Patch Tuesday — March 2026

2026-03-10 · 1262 CVEs

CVEs published or modified the week of 2026-03-10, partitioned by vendor.

Microsoft (128 CVEs)

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3916Critical9.62026-03-11Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2026-3910High8.8KEV2026-03-13Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2026-3909High8.8KEV2026-03-13Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
CVE-2026-3936High8.82026-03-11Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2026-3931High8.82026-03-11Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
CVE-2026-3926High8.82026-03-11Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
CVE-2026-3923High8.82026-03-11Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2026-3922High8.82026-03-11Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2026-3921High8.82026-03-11Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2026-3920High8.82026-03-11Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2026-3919High8.82026-03-11Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2026-3918High8.82026-03-11Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2026-3917High8.82026-03-11Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2026-3915High8.82026-03-11Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2026-3914High8.82026-03-11Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2026-3913High8.82026-03-11Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2026-26118High8.82026-03-10Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-26116High8.82026-03-10Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-26115High8.82026-03-10Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-26114High8.82026-03-10Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-26106High8.82026-03-10Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-25188High8.82026-03-10Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2026-25177High8.82026-03-10Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
CVE-2026-24283High8.82026-03-10Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally.
CVE-2026-23669High8.82026-03-10Use after free in RPC Runtime allows an authorized attacker to execute code over a network.
CVE-2026-23654High8.82026-03-10Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network.
CVE-2026-21262High8.82026-03-10Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-20967High8.82026-03-10Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network.
CVE-2026-21333High8.62026-03-10Illustrator versions 29.8.4, 30.1 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user.
CVE-2026-26113High8.42026-03-10Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-26110High8.42026-03-10Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-26109High8.42026-03-10Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-26148High8.12026-03-10External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.
CVE-2026-26105High8.12026-03-10Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-26111High8.02026-03-10Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
CVE-2026-25173High8.02026-03-10Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
CVE-2026-25172High8.02026-03-10Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
CVE-2026-27272High7.82026-03-10Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-27271High7.82026-03-10Illustrator versions 29.8.4, 30.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-27267High7.82026-03-10Illustrator versions 29.8.4, 30.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-21362High7.82026-03-10Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-27278High7.82026-03-10Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-27220High7.82026-03-10Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-27279High7.82026-03-10Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-27277High7.82026-03-10Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-27276High7.82026-03-10Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-27275High7.82026-03-10Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-27274High7.82026-03-10Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-27273High7.82026-03-10Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-27269High7.82026-03-10Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.
CVE-2026-3315High7.82026-03-10Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.This issue affe…
CVE-2026-26141High7.82026-03-10Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally.
CVE-2026-26134High7.82026-03-10Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-26132High7.82026-03-10Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-26131High7.82026-03-10Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.
CVE-2026-26128High7.82026-03-10Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.
CVE-2026-26117High7.82026-03-10Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-26112High7.82026-03-10Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-26108High7.82026-03-10Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-26107High7.82026-03-10Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-25190High7.82026-03-10Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally.
CVE-2026-25189High7.82026-03-10Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-25187High7.82026-03-10Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
CVE-2026-25176High7.82026-03-10Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-25175High7.82026-03-10Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-25174High7.82026-03-10Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally.
CVE-2026-25166High7.82026-03-10Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally.
CVE-2026-25165High7.82026-03-10Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally.
CVE-2026-24294High7.82026-03-10Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.
CVE-2026-24293High7.82026-03-10Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-24292High7.82026-03-10Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
CVE-2026-24291High7.82026-03-10Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally.
CVE-2026-24290High7.82026-03-10Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-24289High7.82026-03-10Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-24287High7.82026-03-10External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-23673High7.82026-03-10Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.
CVE-2026-23672High7.82026-03-10Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
CVE-2026-23665High7.82026-03-10Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally.
CVE-2026-23660High7.82026-03-10Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVE-2026-3932High7.52026-03-11Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2026-3924High7.52026-03-11use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2026-26144High7.52026-03-10Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
CVE-2026-26130High7.52026-03-10Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-26127High7.52026-03-10Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-26121High7.52026-03-10Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-25181High7.52026-03-10Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network.
CVE-2026-23674High7.52026-03-10Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-23664High7.52026-03-10Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
CVE-2026-23662High7.52026-03-10Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
CVE-2026-23661High7.52026-03-10Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
CVE-2026-2713High7.42026-03-10IBM Trusteer Rapport installer 3.5.2309.290 IBM Trusteer Rapport could allow a local attacker to execute arbitrary code on the system, caused by DLL uncontrolled search path element vulnerability.
CVE-2026-25167High7.42026-03-10Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
CVE-2026-25179High7.02026-03-10Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-25178High7.02026-03-10Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-25171High7.02026-03-10Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
CVE-2026-25170High7.02026-03-10Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2026-24296High7.02026-03-10Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally.
CVE-2026-24295High7.02026-03-10Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally.
CVE-2026-24285High7.02026-03-10Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-23671High7.02026-03-10Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-23668High7.02026-03-10Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-23667High7.02026-03-10Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally.
CVE-2026-24288Medium6.82026-03-10Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack.
CVE-2026-3937Medium6.52026-03-11Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
CVE-2026-3935Medium6.52026-03-11Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
CVE-2026-3934Medium6.52026-03-11Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
CVE-2026-24297Medium6.52026-03-10Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-25169Medium6.22026-03-10Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service locally.
CVE-2026-25168Medium6.22026-03-10Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny service locally.
CVE-2026-23656Medium5.92026-03-10Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-27270Medium5.52026-03-10Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure.
CVE-2026-27268Medium5.52026-03-10Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure.
CVE-2026-27221Medium5.52026-03-10Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass.
CVE-2026-26123Medium5.52026-03-10Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally.
CVE-2026-25186Medium5.52026-03-10Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to disclose information locally.
CVE-2026-25180Medium5.52026-03-10Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally.
CVE-2026-24282Medium5.52026-03-10Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally.
CVE-2026-3940Medium5.32026-03-11Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2026-3939Medium5.32026-03-11Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file.
CVE-2026-3930Medium5.32026-03-11Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2026-25185Medium5.32026-03-10Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-3942Medium4.32026-03-11Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
CVE-2026-3941Medium4.32026-03-11Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2026-3938Medium4.32026-03-11Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
CVE-2026-3928Medium4.32026-03-11Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension.
CVE-2026-3927Medium4.32026-03-11Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
CVE-2026-3925Medium4.32026-03-11Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
CVE-2026-3929Low3.12026-03-11Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Other vendors (1134 CVEs across 438 vendors)

