https://cve.circl.lu/cve/CVE-2025-54236 |
| CVE-2025-61830 |
5.2 |
Adobe |
Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue requires user interaction in that a victim must install a malicious SDK. |
2026-03-31T18:35:05.403 |
https://cve.circl.lu/cve/CVE-2025-61830 |
| CVE-2026-32794 |
2.5 |
Airflow |
Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o notice.This issue affects Apache Airflow Provider for Databricks: from 1.10.0 before 1.12.0.Users are recommended to upgrade to version 1.12.0, which fixes the issue. |
2026-04-01T14:24:02.583 |
https://cve.circl.lu/cve/CVE-2026-32794 |
| CVE-2024-2889 |
N/A |
Amazon |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon wp-lister-for-amazon.This issue affects WP-Lister Lite for Amazon: from n/a through <= 2.6.11. |
2026-04-01T16:16:53.220 |
https://cve.circl.lu/cve/CVE-2024-2889 |
| CVE-2024-30199 |
N/A |
Amazon |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon wp-lister-for-amazon.This issue affects WP-Lister Lite for Amazon: from n/a through <= 2.6.8. |
2026-04-01T16:16:54.347 |
https://cve.circl.lu/cve/CVE-2024-30199 |
| CVE-2024-37261 |
2.7 |
Amazon |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon wp-lister-for-amazon.This issue affects WP-Lister Lite for Amazon: from n/a through <= 2.6.16. |
2026-04-01T16:17:22.527 |
https://cve.circl.lu/cve/CVE-2024-37261 |
| CVE-2024-51643 |
N/A |
Amazon |
Cross-Site Request Forgery (CSRF) vulnerability in ragaskar Amazon Associate Filter amazon-associate-filter allows Stored XSS.This issue affects Amazon Associate Filter: from n/a through <= 0.4. |
2026-04-01T16:19:31.120 |
https://cve.circl.lu/cve/CVE-2024-51643 |
| CVE-2024-54439 |
N/A |
Amazon |
Cross-Site Request Forgery (CSRF) vulnerability in Alok Tiwari Amazon Product Price amazon-product-price allows Stored XSS.This issue affects Amazon Product Price: from n/a through <= 1.1. |
2026-04-01T16:21:18.900 |
https://cve.circl.lu/cve/CVE-2024-54439 |
| CVE-2024-47552 |
5.9 |
Apache |
Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).This issue affects Apache Seata (incubating): from 2.0.0 before 2.2.0.Severity Justification:The Apache Seata security team assesses the severity of this vulnerability as "Low" due to stringent real-world mitigating factors. First, the vulnerability is strictly isolated to the Raft cluster mode, an optional and non-default feature introduced in v2.0.0, while most users rely on the unaffected traditional architecture. Second, Seata is an internal middleware; communication between TC and RM/TM occurs entirely within trusted internal networks. An attacker would require prior, unauthorized access to the Intranet to exploit this, making external exploitation highly improbable.Users are recommended to upgrade to version 2.2.0, which fixes the issue. |
2026-03-30T09:16:14.620 |
https://cve.circl.lu/cve/CVE-2024-47552 |
| CVE-2025-32897 |
5.9 |
Apache |
Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).This security vulnerability is the same as CVE-2024-47552, but the version range described in the CVE-2024-47552 definition is too narrow.This issue affects Apache Seata (incubating): from 2.0.0 before 2.3.0.Severity Justification:The Apache Seata security team assesses the severity of this vulnerability as "Low" due to stringent real-world mitigating factors. First, the vulnerability is strictly isolated to the Raft cluster mode, an optional and non-default feature introduced in v2.0.0, while most users rely on the unaffected traditional architecture. Second, Seata is an internal middleware; communication between TC and RM/TM occurs entirely within trusted internal networks. An attacker would require prior, unauthorized access to the Intranet to exploit this, making external exploitation highly improbable.Users are recommended to upgrade to version 2.3.0, which fixes the issue. |
2026-03-30T09:16:14.977 |
https://cve.circl.lu/cve/CVE-2025-32897 |
| CVE-2026-25903 |
5.9 |
Apache |
Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to the flow configuration, but framework authorization did not check restricted status when updating a component previously added. The missing authorization requires a more privileged user to add a restricted component to the flow configuration, but permits a less privileged user to make property configuration changes. Apache NiFi installations that do not implement different levels of authorization for Restricted components are not subject to this vulnerability because the framework enforces write permissions as the security boundary. Upgrading to Apache NiFi 2.8.0 is the recommended mitigation. |
2026-03-30T15:20:58.423 |
https://cve.circl.lu/cve/CVE-2026-25903 |
| CVE-2026-32642 |
1.4 |
Apache |
Incorrect Authorization (CWE-863) vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue" permission but does not have the "createAddress" permission and address auto-creation is disabled. In this circumstance, a temporary address will be created whereas the attempt to create the non-durable subscription should instead fail since the user is not authorized to create the corresponding address. When the OpenWire connection is closed the address is removed.This issue affects Apache Artemis: from 2.50.0 through 2.52.0; Apache ActiveMQ Artemis: from 2.0.0 through 2.44.0.Users are recommended to upgrade to version 2.53.0, which fixes the issue. |
2026-03-30T14:24:59.710 |
https://cve.circl.lu/cve/CVE-2026-32642 |
| CVE-2026-28367 |
5.8 |
Apache |
A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer, potentially leading to unauthorized access or manipulation of web requests. |
2026-03-30T13:26:29.793 |
https://cve.circl.lu/cve/CVE-2026-28367 |
| CVE-2026-34385 |
N/A |
Apple |
Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user credentials, API tokens, and device enrollment secrets. Version 4.81.0 patches the issue. |
2026-03-30T13:26:29.793 |
https://cve.circl.lu/cve/CVE-2026-34385 |
| CVE-2025-23482 |
N/A |
Azure |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in azurecurve azurecurve Floating Featured Image azurecurve-floating-featured-image allows Reflected XSS.This issue affects azurecurve Floating Featured Image: from n/a through <= 2.2.0. |
2026-04-01T16:23:14.663 |
https://cve.circl.lu/cve/CVE-2025-23482 |
| CVE-2025-22360 |
N/A |
Azure |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in promact WP Azure offload wp-azure-offload allows Reflected XSS.This issue affects WP Azure offload: from n/a through <= 2.0. |
2026-04-01T16:22:08.810 |
https://cve.circl.lu/cve/CVE-2025-22360 |
| CVE-2026-23658 |
4.0 |
Azure |
Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. |
2026-04-01T15:14:56.417 |
https://cve.circl.lu/cve/CVE-2026-23658 |
| CVE-2026-23659 |
4.0 |
Azure |
Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network. |
2026-04-01T15:13:35.350 |
https://cve.circl.lu/cve/CVE-2026-23659 |
| CVE-2026-33401 |
3.6 |
Azure |
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 (CVE-2026-30840) added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI recommendations endpoint, and the notification cron job. An authenticated user can reach internal network services, cloud metadata endpoints (AWS IMDSv1, GCP, Azure IMDS), or localhost-bound services by supplying a crafted URL to any of these endpoints. This issue has been patched in version 4.7.0. |
2026-03-26T20:49:04.470 |
https://cve.circl.lu/cve/CVE-2026-33401 |
| CVE-2025-31532 |
N/A |
Atom |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team AtomChat AtomChat atomchat allows Stored XSS.This issue affects AtomChat: from n/a through <= 1.1.8. |
2026-04-01T17:21:12.167 |
https://cve.circl.lu/cve/CVE-2025-31532 |
| CVE-2025-31831 |
N/A |
Atom |
Missing Authorization vulnerability in Team AtomChat AtomChat atomchat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AtomChat: from n/a through <= 1.1.7. |
2026-04-01T17:21:42.120 |
https://cve.circl.lu/cve/CVE-2025-31831 |
| CVE-2026-33634 |
5.9 |
Atom |
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action` to credential-stealing malware, and replace all 7 tags in `aquasecurity/setup-trivy` with malicious commits. This incident is a continuation of the supply chain attack that began in late February 2026. Following the initial disclosure on March 1, credential rotation was performed but was not atomic (not all credentials were revoked simultaneously). The attacker could have use a valid token to exfiltrate newly rotated secrets during the rotation window (which lasted a few days). This could have allowed the attacker to retain access and execute the March 19 attack. Affected components include the `aquasecurity/trivy` Go / Container image version 0.69.4, the `aquasecurity/trivy-action` GitHub Action versions 0.0.1 – 0.34.2 (76/77), and the`aquasecurity/setup-trivy` GitHub Action versions 0.2.0 – 0.2.6, prior to the recreation of 0.2.6 with a safe commit. Known safe versions include versions 0.69.2 and 0.69.3 of the Trivy binary, version 0.35.0 of trivy-action, and version 0.2.6 of setup-trivy. Additionally, take other mitigations to ensure the safety of secrets. If there is any possibility that a compromised version ran in one's environment, all secrets accessible to affected pipelines must be treated as exposed and rotated immediately. Check whether one's organization pulled or executed Trivy v0.69.4 from any source. Remove any affected artifacts immediately. Review all workflows using `aquasecurity/trivy-action` or `aquasecurity/setup-trivy`. Those who referenced a version tag rather than a full commit SHA should check workflow run logs from March 19–20, 2026 for signs of compromise. Look for repositories named `tpcp-docs` in one's GitHub organization. The presence of such a repository may indicate that the fallback exfiltration mechanism was triggered and secrets were successfully stolen. Pin GitHub Actions to full, immutable commit SHA hashes, don't use mutable version tags. |
2026-03-30T18:50:38.270 |
https://cve.circl.lu/cve/CVE-2026-33634 |
| CVE-2026-33738 |
2.7 |
Atom |
Lychee is a free, open-source photo-management tool. Prior to version 7.5.3, the photo `description` field is stored without HTML sanitization and rendered using `{!! $item->summary !!}` (Blade unescaped output) in the RSS, Atom, and JSON feed templates. The `/feed` endpoint is publicly accessible without authentication, allowing any RSS reader to execute attacker-controlled JavaScript. Version 7.5.3 fixes the issue. |
2026-03-30T18:45:14.510 |
https://cve.circl.lu/cve/CVE-2026-33738 |
| CVE-2018-25205 |
4.2 |
ASP.NET |
ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive database information using boolean-based blind or error-based techniques. |
2026-03-26T15:13:15.790 |
https://cve.circl.lu/cve/CVE-2018-25205 |
| CVE-2026-0522 |
N/A |
ASP.NET |
A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled path is returned. Due to the application's ASP.NET architecture, this could potentially lead to remote code execution when the "web.config" file is obtained. Furthermore, the application resolves UNC paths which may enable NTLM-relaying attacks.This issue affects VertiGIS FM: 10.5.00119 (0d29d428). |
2026-04-01T14:23:37.727 |
https://cve.circl.lu/cve/CVE-2026-0522 |
| CVE-2026-28786 |
1.4 |
Artificial Intelligence |
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a `FileNotFoundError` whose message — including the server's absolute `DATA_DIR` path — is returned verbatim in the HTTP 400 response body, confirming information disclosure on all default deployments. Version 0.8.6 patches the issue. |
2026-03-30T17:25:24.573 |
https://cve.circl.lu/cve/CVE-2026-28786 |
| CVE-2026-28788 |
4.2 |
Artificial Intelligence |
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the `POST /api/v1/retrieval/process/files/batch` endpoint. The endpoint performs no ownership check, so a regular user with read access to a shared knowledge base can obtain file UUIDs via `GET /api/v1/knowledge/{id}/files` and then overwrite those files, escalating from read to write. The overwritten content is served to the LLM via RAG, meaning the attacker controls what the model tells other users. Version 0.8.6 patches the issue. |
2026-04-01T16:12:25.257 |
https://cve.circl.lu/cve/CVE-2026-28788 |
| CVE-2026-29070 |
2.5 |
Artificial Intelligence |
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base (or is admin), but NOT that the file actually belongs to this knowledge base. It is thus possible to delete arbitrary files from arbitrary knowledge bases (as long as one knows the file id). Version 0.8.6 patches the issue. |
2026-04-01T16:10:43.933 |
https://cve.circl.lu/cve/CVE-2026-29070 |
| CVE-2026-29071 |
1.4 |
Artificial Intelligence |
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via `/api/v1/retrieval/query/collection`. Version 0.8.6 patches the issue. |
2026-04-01T16:09:53.443 |
https://cve.circl.lu/cve/CVE-2026-29071 |
| CVE-2026-34222 |
4.0 |
Artificial Intelligence |
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there is a broken access control vulnerability in tool values. This issue has been patched in version 0.8.11. |
2026-04-01T18:16:29.850 |
https://cve.circl.lu/cve/CVE-2026-34222 |
| CVE-2026-33665 |
5.9 |
Active Directory |
n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could control their own LDAP email attribute could set it to match another user's email — including an administrator's — and upon login gain full access to that account. The account linkage persisted even if the LDAP email was later reverted, resulting in a permanent account takeover. LDAP authentication must be configured and active (non-default). The issue has been fixed in n8n versions 2.4.0 and 1.121.0. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Disable LDAP authentication until the instance can be upgraded, restrict LDAP directory permissions so that users cannot modify their own email attributes, and/or audit existing LDAP-linked accounts for unexpected account associations. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures. |
2026-03-30T14:23:59.537 |
https://cve.circl.lu/cve/CVE-2026-33665 |
| CVE-2025-9907 |
5.9 |
Ansible |
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test_headers field when an event stream is in test mode. The possible outcome includes leakage of internal infrastructure details, accidental disclosure of user or system credentials, privilege escalation if high-value tokens are exposed, and persistent sensitive data exposure to all users with read access on the event stream. |
2026-03-26T16:56:31.513 |
https://cve.circl.lu/cve/CVE-2025-9907 |
| CVE-2024-49683 |
N/A |
AMP |
Missing Authorization vulnerability in Magazine3 Schema & Structured Data for WP & AMP schema-and-structured-data-for-wp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Schema & Structured Data for WP & AMP: from n/a through <= 1.3.5. |
2026-04-01T16:18:56.543 |
https://cve.circl.lu/cve/CVE-2024-49683 |
| CVE-2024-47318 |
5.9 |
AMP |
Missing Authorization vulnerability in Magazine3 PWA for WP & AMP pwa-for-wp.This issue affects PWA for WP & AMP: from n/a through <= 1.7.72. |
2026-04-01T16:18:04.330 |
https://cve.circl.lu/cve/CVE-2024-47318 |
| CVE-2024-51691 |
N/A |
AMP |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aryanduntley Admin Amplify wpr-admin-amplify allows Reflected XSS.This issue affects Admin Amplify: from n/a through <= 1.3.0. |
2026-04-01T16:19:37.510 |
https://cve.circl.lu/cve/CVE-2024-51691 |
| CVE-2024-51576 |
2.7 |
AMP |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpza AMP Img Shortcode amp-img-shortcode allows Stored XSS.This issue affects AMP Img Shortcode: from n/a through <= 1.0.1. |
2026-04-01T16:19:21.627 |
https://cve.circl.lu/cve/CVE-2024-51576 |
| CVE-2025-62757 |
N/A |
AMP |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebMan Design | Oliver Juhas WebMan Amplifier webman-amplifier allows DOM-Based XSS.This issue affects WebMan Amplifier: from n/a through <= 1.5.12. |
2026-04-01T17:28:08.487 |
https://cve.circl.lu/cve/CVE-2025-62757 |
| CVE-2026-28895 |
3.6 |
Biometric |
The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps with the passcode. |
2026-03-26T18:58:05.020 |
https://cve.circl.lu/cve/CVE-2026-28895 |
| CVE-2024-51826 |
N/A |
Bitcoin |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jandal Bitcoin Payments bitcoin-payments allows DOM-Based XSS.This issue affects Bitcoin Payments: from n/a through <= 1.4.2. |
2026-04-01T16:19:50.757 |
https://cve.circl.lu/cve/CVE-2024-51826 |
| CVE-2025-24544 |
N/A |
Bitcoin |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dashed-slug.net Bitcoin and Altcoin Wallets wallets allows Reflected XSS.This issue affects Bitcoin and Altcoin Wallets: from n/a through <= 6.3.1. |
2026-04-01T17:17:45.030 |
https://cve.circl.lu/cve/CVE-2025-24544 |
| CVE-2025-26535 |
N/A |
Bitcoin |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodeSolz Bitcoin / AltCoin Payment Gateway for WooCommerce woo-altcoin-payment-gateway allows Blind SQL Injection.This issue affects Bitcoin / AltCoin Payment Gateway for WooCommerce: from n/a through <= 1.7.6. |
2026-04-01T17:18:32.563 |
https://cve.circl.lu/cve/CVE-2025-26535 |
| CVE-2025-26541 |
N/A |
Bitcoin |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeSolz Bitcoin / AltCoin Payment Gateway for WooCommerce woo-altcoin-payment-gateway allows Reflected XSS.This issue affects Bitcoin / AltCoin Payment Gateway for WooCommerce: from n/a through <= 1.7.6. |
2026-04-01T17:18:33.360 |
https://cve.circl.lu/cve/CVE-2025-26541 |
| CVE-2025-48102 |
N/A |
Bitcoin |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gourl GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership gourl-bitcoin-payment-gateway-paid-downloads-membership allows Stored XSS.This issue affects GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership: from n/a through <= 1.6.6. |
2026-04-01T17:24:21.933 |
https://cve.circl.lu/cve/CVE-2025-48102 |
| CVE-2025-23975 |
N/A |
Botnet |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cheesefather Botnet Attack Blocker botnet-attack-blocker allows Stored XSS.This issue affects Botnet Attack Blocker: from n/a through <= 2.0.0. |
2026-04-01T17:17:33.113 |
https://cve.circl.lu/cve/CVE-2025-23975 |
| CVE-2025-31893 |
N/A |
Botnet |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cheesefather Botnet Attack Blocker botnet-attack-blocker allows Stored XSS.This issue affects Botnet Attack Blocker: from n/a through <= 2.0.0. |
2026-04-01T17:21:50.120 |
https://cve.circl.lu/cve/CVE-2025-31893 |
| CVE-2025-7073 |
5.9 |
BitDefender |
A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user. |
2026-03-31T12:16:26.993 |
https://cve.circl.lu/cve/CVE-2025-7073 |
| CVE-2025-68158 |
3.6 |
CSRF |
Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state (easily obtainable via an attacker-initiated authentication flow). When a cache is supplied to the OAuth client registry, FrameworkIntegration.set_state_data writes the entire state blob under _state_{app}_{state}, and get_state_data ignores the caller’s session altogether. This issue has been patched in version 1.6.6. |
2026-03-30T13:16:21.587 |
https://cve.circl.lu/cve/CVE-2025-68158 |
| CVE-2026-33372 |
2.5 |
CSRF |
An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A cross-site request forgery (CSRF) vulnerability exists in Zimbra Webmail due to improper validation of CSRF tokens. The application accepts CSRF tokens supplied within the request body instead of requiring them through the expected request header. An attacker can exploit this issue by tricking an authenticated user into submitting a crafted request. This may allow unauthorized actions to be performed on behalf of the victim. |
2026-04-01T15:32:50.733 |
https://cve.circl.lu/cve/CVE-2026-33372 |
| CVE-2026-31849 |
N/A |
CSRF |
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an authenticated administrator’s browser, leading to unauthorized configuration changes, including enabling services or modifying system settings. |
2026-03-26T11:16:20.827 |
https://cve.circl.lu/cve/CVE-2026-31849 |
| CVE-2026-27659 |
2.5 |
CSRF |
Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to properly validate CSRF tokens in the /api/v4/access_control_policies/{policy_id}/activate endpoint, which allows an attacker to trick an admin into changing access control policy active status via a crafted request.. Mattermost Advisory ID: MMSA-2026-00578 |
