Overview
- Unisoc (Shanghai) Technologies Co., Ltd.
- T8100/T9100/T8200/T8300
09 Mar 2026
Published
09 Mar 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.16%
KEV
Description
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Statistics
- 1 Post
Last activity: 18 hours ago
Overview
Description
A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigDnsFilterGlobal. This manipulation causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
Statistics
- 1 Post
Last activity: 7 hours ago
Overview
- Unisoc (Shanghai) Technologies Co., Ltd.
- T7300/T8100/T9100/T8200/T8300
09 Mar 2026
Published
09 Mar 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.16%
KEV
Description
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Statistics
- 1 Post
Last activity: 18 hours ago
Overview
- OpenClaw
- OpenClaw
05 Mar 2026
Published
09 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
0.04%
KEV
Description
OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting the presence check instead of validation, potentially gaining operator access in vulnerable deployments.
Statistics
- 1 Post
Last activity: 22 hours ago
Overview
Description
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
Statistics
- 1 Post
Last activity: 11 hours ago
Overview
- siyuan-note
- siyuan
06 Mar 2026
Published
06 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.3)
EPSS
0.03%
KEV
Description
SiYuan is a personal knowledge management system. Prior to version 3.5.9, an unauthenticated reflected XSS vulnerability exists in the dynamic icon API endpoint "GET /api/icon/getDynamicIcon" when type=8, attacker-controlled content is embedded into SVG output without escaping. Because the endpoint is unauthenticated and returns image/svg+xml, a crafted URL can inject executable SVG/HTML event handlers (for example onerror) and run JavaScript in the SiYuan web origin. This can be chained to perform authenticated API actions and exfiltrate sensitive data when a logged-in user opens the malicious link. This issue has been patched in version 3.5.9.
Statistics
- 1 Post
Last activity: 3 hours ago
Overview
- chamilo
- chamilo-lms
06 Mar 2026
Published
06 Mar 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.02%
KEV
Description
Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete projects inside a course without the victim’s consent. The issue arises because sensitive actions such as project deletion do not implement anti-CSRF protections (tokens) and GET based requests. As a result, an authenticated user (Trainer) can be tricked into executing this unwanted action by simply visiting a malicious page. This issue has been patched in version 1.11.34.
Statistics
- 1 Post
Last activity: 22 hours ago
Overview
- appsmithorg
- appsmith
09 Mar 2026
Published
10 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.04%
KEV
Description
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability exists in the Table Widget (TableWidgetV2). The root cause is a lack of HTML sanitization in the React component rendering pipeline, allowing malicious attributes to be interpolated into the DOM. By leveraging the "Invite Users" feature, an attacker with a regular user account (user@gmail.com) can force a System Administrator to execute a high-privileged API call (/api/v1/admin/env), resulting in a Full Administrative Account Takeover. This vulnerability is fixed in 1.96.
Statistics
- 1 Post
Last activity: 20 hours ago
Fediverse
⚠️ CRITICAL: CVE-2026-30862 in Appsmith <1.96 enables stored XSS via TableWidgetV2. Attackers can leverage 'Invite Users' for admin takeover. Patch to 1.96+ ASAP! No active exploits yet. https://radar.offseq.com/threat/cve-2026-30862-cwe-79-improper-neutralization-of-i-d918c60a #OffSeq #XSS #Appsmith #CVE2026_30862
Overview
- chamilo
- chamilo-lms
06 Mar 2026
Published
06 Mar 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.04%
KEV
Description
Chamilo is a learning management system. Prior to version 1.11.34, there is a stored XSS vulnerability in Chamilo LMS (Verison 1.11.32) allows an attacker to inject arbitrary JavaScript into the platform’s social network and internal messaging features. When viewed by an authenticated user (including administrators), the payload executes in their browser within the LMS context. This enables full account takeover via session hijacking, unauthorized actions with the victim’s privileges, exfiltration of sensitive data, and potential self-propagation to other users. This issue has been patched in version 1.11.34.
Statistics
- 1 Post
Last activity: 23 hours ago
Overview
- SourceCodester
- Client Database Management System
08 Mar 2026
Published
08 Mar 2026
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.03%
KEV
Description
A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetch_manager_details.php of the component Endpoint. This manipulation of the argument manager_id causes improper authorization. The attack can be initiated remotely. The exploit has been published and may be used.
Statistics
- 1 Post
Last activity: 12 hours ago