Adobe · 63 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-21290High8.72026-03-11Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious s…
CVE-2026-21361High8.12026-03-11Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vvulnerability that could be abused by a high-privileged attacker to inject malicious…
CVE-2026-21284High8.12026-03-11Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious…
CVE-2026-21311High8.02026-03-11Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious…
CVE-2026-27280High7.82026-03-10DNG SDK versions 1.7.1 2471 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-21309High7.52026-03-11Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass.
CVE-2026-21289High7.52026-03-11Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass.
CVE-2026-21360Medium6.82026-03-11Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a se…
CVE-2026-21294Medium5.52026-03-11Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass.
CVE-2026-21293Medium5.52026-03-11Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass.
CVE-2026-27281Medium5.52026-03-10DNG SDK versions 1.7.1 2471 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service.
CVE-2026-27219Medium5.52026-03-10Substance3D - Painter versions 11.1.2 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure.
CVE-2026-27218Medium5.52026-03-10Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service.
CVE-2026-27217Medium5.52026-03-10Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service.
CVE-2026-27216Medium5.52026-03-10Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure.
CVE-2026-27215Medium5.52026-03-10Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service.
CVE-2026-27214Medium5.52026-03-10Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service.
CVE-2026-21365Medium5.52026-03-10Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure.
CVE-2026-21364Medium5.52026-03-10Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service.
CVE-2026-21363Medium5.52026-03-10Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service.
CVE-2026-21292Medium5.42026-03-11Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker attacker to inject ma…
CVE-2026-27266Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27265Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27262Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27257Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27256Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27255Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27254Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27253Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27252Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27251Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27250Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27249Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27248Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27247Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27244Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27242Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27241Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27240Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27239Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27237Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27236Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27235Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27234Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27233Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27232Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27231Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27230Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27229Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27228Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27226Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27225Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27224Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-27223Medium5.42026-03-11Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2026-21310Medium5.32026-03-11Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, with limited impact to integri…
CVE-2026-21286Medium5.32026-03-11Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass.
CVE-2026-21282Medium5.32026-03-11Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service.
CVE-2026-21291Medium4.82026-03-11Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious…
CVE-2026-21359Medium4.72026-03-11Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass.
CVE-2026-21297Medium4.32026-03-11Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass.
CVE-2026-21296Medium4.32026-03-11Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass.
CVE-2026-21285Medium4.32026-03-11Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass.
CVE-2026-21295Low3.12026-03-11Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability.