2026-03-26T18:49:34.053 |
https://cve.circl.lu/cve/CVE-2026-27659 |
| CVE-2026-3857 |
5.2 |
CSRF |
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection. |
2026-03-30T15:19:33.930 |
https://cve.circl.lu/cve/CVE-2026-3857 |
| CVE-2026-20004 |
4.0 |
Cisco |
A vulnerability in the TLS library of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust the available memory of an affected device. This vulnerability is due to improper management of memory resources during TLS connection setup. An attacker could exploit this vulnerability by repeatedly triggering the conditions that cause the memory increase. This could be done in a variety of ways, such as by repeatedly attempting Extensible Authentication Protocol (EAP) authentication when local EAP is enabled on an affected device or by using a machine-in-the-middle attack and resetting TLS connections between the affected device and other devices. A successful exploit could allow the attacker to exhaust the available memory on an affected device, resulting in an unexpected reload and a denial of service (DoS) condition. |
2026-03-26T15:13:33.940 |
https://cve.circl.lu/cve/CVE-2026-20004 |
| CVE-2026-20012 |
4.0 |
Cisco |
A vulnerability in the Internet Key Exchange version 2 (IKEv2) feature of Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to improper parsing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. A successful exploit of Cisco IOS Software and IOS XE Software could allow the attacker to cause the affected device to reload, resulting in a DoS condition. A successful exploit of Cisco Secure Firewall ASA Software and Secure FTD Software could allow the attacker to partially exhaust system memory, resulting in system instability, such as the inability to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition. |
2026-03-26T15:13:33.940 |
https://cve.circl.lu/cve/CVE-2026-20012 |
| CVE-2026-20083 |
4.0 |
Cisco |
A vulnerability in the Secure Copy Protocol (SCP) server feature of Cisco IOS XE Software could allow an authenticated, local attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of a malformed SCP request. An attacker could exploit this vulnerability by issuing a crafted command through SSH. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. |
2026-03-26T15:13:33.940 |
https://cve.circl.lu/cve/CVE-2026-20083 |
| CVE-2026-20084 |
4.0 |
Cisco |
A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded between VLANs, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of BOOTP packets on Cisco Catalyst 9000 Series Switches. An attacker could exploit this vulnerability by sending BOOTP request packets to an affected device. A successful exploit could allow an attacker to forward BOOTP packets from one VLAN to another, resulting in BOOTP VLAN leakage and potentially leading to high CPU utilization. This makes the device unreachable (either through console or remote management) and unable to forward traffic, resulting in a DoS condition. Note: This vulnerability can be exploited with either unicast or broadcast BOOTP packets. There are workarounds that address this vulnerability. |
2026-03-26T15:13:33.940 |
https://cve.circl.lu/cve/CVE-2026-20084 |
| CVE-2026-20086 |
4.0 |
Cisco |
A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of a malformed CAPWAP packet. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition. |
2026-03-26T15:13:33.940 |
https://cve.circl.lu/cve/CVE-2026-20086 |
| CVE-2024-53739 |
5.9 |
Cryptocurrency |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor cryptocurrency-widgets-for-elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elementor: from n/a through <= 1.6.4. |
2026-04-01T16:20:32.433 |
https://cve.circl.lu/cve/CVE-2024-53739 |
| CVE-2024-54308 |
N/A |
Cryptocurrency |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in falselight Cryptocurrency Price Widget cryptocurrency-price-widget allows Stored XSS.This issue affects Cryptocurrency Price Widget: from n/a through <= 1.2.3. |
2026-04-01T16:21:01.233 |
https://cve.circl.lu/cve/CVE-2024-54308 |
| CVE-2025-31539 |
N/A |
Cryptocurrency |
Missing Authorization vulnerability in Blocksera Cryptocurrency Widgets Pack cryptocurrency-widgets-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets Pack: from n/a through <= 2.0.1. |
2026-04-01T17:21:13.093 |
https://cve.circl.lu/cve/CVE-2025-31539 |
| CVE-2025-48141 |
N/A |
Cryptocurrency |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Zaytseff Multi CryptoCurrency Payments multi-crypto-currency-payment allows SQL Injection.This issue affects Multi CryptoCurrency Payments: from n/a through <= 2.0.7. |
2026-04-01T17:24:26.743 |
https://cve.circl.lu/cve/CVE-2025-48141 |
| CVE-2017-6054 |
3.6 |
Cryptograph |
A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information. |
2026-04-01T19:09:09.790 |
https://cve.circl.lu/cve/CVE-2017-6054 |
| CVE-2023-46129 |
3.6 |
Cryptograph |
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server 2.10 (Sep 2023) and newer for authentication callouts. In nkeys versions 0.4.0 through 0.4.5, corresponding with NATS server versions 2.10.0 through 2.10.3, the nkeys library's `xkeys` encryption handling logic mistakenly passed an array by value into an internal function, where the function mutated that buffer to populate the encryption key to use. As a result, all encryption was actually to an all-zeros key. This affects encryption only, not signing. FIXME: FILL IN IMPACT ON NATS-SERVER AUTH CALLOUT SECURITY. nkeys Go library 0.4.6, corresponding with NATS Server 2.10.4, has a patch for this issue. No known workarounds are available. For any application handling auth callouts in Go, if using the nkeys library, update the dependency, recompile and deploy that in lockstep. |
2026-03-30T14:30:00.877 |
https://cve.circl.lu/cve/CVE-2023-46129 |
| CVE-2026-28252 |
5.9 |
Cryptograph |
A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device. |
2026-03-27T16:22:41.620 |
https://cve.circl.lu/cve/CVE-2026-28252 |
| CVE-2026-20996 |
1.4 |
Cryptograph |
Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication. |
2026-03-31T00:29:54.270 |
https://cve.circl.lu/cve/CVE-2026-20996 |
| CVE-2026-20997 |
5.9 |
Cryptograph |
Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication. |
2026-03-31T00:35:49.540 |
https://cve.circl.lu/cve/CVE-2026-20997 |
| CVE-2024-52383 |
N/A |
ChatGPT |
Missing Authorization vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One ai-auto-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through <= 2.1.2. |
2026-04-01T16:20:12.407 |
https://cve.circl.lu/cve/CVE-2024-52383 |
| CVE-2024-54306 |
N/A |
ChatGPT |
Cross-Site Request Forgery (CSRF) vulnerability in aitool AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot ai-seo-translator allows Cross Site Request Forgery.This issue affects AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot: from n/a through <= 1.6.2. |
2026-04-01T16:21:00.843 |
https://cve.circl.lu/cve/CVE-2024-54306 |
| CVE-2025-23668 |
N/A |
ChatGPT |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mauricio Urrego ChatGPT Open AI Images & Content for WooCommerce glasses-for-woocommerce allows Reflected XSS.This issue affects ChatGPT Open AI Images & Content for WooCommerce: from n/a through <= 2.2.0. |
2026-04-01T16:23:41.080 |
https://cve.circl.lu/cve/CVE-2025-23668 |
| CVE-2025-31564 |
N/A |
ChatGPT |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One ai-auto-tool allows Blind SQL Injection.This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through <= 2.2.6. |
2026-04-01T17:21:19.587 |
https://cve.circl.lu/cve/CVE-2025-31564 |
| CVE-2025-58829 |
N/A |
ChatGPT |
Server-Side Request Forgery (SSRF) vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One ai-auto-tool allows Server Side Request Forgery.This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through <= 2.3.3. |
2026-04-01T17:27:28.130 |
https://cve.circl.lu/cve/CVE-2025-58829 |
| CVE-2024-49235 |
N/A |
CRM |
Insertion of Sensitive Information Into Sent Data vulnerability in videowhisper Contact Forms, Live Support, CRM, Video Messages live-support-tickets allows Retrieve Embedded Sensitive Data.This issue affects Contact Forms, Live Support, CRM, Video Messages: from n/a through <= 1.10.2. |
2026-04-01T16:18:28.437 |
https://cve.circl.lu/cve/CVE-2024-49235 |
| CVE-2024-49297 |
N/A |
CRM |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows SQL Injection.This issue affects Zoho CRM Lead Magnet: from n/a through <= 1.7.9.7. |
2026-04-01T16:18:37.847 |
https://cve.circl.lu/cve/CVE-2024-49297 |
| CVE-2024-52350 |
2.7 |
CRM |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nrmendez CRM 2go crm2go allows DOM-Based XSS.This issue affects CRM 2go: from n/a through <= 1.0. |
2026-04-01T16:20:08.847 |
https://cve.circl.lu/cve/CVE-2024-52350 |
| CVE-2024-51891 |
N/A |
CRM |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SalesWizard.pl Official SalesWizard CRM Plugin official-saleswizard-crm allows Stored XSS.This issue affects Official SalesWizard CRM Plugin: from n/a through <= 1.0.3. |
2026-04-01T16:20:00.440 |
https://cve.circl.lu/cve/CVE-2024-51891 |
| CVE-2024-52446 |
N/A |
CRM |
Cross-Site Request Forgery (CSRF) vulnerability in Buying Buddy Buying Buddy IDX CRM buying-buddy-idx-crm allows Object Injection.This issue affects Buying Buddy IDX CRM: from n/a through <= 1.2.8. |
2026-04-01T16:20:20.983 |
https://cve.circl.lu/cve/CVE-2024-52446 |
| CVE-2026-5024 |
5.9 |
D-Link |
A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formSetEmail. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. |
2026-03-30T19:00:46.603 |
https://cve.circl.lu/cve/CVE-2026-5024 |
| CVE-2026-5211 |
5.9 |
D-Link |
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This vulnerability affects the function UPnP_AV_Server_Path_Del of the file /cgi-bin/app_mgr.cgi. Executing a manipulation of the argument f_dir can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. |
2026-04-01T14:23:37.727 |
https://cve.circl.lu/cve/CVE-2026-5211 |
| CVE-2026-5212 |
5.9 |
D-Link |
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function Webdav_Upload_File of the file /cgi-bin/webdav_mgr.cgi. The manipulation of the argument f_file leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. |
2026-04-01T14:23:37.727 |
https://cve.circl.lu/cve/CVE-2026-5212 |
| CVE-2026-5213 |
5.9 |
D-Link |
A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function cgi_adduser_to_session of the file /cgi-bin/account_mgr.cgi. This manipulation of the argument read_list causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. |
2026-04-01T14:23:37.727 |
https://cve.circl.lu/cve/CVE-2026-5213 |
| CVE-2026-5214 |
5.9 |
D-Link |
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function cgi_addgroup_get_group_quota_minsize of the file /cgi-bin/account_mgr.cgi. The manipulation of the argument Name results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. |
2026-04-01T14:23:37.727 |
https://cve.circl.lu/cve/CVE-2026-5214 |
| CVE-2024-37444 |
5.9 |
Defender |
Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Defender Security defender-security.This issue affects Defender Security: from n/a through <= 4.7.1. |
2026-04-01T16:17:26.903 |
https://cve.circl.lu/cve/CVE-2024-37444 |
| CVE-2026-27101 |
3.4 |
Dell |
Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker within the management network could potentially exploit this vulnerability, leading to remote execution. |
2026-04-01T14:23:37.727 |
https://cve.circl.lu/cve/CVE-2026-27101 |
| CVE-2026-22767 |
5.5 |
Dell |
Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering. |
2026-04-01T14:23:37.727 |
https://cve.circl.lu/cve/CVE-2026-22767 |
| CVE-2026-22768 |
5.9 |
Dell |
Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
2026-04-01T14:23:37.727 |
https://cve.circl.lu/cve/CVE-2026-22768 |
| CVE-2026-32113 |
N/A |
Discourse |
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the enter action in StaticController reads the sso_destination_url cookie and redirects to it with allow_other_host: true without validating the destination URL. While this cookie is normally set during legitimate DiscourseConnect Provider flows with cryptographically validated SSO payloads, cookies are client-controlled and can be set by attackers. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0. |
2026-04-01T14:24:02.583 |
https://cve.circl.lu/cve/CVE-2026-32113 |
| CVE-2026-32143 |
N/A |
Discourse |
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could expose sensitive operational data intended only for admins. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0. |
2026-04-01T14:24:02.583 |
https://cve.circl.lu/cve/CVE-2026-32143 |
| CVE-2026-32243 |
N/A |
Discourse |
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an attacker with the ability to create shared AI conversations could inject arbitrary HTML and JavaScript via crafted conversation titles. This payload would execute in the browser of any user viewing the onebox preview, potentially allowing session hijacking or unauthorized actions on behalf of the victim. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0. |
2026-04-01T14:24:02.583 |
https://cve.circl.lu/cve/CVE-2026-32243 |
| CVE-2026-32273 |
2.7 |
Discourse |
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, updating a category description via API is not sanitizing the description string, which can lead to XSS attacks. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0. |
2026-04-01T14:24:02.583 |
https://cve.circl.lu/cve/CVE-2026-32273 |
| CVE-2026-32607 |
N/A |
Discourse |
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, when the hidden prioritize_full_name_in_ux site setting is enabled (defaults to false, requires console access to change), user and group display names are rendered without HTML escaping in several assignment-related UI paths. This allows users with assign permission to inject arbitrary HTML/JavaScript that executes in the browser of any user viewing an affected topic. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0. |
2026-04-01T14:24:02.583 |
https://cve.circl.lu/cve/CVE-2026-32607 |
| CVE-2026-33149 |
5.8 |
Django |
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions up to and including 2.5.3 set ALLOWED_HOSTS = '*' by default, which causes Django to accept any value in the HTTP Host header without validation. The application uses request.build_absolute_uri() to generate absolute URLs in multiple contexts, including invite link emails, API pagination, and OpenAPI schema generation. An attacker who can send requests to the application with a crafted Host header can manipulate all server-generated absolute URLs. The most critical impact is invite link poisoning: when an admin creates an invite and the application sends the invite email, the link points to the attacker's server instead of the real application. When the victim clicks the link, the invite token is sent to the attacker, who can then use it at the real application. As of time of publication, it is unknown if a patched version is available. |
2026-03-30T15:16:29.263 |
https://cve.circl.lu/cve/CVE-2026-33149 |
| CVE-2026-33152 |
5.2 |
Django |
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthentication as one of the default authentication backends. The AllAuth rate limiting configuration (ACCOUNT_RATE_LIMITS: login: 5/m/ip) only applies to the HTML-based login endpoint at /accounts/login/. Any API endpoint that accepts authenticated requests can be targeted via Authorization: Basic headers with zero rate limiting, zero account lockout, and unlimited attempts. An attacker can perform high-speed password guessing against any known username. Version 2.6.0 patches the issue. |
2026-03-30T19:18:18.253 |
https://cve.circl.lu/cve/CVE-2026-33152 |
| CVE-2026-33153 |
3.6 |
Django |
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe API endpoint exposes a hidden `?debug=true` query parameter that returns the complete raw SQL query being executed, including all table names, column names, JOIN relationships, WHERE conditions (revealing access control logic), and multi-tenant space IDs. This parameter works even when Django's `DEBUG=False` (production mode) and is accessible to any authenticated user regardless of their privilege level. This allows a low-privilege attacker to map the entire database schema and reverse-engineer the authorization model. Version 2.6.0 patches the issue. |
2026-03-30T19:16:16.650 |
https://cve.circl.lu/cve/CVE-2026-33153 |
| CVE-2026-33530 |
4.0 |
Django |
InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6, certain API endpoints associated with bulk data operations can be hijacked to exfiltrate sensitive information from the database. The bulk operation API endpoints (e.g. `/api/part/`, `/api/stock/`, `/api/order/so/allocation/`, and others) accept a filters parameter that is passed directly to Django's ORM queryset.filter(**filters) without any field allowlisting. This enables any authenticated user to traverse model relationships using Django's __ lookup syntax and perform blind boolean-based data extraction. This issue is patched in version 1.2.6, and 1.3.0 (or above). Users should update to the patched versions. No known workarounds are available. |
2026-04-01T18:48:48.383 |
https://cve.circl.lu/cve/CVE-2026-33530 |
| CVE-2026-34231 |
2.7 |
Django |
Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting (XSS) vulnerability exists in the {% attrs %} template tag of the slippers Django package. When a context variable containing untrusted data is passed to {% attrs %}, the value is interpolated into an HTML attribute string without escaping, allowing an attacker to break out of the attribute context and inject arbitrary HTML or JavaScript into the rendered page. This issue has been patched in version 0.6.3. |
2026-04-01T14:24:02.583 |
https://cve.circl.lu/cve/CVE-2026-34231 |
| CVE-2025-10461 |
N/A |
Docker |
Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access.This issue affectssmartLink SW-HT: through 1.42smartLink SW-PN: through 1.03. |
2026-03-27T09:16:17.050 |
https://cve.circl.lu/cve/CVE-2025-10461 |
| CVE-2026-33744 |
5.9 |
Docker |
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the `docker.system_packages` field in `bentofile.yaml` accepts arbitrary strings that are interpolated directly into Dockerfile `RUN` commands without sanitization. Since `system_packages` is semantically a list of OS package names (data), users do not expect values to be interpreted as shell commands. A malicious `bentofile.yaml` achieves arbitrary command execution during `bentoml containerize` / `docker build`. Version 1.4.37 fixes the issue. |
2026-04-01T15:00:48.743 |
https://cve.circl.lu/cve/CVE-2026-33744 |
| CVE-2026-33748 |
N/A |
Docker |
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. The issue has been fixed in version v0.28.1 The issue affects only builds that use Git URLs with a subpath component. As a workaround, avoid building Dockerfiles from untrusted sources or using the subdir component from an untrusted Git repository where the subdir component could point to a symlink. |
2026-03-30T13:26:29.793 |
https://cve.circl.lu/cve/CVE-2026-33748 |
| CVE-2025-15612 |
2.5 |
Docker |
Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies or code during the build process, leading to remote code execution and supply chain compromise. |
2026-03-30T13:26:29.793 |
https://cve.circl.lu/cve/CVE-2025-15612 |
| CVE-2026-34205 |
6.0 |
Docker |
Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (formerly add-ons) configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interface to the local network. On Linux, this configuration does not restrict access to the app as intended, allowing any device on the same network to reach these endpoints without authentication. Home Assistant Supervisor 2026.03.02 addresses the issue. |
2026-03-30T13:26:29.793 |
https://cve.circl.lu/cve/CVE-2026-34205 |
| CVE-2026-34036 |
3.6 |
Dolibarr |
Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions 22.0.4 and prior, there is a Local File Inclusion (LFI) vulnerability in the core AJAX endpoint /core/ajax/selectobject.php. By manipulating the objectdesc parameter and exploiting a fail-open logic flaw in the core access control function restrictedArea(), an authenticated user with no specific privileges can read the contents of arbitrary non-PHP files on the server (such as .env, .htaccess, configuration backups, or logs…). At time of publication, there are no publicly available patches. |
2026-04-01T14:24:02.583 |
https://cve.circl.lu/cve/CVE-2026-34036 |
| CVE-2025-24629 |
N/A |
Excel |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpgear Import Excel to Gravity Forms gf-excel-import allows Reflected XSS.This issue affects Import Excel to Gravity Forms: from n/a through <= 1.18. |
2026-04-01T17:17:56.603 |
https://cve.circl.lu/cve/CVE-2025-24629 |
| CVE-2025-32511 |
N/A |
Excel |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Excellent Dynamics Make Email Customizer for WooCommerce make-email-customizer-for-woocommerce allows Reflected XSS.This issue affects Make Email Customizer for WooCommerce: from n/a through <= 1.0.6. |
2026-04-01T17:22:27.767 |
https://cve.circl.lu/cve/CVE-2025-32511 |
| CVE-2025-32674 |
N/A |
Excel |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Product Excel Import Export & Bulk Edit for WooCommerce webd-woocommerce-product-excel-importer-bulk-edit allows Reflected XSS.This issue affects Product Excel Import Export & Bulk Edit for WooCommerce: from n/a through <= 4.7. |
2026-04-01T17:22:49.397 |
https://cve.circl.lu/cve/CVE-2025-32674 |
| CVE-2025-39378 |
N/A |
Excel |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows PHP Local File Inclusion.This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through <= 2.4.37. |
2026-04-01T17:22:57.807 |
https://cve.circl.lu/cve/CVE-2025-39378 |
| CVE-2025-48122 |
N/A |
Excel |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows SQL Injection.This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through <= 2.4.37. |
2026-04-01T17:24:24.210 |
https://cve.circl.lu/cve/CVE-2025-48122 |
| CVE-2024-54332 |
N/A |
Exchange |
Cross-Site Request Forgery (CSRF) vulnerability in WPFactory WP Currency Exchange Rates wp-currency-exchange-rates allows Stored XSS.This issue affects WP Currency Exchange Rates: from n/a through <= 1.2.0. |
2026-04-01T16:21:04.327 |
https://cve.circl.lu/cve/CVE-2024-54332 |
| CVE-2025-30864 |
N/A |
Exchange |
Missing Authorization vulnerability in falselight Exchange Rates exchange-rates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Exchange Rates: from n/a through <= 1.2.2. |
2026-04-01T17:20:29.303 |
https://cve.circl.lu/cve/CVE-2025-30864 |
| CVE-2025-31783 |
N/A |
Exchange |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leartes.NET Leartes TRY Exchange Rates leartes-try-exchange-rates allows Stored XSS.This issue affects Leartes TRY Exchange Rates: from n/a through <= 2.1. |
2026-04-01T17:21:36.033 |
https://cve.circl.lu/cve/CVE-2025-31783 |
| CVE-2025-47620 |
N/A |
Exchange |
Cross-Site Request Forgery (CSRF) vulnerability in bundgaard Martins Free Monetized Ad Exchange Network martins-free-and-easy-ad-network-get-more-visitors allows Reflected XSS.This issue affects Martins Free Monetized Ad Exchange Network: from n/a through <= 1.0.6. |
2026-04-01T17:24:10.870 |
https://cve.circl.lu/cve/CVE-2025-47620 |
| CVE-2025-58624 |
N/A |
Exchange |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in falselight Exchange Rates exchange-rates allows Stored XSS.This issue affects Exchange Rates: from n/a through <= 1.2.5. |
2026-04-01T17:27:12.130 |
https://cve.circl.lu/cve/CVE-2025-58624 |
| CVE-2023-0332 |
3.4 |
Exploit |
A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file admin/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218472. |
2026-03-30T18:15:59.940 |
https://cve.circl.lu/cve/CVE-2023-0332 |
| CVE-2024-0247 |
3.4 |
Exploit |
A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249778 is the identifier assigned to this vulnerability. |
2026-03-30T18:15:59.940 |
https://cve.circl.lu/cve/CVE-2024-0247 |
| CVE-2024-35659 |
5.9 |
Exploit |
Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiviCare: from n/a through <= 3.6.6. |
2026-04-01T16:17:16.327 |
https://cve.circl.lu/cve/CVE-2024-35659 |
| CVE-2024-31246 |
5.9 |
Exploit |
Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 3.2.3. |
2026-04-01T16:16:57.627 |
https://cve.circl.lu/cve/CVE-2024-31246 |
| CVE-2024-35729 |
5.9 |
Exploit |
Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.2.6. |
2026-04-01T16:17:18.620 |
https://cve.circl.lu/cve/CVE-2024-35729 |
| CVE-2017-6052 |
2.5 |
Endpoint |
A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints. |
2026-04-01T19:09:23.640 |
https://cve.circl.lu/cve/CVE-2017-6052 |
| CVE-2026-26055 |
3.6 |
Endpoint |
Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller (ATC) component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send AdmissionReview requests to the webhook, bypassing Kubernetes API Server authentication. This enables attackers to trigger WASM module execution in the ATC controller context without proper authorization. |
2026-04-01T20:57:00.640 |
https://cve.circl.lu/cve/CVE-2026-26055 |
| CVE-2026-3638 |
4.2 |
Endpoint |
Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-privileged authenticated user to restore deleted users and roles via crafted API requests. |
2026-03-30T19:32:08.327 |
https://cve.circl.lu/cve/CVE-2026-3638 |
| CVE-2026-4324 |
2.5 |
Endpoint |
A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database. |
2026-03-27T00:16:23.800 |
https://cve.circl.lu/cve/CVE-2026-4324 |
| CVE-2026-4366 |
1.4 |
Endpoint |
A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an attacker to trick the server into making unintended requests to internal or restricted resources. As a result, sensitive internal services such as cloud metadata endpoints could be accessed. This issue may lead to information disclosure and enable attackers to map internal network infrastructure. |
2026-04-01T15:10:12.310 |
https://cve.circl.lu/cve/CVE-2026-4366 |
| CVE-2026-21643 |
5.9 |
Fortinet |
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. |
2026-03-30T13:16:22.063 |
https://cve.circl.lu/cve/CVE-2026-21643 |
| CVE-2025-22280 |
N/A |
Firewall |
Missing Authorization vulnerability in revmakx DefendWP Firewall defend-wp-firewall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DefendWP Firewall: from n/a through <= 1.1.0. |
2026-04-01T16:21:58.030 |
https://cve.circl.lu/cve/CVE-2025-22280 |
| CVE-2026-33768 |
2.5 |
Firewall |
Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path header and x_astro_path query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel's platform-level path restrictions entirely. The override preserves the original HTTP method and body, so this isn't limited to GET. POST, PUT, DELETE all land on the rewritten path. A Firewall rule blocking /admin/* does nothing when the request comes in as POST /api/health?x_astro_path=/admin/delete-user. This issue has been patched in version 10.0.2. |
2026-03-26T13:37:30.467 |
https://cve.circl.lu/cve/CVE-2026-33768 |
| CVE-2026-4948 |
3.6 |
Firewall |
A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper authentication, leading to unauthorized changes in network security configurations. |
2026-03-30T13:26:29.793 |
https://cve.circl.lu/cve/CVE-2026-4948 |
| CVE-2025-58875 |
N/A |
GIS |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sudar Muthu WP Github Gist wp-github-gist allows Stored XSS.This issue affects WP Github Gist: from n/a through <= 0.5. |
2026-04-01T17:27:34.460 |
https://cve.circl.lu/cve/CVE-2025-58875 |
| CVE-2026-33721 |
1.4 |
GIS |
MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD (Styled Layer Descriptor) parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with more than 100 Threshold elements inside a ColorMap/Categorize structure (commonly reachable via WMS GetMap with SLD_BODY). Version 8.6.1 patches the issue. |
2026-04-01T15:58:41.743 |
https://cve.circl.lu/cve/CVE-2026-33721 |
| CVE-2026-34172 |
N/A |
GIS |
Giskard is an open-source Python library for testing and evaluating agentic systems. Prior to versions 0.3.4 and 1.0.2b1, ChatWorkflow.chat(message) passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input to this method enables full remote code execution via Jinja2 class traversal. The method name chat and parameter name message naturally invite passing user input directly, but the string is silently parsed as a Jinja2 template, not treated as plain text. This issue has been patched in versions 0.3.4 and 1.0.2b1. |
2026-04-01T14:24:02.583 |
https://cve.circl.lu/cve/CVE-2026-34172 |
| CVE-2025-13611 |
1.4 |
GitLab |
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.5.5 and 18.6 before 18.6.3 that could have allowed an authenticated user with access to certain logs to obtain sensitive tokens under specific conditions. |
2026-03-31T12:16:26.650 |
https://cve.circl.lu/cve/CVE-2025-13611 |
| CVE-2026-4363 |
2.5 |
GitLab |
GitLab has remediated an issue in GitLab EE affecting all versions from 18.1 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user to gain unauthorized access to resources due to improper caching of authorization decisions. |
2026-03-26T11:56:57.300 |
https://cve.circl.lu/cve/CVE-2026-4363 |
| CVE-2025-13078 |
3.6 |
GitLab |
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configuration inputs. |
2026-03-26T18:29:26.090 |
https://cve.circl.lu/cve/CVE-2025-13078 |
| CVE-2025-13436 |
3.6 |
GitLab |
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when handling certain CI-related inputs. |
2026-03-26T18:28:49.180 |
https://cve.circl.lu/cve/CVE-2025-13436 |
| CVE-2025-14595 |
1.4 |
GitLab |
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security configuration due to improper access control |
2026-03-26T18:28:05.517 |
https://cve.circl.lu/cve/CVE-2025-14595 |
| CVE-2024-44941 |
5.9 |
Google |
In the Linux kernel, the following vulnerability has been resolved:f2fs: fix to cover read extent cache access with locksyzbot reports a f2fs bug as below:BUG: KASAN: slab-use-after-free in sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46Read of size 4 at addr ffff8880739ab220 by task syz-executor200/5097CPU: 0 PID: 5097 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46 do_read_inode fs/f2fs/inode.c:509 [inline] f2fs_iget+0x33e1/0x46e0 fs/f2fs/inode.c:560 f2fs_nfs_get_inode+0x74/0x100 fs/f2fs/super.c:3237 generic_fh_to_dentry+0x9f/0xf0 fs/libfs.c:1413 exportfs_decode_fh_raw+0x152/0x5f0 fs/exportfs/expfs.c:444 exportfs_decode_fh+0x3c/0x80 fs/exportfs/expfs.c:584 do_handle_to_path fs/fhandle.c:155 [inline] handle_to_path fs/fhandle.c:210 [inline] do_handle_open+0x495/0x650 fs/fhandle.c:226 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7fWe missed to cover sanity_check_extent_cache() w/ extent cache lock,so, below race case may happen, result in use after free issue.- f2fs_iget - do_read_inode - f2fs_init_read_extent_tree : add largest extent entry in to cache\t\t\t\t\t- shrink\t\t\t\t\t - f2fs_shrink_read_extent_tree\t\t\t\t\t - __shrink_extent_tree\t\t\t\t\t - __detach_extent_node\t\t\t\t\t : drop largest extent entry - sanity_check_extent_cache : access et->largest w/o locklet's refactor sanity_check_extent_cache() to avoid extent cache accessand call it before f2fs_init_read_extent_tree() to fix this issue. |
2026-04-01T18:09:32.867 |
https://cve.circl.lu/cve/CVE-2024-44941 |
| CVE-2024-49606 |
2.7 |
Google |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DotsquaresLtd Google Map Locations google-map-locations allows Reflected XSS.This issue affects Google Map Locations: from n/a through <= 1.0. |
2026-04-01T16:18:43.177 |
https://cve.circl.lu/cve/CVE-2024-49606 |
| CVE-2024-49335 |
2.7 |
Google |
Cross-Site Request Forgery (CSRF) vulnerability in sh4d0w28 GoogleDrive folder list googledrive-folder-list allows Stored XSS.This issue affects GoogleDrive folder list: from n/a through <= 2.2.2. |
2026-04-01T16:18:42.710 |
https://cve.circl.lu/cve/CVE-2024-49335 |
| CVE-2024-49672 |
2.7 |
Google |
Cross-Site Request Forgery (CSRF) vulnerability in giffordcheung Google Docs RSVP google-docs-rsvp-guestlist allows Stored XSS.This issue affects Google Docs RSVP: from n/a through <= 2.0.1. |
2026-04-01T16:18:55.077 |
https://cve.circl.lu/cve/CVE-2024-49672 |
| CVE-2024-51882 |
3.6 |
Google |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopalkumar315 Gboy Custom Google Map gboy-custom-google-map allows Blind SQL Injection.This issue affects Gboy Custom Google Map: from n/a through <= 1.2. |
2026-04-01T16:19:59.110 |
https://cve.circl.lu/cve/CVE-2024-51882 |
| CVE-2025-24751 |
N/A |
GoDaddy |
Missing Authorization vulnerability in GoDaddy CoBlocks coblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoBlocks: from n/a through <= 3.1.13. |
2026-04-01T17:18:13.283 |
https://cve.circl.lu/cve/CVE-2025-24751 |
| CVE-2026-21724 |
2.5 |
Grafana |
A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission. |
2026-03-30T13:26:50.827 |
https://cve.circl.lu/cve/CVE-2026-21724 |
| CVE-2026-33375 |
3.6 |
Grafana |
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastrophic Out-Of-Memory (OOM) memory exhaustion, crashing the host container. |
2026-03-31T19:01:30.800 |
https://cve.circl.lu/cve/CVE-2026-33375 |
| CVE-2026-28377 |
3.6 |
Grafana |
A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3.Thanks to william_goodfellow for reporting this vulnerability. |
2026-03-31T19:00:15.610 |
https://cve.circl.lu/cve/CVE-2026-28377 |
| CVE-2026-27876 |
6.0 |
Grafana |
A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always recommended to update to avoid future attack vectors going this path.Only instances with the sqlExpressions feature toggle enabled are vulnerable. |
2026-03-31T18:36:58.457 |
https://cve.circl.lu/cve/CVE-2026-27876 |
| CVE-2026-27879 |
3.6 |
Grafana |
A resample query can be used to trigger out-of-memory crashes in Grafana. |
2026-03-31T18:56:31.810 |
https://cve.circl.lu/cve/CVE-2026-27879 |
| CVE-2024-52384 |
N/A |
GPT |
Unrestricted Upload of File with Dangerous Type vulnerability in wpmonks Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation ai-content-generator allows Upload a Web Shell to a Web Server.This issue affects Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation: from n/a through <= 2.4.9. |
2026-04-01T16:20:12.553 |
https://cve.circl.lu/cve/CVE-2024-52384 |
| CVE-2025-47470 |
N/A |
GPT |
Cross-Site Request Forgery (CSRF) vulnerability in senols GPT3 AI Content Writer gpt3-ai-content-generator allows Cross Site Request Forgery.This issue affects GPT3 AI Content Writer: from n/a through <= 1.9.14. |
2026-04-01T17:23:51.477 |
https://cve.circl.lu/cve/CVE-2025-47470 |
| CVE-2026-23401 |
N/A |
GPT |
In the Linux kernel, the following vulnerability has been resolved:KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTEWhen installing an emulated MMIO SPTE, do so *after* dropping/zapping theexisting SPTE (if it's shadow-present). While commit a54aa15c6bda3 wasright about it being impossible to convert a shadow-present SPTE to anMMIO SPTE due to a _guest_ write, it failed to account for writes to guestmemory that are outside the scope of KVM.E.g. if host userspace modifies a shadowed gPTE to switch from a memslotto emulted MMIO and then the guest hits a relevant page fault, KVM willinstall the MMIO SPTE without first zapping the shadow-present SPTE. ------------[ cut here ]------------ is_shadow_present_pte(*sptep) WARNING: arch/x86/kvm/mmu/mmu.c:484 at mark_mmio_spte+0xb2/0xc0 [kvm], CPU#0: vmx_ept_stale_r/4292 Modules linked in: kvm_intel kvm irqbypass CPU: 0 UID: 1000 PID: 4292 Comm: vmx_ept_stale_r Not tainted 7.0.0-rc2-eafebd2d2ab0-sink-vm #319 PREEMPT Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:mark_mmio_spte+0xb2/0xc0 [kvm] Call Trace: <TASK> mmu_set_spte+0x237/0x440 [kvm] ept_page_fault+0x535/0x7f0 [kvm] kvm_mmu_do_page_fault+0xee/0x1f0 [kvm] kvm_mmu_page_fault+0x8d/0x620 [kvm] vmx_handle_exit+0x18c/0x5a0 [kvm_intel] kvm_arch_vcpu_ioctl_run+0xc55/0x1c20 [kvm] kvm_vcpu_ioctl+0x2d5/0x980 [kvm] __x64_sys_ioctl+0x8a/0xd0 do_syscall_64+0xb5/0x730 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x47fa3f </TASK> ---[ end trace 0000000000000000 ]--- |
2026-04-01T14:23:37.727 |
https://cve.circl.lu/cve/CVE-2026-23401 |
| CVE-2026-23402 |
N/A |
GPT |
In the Linux kernel, the following vulnerability has been resolved:KVM: x86/mmu: Only WARN in direct MMUs when overwriting shadow-present SPTEAdjust KVM's sanity check against overwriting a shadow-present SPTE with aanother SPTE with a different target PFN to only apply to direct MMUs,i.e. only to MMUs without shadowed gPTEs. While it's impossible for KVMto overwrite a shadow-present SPTE in response to a guest write, writesfrom outside the scope of KVM, e.g. from host userspace, aren't detectedby KVM's write tracking and so can break KVM's shadow paging rules. ------------[ cut here ]------------ pfn != spte_to_pfn(*sptep) WARNING: arch/x86/kvm/mmu/mmu.c:3069 at mmu_set_spte+0x1e4/0x440 [kvm], CPU#0: vmx_ept_stale_r/872 Modules linked in: kvm_intel kvm irqbypass CPU: 0 UID: 1000 PID: 872 Comm: vmx_ept_stale_r Not tainted 7.0.0-rc2-eafebd2d2ab0-sink-vm #319 PREEMPT Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:mmu_set_spte+0x1e4/0x440 [kvm] Call Trace: <TASK> ept_page_fault+0x535/0x7f0 [kvm] kvm_mmu_do_page_fault+0xee/0x1f0 [kvm] kvm_mmu_page_fault+0x8d/0x620 [kvm] vmx_handle_exit+0x18c/0x5a0 [kvm_intel] kvm_arch_vcpu_ioctl_run+0xc55/0x1c20 [kvm] kvm_vcpu_ioctl+0x2d5/0x980 [kvm] __x64_sys_ioctl+0x8a/0xd0 do_syscall_64+0xb5/0x730 entry_SYSCALL_64_after_hwframe+0x4b/0x53 </TASK> ---[ end trace 0000000000000000 ]--- |
2026-04-01T14:23:37.727 |
https://cve.circl.lu/cve/CVE-2026-23402 |
| CVE-2020-28466 |
3.6 |
GitHub |
This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightened risk. Any remote execution flaw or equivalent seriousness, or denial-of-service by unauthenticated users, will lead to prompt releases by the NATS maintainers. Fixes for denial of service issues with no threat of remote execution, when limited to account holders, are likely to just be committed to the main development branch with no special attention. Those who are running such services are encouraged to build regularly from git. |
2026-03-30T14:30:00.877 |
https://cve.circl.lu/cve/CVE-2020-28466 |
| CVE-2024-52422 |
2.7 |
GitHub |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry L. WP Githuber MD wp-githuber-md allows Stored XSS.This issue affects WP Githuber MD: from n/a through <= 1.16.3. |
2026-04-01T16:20:17.483 |
https://cve.circl.lu/cve/CVE-2024-52422 |
| CVE-2025-22549 |
N/A |
GitHub |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in seinoxygen WP Github wp-github allows Stored XSS.This issue affects WP Github: from n/a through <= 1.3.3. |
2026-04-01T16:22:16.440 |
https://cve.circl.lu/cve/CVE-2025-22549 |
| CVE-2025-12708 |
3.6 |
IBM |
IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user. |
2026-03-27T18:18:08.177 |
https://cve.circl.lu/cve/CVE-2025-12708 |
| CVE-2025-14790 |
3.6 |
IBM |
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials. |
2026-03-30T16:59:59.367 |
https://cve.circl.lu/cve/CVE-2025-14790 |
| CVE-2025-14807 |
2.5 |
IBM |
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. |
2026-03-26T18:23:37.247 |
https://cve.circl.lu/cve/CVE-2025-14807 |
| CVE-2025-14808 |
1.4 |
IBM |
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques. |
2026-03-26T18:23:13.530 |
https://cve.circl.lu/cve/CVE-2025-14808 |
| CVE-2025-14810 |
3.4 |
IBM |
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expiration CVSS Source: IBM CVSS Base score: 6.3 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) |
2026-03-26T18:22:50.440 |
https://cve.circl.lu/cve/CVE-2025-14810 |
| CVE-2024-51809 |
N/A |
Intel |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in intelligentDesign Keymaster Chord Notation Free keymaster-chord-notation-free allows Stored XSS.This issue affects Keymaster Chord Notation Free: from n/a through <= 1.0.2. |
2026-04-01T16:19:47.527 |
https://cve.circl.lu/cve/CVE-2024-51809 |
| CVE-2024-51912 |
N/A |
Intel |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lilaeamedia IntelliWidget Elements intelliwidget-elements allows DOM-Based XSS.This issue affects IntelliWidget Elements: from n/a through <= 2.2.7. |
