ReportizFlow
Filtered by vendor
Subscriptions
Total
339425 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49927 | 2 Crocoblock, Wordpress | 2 Jetformbuilder, Wordpress | 2026-03-17 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetWooBuilder jet-woo-builder allows Stored XSS.This issue affects JetWooBuilder: from n/a through <= 2.1.20.1. | ||||
| CVE-2025-49926 | 2 Laborator, Wordpress | 2 Kalium, Wordpress | 2026-03-17 | 7.3 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Laborator Kalium kalium allows Code Injection.This issue affects Kalium: from n/a through <= 3.25. | ||||
| CVE-2025-50505 | 1 Clash-verge | 1 Clash-verge | 2026-03-17 | 7.8 High |
| Clash Verge Rev thru 2.2.3 (fixed in 2.3.0) forces the installation of system services(clash-verge-service) by default and exposes key functions through the unauthorized HTTP API `/start_clash`, allowing local users to submit arbitrary bin_path parameters and pass them directly to the service process for execution, resulting in local privilege escalation. | ||||
| CVE-2026-0708 | 1 Libucl | 1 Libucl | 2026-03-17 | 8.3 High |
| A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation fault (SEGV fault) in the `ucl_object_emit` function when parsing and emitting the object, leading to a Denial of Service (DoS) for the affected system. | ||||
| CVE-2026-4288 | 1 Tiandy | 1 Easy7 Integrated Management Platform | 2026-03-17 | 7.3 High |
| A weakness has been identified in Tiandy Easy7 Integrated Management Platform 7.17.0. The impacted element is an unknown function of the file /rest/devStatus/getDevDetailedInfo of the component Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4307 | 1 Agent-zero | 1 Agent-zero | 2026-03-17 | 4.3 Medium |
| A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The impacted element is the function get_abs_path of the file python/helpers/files.py. The manipulation results in path traversal. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-65734 | 1 Gunet | 1 Open Eclass | 2026-03-17 | 5.4 Medium |
| An authenticated arbitrary file upload vulnerability in the Courses/Work Assignments module of gunet Open eClass v3.11, and fixed in v3.13, allows attackers to execute arbitrary code via uploading a crafted SVG file. | ||||
| CVE-2026-4289 | 1 Tiandy | 1 Easy7 Integrated Management Platform | 2026-03-17 | 7.3 High |
| A security vulnerability has been detected in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This affects an unknown function of the file /rest/preSetTemplate/getRecByTemplateId. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4269 | 1 Aws | 1 Bedrock Agentcore Starter Toolkit | 2026-03-17 | 7.5 High |
| A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. This issue only affects users of the Bedrock AgentCore Starter Toolkit before version v0.1.13 who build or have built the Toolkit after September 24, 2025. Any users on a version >=v0.1.13, and any users on previous versions who built the toolkit before September 24, 2025 are not affected. To remediate this issue, customers should upgrade to version v0.1.13. | ||||
| CVE-2026-4224 | 1 Python | 1 Cpython | 2026-03-17 | 5.9 Medium |
| When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. | ||||
| CVE-2026-4312 | 1 Drangsoft | 2 Gcb/fcb Audit Software, Gcb Fcb Audit Software | 2026-03-17 | 9.8 Critical |
| GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account. | ||||
| CVE-2026-29522 | 1 Zwickroell | 1 Test Data Management | 2026-03-17 | N/A |
| ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion (LFI) vulnerability in the /server/node_upgrade_srv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to access arbitrary files on the server, leading to information disclosure of sensitive system files. | ||||
| CVE-2026-4270 | 1 Aws | 1 Aws Api Mcp Server | 2026-03-17 | 5.5 Medium |
| Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To remediate this issue, users should upgrade to version 1.3.9. | ||||
| CVE-2025-69809 | 1 P2r3 | 1 Bareiron | 2026-03-17 | 9.8 Critical |
| A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution via a crafted packet. | ||||
| CVE-2026-32587 | 2 Saad Iqbal, Wordpress | 2 Wp Easypay, Wordpress | 2026-03-17 | 5.4 Medium |
| Missing Authorization vulnerability in Saad Iqbal WP EasyPay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through 4.2.11. | ||||
| CVE-2026-21991 | 1 Oracle Corporation | 1 Oracle Linux | 2026-03-17 | 5.5 Medium |
| A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names. | ||||
| CVE-2025-52636 | 1 Hcltech | 1 Aion | 2026-03-17 | 1.8 Low |
| HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which could potentially lead to service degradation or denial-of-service conditions under certain scenarios. | ||||
| CVE-2026-4243 | 1 La Nacion App | 1 La Nacion App | 2026-03-17 | 2.5 Low |
| A weakness has been identified in La Nacion App 10.2.25 on Android. This impacts an unknown function of the file source/app/lanacion/clublanacion/BuildConfig.java of the component app.lanacion.activity. Executing a manipulation of the argument API_KEY_WEBSOCKET_CV can lead to unprotected storage of credentials. The attack can only be executed locally. A high complexity level is associated with this attack. The exploitability is said to be difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-32586 | 2 Pluggabl, Wordpress | 2 Booster For Woocommerce, Wordpress | 2026-03-17 | 5.3 Medium |
| Missing Authorization vulnerability in Pluggabl Booster for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a before 7.11.3. | ||||
| CVE-2026-4252 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2026-03-17 | 9.8 Critical |
| A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | ||||