Common Vulnerabilities and Exposures (CVE)

CVE-2026-0562

Mar 30, 2026 15:34:50 UTC

A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The `respond_request()` function in `backend/routers/friends.py` does not ...

CVE-2026-0560

Mar 30, 2026 15:33:31 UTC

A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function in `backend/routers/files.py` fails to ...

CVE-2026-3321

Mar 30, 2026 15:32:43 UTC

A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obta...

CVE-2026-30566

Mar 30, 2026 15:31:22 UTC

A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_customers.php file via the "limit" parameter. The application fails to sanitize the input...

CVE-2026-5164

Mar 30, 2026 15:30:38 UTC

A flaw was found in virtio-win. The `RhelDoUnMap()` function does not properly validate the number of descriptors provided by a user during an unmap request. A local user could exploit this input validation vulnerability by supplying an exc...

CVE-2026-30565

Mar 30, 2026 15:30:34 UTC

A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_supplier.php file via the "limit" parameter. The application fails to sanitize the input,...

CVE-2026-30564

Mar 30, 2026 15:29:45 UTC

A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_payments.php file via the "limit" parameter. The application fails to sanitize the input,...

CVE-2026-30563

Mar 30, 2026 15:28:43 UTC

A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the update_details.php file. The application fails to sanitize the "website" parameter provided in a ...

CVE-2026-30082

Mar 30, 2026 15:27:54 UTC

Multiple stored cross-site scripting (XSS) vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the ...

CVE-2026-3611

Mar 30, 2026 15:26:08 UTC

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a Sy...

CVE-2026-0558

Mar 30, 2026 15:23:41 UTC

A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the `/api/files/extract-text` endpoint. This endpoint does not enforce authentication, unlike other file...

CVE-2021-42744

Mar 30, 2026 15:22:43 UTC

Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access.

CVE-2021-26262

Mar 30, 2026 15:22:41 UTC

Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE-2021-26248

Mar 30, 2026 15:22:39 UTC

Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource.

CVE-2025-3716

Mar 30, 2026 15:19:53 UTC

User enumeration in ESET Protect (on-prem) via Response Timing.