2026-04-01T16:20:03.380 |
https://cve.circl.lu/cve/CVE-2024-51912 |
| CVE-2024-55976 |
N/A |
Intel |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mikeleembruggen Critical Site Intel critical-site-intel-stats allows SQL Injection.This issue affects Critical Site Intel: from n/a through <= 1.0. |
2026-04-01T16:21:20.730 |
https://cve.circl.lu/cve/CVE-2024-55976 |
| CVE-2025-22588 |
N/A |
Intel |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in intelligence_lab Scanventory woocommerce-inventory-management allows Reflected XSS.This issue affects Scanventory: from n/a through <= 1.1.3. |
2026-04-01T16:22:21.623 |
https://cve.circl.lu/cve/CVE-2025-22588 |
| CVE-2025-22734 |
N/A |
Intel |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Risk Mitigation, Inc. Posts Footer Manager intelly-posts-footer-manager allows Stored XSS.This issue affects Posts Footer Manager: from n/a through <= 2.1.0. |
2026-04-01T16:22:37.093 |
https://cve.circl.lu/cve/CVE-2025-22734 |
| CVE-2026-34397 |
5.2 |
InTune |
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose mapped CN/short name exactly matches a privileged local group name (e.g., "sudo", "wheel", "docker", "adm") can cause the NSS module to resolve that group name to their fake primary group. If the system uses NSS results for group-based authorization decisions (sudo, polkit, etc.), this can grant the attacker the privileges of that group. This issue has been patched in versions 2.3.9 and 3.1.1. |
2026-04-01T18:16:30.330 |
https://cve.circl.lu/cve/CVE-2026-34397 |
| CVE-2024-54378 |
N/A |
Insight |
Missing Authorization vulnerability in Quietly Quietly Insights quietly-insights allows Privilege Escalation.This issue affects Quietly Insights: from n/a through <= 1.2.2. |
2026-04-01T16:21:10.653 |
https://cve.circl.lu/cve/CVE-2024-54378 |
| CVE-2026-21783 |
1.4 |
Insight |
HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks. |
2026-03-31T21:02:00.767 |
https://cve.circl.lu/cve/CVE-2026-21783 |
| CVE-2026-32527 |
2.5 |
Insight |
Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through <= 1.1.5. |
2026-03-30T13:27:12.923 |
https://cve.circl.lu/cve/CVE-2026-32527 |
| CVE-2025-55272 |
1.4 |
Insight |
HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights into the system’s software and version details which would allow them to craft software specific attacks. |
2026-03-26T19:43:11.207 |
https://cve.circl.lu/cve/CVE-2025-55272 |
| CVE-2026-20041 |
2.7 |
Insight |
A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device.This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by persuading an authenticated user of the device management interface to click a crafted link. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device to an attacker-controlled server. The attacker could then execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. |
2026-04-01T17:28:25.917 |
https://cve.circl.lu/cve/CVE-2026-20041 |
| CVE-2025-24547 |
N/A |
Java |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthias.wagner Caching Compatible Cookie Opt-In and JavaScript caching-compatible-cookie-optin-and-javascript allows Stored XSS.This issue affects Caching Compatible Cookie Opt-In and JavaScript: from n/a through <= 0.0.10. |
2026-04-01T17:17:45.500 |
https://cve.circl.lu/cve/CVE-2025-24547 |
| CVE-2025-31629 |
N/A |
Java |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacob Allred Infusionsoft Web Form JavaScript infusionsoft-web-form-javascript allows Stored XSS.This issue affects Infusionsoft Web Form JavaScript: from n/a through <= 1.1.1. |
2026-04-01T17:21:28.070 |
https://cve.circl.lu/cve/CVE-2025-31629 |
| CVE-2025-3703 |
N/A |
Java |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wipeoutmedia CSS & JavaScript Toolbox css-javascript-toolbox allows PHP Local File Inclusion.This issue affects CSS & JavaScript Toolbox: from n/a through < 12.0.3. |
2026-04-01T17:23:26.073 |
https://cve.circl.lu/cve/CVE-2025-3703 |
| CVE-2025-12848 |
2.7 |
Java |
Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting (XSS) vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a maliciousfilename containing JavaScript code (e.g., "<img src=1 onerror=alert(document.domain)>") to a Webform node with a Multifile field where file type validation is disabled. This allows the execution of arbitrary scriptsin the context of the victim's browser. The issue is present in a third-party library and has been addressed in a patch available at https://github.com/fyneworks/multifile/pull/44 . Users are advised to apply the provided patch or update to a fixed version of the module. |
2026-03-26T21:17:00.010 |
https://cve.circl.lu/cve/CVE-2025-12848 |
| CVE-2026-27196 |
5.8 |
Java |
Statmatic is a Laravel and Git powered content management system (CMS). Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This issue has been fixed in 6.3.2 and 5.73.9. |
2026-03-30T15:22:05.160 |
https://cve.circl.lu/cve/CVE-2026-27196 |
| CVE-2026-21902 |
5.9 |
Juniper |
An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root.The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port. With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device.Please note that this service is enabled by default as no specific configuration is required.This issue affects Junos OS Evolved on PTX Series: * 25.4 versions before 25.4R1-S1-EVO, 25.4R2-EVO.This issue does not affect Junos OS Evolved versions before 25.4R1-EVO.This issue does not affect Junos OS. |
2026-03-30T15:16:05.537 |
https://cve.circl.lu/cve/CVE-2026-21902 |
| CVE-2024-56287 |
N/A |
JQuery |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AppJetty WP jQuery DataTable wp-jquery-datatable allows Stored XSS.This issue affects WP jQuery DataTable: from n/a through <= 4.0.1. |
2026-04-01T16:21:53.280 |
https://cve.circl.lu/cve/CVE-2024-56287 |
| CVE-2025-22546 |
N/A |
JQuery |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Obaid Hossain jQuery TwentyTwenty js-twentytwenty allows Stored XSS.This issue affects jQuery TwentyTwenty: from n/a through <= 1.0. |
2026-04-01T16:22:16.070 |
https://cve.circl.lu/cve/CVE-2025-22546 |
| CVE-2025-22798 |
N/A |
JQuery |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CHR Designer Responsive jQuery Slider responsive-jquery-slider allows Stored XSS.This issue affects Responsive jQuery Slider: from n/a through <= 1.1.1. |
2026-04-01T16:23:01.803 |
https://cve.circl.lu/cve/CVE-2025-22798 |
| CVE-2025-28861 |
2.7 |
JQuery |
Cross-Site Request Forgery (CSRF) vulnerability in bhzad WP jQuery Persian Datepicker wpjqp-datepicker allows Stored XSS.This issue affects WP jQuery Persian Datepicker: from n/a through <= 0.1.0. |
2026-04-01T17:19:36.050 |
https://cve.circl.lu/cve/CVE-2025-28861 |
| CVE-2025-30560 |
N/A |
JQuery |
Cross-Site Request Forgery (CSRF) vulnerability in Sana Ullah jQuery Dropdown Menu jquery-drop-down-menu-plugin allows Stored XSS.This issue affects jQuery Dropdown Menu: from n/a through <= 3.0. |
2026-04-01T17:20:00.260 |
https://cve.circl.lu/cve/CVE-2025-30560 |
| CVE-2026-2370 |
5.2 |
Jira |
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate the GitLab app due to improper authorization checks. |
2026-03-30T15:44:26.737 |
https://cve.circl.lu/cve/CVE-2026-2370 |
| CVE-2026-33701 |
5.9 |
JDK |
OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this to potentially achieve remote code execution. All three of the following conditions must be true to exploit this vulnerability: First, OpenTelemetry Java instrumentation is attached as a Java agent (`-javaagent`) on Java 16 or earlier. Second, JMX/RMI port has been explicitly configured via `-Dcom.sun.management.jmxremote.port` and is network-reachable. Third, gadget-chain-compatible library is present on the classpath. This results in arbitrary remote code execution with the privileges of the user running the instrumented JVM. For JDK >= 17, no action is required, but upgrading is strongly encouraged. For JDK < 17, upgrade to version 2.26.1 or later. As a workaround, set the system property `-Dotel.instrumentation.rmi.enabled=false` to disable the RMI integration. |
2026-04-01T16:00:06.900 |
https://cve.circl.lu/cve/CVE-2026-33701 |
| CVE-2026-33728 |
N/A |
JDK |
dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this to potentially achieve remote code execution. All three of the following conditions must be true to exploit this vulnerability: First, dd-trace-java is attached as a Java agent (`-javaagent`) on Java 16 or earlier. Second, a JMX/RMI port has been explicitly configured via `-Dcom.sun.management.jmxremote.port` and is network-reachable, Third, a gadget-chain-compatible library is present on the classpath. For JDK >= 17, no action is required, but upgrading is strongly encouraged. For JDK >= 8u121 < JDK 17, upgrade to dd-trace-java version 1.60.3 or later. For JDK < 8u121 and earlier where serialization filters are not available, apply the workaround. The workaround is to set the following environment variable to disable the RMI integration: `DD_INTEGRATION_RMI_ENABLED=false`. |
2026-03-30T13:26:29.793 |
https://cve.circl.lu/cve/CVE-2026-33728 |
| CVE-2026-4819 |
3.6 |
Kibana |
In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana. |
2026-04-01T14:24:02.583 |
https://cve.circl.lu/cve/CVE-2026-4819 |
| CVE-2026-26056 |
5.9 |
Kubernetes |
Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller (ATC) component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a malicious URL through the overrides.yoke.cd/flight annotation. The ATC controller downloads and executes the WASM module without proper URL validation, enabling attackers to create arbitrary Kubernetes resources or potentially escalate privileges to cluster-admin level. |
2026-04-01T20:53:39.900 |
https://cve.circl.lu/cve/CVE-2026-26056 |
| CVE-2026-33343 |
0.0 |
Kubernetes |
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with direct access to etcd to effectively ignore all key range restrictions, accessing the entire etcd data store. Kubernetes does not rely on etcd’s built-in authentication and authorization. Instead, the API server handles authentication and authorization itself, so typical Kubernetes deployments are not affected. Versions 3.4.42, 3.5.28, and 3.6.9 contain a patch. If upgrading is not immediately possible, reduce exposure by treating the affected RPCs as unauthenticated in practice. Restrict network access to etcd server ports so only trusted components can connect and require strong client identity at the transport layer, such as mTLS with tightly scoped client certificate distribution. |
2026-03-26T20:41:35.243 |
https://cve.circl.lu/cve/CVE-2026-33343 |
| CVE-2026-33413 |
5.9 |
Kubernetes |
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted clients. In unpatched etcd clusters with etcd auth enabled, unauthorized users are able to call MemberList and learn cluster topology, including member IDs and advertised endpoints; call Alarm, which can be abused for operational disruption or denial of service; use Lease APIs, interfering with TTL-based keys and lease ownership; and/or trigger compaction, permanently removing historical revisions and disrupting watch, audit, and recovery workflows. Kubernetes does not rely on etcd’s built-in authentication and authorization. Instead, the API server handles authentication and authorization itself, so typical Kubernetes deployments are not affected. Versions 3.4.42, 3.5.28, and 3.6.9 contain a patch. If upgrading is not immediately possible, reduce exposure by treating the affected RPCs as unauthenticated in practice. Restrict network access to etcd server ports so only trusted components can connect and/or require strong client identity at the transport layer, such as mTLS with tightly scoped client certificate distribution. |
2026-03-26T20:39:29.473 |
https://cve.circl.lu/cve/CVE-2026-33413 |
| CVE-2026-32241 |
5.9 |
Kubernetes |
Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that allows an attacker who can set Kubernetes Node annotations to achieve root-level arbitrary command execution on every flannel node in the cluster. The Extension backend's SubnetAddCommand and SubnetRemoveCommand receive attacker-controlled data via stdin (from the `flannel.alpha.coreos.com/backend-data` Node annotation). The content of this annotation is unmarshalled and piped directly to a shell command without checks. Kubernetes clusters using Flannel with the Extension backend are affected by this vulnerability. Other backends such as vxlan and wireguard are unaffected. The vulnerability is fixed in version v0.28.2. As a workaround, use Flannel with another backend such as vxlan or wireguard. |
2026-03-30T13:26:29.793 |
https://cve.circl.lu/cve/CVE-2026-32241 |
| CVE-2025-15616 |
5.5 |
Kaspersky |
Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search path vulnerabilities that allow attackers to execute arbitrary commands through various components including logcollector configuration, maild SMTP server tags, and Kaspersky AR script parameters. Attackers can exploit these vulnerabilities by injecting malicious commands through configuration files, SMTP server settings, and custom flags to achieve remote code execution on affected systems. |
2026-03-31T18:25:19.007 |
https://cve.circl.lu/cve/CVE-2025-15616 |
| CVE-2024-42302 |
5.9 |
Linux |
In the Linux kernel, the following vulnerability has been resolved:PCI/DPC: Fix use-after-free on concurrent DPC and hot-removalKeith reports a use-after-free when a DPC event occurs concurrently tohot-removal of the same portion of the hierarchy:The dpc_handler() awaits readiness of the secondary bus below theDownstream Port where the DPC event occurred. To do so, it polls theconfig space of the first child device on the secondary bus. If thatchild device is concurrently removed, accesses to its struct pci_devcause the kernel to oops.That's because pci_bridge_wait_for_secondary_bus() neglects to hold areference on the child device. Before v6.3, the function was onlycalled on resume from system sleep or on runtime resume. Holding areference wasn't necessary back then because the pciehp IRQ threadcould never run concurrently. (On resume from system sleep, IRQs arenot enabled until after the resume_noirq phase. And runtime resume isalways awaited before a PCI device is removed.)However starting with v6.3, pci_bridge_wait_for_secondary_bus() is alsocalled on a DPC event. Commit 53b54ad074de ("PCI/DPC: Await readinessof secondary bus after reset"), which introduced that, failed toappreciate that pci_bridge_wait_for_secondary_bus() now needs to hold areference on the child device because dpc_handler() and pciehp mayindeed run concurrently. The commit was backported to v5.10+ stablekernels, so that's the oldest one affected.Add the missing reference acquisition.Abridged stack trace: BUG: unable to handle page fault for address: 00000000091400c0 CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0 RIP: pci_bus_read_config_dword+0x17/0x50 pci_dev_wait() pci_bridge_wait_for_secondary_bus() dpc_reset_link() pcie_do_recovery() dpc_handler() |
2026-03-27T20:56:40.700 |
https://cve.circl.lu/cve/CVE-2024-42302 |
| CVE-2024-42314 |
5.9 |
Linux |
In the Linux kernel, the following vulnerability has been resolved:btrfs: fix extent map use-after-free when adding pages to compressed bioAt add_ra_bio_pages() we are accessing the extent map to calculate'add_size' after we dropped our reference on the extent map, resultingin a use-after-free. Fix this by computing 'add_size' before dropping ourextent map reference. |
2026-03-27T20:56:25.610 |
https://cve.circl.lu/cve/CVE-2024-42314 |
| CVE-2024-43839 |
5.9 |
Linux |
In the Linux kernel, the following vulnerability has been resolved:bna: adjust 'name' buf size of bna_tcb and bna_ccb structuresTo have enough space to write all possible sprintf() args. Currently'name' size is 16, but the first '%s' specifier may already need atleast 16 characters, since 'bnad->netdev->name' is used there.For '%d' specifiers, assume that they require: * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8 * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX is 16And replace sprintf with snprintf.Detected using the static analysis tool - Svace. |
2026-03-27T20:56:13.590 |
https://cve.circl.lu/cve/CVE-2024-43839 |
| CVE-2024-44940 |
5.9 |
Linux |
In the Linux kernel, the following vulnerability has been resolved:fou: remove warn in gue_gro_receive on unsupported protocolDrop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type isnot known or does not have a GRO handler.Such a packet is easily constructed. Syzbot generates them and setsoff this warning.Remove the warning as it is expected and not actionable.The warning was previously reduced from WARN_ON to WARN_ON_ONCE incommit 270136613bf7 ("fou: Do WARN_ON_ONCE in gue_gro_receive for badproto callbacks"). |
2026-04-01T18:08:20.397 |
https://cve.circl.lu/cve/CVE-2024-44940 |
| CVE-2025-27307 |
N/A |
Llama |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oooorgle Quotes llama quotes-llama allows Reflected XSS.This issue affects Quotes llama: from n/a through <= 3.0.1. |
2026-04-01T17:19:27.860 |
https://cve.circl.lu/cve/CVE-2025-27307 |
| CVE-2025-30786 |
N/A |
Llama |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oooorgle Quotes llama quotes-llama allows DOM-Based XSS.This issue affects Quotes llama: from n/a through <= 3.1.0. |
2026-04-01T17:20:16.320 |
https://cve.circl.lu/cve/CVE-2025-30786 |
| CVE-2025-12805 |
5.2 |
Llama |
A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user in one namespace can access another user’s Llama Stack instance and potentially view or manipulate sensitive data. |
2026-03-30T13:26:50.827 |
https://cve.circl.lu/cve/CVE-2025-12805 |
| CVE-2026-34159 |
5.9 |
Llama |
llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserialize_tensor() skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPH_COMPUTE messages. Combined with pointer leaks from ALLOC_BUFFER/BUFFER_GET_BASE, this gives full ASLR bypass and remote code execution. No authentication required, just TCP access to the RPC server port. This issue has been patched in version b8492. |
2026-04-01T18:16:29.687 |
https://cve.circl.lu/cve/CVE-2026-34159 |
| CVE-2026-33430 |
5.9 |
MSI |
Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users (i.e., per-machine scope), the installation process creates an directory that inherits all the permissions of the parent directory. Depending on the location chosen by the installing user, this may allow a low privilege but authenticated user to replace or modify the binaries installed by the application. If an administrator then runs the altered binary, the binary will run with elevated privileges. The problem is caused by the template used to generate the WXS file for Windows projects. It was fixed in the templates used in Briefcase 0.3.26, 0.4.0, and 0.4.1. Re-running `briefcase create` on your Briefcase project will result in the updated templates being used. As a workaround, the patch can be added to any existing Briefcase .wxs file generated by Briefcase 0.3.24 or later. |
2026-03-30T13:26:50.827 |
https://cve.circl.lu/cve/CVE-2026-33430 |
| CVE-2024-49307 |
N/A |
Management |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpseek Admin Management Xtended admin-management-xtended allows Stored XSS.This issue affects Admin Management Xtended : from n/a through <= 2.4.6. |
2026-04-01T16:18:38.947 |
https://cve.circl.lu/cve/CVE-2024-49307 |
| CVE-2024-49626 |
5.9 |
Management |
Deserialization of Untrusted Data vulnerability in Piyush Patel Shipyaari Shipping Management shipyaari-shipping-managment allows Object Injection.This issue affects Shipyaari Shipping Management: from n/a through <= 1.2. |
2026-04-01T16:18:46.747 |
https://cve.circl.lu/cve/CVE-2024-49626 |
| CVE-2024-49324 |
5.9 |
Management |
Unrestricted Upload of File with Dangerous Type vulnerability in sovratecdev Sovratec Case Management sovratec-case-management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through <= 1.0.0. |
2026-04-01T16:18:41.140 |
https://cve.circl.lu/cve/CVE-2024-49324 |
| CVE-2024-49331 |
5.9 |
Management |
Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System plms allows Upload a Web Shell to a Web Server.This issue affects Property Lot Management System: from n/a through <= 4.2.38. |
2026-04-01T16:18:42.203 |
https://cve.circl.lu/cve/CVE-2024-49331 |
| CVE-2024-52403 |
N/A |
Management |
Unrestricted Upload of File with Dangerous Type vulnerability in Saad Iqbal User Management user-management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a through <= 1.1. |
2026-04-01T16:20:14.963 |
https://cve.circl.lu/cve/CVE-2024-52403 |
| CVE-2026-20719 |
1.4 |
Mattermost |
Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub.. Mattermost Advisory ID: MMSA-2026-00595 |
2026-03-26T18:54:18.977 |
https://cve.circl.lu/cve/CVE-2026-20719 |
| CVE-2026-26233 |
1.4 |
Mattermost |
Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service (server crash and restart) via HTTP/2 single packet attack with 100+ parallel login requests.. Mattermost Advisory ID: MMSA-2025-00566 |
2026-03-26T18:52:31.740 |
https://cve.circl.lu/cve/CVE-2026-26233 |
| CVE-2026-27656 |
5.2 |
Mattermost |
Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to properly validate user identity in the OpenID {{IsSameUser()}} comparison logic, which allows an attacker to take over arbitrary user accounts via an overly permissive substring matching flaw in the user discovery flow.. Mattermost Advisory ID: MMSA-2026-00590 |
2026-03-26T18:51:38.050 |
https://cve.circl.lu/cve/CVE-2026-27656 |
| CVE-2026-4274 |
2.5 |
Mattermost |
Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to restrict team-level access when processing membership sync from a remote cluster, which allows a malicious remote cluster to grant a user access to an entire private team instead of only the shared channel via sending crafted membership sync messages that trigger team membership assignment. Mattermost Advisory ID: MMSA-2026-00574 |
2026-03-26T18:48:39.737 |
https://cve.circl.lu/cve/CVE-2026-4274 |
| CVE-2025-62931 |
5.9 |
Microsoft |
Missing Authorization vulnerability in microsoftstart MSN Partner Hub microsoft-start allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSN Partner Hub: from n/a through <= 2.9. |
2026-04-01T15:18:17.890 |
https://cve.circl.lu/cve/CVE-2025-62931 |
| CVE-2026-20963 |
5.9 |
Microsoft |
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network. |
2026-04-01T16:01:22.890 |
https://cve.circl.lu/cve/CVE-2026-20963 |
| CVE-2026-0385 |
3.4 |
Microsoft |
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability |
2026-04-01T20:09:19.913 |
https://cve.circl.lu/cve/CVE-2026-0385 |
| CVE-2026-26120 |
2.5 |
Microsoft |
Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tampering over a network. |
2026-04-01T15:12:38.017 |
https://cve.circl.lu/cve/CVE-2026-26120 |
| CVE-2026-26136 |
3.6 |
Microsoft |
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to disclose information over a network. |
2026-04-01T12:23:09.570 |
https://cve.circl.lu/cve/CVE-2026-26136 |
| CVE-2026-5170 |
3.6 |
MongoDB |
A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary of the replica set.This issue affects MongoDB Server v8.2 versions prior to 8.2.2, MongoDB Server v8.0 versions between 8.0.18, MongoDB Server v7.0 versions between 7.0.31. |
2026-04-01T14:24:21.833 |
https://cve.circl.lu/cve/CVE-2026-5170 |
| CVE-2026-34163 |
4.0 |
MongoDB |
FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP (Model Context Protocol) tools endpoints (/api/core/app/mcpTools/getTools and /api/core/app/mcpTools/runTool) accept a user-supplied URL parameter and make server-side HTTP requests to it without validating whether the URL points to an internal/private network address. Although the application has a dedicated isInternalAddress() function for SSRF protection (used in other endpoints like the HTTP workflow node), the MCP tools endpoints do not call this function. An authenticated attacker can use these endpoints to scan internal networks, access cloud metadata services, and interact with internal services such as MongoDB and Redis. This issue has been patched in version 4.14.9.5. |
2026-04-01T18:28:47.027 |
https://cve.circl.lu/cve/CVE-2026-34163 |
| CVE-2026-32710 |
6.0 |
MySQL |
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2. |
2026-03-31T21:13:18.860 |
https://cve.circl.lu/cve/CVE-2026-32710 |
| CVE-2026-33442 |
5.9 |
MySQL |
Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the `sanitizeStringLiteral` method in Kysely's query compiler escapes single quotes (`'` → `''`) but does not escape backslashes. On MySQL with the default `BACKSLASH_ESCAPES` SQL mode, an attacker can inject a backslash before a single quote to neutralize the escaping, breaking out of the JSON path string literal and injecting arbitrary SQL. Version 0.28.14 fixes the issue. |
2026-03-31T21:27:04.617 |
https://cve.circl.lu/cve/CVE-2026-33442 |
| CVE-2026-33468 |
5.9 |
MySQL |
Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's `DefaultQueryCompiler.sanitizeStringLiteral()` only escapes single quotes by doubling them (`'` → `''`) but does not escape backslashes. When used with the MySQL dialect (where `NO_BACKSLASH_ESCAPES` is OFF by default), an attacker can use a backslash to escape the trailing quote of a string literal, breaking out of the string context and injecting arbitrary SQL. This affects any code path that uses `ImmediateValueTransformer` to inline values — specifically `CreateIndexBuilder.where()` and `CreateViewBuilder.as()`. Version 0.28.14 contains a fix. |
2026-03-31T21:24:51.107 |
https://cve.circl.lu/cve/CVE-2026-33468 |
| CVE-2026-33643 |
3.7 |
MySQL |
SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go. |
2026-04-01T14:24:21.833 |
https://cve.circl.lu/cve/CVE-2026-33643 |
| CVE-2026-20607 |
1.4 |
MacOS |
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access protected user data. |
2026-03-26T17:24:02.170 |
https://cve.circl.lu/cve/CVE-2026-20607 |
| CVE-2026-20631 |
5.9 |
MacOS |
A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. A user may be able to elevate privileges. |
2026-03-26T14:16:09.080 |
https://cve.circl.lu/cve/CVE-2026-20631 |
| CVE-2026-20657 |
3.6 |
MacOS |
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5. Parsing a maliciously crafted file may lead to an unexpected app termination. |
2026-03-26T17:23:45.927 |
https://cve.circl.lu/cve/CVE-2026-20657 |
| CVE-2026-20670 |
3.6 |
MacOS |
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to access sensitive user data. |
2026-03-27T20:16:25.207 |
https://cve.circl.lu/cve/CVE-2026-20670 |
| CVE-2026-20688 |
6.0 |
MacOS |
A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to break out of its sandbox. |
2026-03-26T17:10:45.890 |
https://cve.circl.lu/cve/CVE-2026-20688 |
| CVE-2026-22730 |
5.9 |
MariaDB |
A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands.The vulnerability exists due to missing input sanitization. |
2026-04-01T16:52:48.390 |
https://cve.circl.lu/cve/CVE-2026-22730 |
| CVE-2025-31545 |
N/A |
Malware |
Missing Authorization vulnerability in WP Messiah Safe Ai Malware Protection for WP safe-ai-malware-protection-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Safe Ai Malware Protection for WP: from n/a through <= 1.0.20. |
2026-04-01T17:21:15.040 |
https://cve.circl.lu/cve/CVE-2025-31545 |
| CVE-2025-3701 |
N/A |
Malware |
Missing Authorization vulnerability in Malcure Web Security Malcure Malware Scanner wp-malware-removal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Malcure Malware Scanner: from n/a through <= 16.8. |
2026-04-01T17:23:25.793 |
https://cve.circl.lu/cve/CVE-2025-3701 |
| CVE-2025-62128 |
N/A |
Malware |
Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security – WP Hardening, Login Security & Malware Scans: from n/a through <= 5.0.1. |
2026-04-01T17:28:03.487 |
https://cve.circl.lu/cve/CVE-2025-62128 |
| CVE-2026-24532 |
5.9 |
Malware |
Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security – WP Hardening, Login Security & Malware Scans: from n/a through <= 5.0.2. |
2026-04-01T17:28:34.870 |
https://cve.circl.lu/cve/CVE-2026-24532 |
| CVE-2026-34224 |
3.6 |
MFA |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.64 and 9.7.0-alpha.8, an attacker who possesses a valid authentication provider token and a single MFA recovery code or SMS one-time password can create multiple authenticated sessions by sending concurrent login requests via the authData login endpoint. This defeats the single-use guarantee of MFA recovery codes and SMS one-time passwords, allowing session persistence even after the legitimate user revokes detected sessions. This issue has been patched in versions 8.6.64 and 9.7.0-alpha.8. |
2026-04-01T18:16:00.533 |
https://cve.circl.lu/cve/CVE-2026-34224 |
| CVE-2026-34215 |
3.6 |
MFA |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.63 and 9.7.0-alpha.7, the verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attacker who knows a user's password can extract the MFA secret to generate valid MFA codes, defeating multi-factor authentication protection. This issue has been patched in versions 8.6.63 and 9.7.0-alpha.7. |
2026-04-01T17:12:02.047 |
https://cve.circl.lu/cve/CVE-2026-34215 |
| CVE-2026-4925 |
1.4 |
MFA |
Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-enforced restrictions and remove their own multi-factor authentication (MFA) configuration via a crafted request.This issue affects Server: from 2026.1.6 through 2026.1.11. |
2026-04-01T21:17:03.320 |
https://cve.circl.lu/cve/CVE-2026-4925 |
| CVE-2026-4927 |
3.6 |
MFA |
Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via an authenticated API request.This issue affects Server: from 2026.1.6 through 2026.1.11. |
2026-04-01T20:16:29.220 |
https://cve.circl.lu/cve/CVE-2026-4927 |
| CVE-2026-5175 |
1.4 |
MFA |
Improper access control in the multi-factor authentication (MFA) management API in Devolutions Server allows an authenticated attacker to delete their own configured MFA factors and reduce account protection to password-only authentication via crafted HTTP requests. This issue affects Server: from 2026.1.6 through 2026.1.11. |
2026-04-01T21:17:03.470 |
https://cve.circl.lu/cve/CVE-2026-5175 |
| CVE-2026-4828 |
5.8 |
Multi-factor Authentication |
Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multi-factor authentication via a crafted login request. |
2026-04-01T21:17:03.010 |
https://cve.circl.lu/cve/CVE-2026-4828 |
| CVE-2026-27489 |
N/A |
Machine Learning |
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. This issue has been patched in version 1.21.0. |
2026-04-01T18:16:28.287 |
https://cve.circl.lu/cve/CVE-2026-27489 |
| CVE-2026-34445 |
4.7 |
Machine Learning |
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr() function to load metadata (like file paths or data lengths) directly from an ONNX model file. It didn’t check if the "keys" in the file were valid. Due to this, an attacker could craft a malicious model that overwrites internal object properties. This issue has been patched in version 1.21.0. |
2026-04-01T18:16:30.500 |
https://cve.circl.lu/cve/CVE-2026-34445 |
| CVE-2026-34446 |
3.6 |
Machine Learning |
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code checks for symlinks to prevent path traversal, but completely misses hardlinks because a hardlink looks exactly like a regular file on the filesystem. This issue has been patched in version 1.21.0. |
2026-04-01T18:16:30.660 |
https://cve.circl.lu/cve/CVE-2026-34446 |
| CVE-2026-34447 |
3.6 |
Machine Learning |
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version 1.21.0. |
2026-04-01T18:16:30.810 |
https://cve.circl.lu/cve/CVE-2026-34447 |
| CVE-2024-51640 |
N/A |
MDR |
Cross-Site Request Forgery (CSRF) vulnerability in Matt Rude MDR Webmaster Tools mdr-webmaster-tools allows Stored XSS.This issue affects MDR Webmaster Tools: from n/a through <= 1.1. |
2026-04-01T16:19:30.740 |
https://cve.circl.lu/cve/CVE-2024-51640 |
| CVE-2026-34386 |
N/A |
MDM |
Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet database, and inject arbitrary content into team configs via direct API calls. Version 4.81.0 patches the issue. |
2026-03-30T13:26:29.793 |
https://cve.circl.lu/cve/CVE-2026-34386 |
| CVE-2026-34388 |
N/A |
MDM |
Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all connected hosts, MDM enrollments, and API consumers. Version 4.81.0 patches the issue. |
2026-03-30T13:26:29.793 |
https://cve.circl.lu/cve/CVE-2026-34388 |
| CVE-2026-34391 |
N/A |
MDM |
Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device to access MDM commands intended for other devices, potentially exposing sensitive configuration data such as WiFi credentials, VPN secrets, and certificate payloads across the entire Windows fleet. Version 4.81.1 patches the issue. |
2026-03-30T13:26:07.647 |
https://cve.circl.lu/cve/CVE-2026-34391 |
| CVE-2025-33238 |
3.6 |
NVIDIA |
NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service. |
2026-03-31T01:31:44.740 |
https://cve.circl.lu/cve/CVE-2025-33238 |
| CVE-2025-33254 |
3.6 |
NVIDIA |
NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause internal state corruption. A successful exploit of this vulnerability may lead to a denial of service. |
2026-03-31T01:31:20.400 |
https://cve.circl.lu/cve/CVE-2025-33254 |
| CVE-2026-24157 |
5.9 |
NVIDIA |
NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering. |
2026-03-31T01:29:58.490 |
https://cve.circl.lu/cve/CVE-2026-24157 |
| CVE-2026-24158 |
3.6 |
NVIDIA |
NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service. |
2026-03-31T01:29:00.970 |
https://cve.circl.lu/cve/CVE-2026-24158 |
| CVE-2026-24159 |
5.9 |
NVIDIA |
NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering. |
2026-03-31T01:27:44.567 |
https://cve.circl.lu/cve/CVE-2026-24159 |
| CVE-2026-33580 |
2.5 |
Nextcloud |
OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication that allows attackers to brute-force weak shared secrets. Attackers who can reach the webhook endpoint can exploit this to forge inbound webhook events by repeatedly attempting authentication without throttling. |
2026-04-01T18:54:45.187 |
https://cve.circl.lu/cve/CVE-2026-33580 |
| CVE-2024-56236 |
N/A |
Nginx |
Missing Authorization vulnerability in Juni Hestia Nginx Cache hestia-nginx-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hestia Nginx Cache: from n/a through <= 2.4.0. |
2026-04-01T16:21:45.237 |
https://cve.circl.lu/cve/CVE-2024-56236 |
| CVE-2025-23776 |
N/A |
Nginx |
Missing Authorization vulnerability in ekaterir Cache Sniper for Nginx snipe-nginx-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cache Sniper for Nginx: from n/a through <= 1.0.4.2. |
2026-04-01T17:17:04.763 |
https://cve.circl.lu/cve/CVE-2025-23776 |
| CVE-2026-27651 |
3.6 |
Nginx |
When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
2026-03-30T14:02:05.790 |
https://cve.circl.lu/cve/CVE-2026-27651 |
| CVE-2026-27654 |
4.2 |
Nginx |
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names outside the document root. This issue affects NGINX Open Source and NGINX Plus when the configuration file uses DAV module MOVE or COPY methods, prefix location (nonregular expression location configuration), and alias directives. The integrity impact is constrained because the NGINX worker process user has low privileges and does not have access to the entire system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
2026-03-26T21:16:16.737 |
https://cve.circl.lu/cve/CVE-2026-27654 |
| CVE-2026-27784 |
5.9 |
Nginx |
The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
2026-03-30T13:59:42.597 |
https://cve.circl.lu/cve/CVE-2026-27784 |
| CVE-2026-33334 |
6.0 |
Node.js |
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables `nodeIntegration` in the renderer process without `contextIsolation` or `sandbox`. This means any cross-site scripting (XSS) vulnerability in the Vikunja web frontend -- present or future -- automatically escalates to full remote code execution on the victim's machine, as injected scripts gain access to Node.js APIs. Version 2.2.0 fixes the issue. |
2026-03-27T16:21:09.603 |
https://cve.circl.lu/cve/CVE-2026-33334 |
| CVE-2026-33336 |
5.9 |
Node.js |
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables `nodeIntegration` in the main BrowserWindow and does not restrict same-window navigations. An attacker who can place a link in user-generated content (task descriptions, comments, project descriptions) can cause the BrowserWindow to navigate to an attacker-controlled origin, where JavaScript executes with full Node.js access, resulting in arbitrary code execution on the victim's machine. Version 2.2.0 patches the issue.## Root causeTwo misconfigurations combine to create this vulnerability:1. **`nodeIntegration: true`** is set in `BrowserWindow` web preferences (`desktop/main.js:14-16`), giving any page loaded in the renderer full access to Node.js APIs (`require`, `child_process`, `fs`, etc.).2. **No `will-navigate` or `will-redirect` handler** is registered on the `webContents`. The existing `setWindowOpenHandler` (`desktop/main.js:19-23`) only intercepts `window.open()` calls (new-window requests). It does **not** intercept same-window navigations triggered by: - `<a href="https://...">` links (without `target="_blank"`) - `window.location` assignments - HTTP redirects - `<meta http-equiv="refresh">` tags## Attack scenario1. The attacker is a normal user on the same Vikunja instance (e.g., a member of a shared project).2. The attacker creates or edits a project description or task description containing a standard HTML link, e.g.: `<a href="https://evil.example/exploit">Click here for the updated design spec</a>`3. The Vikunja frontend renders this link. DOMPurify sanitization correctly allows it -- it is a legitimate anchor tag, not a script injection. Render path example: `frontend/src/views/project/ProjectInfo.vue` uses `v-html` with DOMPurify-sanitized output.4. The victim uses Vikunja Desktop and clicks the link.5. Because no `will-navigate` handler exists, the BrowserWindow navigates to `https://evil.example/exploit` in the same renderer process.6. The attacker's page now executes in a context with `nodeIntegration: true` and runs: `require('child_process').exec('id > /tmp/pwned');`7. Arbitrary commands execute as the victim's OS user.## ImpactFull remote code execution on the victim's desktop. The attacker can read/write arbitrary files, execute arbitrary commands, install malware or backdoors, and exfiltrate credentials and sensitive data. No XSS vulnerability is required -- a normal, sanitizer-approved hyperlink is sufficient.## Proof of concept1. Set up a Vikunja instance with two users sharing a project.2. As the attacker user, edit a project description to include: `<a href="https://attacker.example/poc.html">Meeting notes</a>`3. Host poc.html with: `<script>require('child_process').exec('calc.exe')</script>`4. As the victim, open the project in Vikunja Desktop and click the link.5. calc.exe (or any other command) executes on the victim's machine.## CreditsThis vulnerability was found using [GitHub Security Lab Taskflows](https://github.com/GitHubSecurityLab/seclab-taskflows). |
2026-03-27T16:54:35.503 |
https://cve.circl.lu/cve/CVE-2026-33336 |
| CVE-2026-26832 |
5.9 |
Node.js |
node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize() function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to child_process.exec() without proper sanitization |
2026-03-26T15:13:15.790 |
https://cve.circl.lu/cve/CVE-2026-26832 |
| CVE-2026-27496 |
3.6 |
Node.js |
n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data from the same Node.js process — including data from prior requests, tasks, secrets, or tokens — resulting in information disclosure of sensitive in-process data. Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`. In external runner mode, the impact is limited to data within the external runner process. The issue has been fixed in n8n versions 1.123.22, 2.10.1 , and 2.9.3. Users should upgrade to this version or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, and/or use external runner mode (`N8N_RUNNERS_MODE=external`) to isolate the runner process. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures. |
2026-03-27T19:48:33.473 |
https://cve.circl.lu/cve/CVE-2026-27496 |