N/a · 53 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-66956Critical9.92026-03-11Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL.
CVE-2026-25823Critical9.82026-03-13HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have a stack buffer overflow that leads to a Denial of Service, which can also be exploited to achiev…
CVE-2025-70041Critical9.82026-03-11An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master.
CVE-2025-70024Critical9.82026-03-11An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14.
CVE-2026-30741Critical9.82026-03-11A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary code via a Request-Side prompt injection attack.
CVE-2025-70042Critical9.82026-03-09An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master.
CVE-2025-69614Critical9.42026-03-10Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover.
CVE-2026-25818Critical9.12026-03-13HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have weak entropy for authentication cookies, allowing an attacker with a stolen session cookie to fi…
CVE-2025-69615Critical9.12026-03-10Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required.
CVE-2026-25817High8.82026-03-13HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution…
CVE-2025-68623High8.82026-03-11In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges.
CVE-2025-70031High8.82026-03-09An issue pertaining to CWE-352: Cross-Site Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2025-70802High8.42026-03-10Tenda G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.
CVE-2025-70798High8.42026-03-10Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.
CVE-2026-26738High7.82026-03-10Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows a remote attacker to execute arbitrary code via a crafted .sns snapshot file.
CVE-2026-25819High7.52026-03-13HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 allows unauthenticated attackers to cause a Denial of Service by using a specially crafted HTTP reque…
CVE-2025-70873High7.52026-03-12An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.
CVE-2025-70027High7.52026-03-11An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2026-26801High7.52026-03-10Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component.
CVE-2025-70028High7.52026-03-09An issue pertaining to CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2025-70030High7.52026-03-09An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2026-30140High7.52026-03-09An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn.
CVE-2025-70048High7.52026-03-09An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterface v3.2.0-beta.2.
CVE-2025-70047High7.52026-03-09An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.2.
CVE-2025-70059High7.52026-03-09An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service.
CVE-2026-4039Medium6.32026-03-12A vulnerability was determined in OpenClaw 2026.2.19-2.
CVE-2026-3977Medium6.32026-03-12A security vulnerability has been detected in projectsend up to r1945.
CVE-2026-3955Medium6.32026-03-11A security vulnerability has been detected in elecV2P up to 3.8.3.
CVE-2026-3884Medium6.12026-03-11Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting (XSS) via the spin() function that allows a creation of more than 1 alert for each 'target' element.
CVE-2025-70128Medium6.12026-03-10A Stored Cross-Site Scripting (XSS) vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier.
CVE-2025-70032Medium6.12026-03-09An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2025-70033Medium5.42026-03-09An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2025-70060Medium5.42026-03-09An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0.
CVE-2026-4016Medium5.32026-03-12A security vulnerability has been detected in GPAC 26.03-DEV.
CVE-2026-4015Medium5.32026-03-12A weakness has been identified in GPAC 26.03-DEV.
CVE-2026-3964Medium5.32026-03-11A weakness has been identified in OpenAkita up to 1.24.3.
CVE-2025-70129Medium5.32026-03-10If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this…
CVE-2025-70973Medium4.82026-03-09ScadaBR 1.12.4 is vulnerable to Session Fixation.
CVE-2026-4044Low3.82026-03-12A vulnerability was detected in projectsend up to r1945.
CVE-2026-4045Low3.72026-03-12A flaw has been found in projectsend up to r1945.
CVE-2026-3946Low3.52026-03-11A vulnerability was detected in PHPEMS 11.0.
CVE-2026-4040Low3.32026-03-12A vulnerability was identified in OpenClaw up to 2026.2.17.
CVE-2025-70330Low3.32026-03-11Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files.
CVE-2025-228502026-03-10Time-of-check time-of-use race condition in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure.
CVE-2025-224442026-03-10Exposure of resource to wrong sphere in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure.
CVE-2025-201052026-03-10Improper input validation in some UEFI firmware SMM module for the Intel(R) reference platforms may allow an escalation of privilege.
CVE-2025-200962026-03-10Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escalation of privilege.
CVE-2025-200732026-03-10Improper buffer restrictions in the UEFI DXE module for some Intel(R) Reference Platforms within UEFI may allow an information disclosure.
CVE-2025-200682026-03-10Improper input validation in the UEFI ImcErrorHandler module for some Intel(R) reference platforms may allow an escalation of privilege.
CVE-2025-200642026-03-10Improper input validation in the UEFI FlashUcAcmSmm module for some Intel(R) reference platforms may allow an escalation of privilege.
CVE-2025-200282026-03-10Time-of-check time-of-use race condition in the WheaERST SMM module for some Intel(R) reference platforms may allow an escalation of privilege.
CVE-2025-200272026-03-10Improper input validation in the UEFI WheaERST module for some Intel(R) reference platforms may allow an escalation of privilege.
CVE-2025-200052026-03-10Improper buffer restrictions in some UEFI firmware for some Intel(R) reference platforms may allow an escalation of privilege.

