5.3

CVSS3.1

CVE-2026-32111 - ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle

ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form (beta feature) accepts a user-supplied ha_url and makes a server-side HTTP request to {ha_url}/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network re…

πŸ“… Published: March 11, 2026, 8:41 p.m. πŸ”„ Last Modified: March 11, 2026, 8:41 p.m.

8.3

CVSS3.1

CVE-2026-32110 - SiYuan has a Full-Read SSRF via /api/network/forwardProxy

SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and headers…

πŸ“… Published: March 11, 2026, 8:38 p.m. πŸ”„ Last Modified: March 11, 2026, 8:38 p.m.

5.1

CVSS4.0

CVE-2026-3956 - xierongwkhd weimai-wetapp Admin_AdminUserController.java getAdmins sql injection

A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This affects the function getAdmins of the file source-code/src/main/java/com/moke/wp/wx_weimai/controller/admin/Admin_AdminUserController.java. Performing a manipulation of the argument keywor…

πŸ“… Published: March 11, 2026, 8:32 p.m. πŸ”„ Last Modified: March 11, 2026, 8:32 p.m.

5.3

CVSS4.0

CVE-2026-3955 - elecV2P jsfile Endpoint wbjs.js runJSFile code injection

A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoint. Such manipulation leads to code injection. The attack may be launched remotely. The exploit has…

πŸ“… Published: March 11, 2026, 8:32 p.m. πŸ”„ Last Modified: March 11, 2026, 8:32 p.m.

6.8

CVSS4.0

CVE-2026-2640 -

During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes.

πŸ“… Published: March 11, 2026, 8:23 p.m. πŸ”„ Last Modified: March 11, 2026, 8:23 p.m.

6.8

CVSS4.0

CVE-2026-1717 -

An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges.

πŸ“… Published: March 11, 2026, 8:22 p.m. πŸ”„ Last Modified: March 11, 2026, 8:22 p.m.

6.9

CVSS4.0

CVE-2026-1716 -

An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges.

πŸ“… Published: March 11, 2026, 8:22 p.m. πŸ”„ Last Modified: March 11, 2026, 8:22 p.m.

6.9

CVSS4.0

CVE-2026-1715 -

An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges.

πŸ“… Published: March 11, 2026, 8:22 p.m. πŸ”„ Last Modified: March 11, 2026, 8:22 p.m.

6.8

CVSS4.0

CVE-2026-1653 -

A potential divide by zero vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to cause a Windows blue screen error.

πŸ“… Published: March 11, 2026, 8:21 p.m. πŸ”„ Last Modified: March 11, 2026, 8:21 p.m.

6.9

CVSS4.0

CVE-2026-1652 -

A potential buffer overflow vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to corrupt memory and cause a Windows blue screen error.

πŸ“… Published: March 11, 2026, 8:21 p.m. πŸ”„ Last Modified: March 11, 2026, 8:21 p.m.
Total resulsts: 337454
Page 2 of 33,746
Β« previous page Β» next page
Filters