| CVE-2026-33285 |
3.6 |
Node.js |
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's `memoryLimit` security mechanism can be completely bypassed by using reverse range expressions (e.g., `(100000000..1)`), allowing an attacker to allocate unlimited memory. Combined with a string flattening operation (e.g., `replace` filter), this causes a V8 Fatal error that crashes the Node.js process, resulting in complete denial of service from a single HTTP request. Version 10.25.1 patches the issue. |
2026-03-30T16:46:19.273 |
https://cve.circl.lu/cve/CVE-2026-33285 |
| CVE-2026-33994 |
5.9 |
NPM |
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39 and prior to version 3.0.25, a prototype pollution vulnerability exists in the `parse_str` function of the npm package locutus. An attacker can pollute `Object.prototype` by overriding `RegExp.prototype.test` and then passing a crafted query string to `parse_str`, bypassing the prototype pollution guard. This vulnerability stems from an incomplete fix for CVE-2026-25521. The CVE-2026-25521 patch replaced the `String.prototype.includes()`-based guard with a `RegExp.prototype.test()`-based guard. However, `RegExp.prototype.test` is itself a writable prototype method that can be overridden, making the new guard bypassable in the same way as the original — trading one hijackable built-in for another. Version 3.0.25 contains an updated fix. |
2026-04-01T14:16:51.660 |
https://cve.circl.lu/cve/CVE-2026-33994 |
| CVE-2026-21525 |
3.6 |
NULL Pointer |
Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally. |
2026-03-30T13:28:00.137 |
https://cve.circl.lu/cve/CVE-2026-21525 |
| CVE-2025-13406 |
N/A |
NULL Pointer |
NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.This issue affects smartLink SW-HT: 1.43. |
2026-03-27T09:16:18.277 |
https://cve.circl.lu/cve/CVE-2025-13406 |
| CVE-2026-33179 |
3.6 |
NULL Pointer |
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuse_uring_init_queue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numa_alloc_local fails during io_uring queue entry setup, the code proceeds with NULL pointers. When fuse_uring_register_queue fails, NUMA allocations are leaked and the function incorrectly returns success. Only the io_uring transport is affected; the traditional /dev/fuse path is not affected. PoC confirmed with AddressSanitizer/LeakSanitizer. This issue has been patched in version 3.18.2. |
2026-03-27T21:20:47.880 |
https://cve.circl.lu/cve/CVE-2026-33179 |
| CVE-2026-25075 |
3.6 |
NULL Pointer |
strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the failure to validate AVP length fields before subtraction to trigger excessive memory allocation or NULL pointer dereference, crashing the charon IKE daemon. |
2026-03-27T20:16:26.047 |
https://cve.circl.lu/cve/CVE-2026-25075 |
| CVE-2026-33853 |
3.6 |
NULL Pointer |
NULL Pointer Dereference vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10. |
2026-03-26T19:31:07.700 |
https://cve.circl.lu/cve/CVE-2026-33853 |
| CVE-2026-32309 |
3.6 |
OAuth |
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and key-loading traffic over plaintext HTTP or other insecure endpoint combinations. An active network attacker can tamper with or observe this traffic. Even when the vault key is encrypted for the device, bearer tokens and endpoint-level trust decisions are still exposed to downgrade and interception. This issue has been patched in version 1.19.1. |
2026-03-27T16:16:24.147 |
https://cve.circl.lu/cve/CVE-2026-32309 |
| CVE-2026-33720 |
2.5 |
OAuth |
n8n is an open source workflow automation platform. Prior to version 2.8.0, when the `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK` environment variable is set to `true`, the OAuth callback handler skips ownership verification of the OAuth state parameter. This allows an attacker to trick a victim into completing an OAuth flow against a credential object the attacker controls, causing the victim's OAuth tokens to be stored in the attacker's credential. The attacker can then use those tokens to execute workflows in their name. This issue only affects instances where `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK=true` is explicitly configured (non-default). The issue has been fixed in n8n version 2.8.0. Users should upgrade to this version or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Avoid enabling `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK=true` unless strictly required, and/ or restrict access to the n8n instance to fully trusted users only. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures. |
2026-03-27T19:38:03.037 |
https://cve.circl.lu/cve/CVE-2026-33720 |
| CVE-2026-33942 |
5.9 |
OAuth |
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize() in AccessTokenAuthenticator::unserialize() to restore OAuth token state from cache or storage, with allowed_classes => true. An attacker who can control the serialized string (e.g. by overwriting a cached token file or via another injection) can supply a serialized "gadget" object. When unserialize() runs, PHP instantiates that object and runs its magic methods (__wakeup, __destruct, etc.), leading to object injection. In environments with common dependencies (e.g. Monolog), this can be chained to remote code execution (RCE). The fix in version 4.0.0 removes PHP serialization from the AccessTokenAuthenticator class requiring users to store and resolve the authenticator manually. |
2026-03-26T20:42:31.563 |
https://cve.circl.lu/cve/CVE-2026-33942 |
| CVE-2026-4281 |
1.4 |
OAuth |
The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 7.5.21. This is due to missing capability checks on the connect() and listen_for_tokens() methods of the FormLift_Infusionsoft_Manager class, both of which are hooked to 'plugins_loaded' and execute on every page load. The connect() function generates an OAuth connection password and leaks it in the redirect Location header without verifying the requesting user is authenticated or authorized. The listen_for_tokens() function only validates the temporary password but performs no user authentication before calling update_option() to save attacker-controlled OAuth tokens and app domain. This makes it possible for unauthenticated attackers to hijack the site's Infusionsoft connection by first triggering the OAuth flow to obtain the temporary password, then using that password to set arbitrary OAuth tokens and app domain via update_option(), effectively redirecting the plugin's API communication to an attacker-controlled server. |
2026-03-30T13:26:50.827 |
https://cve.circl.lu/cve/CVE-2026-4281 |
| CVE-2026-34054 |
5.9 |
OpenSSL |
vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.1#3, vcpkg's Windows builds of OpenSSL set openssldir to a path on the build machine, making that path be attackable later on customer machines. This issue has been patched in version 3.6.1#3. |
2026-04-01T14:24:02.583 |
https://cve.circl.lu/cve/CVE-2026-34054 |
| CVE-2025-22556 |
N/A |
Oracle |
Cross-Site Request Forgery (CSRF) vulnerability in WP CMS Ninja Norse Rune Oracle Plugin norse-runes-oracle allows Cross Site Request Forgery.This issue affects Norse Rune Oracle Plugin: from n/a through <= 1.4.2. |
2026-04-01T16:22:17.350 |
https://cve.circl.lu/cve/CVE-2025-22556 |
| CVE-2025-31884 |
N/A |
Oracle |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP CMS Ninja Norse Rune Oracle Plugin norse-runes-oracle allows Stored XSS.This issue affects Norse Rune Oracle Plugin: from n/a through <= 1.4.3. |
2026-04-01T17:21:49.057 |
https://cve.circl.lu/cve/CVE-2025-31884 |
| CVE-2025-30852 |
N/A |
Oracle |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emotionalonlinestorytelling Oracle Cards Lite oracle-cards allows Reflected XSS.This issue affects Oracle Cards Lite: from n/a through <= 1.2.1. |
2026-04-01T17:20:27.043 |
https://cve.circl.lu/cve/CVE-2025-30852 |
| CVE-2026-27856 |
5.2 |
Oracle |
Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port, install fixed version. No publicly available exploits are known. |
2026-03-30T13:26:29.793 |
https://cve.circl.lu/cve/CVE-2026-27856 |
| CVE-2019-25653 |
3.6 |
Oracle |
Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer of 550 repeated characters into the password parameter during Oracle connection configuration to trigger an application crash. |
2026-03-30T13:26:07.647 |
https://cve.circl.lu/cve/CVE-2019-25653 |
| CVE-2025-22497 |
N/A |
Outlook |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bramwaas Simple Google Calendar Outlook Events Block Widget simple-google-icalendar-widget allows Stored XSS.This issue affects Simple Google Calendar Outlook Events Block Widget: from n/a through <= 2.5.0. |
2026-04-01T16:22:09.577 |
https://cve.circl.lu/cve/CVE-2025-22497 |
| CVE-2024-52501 |
N/A |
Office |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebbyTemplate Office Locator office-locator.This issue affects Office Locator: from n/a through <= 1.3.0. |
2026-04-01T16:20:27.710 |
https://cve.circl.lu/cve/CVE-2024-52501 |
| CVE-2025-32665 |
N/A |
Office |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebbyTemplate Office Locator office-locator allows SQL Injection.This issue affects Office Locator: from n/a through <= 1.3.0. |
2026-04-01T17:22:48.237 |
https://cve.circl.lu/cve/CVE-2025-32665 |
| CVE-2025-31843 |
N/A |
OpenAI |
Missing Authorization vulnerability in Wilson OpenAI Tools for WordPress & WooCommerce openai-tools-for-wp-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OpenAI Tools for WordPress & WooCommerce: from n/a through <= 2.2.1. |
2026-04-01T17:21:43.557 |
https://cve.circl.lu/cve/CVE-2025-31843 |
| CVE-2026-30077 |
3.6 |
OpenAI |
OpenAirInterface V2.2.0 AMF crashes when it fails to decode the message. Not all decode failures result in a crash. But the crash is consistent for particular inputs. An example input in hex stream is 80 00 00 0E 00 00 01 00 0F 80 02 02 40 00 58 00 01 88. |
2026-04-01T14:24:21.833 |
https://cve.circl.lu/cve/CVE-2026-30077 |
| CVE-2026-4399 |
N/A |
OpenAI |
Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques (formulating a question in such a way that, upon receiving an affirmative response ('true'), the model executes the injected instruction), causing it to return prohibited information and information outside its intended context. Successful exploitation of this vulnerability could allow a malicious remote attacker to abuse the service for purposes other than those originally intended, or even execute out-of-context tasks using 1millionbot's resources and/or OpenAI's API key. This allows the attacker to evade the containment mechanisms implemented during LLM model training and obtain responses or chat behaviors that were originally restricted. |
2026-04-01T14:24:02.583 |
https://cve.circl.lu/cve/CVE-2026-4399 |
| CVE-2026-0964 |
3.4 |
OpenSSH |
A malicious SCP server can send unexpected paths that could make theclient application override local files outside of working directory.This could be misused to create malicious executable or configurationfiles and make the user execute them under specific consequences.This is the same issue as in OpenSSH, tracked as CVE-2019-6111. |
2026-03-30T13:26:50.827 |
https://cve.circl.lu/cve/CVE-2026-0964 |
| CVE-2025-50032 |
N/A |
Orchestration |
Missing Authorization vulnerability in Paytiko - Payment Orchestration Platform Paytiko for WooCommerce paytiko allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paytiko for WooCommerce: from n/a through <= 1.3.21. |
2026-04-01T17:25:32.893 |
https://cve.circl.lu/cve/CVE-2025-50032 |
| CVE-2026-33664 |
5.2 |
Orchestration |
Kestra is an open-source, event-driven orchestration platform Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields — description, inputs[].displayName, inputs[].description — through the Markdown.vue component instantiated with html: true. The resulting HTML is injected into the DOM via Vue's v-html without any sanitization. This allows a flow author to embed arbitrary JavaScript that executes in the browser of any user who views or interacts with the flow. This is distinct from GHSA-r36c-83hm-pc8j / CVE-2026-29082, which covers only FilePreview.vue rendering .md files from execution outputs. The present finding affects different components, different data sources, and requires significantly less user interaction (zero-click for input.displayName). As of time of publication, it is unclear if a patch is available. |
2026-03-31T01:48:34.413 |
https://cve.circl.lu/cve/CVE-2026-33664 |
| CVE-2026-33528 |
5.2 |
Orchestrator |
GoDoxy is a reverse proxy and container orchestrator for self-hosters. Prior to version 0.27.5, the file content API endpoint at `/api/v1/file/content` is vulnerable to path traversal. The `filename` query parameter is passed directly to `path.Join(common.ConfigBasePath, filename)` where `ConfigBasePath = "config"` (a relative path). No sanitization or validation is applied beyond checking that the field is non-empty (`binding:"required"`). An authenticated attacker can use `../` sequences to read or write files outside the intended `config/` directory, including TLS private keys, OAuth refresh tokens, and any file accessible to the container's UID. Version 0.27.5 fixes the issue. |
2026-03-30T13:26:50.827 |
https://cve.circl.lu/cve/CVE-2026-33528 |
| CVE-2021-41644 |
5.9 |
PHP |
Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters. |
2026-03-30T18:15:59.940 |
https://cve.circl.lu/cve/CVE-2021-41644 |
| CVE-2022-29651 |
5.9 |
PHP |
An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. |
2026-03-30T18:15:59.940 |
https://cve.circl.lu/cve/CVE-2022-29651 |
| CVE-2022-3380 |
5.9 |
PHP |
The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. |
2026-03-27T20:55:24.637 |
https://cve.circl.lu/cve/CVE-2022-3380 |
| CVE-2023-24646 |
5.9 |
PHP |
An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file. |
2026-03-30T18:15:59.940 |
https://cve.circl.lu/cve/CVE-2023-24646 |
| CVE-2023-30122 |
5.9 |
PHP |
An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. |
2026-03-30T18:15:59.940 |
https://cve.circl.lu/cve/CVE-2023-30122 |
| CVE-2025-4615 |
5.9 |
Palo Alto |
An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands.The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.Cloud NGFW and Prisma® Access are not affected by this vulnerability. |
2026-04-01T01:16:39.550 |
https://cve.circl.lu/cve/CVE-2025-4615 |
| CVE-2026-31958 |
3.6 |
Python |
Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the max_body_size setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts. This vulnerability is fixed in 6.5.5. |
2026-04-01T15:23:00.217 |
https://cve.circl.lu/cve/CVE-2026-31958 |
| CVE-2026-27953 |
4.2 |
Python |
ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "__pk_only__": true into a JSON request body. By injecting "__pk_only__": true into a JSON request body, an unauthenticated attacker can skip all field validation and persist unvalidated data directly to the database. A secondary __excluded__ parameter injection uses the same pattern to selectively nullify arbitrary model fields (e.g., email or role) during construction. This affects ormar's canonical FastAPI integration pattern recommended in its official documentation, enabling privilege escalation, data integrity violations, and business logic bypass in any application using ormar.Model directly as a request body parameter. This issue has been fixed in version 0.23.1. |
2026-03-27T21:48:05.810 |
https://cve.circl.lu/cve/CVE-2026-27953 |
| CVE-2026-32808 |
5.2 |
Python |
pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives (encrypted files with non-encrypted headers), causing arbitrary file deletion outside of the extraction directory. During password verification, pyLoad derives an archive entry name from 7z listing output and treats it as a filesystem path without constraining it to the extraction directory. This issue has been fixed in version 0.5.0b3.dev97. |
2026-03-26T18:36:48.053 |
https://cve.circl.lu/cve/CVE-2026-32808 |
| CVE-2026-32889 |
3.6 |
Python |
tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT (synchronized lyrics) frame. In server-side deployments that automatically parse attacker-supplied files, a single 498-byte MP3 can cause the parsing operation to stop making progress and remain busy until the worker or process is terminated. The root cause is that _parse_synced_lyrics assumes _find_string_end_pos always returns a position greater than the current offset. That assumption is false when no string terminator is present in the remaining frame content. This issue has been fixed in version 2.2.1. |
2026-03-30T14:52:35.707 |
https://cve.circl.lu/cve/CVE-2026-32889 |
| CVE-2024-49682 |
2.7 |
Phishing |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership simple-membership allows Phishing.This issue affects Simple Membership: from n/a through <= 4.5.3. |
2026-04-01T16:18:56.390 |
https://cve.circl.lu/cve/CVE-2024-49682 |
| CVE-2024-54255 |
N/A |
Phishing |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in aviplugins.com Login Widget With Shortcode login-sidebar-widget allows Phishing.This issue affects Login Widget With Shortcode: from n/a through <= 6.1.2. |
2026-04-01T16:20:52.380 |
https://cve.circl.lu/cve/CVE-2024-54255 |
| CVE-2025-28896 |
N/A |
Phishing |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akshar Soft Solutions AS English Admin as-english-admin allows Phishing.This issue affects AS English Admin: from n/a through <= 1.0.0. |
2026-04-01T17:19:40.790 |
https://cve.circl.lu/cve/CVE-2025-28896 |
| CVE-2025-30781 |
N/A |
Phishing |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPFactory Scheduled & Automatic Order Status Controller for WooCommerce order-status-rules-for-woocommerce allows Phishing.This issue affects Scheduled & Automatic Order Status Controller for WooCommerce: from n/a through <= 3.7.1. |
2026-04-01T17:20:15.660 |
https://cve.circl.lu/cve/CVE-2025-30781 |
| CVE-2025-30795 |
N/A |
Phishing |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Aman FunnelKit Automations wp-marketing-automations allows Phishing.This issue affects FunnelKit Automations: from n/a through <= 3.5.1. |
2026-04-01T17:20:17.513 |
https://cve.circl.lu/cve/CVE-2025-30795 |
| CVE-2026-33711 |
5.9 |
QEMU |
Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API relies on the use of a temporary file for QEMU to write the screenshot to which is then picked up and sent to the user prior to deletion. As versions prior to 6.23.0 use predictable paths under /tmp for this, an attacker with local access to the system can abuse this mechanism by creating their own symlinks ahead of time. On the vast majority of Linux systems, this will result in a "Permission denied" error when requesting a screenshot. That's because the Linux kernel has a security feature designed to block such attacks, `protected_symlinks`. On the rare systems with this purposefully disabled, it's then possible to trick Incus intro truncating and altering the mode and permissions of arbitrary files on the filesystem, leading to a potential denial of service or possible local privilege escalation. Version 6.23.0 fixes the issue. |
2026-03-30T18:51:41.500 |
https://cve.circl.lu/cve/CVE-2026-33711 |
| CVE-2026-23406 |
N/A |
QEMU |