Google · 28 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48611Critical10.02026-03-10In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check.
CVE-2026-0120Critical9.82026-03-10In modem, there is a possible out of bounds write due to an incorrect bounds check.
CVE-2026-0116Critical9.82026-03-10In __mfc_handle_released_buf of mfc_core_isr.c, there is a possible out of bounds write due to a missing bounds check.
CVE-2026-0114Critical9.82026-03-10In Modem, there is a possible out of bounds write due to an incorrect bounds check.
CVE-2026-0113Critical9.82026-03-10In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of bounds write due to an incorrect bounds check.
CVE-2026-0111Critical9.82026-03-10In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of bounds write due to an incorrect bounds check.
CVE-2026-0110Critical9.82026-03-10In MM_DATA_IND of cn_NrSmMsgHdlrFromMM.cpp, there is a possible EoP due to memory corruption.
CVE-2026-4092High8.82026-03-13Path Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences.
CVE-2026-0123High8.42026-03-10In EfwApTransport::ProcessRxRing of efw_ap_transport.cc, there is a possible out of bounds write due to a missing bounds check.
CVE-2026-0122High8.42026-03-10In multiple places, there is a possible out of bounds write due to memory corruption.
CVE-2026-0118High8.42026-03-10In oobconfig, there is a possible bypass of carrier restrictions due to a logic error.
CVE-2026-0117High8.42026-03-10In mfc_dec_dqbuf of mfc_dec_v4l2.c, there is a possible out of bounds write due to an incorrect bounds check.
CVE-2026-0107High8.42026-03-10In gmc_ddr_handle_mba_mr_req of gmc_mba_ddr.c, there is a possible escalation of privileges due to a confused deputy.
CVE-2025-36920High8.42026-03-10In hyp_alloc of arch/arm64/kvm/hyp/nvhe/alloc.c, there is a possible out of bounds write due to improper input validation.
CVE-2026-0124High7.82026-03-10There is a possible out of bounds write due to a missing bounds check.
CVE-2026-0109High7.52026-03-10In dhd_tcpdata_info_get of dhd_ip.c, there is a possible Denial of Service due to a precondition check failure.
CVE-2025-69279High7.52026-03-09In nr modem, there is a possible system crash due to improper input validation.
CVE-2025-69278High7.52026-03-09In nr modem, there is a possible system crash due to improper input validation.
CVE-2025-61616High7.52026-03-09In nr modem, there is a possible system crash due to improper input validation.
CVE-2025-61615High7.52026-03-09In nr modem, there is a possible system crash due to improper input validation.
CVE-2025-61614High7.52026-03-09In nr modem, there is a possible system crash due to improper input validation.
CVE-2025-61613High7.52026-03-09In nr modem, there is a possible system crash due to improper input validation.
CVE-2025-61612High7.52026-03-09In nr modem, there is a possible system crash due to improper input validation.
CVE-2026-0112High7.42026-03-10In vpu_open_inst of vpu_ioctl.c, there is a possible use after free due to a race condition.
CVE-2026-0119Medium6.82026-03-10In usim_SendMCCMNCIndMsg of usim_Registration.c, there is a possible out of bounds write due to memory corruption.
CVE-2026-0108Medium4.02026-03-10The register protection of the PowerVR GPU is incorrectly configured.
CVE-2026-0121Low2.92026-03-10In VPU, there is a possible use-after-free read due to a race condition.
CVE-2026-0115Low2.12026-03-10In Trusted Execution Environment, there is a possible key leak due to side channel information disclosure.

