Overview
- Changing
- IDExpert Windows Logon Agent
02 Mar 2026
Published
02 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.13%
KEV
Description
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remote source and execute them.
Statistics
- 1 Post
Last activity: 19 hours ago
Overview
- Everon
- api.everon.io
06 Mar 2026
Published
06 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.4)
EPSS
0.07%
KEV
Description
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.
Statistics
- 1 Post
Last activity: 3 hours ago
Overview
Description
Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown may crash. This enables remote, unauthenticated Denial of Service in web applications, documentation systems, CI/CD pipelines, and any service that renders untrusted Markdown. The issue was acknowledged by the vendor and fixed in version 3.8.1. This issue causes a remote Denial of Service in any application parsing untrusted Markdown, and can lead to Information Disclosure through uncaught exceptions.
Statistics
- 2 Posts
Last activity: 21 hours ago
Bluesky
Heads-up, #openSUSE community! A new security patch for Leap 15.6 is out, addressing CVE-2025-69534 in python-Markdown Read more: Read more: 👉 tinyurl.com/3cwkrbhf #Security
Overview
- SourceCodester
- Simple Responsive Tourism Website
08 Mar 2026
Published
08 Mar 2026
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
Pending
KEV
Description
A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of the component Login. This manipulation of the argument Username causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Statistics
- 1 Post
Last activity: Last hour
Overview
- stellarwp
- The Events Calendar
10 Mar 2026
Published
10 Mar 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV
Description
The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the 'ajax_create_import' function. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Statistics
- 1 Post
Last activity: 5 hours ago
Fediverse
🚨 CVE-2026-3585 (HIGH): Path traversal in stellarwp The Events Calendar plugin lets Author+ users read any files on WordPress servers up to v6.15.17. Restrict access, monitor logs, and patch ASAP. Details: https://radar.offseq.com/threat/cve-2026-3585-cwe-22-improper-limitation-of-a-path-57fec669 #OffSeq #WordPress #Vuln #Cybersecurity
Overview
Description
A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex. Such manipulation of the argument mit_linktype/PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Statistics
- 1 Post
Last activity: 11 hours ago
Overview
- Zsoft
- OOP CMS BLOG
06 Mar 2026
Published
09 Mar 2026
Updated
CVSS v4.0
HIGH (8.8)
EPSS
0.06%
KEV
Description
OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id parameter in posts.php to extract database information including table names, schema names, and database credentials.
Statistics
- 1 Post
Last activity: 7 hours ago
Overview
Description
Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer.
Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.
Statistics
- 1 Post
Last activity: 2 hours ago
Overview
Description
A vulnerability was determined in Tenda i3 1.0.0.6(2204). Affected by this issue is the function formexeCommand of the file /goform/exeCommand. Executing a manipulation of the argument cmdinput can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Statistics
- 1 Post
Last activity: 15 hours ago
Overview
Description
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account registration is open to the public, this vulnerability allows any unauthenticated attacker to register an account and subsequently exploit the system. This enables cross-tenant account takeover and destruction, making the impact critical. This issue has been patched in version 0.3.2.
Statistics
- 1 Post
Last activity: 10 hours ago