In the Linux kernel, the following vulnerability has been resolved:apparmor: fix side-effect bug in match_char() macro usageThe match_char() macro evaluates its character parameter multipletimes when traversing differential encoding chains. When invokedwith *str++, the string pointer advances on each iteration of theinner do-while loop, causing the DFA to check different charactersat each iteration and therefore skip input characters.This results in out-of-bounds reads when the pointer advances pastthe input buffer boundary.[ 94.984676] ==================================================================[ 94.985301] BUG: KASAN: slab-out-of-bounds in aa_dfa_match+0x5ae/0x760[ 94.985655] Read of size 1 at addr ffff888100342000 by task file/976[ 94.986319] CPU: 7 UID: 1000 PID: 976 Comm: file Not tainted 6.19.0-rc7-next-20260127 #1 PREEMPT(lazy)[ 94.986322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014[ 94.986329] Call Trace:[ 94.986341] <TASK>[ 94.986347] dump_stack_lvl+0x5e/0x80[ 94.986374] print_report+0xc8/0x270[ 94.986384] ? aa_dfa_match+0x5ae/0x760[ 94.986388] kasan_report+0x118/0x150[ 94.986401] ? aa_dfa_match+0x5ae/0x760[ 94.986405] aa_dfa_match+0x5ae/0x760[ 94.986408] __aa_path_perm+0x131/0x400[ 94.986418] aa_path_perm+0x219/0x2f0[ 94.986424] apparmor_file_open+0x345/0x570[ 94.986431] security_file_open+0x5c/0x140[ 94.986442] do_dentry_open+0x2f6/0x1120[ 94.986450] vfs_open+0x38/0x2b0[ 94.986453] ? may_open+0x1e2/0x2b0[ 94.986466] path_openat+0x231b/0x2b30[ 94.986469] ? __x64_sys_openat+0xf8/0x130[ 94.986477] do_file_open+0x19d/0x360[ 94.986487] do_sys_openat2+0x98/0x100[ 94.986491] __x64_sys_openat+0xf8/0x130[ 94.986499] do_syscall_64+0x8e/0x660[ 94.986515] ? count_memcg_events+0x15f/0x3c0[ 94.986526] ? srso_alias_return_thunk+0x5/0xfbef5[ 94.986540] ? handle_mm_fault+0x1639/0x1ef0[ 94.986551] ? vma_start_read+0xf0/0x320[ 94.986558] ? srso_alias_return_thunk+0x5/0xfbef5[ 94.986561] ? srso_alias_return_thunk+0x5/0xfbef5[ 94.986563] ? fpregs_assert_state_consistent+0x50/0xe0[ 94.986572] ? srso_alias_return_thunk+0x5/0xfbef5[ 94.986574] ? arch_exit_to_user_mode_prepare+0x9/0xb0[ 94.986587] ? srso_alias_return_thunk+0x5/0xfbef5[ 94.986588] ? irqentry_exit+0x3c/0x590[ 94.986595] entry_SYSCALL_64_after_hwframe+0x76/0x7e[ 94.986597] RIP: 0033:0x7fda4a79c3eaFix by extracting the character value before invoking match_char,ensuring single evaluation per outer loop. |
2026-04-01T14:23:37.727 |
https://cve.circl.lu/cve/CVE-2026-23406 |
| CVE-2026-23407 |
N/A |
QEMU |
In the Linux kernel, the following vulnerability has been resolved:apparmor: fix missing bounds check on DEFAULT table in verify_dfa()The verify_dfa() function only checks DEFAULT_TABLE bounds when the stateis not differentially encoded.When the verification loop traverses the differential encoding chain,it reads k = DEFAULT_TABLE[j] and uses k as an array index withoutvalidation. A malformed DFA with DEFAULT_TABLE[j] >= state_count,therefore, causes both out-of-bounds reads and writes.[ 57.179855] ==================================================================[ 57.180549] BUG: KASAN: slab-out-of-bounds in verify_dfa+0x59a/0x660[ 57.180904] Read of size 4 at addr ffff888100eadec4 by task su/993[ 57.181554] CPU: 1 UID: 0 PID: 993 Comm: su Not tainted 6.19.0-rc7-next-20260127 #1 PREEMPT(lazy)[ 57.181558] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014[ 57.181563] Call Trace:[ 57.181572] <TASK>[ 57.181577] dump_stack_lvl+0x5e/0x80[ 57.181596] print_report+0xc8/0x270[ 57.181605] ? verify_dfa+0x59a/0x660[ 57.181608] kasan_report+0x118/0x150[ 57.181620] ? verify_dfa+0x59a/0x660[ 57.181623] verify_dfa+0x59a/0x660[ 57.181627] aa_dfa_unpack+0x1610/0x1740[ 57.181629] ? __kmalloc_cache_noprof+0x1d0/0x470[ 57.181640] unpack_pdb+0x86d/0x46b0[ 57.181647] ? srso_alias_return_thunk+0x5/0xfbef5[ 57.181653] ? srso_alias_return_thunk+0x5/0xfbef5[ 57.181656] ? aa_unpack_nameX+0x1a8/0x300[ 57.181659] aa_unpack+0x20b0/0x4c30[ 57.181662] ? srso_alias_return_thunk+0x5/0xfbef5[ 57.181664] ? stack_depot_save_flags+0x33/0x700[ 57.181681] ? kasan_save_track+0x4f/0x80[ 57.181683] ? kasan_save_track+0x3e/0x80[ 57.181686] ? __kasan_kmalloc+0x93/0xb0[ 57.181688] ? __kvmalloc_node_noprof+0x44a/0x780[ 57.181693] ? aa_simple_write_to_buffer+0x54/0x130[ 57.181697] ? policy_update+0x154/0x330[ 57.181704] aa_replace_profiles+0x15a/0x1dd0[ 57.181707] ? srso_alias_return_thunk+0x5/0xfbef5[ 57.181710] ? __kvmalloc_node_noprof+0x44a/0x780[ 57.181712] ? aa_loaddata_alloc+0x77/0x140[ 57.181715] ? srso_alias_return_thunk+0x5/0xfbef5[ 57.181717] ? _copy_from_user+0x2a/0x70[ 57.181730] policy_update+0x17a/0x330[ 57.181733] profile_replace+0x153/0x1a0[ 57.181735] ? rw_verify_area+0x93/0x2d0[ 57.181740] vfs_write+0x235/0xab0[ 57.181745] ksys_write+0xb0/0x170[ 57.181748] do_syscall_64+0x8e/0x660[ 57.181762] entry_SYSCALL_64_after_hwframe+0x76/0x7e[ 57.181765] RIP: 0033:0x7f6192792eb2Remove the MATCH_FLAG_DIFF_ENCODE condition to validate all DEFAULT_TABLEentries unconditionally. |
2026-04-01T14:23:37.727 |
https://cve.circl.lu/cve/CVE-2026-23407 |
| CVE-2024-52395 |
N/A |
Quantum |
Missing Authorization vulnerability in QuantumCloud Floating Buttons for WooCommerce shop-assistant-for-woocommerce-jarvis allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Floating Buttons for WooCommerce: from n/a through <= 2.8.8. |
2026-04-01T16:20:13.850 |
https://cve.circl.lu/cve/CVE-2024-52395 |
| CVE-2024-56238 |
N/A |
Quantum |
Missing Authorization vulnerability in QuantumCloud Floating Action Buttons floating-action-buttons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Floating Action Buttons: from n/a through <= 0.9.1. |
2026-04-01T16:21:45.517 |
https://cve.circl.lu/cve/CVE-2024-56238 |
| CVE-2024-56297 |
N/A |
Quantum |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud Highlight highlight allows Stored XSS.This issue affects Highlight: from n/a through <= 2.0.2. |
2026-04-01T16:21:54.683 |
https://cve.circl.lu/cve/CVE-2024-56297 |
| CVE-2025-22813 |
N/A |
Quantum |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud Conversational Forms for ChatBot conversational-forms allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through <= 1.4.2. |
2026-04-01T16:23:03.867 |
https://cve.circl.lu/cve/CVE-2025-22813 |
| CVE-2025-26932 |
N/A |
Quantum |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QuantumCloud ChatBot chatbot allows PHP Local File Inclusion.This issue affects ChatBot: from n/a through <= 6.3.5. |
2026-04-01T17:19:11.563 |
https://cve.circl.lu/cve/CVE-2025-26932 |
| CVE-2025-23542 |
N/A |
RDP |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert D Payne RDP Linkedin Login rdp-linkedin-login allows Reflected XSS.This issue affects RDP Linkedin Login: from n/a through <= 1.7.0. |
2026-04-01T16:23:22.993 |
https://cve.circl.lu/cve/CVE-2025-23542 |
| CVE-2025-23546 |
N/A |
RDP |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert D Payne RDP inGroups+ rdp-ingroups allows Reflected XSS.This issue affects RDP inGroups+: from n/a through <= 1.0.6. |
2026-04-01T16:23:23.510 |
https://cve.circl.lu/cve/CVE-2025-23546 |
| CVE-2025-32262 |
N/A |
RDP |
Cross-Site Request Forgery (CSRF) vulnerability in Robert D Payne RDP Wiki Embed rdp-wiki-embed allows Cross Site Request Forgery.This issue affects RDP Wiki Embed: from n/a through <= 1.2.20. |
2026-04-01T17:22:16.463 |
https://cve.circl.lu/cve/CVE-2025-32262 |
| CVE-2026-33952 |
3.6 |
RDP |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated auth_length field read from the network triggers a WINPR_ASSERT() failure in rts_read_auth_verifier_no_checks(), causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABRT. This is a pre-authentication denial of service affecting all FreeRDP clients using RPC-over-HTTP gateway transport. The assertion is active in default release builds (WITH_VERBOSE_WINPR_ASSERT=ON). This issue has been patched in version 3.24.2. |
2026-04-01T20:06:42.653 |
https://cve.circl.lu/cve/CVE-2026-33952 |
| CVE-2026-33977 |
3.6 |
RDP |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value (>= 89). The unvalidated step index is read directly from the network and used to index into a 89-entry lookup table, triggering a WINPR_ASSERT() failure and process abort via SIGABRT. This affects any FreeRDP client that has audio redirection (RDPSND) enabled, which is the default configuration. This issue has been patched in version 3.24.2. |
2026-04-01T20:05:49.837 |
https://cve.circl.lu/cve/CVE-2026-33977 |
| CVE-2026-0980 |
5.5 |
Red Hat |
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system. |
2026-03-27T00:16:21.087 |
https://cve.circl.lu/cve/CVE-2026-0980 |
| CVE-2026-21533 |
5.9 |
Remote Desktop |
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. |
2026-03-30T13:27:43.870 |
https://cve.circl.lu/cve/CVE-2026-21533 |
| CVE-2026-33955 |
6.0 |
Remote Desktop |
Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross-site scripting vulnerability stored in the note history comparison viewer can escalate to remote code execution in a desktop application. The issue is triggered when an attacker-controlled note header is displayed using `dangerouslySetInnerHTML` without secure handling. When combined with the full backup and restore feature in the desktop application, this becomes remote code execution because Electron is configured with `nodeIntegration: true` and `contextIsolation: false`. Version 3.3.11 patches the issue. |
2026-03-31T18:22:14.193 |
https://cve.circl.lu/cve/CVE-2026-33955 |
| CVE-2026-33976 |
6.0 |
Remote Desktop |
Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the source page’s root element and stores them inside web-clip HTML. When the clip is later opened, Notesnook renders that HTML into a same-origin, unsandboxed iframe using `contentDocument.write(...)`. Event-handler attributes such as `onload`, `onclick`, or `onmouseover` execute in the Notesnook origin. In the desktop app, this becomes RCE because Electron is configured with `nodeIntegration: true` and `contextIsolation: false`. Version 3.3.11 Web/Desktop and 3.3.17 on Android/iOS patch the issue. |
2026-03-31T18:21:36.440 |
https://cve.circl.lu/cve/CVE-2026-33976 |
| CVE-2026-21668 |
5.9 |
Repository |
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository. |
2026-03-31T13:17:28.180 |
https://cve.circl.lu/cve/CVE-2026-21668 |
| CVE-2026-33724 |
5.2 |
Repository |
n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server could intercept the connection and present a fraudulent host key, potentially injecting malicious content into workflows or intercepting repository data. This issue only affects instances where the Source Control feature has been explicitly enabled and configured to use SSH (non-default). The issue has been fixed in n8n version 2.5.0. Users should upgrade to this version or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Disable the Source Control feature if it is not actively required, and/or restrict network access to ensure the n8n instance communicates with the Git server only over trusted, controlled network paths. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures. |
2026-03-27T19:32:03.647 |
https://cve.circl.lu/cve/CVE-2026-33724 |
| CVE-2026-33941 |
6.0 |
Repository |
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler.js`) concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it emits, without any escaping or sanitization. An attacker who can influence template filenames or CLI arguments can inject arbitrary JavaScript that executes when the generated bundle is loaded in Node.js or a browser. Version 4.7.9 fixes the issue. Some workarounds are available. First, validate all CLI inputs before invoking the precompiler. Reject filenames and option values that contain characters with JavaScript string-escaping significance (`"`, `'`, `;`, etc.). Second, use a fixed, trusted namespace string passed via a configuration file rather than command-line arguments in automated pipelines. Third, run the precompiler in a sandboxed environment (container with no write access to sensitive paths) to limit the impact of successful exploitation. Fourth, audit template filenames in any repository or package that is consumed by an automated build pipeline. |
2026-03-31T17:53:18.770 |
https://cve.circl.lu/cve/CVE-2026-33941 |
| CVE-2024-51778 |
N/A |
Repo |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tevya Satisfaction Reports from Help Scout happiness-reports-for-help-scout allows Reflected XSS.This issue affects Satisfaction Reports from Help Scout: from n/a through <= 2.0.3. |
2026-04-01T16:19:43.257 |
https://cve.circl.lu/cve/CVE-2024-51778 |
| CVE-2024-38691 |
N/A |
Repo |
Cross-Site Request Forgery (CSRF) vulnerability in Metorik Metorik – Reports & Email Automation for WooCommerce metorik-helper allows Cross Site Request Forgery.This issue affects Metorik – Reports & Email Automation for WooCommerce: from n/a through <= 1.7.1. |
2026-04-01T16:17:33.917 |
https://cve.circl.lu/cve/CVE-2024-38691 |
| CVE-2025-23432 |
N/A |
Repo |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlTi5 AlT Report alt-report allows Reflected XSS.This issue affects AlT Report: from n/a through <= 1.12.0. |
2026-04-01T16:23:07.340 |
https://cve.circl.lu/cve/CVE-2025-23432 |
| CVE-2025-49256 |
N/A |
SAP |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Sapa sapa allows PHP Local File Inclusion.This issue affects Sapa: from n/a through <= 1.1.14. |
2026-04-01T17:24:55.647 |
https://cve.circl.lu/cve/CVE-2025-49256 |
| CVE-2025-53462 |
N/A |
SAP |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SAPO SAPO Feed sapo-feed allows Stored XSS.This issue affects SAPO Feed: from n/a through <= 2.4.2. |
2026-04-01T17:26:08.090 |
https://cve.circl.lu/cve/CVE-2025-53462 |
| CVE-2022-29650 |
5.9 |
SQL |
Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php. |
2026-03-30T18:15:59.940 |
https://cve.circl.lu/cve/CVE-2022-29650 |
| CVE-2022-34132 |
5.9 |
SQL |
Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php. |
2026-03-30T19:05:19.070 |
https://cve.circl.lu/cve/CVE-2022-34132 |
| CVE-2022-36759 |
5.9 |
SQL |
Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=. |
2026-03-30T18:15:59.940 |
https://cve.circl.lu/cve/CVE-2022-36759 |
| CVE-2023-0256 |
3.4 |
SQL |
A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /fos/admin/ajax.php?action=login of the component Login Page. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-218184. |
2026-03-30T18:15:59.940 |
https://cve.circl.lu/cve/CVE-2023-0256 |
| CVE-2024-44020 |
5.9 |
SSL |
Missing Authorization vulnerability in prasadkirpekar WP Free SSL – Free SSL Certificate for WordPress and force HTTPS wp-free-ssl.This issue affects WP Free SSL – Free SSL Certificate for WordPress and force HTTPS: from n/a through <= 1.2.7. |
2026-04-01T16:17:52.177 |
https://cve.circl.lu/cve/CVE-2024-44020 |
| CVE-2024-56220 |
N/A |
SSL |
Incorrect Privilege Assignment vulnerability in sslplugins SSL Wireless SMS Notification ssl-wireless-sms-notification allows Privilege Escalation.This issue affects SSL Wireless SMS Notification: from n/a through <= 3.6.0. |
2026-04-01T16:21:42.190 |
https://cve.circl.lu/cve/CVE-2024-56220 |
| CVE-2024-56284 |
N/A |
SSL |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sslplugins SSL Wireless SMS Notification ssl-wireless-sms-notification allows SQL Injection.This issue affects SSL Wireless SMS Notification: from n/a through <= 3.5.0. |
2026-04-01T16:21:51.977 |
https://cve.circl.lu/cve/CVE-2024-56284 |
| CVE-2025-24623 |
N/A |
SSL |
Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Cross Site Request Forgery.This issue affects Really Simple SSL: from n/a through <= 9.1.4. |
2026-04-01T17:17:55.810 |
https://cve.circl.lu/cve/CVE-2025-24623 |
| CVE-2026-1531 |
5.2 |
SSL |
A flaw was found in foreman_kubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and OpenShift, to perform a Man-in-the-Middle (MITM) attack. Such an attack could lead to the disclosure or alteration of sensitive information. |
2026-03-27T00:16:21.530 |
https://cve.circl.lu/cve/CVE-2026-1531 |
| CVE-2025-30978 |
N/A |
Slack |
Missing Authorization vulnerability in Dor Zuberi Slack Notifications by dorzki dorzki-notifications-to-slack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slack Notifications by dorzki: from n/a through <= 2.0.7. |
2026-04-01T17:20:44.797 |
https://cve.circl.lu/cve/CVE-2025-30978 |
| CVE-2026-34219 |
N/A |
Slack |
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled, near-maximum backoff value, the value is accepted and stored as an Instant near the representable upper bound. On a later heartbeat, the implementation performs unchecked Instant + Duration arithmetic (backoff_time + slack), which can overflow and panic with: overflow when adding duration to instant. This issue is reachable from any Gossipsub peer over normal TCP + Noise + mplex/yamux connectivity and requires no further authentication beyond becoming a protocol peer. This issue has been patched in version 0.49.4. |
2026-04-01T14:24:02.583 |
https://cve.circl.lu/cve/CVE-2026-34219 |
| CVE-2026-28297 |
5.2 |
Solarwinds |
SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution. |
2026-03-31T14:14:02.453 |
https://cve.circl.lu/cve/CVE-2026-28297 |
| CVE-2026-28298 |
5.2 |
Solarwinds |
SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution. |
2026-03-31T14:14:55.273 |
https://cve.circl.lu/cve/CVE-2026-28298 |
| CVE-2026-3991 |
5.9 |
Symantec |
Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. |
2026-04-01T14:24:21.833 |
https://cve.circl.lu/cve/CVE-2026-3991 |
| CVE-2018-25225 |
5.9 |
SIP |
SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting the return address and executing arbitrary code through return-oriented programming gadgets. |
2026-03-30T13:26:07.647 |
https://cve.circl.lu/cve/CVE-2018-25225 |
| CVE-2026-21670 |
4.0 |
SSH |
A vulnerability allowing a low-privileged user to extract saved SSH credentials. |
2026-03-31T00:45:56.800 |
https://cve.circl.lu/cve/CVE-2026-21670 |
| CVE-2026-30932 |
5.9 |
SSH |
Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint (accessible to customers with DNS enabled) does not validate the content field for several DNS record types (LOC, RP, SSHFP, TLSA). An attacker can inject newlines and BIND zone file directives (e.g. $INCLUDE) into the zone file that gets written to disk when the DNS rebuild cron job runs. This issue has been patched in version 2.3.5. |
2026-03-26T12:17:21.523 |
https://cve.circl.lu/cve/CVE-2026-30932 |
| CVE-2026-32846 |
3.6 |
SSH |
OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath() and isValidMedia() functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to reference files outside the intended application sandbox, resulting in disclosure of sensitive information including system files, environment files, and SSH keys. |
2026-03-31T21:40:05.587 |
https://cve.circl.lu/cve/CVE-2026-32846 |
| CVE-2024-7341 |
5.9 |
SES |
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation. |
2026-03-27T00:16:19.880 |
https://cve.circl.lu/cve/CVE-2024-7341 |
| CVE-2024-49681 |
N/A |
SES |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows SQL Injection.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through <= 1.0.9. |
2026-04-01T16:18:56.233 |
https://cve.circl.lu/cve/CVE-2024-49681 |
| CVE-2025-24718 |
N/A |
SES |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Reflected XSS.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through <= 1.1.1. |
2026-04-01T17:18:09.067 |
https://cve.circl.lu/cve/CVE-2025-24718 |
| CVE-2023-52975 |
5.9 |
SES |