Parse-community · 27 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30966Critical10.02026-03-10Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-32248Critical9.82026-03-12Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-31871Critical9.82026-03-11Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-31856Critical9.82026-03-11Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-31840Critical9.82026-03-11Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-31800Critical9.12026-03-10Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-30965Critical9.12026-03-10Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-31828High8.82026-03-10Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-30967High8.82026-03-10Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-30949High8.82026-03-10Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-32098High7.52026-03-11Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-31872High7.52026-03-11Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-30972High7.52026-03-10Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-30947High7.52026-03-10Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-30946High7.52026-03-10Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-30941High7.52026-03-10Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-30939High7.52026-03-10Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-30925High7.52026-03-10Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-32242High7.42026-03-12Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-32269Medium6.52026-03-12Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-30962Medium6.52026-03-10Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-31868Medium6.12026-03-11Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-31875Medium5.92026-03-11Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-30948Medium5.42026-03-10Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-31901Medium5.32026-03-11Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-30938Medium5.32026-03-10Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
CVE-2026-32234Medium4.72026-03-11Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.

Raratheme · 24 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32487Medium5.32026-03-13Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page: from n/a through <= 1.2.7.
CVE-2026-32383Medium5.32026-03-13Missing Authorization vulnerability in raratheme Ridhi ridhi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ridhi: from n/a through <= 1.1.2.
CVE-2026-32382Medium5.32026-03-13Missing Authorization vulnerability in raratheme Digital Download digital-download allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Digital Download: from n/a through <= 1.1.4.
CVE-2026-32381Medium5.32026-03-13Missing Authorization vulnerability in raratheme App Landing Page app-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App Landing Page: from n/a through <= 1.2.2.
CVE-2026-32380Medium5.32026-03-13Missing Authorization vulnerability in raratheme Numinous numinous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Numinous: from n/a through <= 1.3.0.
CVE-2026-32379Medium5.32026-03-13Missing Authorization vulnerability in raratheme Rara Academic rara-academic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Academic: from n/a through <= 1.2.2.
CVE-2026-32378Medium5.32026-03-13Missing Authorization vulnerability in raratheme Book Landing Page book-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Landing Page: from n/a through <= 1.2.7.
CVE-2026-32377Medium5.32026-03-13Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pranayama Yoga: from n/a through <= 1.2.2.
CVE-2026-32376Medium5.32026-03-13Missing Authorization vulnerability in raratheme Kalon kalon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kalon: from n/a through <= 1.2.9.
CVE-2026-32375Medium5.32026-03-13Missing Authorization vulnerability in raratheme Travel Diaries travel-diaries allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Diaries: from n/a through <= 1.2.4.
CVE-2026-32374Medium5.32026-03-13Missing Authorization vulnerability in raratheme The Minimal the-minimal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Minimal: from n/a through <= 1.2.9.
CVE-2026-32371Medium5.32026-03-13Missing Authorization vulnerability in raratheme Elegant Pink elegant-pink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elegant Pink: from n/a through <= 1.3.3.
CVE-2026-32370Medium5.32026-03-13Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Influencer: from n/a through <= 1.1.7.
CVE-2026-32347Medium5.32026-03-13Missing Authorization vulnerability in raratheme Restaurant and Cafe restaurant-and-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant and Cafe: from n/a through <= 1.2.5.
CVE-2026-32346Medium5.32026-03-13Missing Authorization vulnerability in raratheme Travel Agency travel-agency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Agency: from n/a through <= 1.5.5.
CVE-2026-32345Medium5.32026-03-13Missing Authorization vulnerability in raratheme Perfect Portfolio perfect-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Perfect Portfolio: from n/a through <= 1.2.4.
CVE-2026-32341Medium5.32026-03-13Missing Authorization vulnerability in raratheme Benevolent benevolent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Benevolent: from n/a through <= 1.3.9.
CVE-2026-32340Medium5.32026-03-13Missing Authorization vulnerability in raratheme Business One Page business-one-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business One Page: from n/a through <= 1.3.2.
CVE-2026-32339Medium5.32026-03-13Missing Authorization vulnerability in raratheme Bakes And Cakes bakes-and-cakes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bakes And Cakes: from n/a through <= 1.2.9.
CVE-2026-32338Medium5.32026-03-13Missing Authorization vulnerability in raratheme Construction Landing Page construction-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Landing Page: from n/a through <=…
CVE-2026-32337Medium5.32026-03-13Missing Authorization vulnerability in raratheme Preschool and Kindergarten preschool-and-kindergarten allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Preschool and Kindergarten: from n/a through…
CVE-2026-32336Medium5.32026-03-13Missing Authorization vulnerability in raratheme Rara Business rara-business allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Business: from n/a through <= 1.3.0.
CVE-2026-32335Medium5.32026-03-13Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through <= 1.2.5.
CVE-2026-32334Medium5.32026-03-13Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobScout: from n/a through <= 1.1.7.

Fortinet · 22 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-22627High8.82026-03-10A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code o…
CVE-2026-24017High8.12026-03-10An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through…
CVE-2025-54820High8.12026-03-10A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unaut…
CVE-2026-24018High7.82026-03-10A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.
CVE-2026-25836High7.22026-03-10An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI acc…
CVE-2026-22572High7.22026-03-10An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiManager 7.6.0 through 7.6.3, FortiManager…
CVE-2025-68648High7.22026-03-10A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.2, FortiAn…
CVE-2025-66178High7.22026-03-10A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12…
CVE-2025-68482Medium6.92026-03-10A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager…
CVE-2025-48418Medium6.72026-03-10A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cl…
CVE-2026-30897Medium6.62026-03-10A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attack…
CVE-2026-24640Medium6.62026-03-10A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a rem…
CVE-2026-25689Medium6.52026-03-10An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDecep…
CVE-2025-49784Medium6.02026-03-10An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all v…
CVE-2025-54659Medium5.82026-03-10An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow…
CVE-2026-22628Medium5.32026-03-10An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an authenticated admin to execute system commands via a specifically crafted SSH config file.
CVE-2025-48840Medium5.32026-03-10An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname…
CVE-2025-53608Medium4.82026-03-10An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, For…
CVE-2026-25972Medium4.32026-03-10An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling…
CVE-2025-55717Medium4.02026-03-10A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0…
CVE-2026-22629Low3.72026-03-10An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all…
CVE-2026-24641Low2.72026-03-10A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authentic…

Tenda · 22 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-4043High8.82026-03-12A security vulnerability has been detected in Tenda i12 1.0.0.6(2204).
CVE-2026-4042High8.82026-03-12A weakness has been identified in Tenda i12 1.0.0.6(2204).
CVE-2026-4041High8.82026-03-12A security flaw has been discovered in Tenda i12 1.0.0.6(2204).
CVE-2026-4008High8.82026-03-12A flaw has been found in Tenda W3 1.0.0.3(2204).
CVE-2026-4007High8.82026-03-12A vulnerability was detected in Tenda W3 1.0.0.3(2204).
CVE-2026-3976High8.82026-03-12A weakness has been identified in Tenda W3 1.0.0.3(2204).
CVE-2026-3975High8.82026-03-12A security flaw has been discovered in Tenda W3 1.0.0.3(2204).
CVE-2026-3974High8.82026-03-12A vulnerability was identified in Tenda W3 1.0.0.3(2204).
CVE-2026-3973High8.82026-03-12A vulnerability was determined in Tenda W3 1.0.0.3(2204).
CVE-2026-3972High8.82026-03-12A vulnerability was found in Tenda W3 1.0.0.3(2204).
CVE-2026-3971High8.82026-03-12A vulnerability has been found in Tenda i3 1.0.0.6(2204).
CVE-2026-3970High8.82026-03-12A flaw has been found in Tenda i3 1.0.0.6(2204).
CVE-2026-3811High8.82026-03-09A vulnerability was found in Tenda FH1202 1.2.0.14(408).
CVE-2026-3810High8.82026-03-09A vulnerability has been found in Tenda FH1202 1.2.0.14(408).
CVE-2026-3809High8.82026-03-09A flaw has been found in Tenda FH1202 1.2.0.14(408).
CVE-2026-3808High8.82026-03-09A vulnerability was detected in Tenda FH1202 1.2.0.14(408).
CVE-2026-3807High8.82026-03-09A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408).
CVE-2026-3804High8.82026-03-09A security flaw has been discovered in Tenda i3 1.0.0.6(2204).
CVE-2026-3803High8.82026-03-09A vulnerability was identified in Tenda i3 1.0.0.6(2204).
CVE-2026-3802High8.82026-03-09A vulnerability was determined in Tenda i3 1.0.0.6(2204).
CVE-2026-3801High8.82026-03-09A vulnerability was found in Tenda i3 1.0.0.6(2204).
CVE-2026-3799High8.82026-03-09A flaw has been found in Tenda i3 1.0.0.6(2204).