In the Linux kernel, the following vulnerability has been resolved:scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddressBug report and analysis from Ding Hui.During iSCSI session logout, if another task accesses the shost ipaddressattr, we can get a KASAN UAF report like this:[ 276.942144] BUG: KASAN: use-after-free in _raw_spin_lock_bh+0x78/0xe0[ 276.942535] Write of size 4 at addr ffff8881053b45b8 by task cat/4088[ 276.943511] CPU: 2 PID: 4088 Comm: cat Tainted: G E 6.1.0-rc8+ #3[ 276.943997] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020[ 276.944470] Call Trace:[ 276.944943] <TASK>[ 276.945397] dump_stack_lvl+0x34/0x48[ 276.945887] print_address_description.constprop.0+0x86/0x1e7[ 276.946421] print_report+0x36/0x4f[ 276.947358] kasan_report+0xad/0x130[ 276.948234] kasan_check_range+0x35/0x1c0[ 276.948674] _raw_spin_lock_bh+0x78/0xe0[ 276.949989] iscsi_sw_tcp_host_get_param+0xad/0x2e0 [iscsi_tcp][ 276.951765] show_host_param_ISCSI_HOST_PARAM_IPADDRESS+0xe9/0x130 [scsi_transport_iscsi][ 276.952185] dev_attr_show+0x3f/0x80[ 276.953005] sysfs_kf_seq_show+0x1fb/0x3e0[ 276.953401] seq_read_iter+0x402/0x1020[ 276.954260] vfs_read+0x532/0x7b0[ 276.955113] ksys_read+0xed/0x1c0[ 276.955952] do_syscall_64+0x38/0x90[ 276.956347] entry_SYSCALL_64_after_hwframe+0x63/0xcd[ 276.956769] RIP: 0033:0x7f5d3a679222[ 276.957161] Code: c0 e9 b2 fe ff ff 50 48 8d 3d 32 c0 0b 00 e8 a5 fe 01 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24[ 276.958009] RSP: 002b:00007ffc864d16a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000[ 276.958431] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007f5d3a679222[ 276.958857] RDX: 0000000000020000 RSI: 00007f5d3a4fe000 RDI: 0000000000000003[ 276.959281] RBP: 00007f5d3a4fe000 R08: 00000000ffffffff R09: 0000000000000000[ 276.959682] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000020000[ 276.960126] R13: 0000000000000003 R14: 0000000000000000 R15: 0000557a26dada58[ 276.960536] </TASK>[ 276.961357] Allocated by task 2209:[ 276.961756] kasan_save_stack+0x1e/0x40[ 276.962170] kasan_set_track+0x21/0x30[ 276.962557] __kasan_kmalloc+0x7e/0x90[ 276.962923] __kmalloc+0x5b/0x140[ 276.963308] iscsi_alloc_session+0x28/0x840 [scsi_transport_iscsi][ 276.963712] iscsi_session_setup+0xda/0xba0 [libiscsi][ 276.964078] iscsi_sw_tcp_session_create+0x1fd/0x330 [iscsi_tcp][ 276.964431] iscsi_if_create_session.isra.0+0x50/0x260 [scsi_transport_iscsi][ 276.964793] iscsi_if_recv_msg+0xc5a/0x2660 [scsi_transport_iscsi][ 276.965153] iscsi_if_rx+0x198/0x4b0 [scsi_transport_iscsi][ 276.965546] netlink_unicast+0x4d5/0x7b0[ 276.965905] netlink_sendmsg+0x78d/0xc30[ 276.966236] sock_sendmsg+0xe5/0x120[ 276.966576] ____sys_sendmsg+0x5fe/0x860[ 276.966923] ___sys_sendmsg+0xe0/0x170[ 276.967300] __sys_sendmsg+0xc8/0x170[ 276.967666] do_syscall_64+0x38/0x90[ 276.968028] entry_SYSCALL_64_after_hwframe+0x63/0xcd[ 276.968773] Freed by task 2209:[ 276.969111] kasan_save_stack+0x1e/0x40[ 276.969449] kasan_set_track+0x21/0x30[ 276.969789] kasan_save_free_info+0x2a/0x50[ 276.970146] __kasan_slab_free+0x106/0x190[ 276.970470] __kmem_cache_free+0x133/0x270[ 276.970816] device_release+0x98/0x210[ 276.971145] kobject_cleanup+0x101/0x360[ 276.971462] iscsi_session_teardown+0x3fb/0x530 [libiscsi][ 276.971775] iscsi_sw_tcp_session_destroy+0xd8/0x130 [iscsi_tcp][ 276.972143] iscsi_if_recv_msg+0x1bf1/0x2660 [scsi_transport_iscsi][ 276.972485] iscsi_if_rx+0x198/0x4b0 [scsi_transport_iscsi][ 276.972808] netlink_unicast+0x4d5/0x7b0[ 276.973201] netlink_sendmsg+0x78d/0xc30[ 276.973544] sock_sendmsg+0xe5/0x120[ 276.973864] ____sys_sendmsg+0x5fe/0x860[ 276.974248] ___sys_---truncated--- |
2026-04-01T18:09:42.027 |
https://cve.circl.lu/cve/CVE-2023-52975 |
| CVE-2025-32612 |
N/A |
SES |
Cross-Site Request Forgery (CSRF) vulnerability in rafasashi User Session Synchronizer user-session-synchronizer allows Stored XSS.This issue affects User Session Synchronizer: from n/a through <= 1.4.0. |
2026-04-01T17:22:40.970 |
https://cve.circl.lu/cve/CVE-2025-32612 |
| CVE-2025-70029 |
3.6 |
TLS |
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options |
2026-04-01T15:29:33.850 |
https://cve.circl.lu/cve/CVE-2025-70029 |
| CVE-2025-9293 |
5.9 |
TLS |
A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data. |
2026-04-01T20:49:52.653 |
https://cve.circl.lu/cve/CVE-2025-9293 |
| CVE-2026-4396 |
5.9 |
TLS |
Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification. |
2026-03-30T15:09:31.033 |
https://cve.circl.lu/cve/CVE-2026-4396 |
| CVE-2026-3230 |
1.4 |
TLS |
Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does not affect the client's authentication of the server during TLS handshakes. |
2026-03-26T18:33:37.110 |
https://cve.circl.lu/cve/CVE-2026-3230 |
| CVE-2026-3549 |
5.9 |
TLS |
Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving. |
2026-03-26T18:21:41.360 |
https://cve.circl.lu/cve/CVE-2026-3549 |
| CVE-2026-4902 |
5.9 |
Tenda |
A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. |
2026-03-31T01:36:18.920 |
https://cve.circl.lu/cve/CVE-2026-4902 |
| CVE-2026-4903 |
5.9 |
Tenda |
A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. |
2026-03-31T21:08:06.830 |
https://cve.circl.lu/cve/CVE-2026-4903 |
| CVE-2026-4904 |
5.9 |
Tenda |
A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. Such manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
2026-03-31T20:59:41.853 |
https://cve.circl.lu/cve/CVE-2026-4904 |
| CVE-2026-4905 |
5.9 |
Tenda |
A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. |
2026-03-31T20:59:33.200 |
https://cve.circl.lu/cve/CVE-2026-4905 |
| CVE-2026-4906 |
5.9 |
Tenda |
A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. |
2026-03-31T20:58:38.367 |
https://cve.circl.lu/cve/CVE-2026-4906 |
| CVE-2024-51868 |
N/A |
TAP |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tapan Kumer Das DuoGeek Blocks duogeek-blocks allows Stored XSS.This issue affects DuoGeek Blocks: from n/a through 0.1.1. |
2026-04-01T16:19:57.200 |
https://cve.circl.lu/cve/CVE-2024-51868 |
| CVE-2025-32622 |
N/A |
TAP |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTP-less OTP-less one tap Sign in otpless allows Reflected XSS.This issue affects OTP-less one tap Sign in: from n/a through <= 2.0.58. |
2026-04-01T17:22:42.827 |
https://cve.circl.lu/cve/CVE-2025-32622 |
| CVE-2025-58689 |
N/A |
TAP |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tapfiliate Tapfiliate tapfiliate allows Stored XSS.This issue affects Tapfiliate: from n/a through <= 3.2.2. |
2026-04-01T17:27:20.247 |
https://cve.circl.lu/cve/CVE-2025-58689 |
| CVE-2026-1961 |
5.9 |
VNC |
A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure. |
2026-03-27T17:16:27.193 |
https://cve.circl.lu/cve/CVE-2026-1961 |
| CVE-2026-30975 |
5.2 |
VPN |
Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 have an authentication bypass that affected users that had disabled authentication for local addresses (Authentication Required set to: `Disabled for Local Addresses`) without a reverse proxy running in front of Sonarr that didn't not pass through the invalid header. Patches are available in version 4.0.16.2942 in the nightly/develop branch and version 4.0.16.2944 for stable/main releases. Some workarounds are available. Make sure Sonarr's Authentication Required setting is set to `Enabled`, run Sonarr behind a reverse proxy, and/or do not expose Sonarr directly to the internet and instead rely on accessing it through a VPN, Tailscale or a similar solution. |
2026-03-30T16:55:47.733 |
https://cve.circl.lu/cve/CVE-2026-30975 |
| CVE-2026-30976 |
4.0 |
VPN |
Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files (containing API keys and database credentials), Windows system files, and any user-accessible files on the same drive This issue only impacts Windows systems; macOS and Linux are unaffected. Files returned from the API were not limited to the directory on disk they were intended to be served from. This problem has been patched in 4.0.17.2950 in the nightly/develop branch or 4.0.17.2952 for stable/main releases. It's possible to work around the issue by only hosting Sonarr on a secure internal network and accessing it via VPN, Tailscale or similar solution outside that network. |
2026-03-30T16:54:37.450 |
https://cve.circl.lu/cve/CVE-2026-30976 |
| CVE-2026-26352 |
2.7 |
VPN |
Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPN_IP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes when the affected page is viewed by other users. |
2026-04-01T14:24:21.833 |
https://cve.circl.lu/cve/CVE-2026-26352 |
| CVE-2026-34060 |
N/A |
VS Code |
Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a user opens a project containing a malicious .vscode/settings.json. This issue has been patched in Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9. |
2026-04-01T14:24:02.583 |
https://cve.circl.lu/cve/CVE-2026-34060 |
| CVE-2026-32925 |
5.9 |
VS Code |
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom. Opening a crafted V7 file may lead to arbitrary code execution on the affected product. |
2026-04-01T23:17:02.783 |
https://cve.circl.lu/cve/CVE-2026-32925 |
| CVE-2026-32928 |
5.9 |
VS Code |
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product. |
2026-04-01T23:17:03.267 |
https://cve.circl.lu/cve/CVE-2026-32928 |
| CVE-2024-54366 |
N/A |
Vim |
Generation of Error Message Containing Sensitive Information vulnerability in videogallery Vimeography vimeography allows Retrieve Embedded Sensitive Data.This issue affects Vimeography: from n/a through <= 2.4.4. |
2026-04-01T16:21:09.300 |
https://cve.circl.lu/cve/CVE-2024-54366 |
| CVE-2025-23467 |
N/A |
Vim |
Cross-Site Request Forgery (CSRF) vulnerability in vimal.ghorecha RSS News Scroller rss-news-scroller allows Stored XSS.This issue affects RSS News Scroller: from n/a through <= 2.0.0. |
2026-04-01T16:23:12.710 |
https://cve.circl.lu/cve/CVE-2025-23467 |
| CVE-2025-30806 |
N/A |
Vim |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Constantin Boiangiu Vimeotheque codeflavors-vimeo-video-post-lite allows SQL Injection.This issue affects Vimeotheque: from n/a through <= 2.3.4.2. |
2026-04-01T17:20:18.967 |
https://cve.circl.lu/cve/CVE-2025-30806 |
| CVE-2025-31563 |
N/A |
Vim |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vimal Kava AI Search Bar open-ai-search-bar allows Stored XSS.This issue affects AI Search Bar: from n/a through <= 2.1. |
2026-04-01T17:21:19.450 |
https://cve.circl.lu/cve/CVE-2025-31563 |
| CVE-2025-32534 |
N/A |
Vim |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Workbox Workbox Video from Vimeo & Youtube workbox-video-from-vimeo-youtube-plugin allows Reflected XSS.This issue affects Workbox Video from Vimeo & Youtube: from n/a through <= 3.2.2. |
2026-04-01T17:22:30.790 |
https://cve.circl.lu/cve/CVE-2025-32534 |
| CVE-2026-33542 |
2.5 |
Virtual Machine |
Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker controlled images rather than the expected one. Version 6.23.0 patches the issue. |
2026-03-30T18:48:50.393 |
https://cve.circl.lu/cve/CVE-2026-33542 |
| CVE-2026-33743 |
3.6 |
Virtual Machine |
Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a denial of service of the control plane API. This does not impact any running workload, existing containers and virtual machines will keep operating. Version 6.23.0 fixes the issue. |
2026-03-30T18:54:51.560 |
https://cve.circl.lu/cve/CVE-2026-33743 |
| CVE-2026-33897 |
6.0 |
Virtual Machine |
Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to template files inside of the instance. This particular implementation of pongo2 within Incus allowed for file read/write but with the expectation that the pongo2 chroot feature would isolate all such access to the instance's filesystem. This was allowed such that a template could theoretically read a file and then generate a new version of said file. Unfortunately the chroot isolation mechanism is entirely skipped by pongo2 leading to easy access to the entire system's filesystem with root privileges. Version 6.23.0 patches the issue. |
2026-03-30T18:55:33.887 |
https://cve.circl.lu/cve/CVE-2026-33897 |
| CVE-2026-33898 |
5.9 |
Virtual Machine |
Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by `incus webui` incorrectly validates the authentication token such that an invalid value will be accepted. `incus webui` runs a local web server on a random localhost port. For authentication, it provides the user with a URL containing an authentication token. When accessed with that token, Incus creates a cookie persisting that token without needing to include it in subsequent HTTP requests. While the Incus client correctly validates the value of the cookie, it does not correctly validate the token when passed int the URL.This allows for an attacker able to locate and talk to the temporary web server on localhost to have as much access to Incus as the user who ran `incus webui`. This can lead to privilege escalation by another local user or an access to the user's Incus instances and possibly system resources by a remote attack able to trick the local user into interacting with the Incus UI web server. Version 6.23.0 patches the issue. |
2026-04-01T16:09:31.703 |
https://cve.circl.lu/cve/CVE-2026-33898 |
| CVE-2025-32480 |
N/A |
Windows |
Cross-Site Request Forgery (CSRF) vulnerability in dalziel Windows Live Writer windows-live-writer allows Stored XSS.This issue affects Windows Live Writer: from n/a through <= 0.1. |
2026-04-01T17:22:23.063 |
https://cve.circl.lu/cve/CVE-2025-32480 |
| CVE-2025-59214 |
3.6 |
Windows |
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. |
2026-03-27T22:16:19.897 |
https://cve.circl.lu/cve/CVE-2025-59214 |
| CVE-2026-20872 |
3.6 |
Windows |
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. |
2026-03-27T21:17:01.907 |
https://cve.circl.lu/cve/CVE-2026-20872 |
| CVE-2024-29777 |
2.7 |
WordPress |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator.This issue affects Forminator: from n/a through <= 1.29.0. |
2026-04-01T16:16:52.543 |
https://cve.circl.lu/cve/CVE-2024-29777 |
| CVE-2024-34801 |
N/A |
WordPress |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mervin Praison Praison SEO WordPress seo-wordpress allows DOM-Based XSS.This issue affects Praison SEO WordPress: from n/a through <= 4.0.15. |
2026-04-01T16:17:12.870 |
https://cve.circl.lu/cve/CVE-2024-34801 |
| CVE-2024-32792 |
1.4 |
WordPress |
Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hummingbird hummingbird-performance.This issue affects Hummingbird: from n/a through <= 3.7.3. |
2026-04-01T16:17:06.820 |
https://cve.circl.lu/cve/CVE-2024-32792 |
| CVE-2024-37430 |
N/A |
WordPress |
Authentication Bypass by Spoofing vulnerability in patreon Patreon WordPress patreon-connect.This issue affects Patreon WordPress: from n/a through <= 1.9.0. |
2026-04-01T16:17:25.680 |
https://cve.circl.lu/cve/CVE-2024-37430 |
| CVE-2026-34227 |
N/A |
WireGuard |
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected target data (e.g. SSH keys, ntds.dit) or destroying the entire compromised infrastructure, entirely through the operator's own browser. This issue has been patched in version 1.7.4. |
2026-04-01T14:24:02.583 |
https://cve.circl.lu/cve/CVE-2026-34227 |
| CVE-2024-48030 |
N/A |
Webex |
Deserialization of Untrusted Data vulnerability in Webextends Telecash Ricaricaweb telecash-ricaricaweb allows Object Injection.This issue affects Telecash Ricaricaweb: from n/a through <= 2.2. |
2026-04-01T16:18:22.213 |
https://cve.circl.lu/cve/CVE-2024-48030 |
| CVE-2026-31788 |
N/A |
Xen |
In the Linux kernel, the following vulnerability has been resolved:xen/privcmd: restrict usage in unprivileged domUThe Xen privcmd driver allows to issue arbitrary hypercalls fromuser space processes. This is normally no problem, as access isusually limited to root and the hypervisor will deny any hypercallsaffecting other domains.In case the guest is booted using secure boot, however, the privcmddriver would be enabling a root user process to modify e.g. kernelmemory contents, thus breaking the secure boot feature.The only known case where an unprivileged domU is really needing touse the privcmd driver is the case when it is acting as the devicemodel for another guest. In this case all hypercalls issued via theprivcmd driver will target that other guest.Fortunately the privcmd driver can already be locked down to allowonly hypercalls targeting a specific domain, but this mode can beactivated from user land only today.The target domain can be obtained from Xenstore, so when not runningin dom0 restrict the privcmd driver to that target domain from thebeginning, resolving the potential problem of breaking secure boot.This is XSA-482---V2:- defer reading from Xenstore if Xenstore isn't ready yet (Jan Beulich)- wait in open() if target domain isn't known yet- issue message in case no target domain found (Jan Beulich) |
2026-03-30T08:16:17.420 |
https://cve.circl.lu/cve/CVE-2026-31788 |
| CVE-2024-58342 |
3.4 |
Xen |
XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. The getDynamicRedirect() function does not adequately validate the redirect target, allowing attackers to redirect users to arbitrary external sites using crafted URLs containing newlines, user credentials, or host mismatches. |
2026-04-01T18:54:10.510 |
https://cve.circl.lu/cve/CVE-2024-58342 |
| CVE-2025-71278 |
5.9 |
Xen |
XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using OAuth2 clients on any version of XenForo 2.3 prior to 2.3.5, potentially allowing client applications to gain access beyond their intended authorization level. |
2026-04-01T18:51:48.267 |
https://cve.circl.lu/cve/CVE-2025-71278 |
| CVE-2025-71279 |
5.9 |
Xen |
XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey-based authentication. |
2026-04-01T18:57:17.270 |
https://cve.circl.lu/cve/CVE-2025-71279 |
| CVE-2025-71280 |
3.6 |
Xen |
XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where multiple users share a browser or machine, cached account pages could expose sensitive user information to other local users. |
2026-04-01T18:52:12.647 |
https://cve.circl.lu/cve/CVE-2025-71280 |
| CVE-2024-22289 |
2.7 |
XSS |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberNetikz Post views Stats post-views-stats allows DOM-Based XSS.This issue affects Post views Stats: from n/a through <= 1.4.1. |
2026-04-01T16:16:46.220 |
https://cve.circl.lu/cve/CVE-2024-22289 |
| CVE-2024-27193 |
2.7 |
XSS |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PayU India PayU India payu-india allows DOM-Based XSS.This issue affects PayU India: from n/a through <= 3.8.8. |
2026-04-01T16:16:48.983 |
https://cve.circl.lu/cve/CVE-2024-27193 |
| CVE-2023-45771 |
3.7 |
XSS |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contact Form With Captcha allows Reflected XSS.This issue affects Contact Form With Captcha: from n/a through 1.6.8. |
2026-03-27T20:55:56.677 |
https://cve.circl.lu/cve/CVE-2023-45771 |
| CVE-2024-30425 |
2.7 |
XSS |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows DOM-Based XSS.This issue affects Beaver Builder: from n/a through <= 2.7.4.4. |
2026-04-01T16:16:55.807 |
https://cve.circl.lu/cve/CVE-2024-30425 |
| CVE-2024-30428 |
2.7 |
XSS |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Reflected XSS.This issue affects Contest Gallery: from n/a through <= 24.0.3. |
2026-04-01T16:16:55.977 |
https://cve.circl.lu/cve/CVE-2024-30428 |
| CVE-2024-47633 |
N/A |
Zoho |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Zoho Forms zoho-forms allows Stored XSS.This issue affects Zoho Forms: from n/a through <= 4.0. |
2026-04-01T16:18:18.203 |
https://cve.circl.lu/cve/CVE-2024-47633 |
| CVE-2024-47334 |
N/A |
Zoho |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Flow Zoho Flow zoho-flow allows SQL Injection.This issue affects Zoho Flow: from n/a through <= 2.7.1. |
2026-04-01T16:18:06.680 |
https://cve.circl.lu/cve/CVE-2024-47334 |
| CVE-2025-31408 |
N/A |
Zoho |
Missing Authorization vulnerability in Zoho Flow Zoho Flow zoho-flow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho Flow: from n/a through <= 2.13.3. |
2026-04-01T17:21:02.800 |
https://cve.circl.lu/cve/CVE-2025-31408 |
| CVE-2025-47644 |
N/A |
Zoho |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in formsintegrations Integrations of Zoho CRM with Elementor form integrations-of-zoho-crm-with-elementor-form allows Phishing.This issue affects Integrations of Zoho CRM with Elementor form: from n/a through <= 1.0.8. |
2026-04-01T17:24:14.160 |
https://cve.circl.lu/cve/CVE-2025-47644 |
| CVE-2024-50556 |
N/A |
Zoom |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WorldMarkerter WM Zoom wm-zoom allows DOM-Based XSS.This issue affects WM Zoom: from n/a through <= 1.0. |
2026-04-01T16:19:20.533 |
https://cve.circl.lu/cve/CVE-2024-50556 |
| CVE-2025-47568 |
N/A |
Zoom |
Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds dzs-zoomsounds allows Object Injection.This issue affects ZoomSounds: from n/a through <= 6.91. |
2026-04-01T17:24:04.477 |
https://cve.circl.lu/cve/CVE-2025-47568 |
| CVE-2025-58863 |
N/A |
Zoom |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SdeWijs Zoomify embed for WP zoom-image-shortcode allows Stored XSS.This issue affects Zoomify embed for WP: from n/a through <= 1.5.2. |
2026-04-01T17:27:32.900 |
https://cve.circl.lu/cve/CVE-2025-58863 |
| CVE-2025-68056 |
6.0 |
Zoom |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LBG Zoominoutslider lbg_zoominoutslider allows SQL Injection.This issue affects LBG Zoominoutslider: from n/a through <= 5.4.4. |
2026-04-01T15:20:04.170 |
https://cve.circl.lu/cve/CVE-2025-68056 |
| CVE-2025-49049 |
5.9 |
Zoom |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZoomIt DZS Video Gallery dzs-videogallery allows SQL Injection.This issue affects DZS Video Gallery: from n/a through <= 12.39. |
2026-04-01T15:16:33.453 |
https://cve.circl.lu/cve/CVE-2025-49049 |