Imagemagick · 18 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-28693High8.12026-03-10ImageMagick is free and open-source software used for editing and manipulating digital images.
CVE-2026-30929High7.72026-03-10ImageMagick is free and open-source software used for editing and manipulating digital images.
CVE-2026-28691High7.52026-03-10ImageMagick is free and open-source software used for editing and manipulating digital images.
CVE-2026-28494High7.12026-03-10ImageMagick is free and open-source software used for editing and manipulating digital images.
CVE-2026-28690Medium6.92026-03-10ImageMagick is free and open-source software used for editing and manipulating digital images.
CVE-2026-30937Medium6.82026-03-10ImageMagick is free and open-source software used for editing and manipulating digital images.
CVE-2026-30931Medium6.82026-03-10ImageMagick is free and open-source software used for editing and manipulating digital images.
CVE-2026-28686Medium6.82026-03-10ImageMagick is free and open-source software used for editing and manipulating digital images.
CVE-2026-32259Medium6.72026-03-12ImageMagick is free and open-source software used for editing and manipulating digital images.
CVE-2026-28493Medium6.52026-03-10ImageMagick is free and open-source software used for editing and manipulating digital images.
CVE-2026-28689Medium6.32026-03-10ImageMagick is free and open-source software used for editing and manipulating digital images.
CVE-2026-31853Medium5.72026-03-11ImageMagick is free and open-source software used for editing and manipulating digital images.
CVE-2026-30883Medium5.72026-03-10ImageMagick is free and open-source software used for editing and manipulating digital images.
CVE-2026-30936Medium5.52026-03-10ImageMagick is free and open-source software used for editing and manipulating digital images.
CVE-2026-28687Medium5.32026-03-10ImageMagick is free and open-source software used for editing and manipulating digital images.
CVE-2026-28692Medium4.82026-03-10ImageMagick is free and open-source software used for editing and manipulating digital images.
CVE-2026-30935Medium4.42026-03-10ImageMagick is free and open-source software used for editing and manipulating digital images.
CVE-2026-28688Medium4.02026-03-10ImageMagick is free and open-source software used for editing and manipulating digital images.

Color · 16 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31796High7.82026-03-10iccDEV provides a set of libraries and tools for working with ICC color management profiles.
CVE-2026-31795High7.82026-03-10iccDEV provides a set of libraries and tools for working with ICC color management profiles.
CVE-2026-31792High7.82026-03-10iccDEV provides a set of libraries and tools for working with ICC color management profiles.
CVE-2026-30987High7.82026-03-10iccDEV provides a set of libraries and tools for working with ICC color management profiles.
CVE-2026-30985High7.82026-03-10iccDEV provides a set of libraries and tools for working with ICC color management profiles.
CVE-2026-30983High7.82026-03-10iccDEV provides a set of libraries and tools for working with ICC color management profiles.
CVE-2026-30979High7.82026-03-10iccDEV provides a set of libraries and tools for working with ICC color management profiles.
CVE-2026-30978High7.82026-03-10iccDEV provides a set of libraries and tools for working with ICC color management profiles.
CVE-2026-31797Medium6.12026-03-10iccDEV provides a set of libraries and tools for working with ICC color management profiles.
CVE-2026-30984Medium6.12026-03-10iccDEV provides a set of libraries and tools for working with ICC color management profiles.
CVE-2026-30982Medium6.12026-03-10iccDEV provides a set of libraries and tools for working with ICC color management profiles.
CVE-2026-30981Medium6.12026-03-10iccDEV provides a set of libraries and tools for working with ICC color management profiles.
CVE-2026-31794Medium5.52026-03-10iccDEV provides a set of libraries and tools for working with ICC color management profiles.
CVE-2026-31793Medium5.52026-03-10iccDEV provides a set of libraries and tools for working with ICC color management profiles.
CVE-2026-30986Medium5.52026-03-10iccDEV provides a set of libraries and tools for working with ICC color management profiles.
CVE-2026-30980Medium5.52026-03-10iccDEV provides a set of libraries and tools for working with ICC color management profiles.

Ibm · 16 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-36368Medium6.52026-03-13IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection.
CVE-2025-13702Medium6.12026-03-13IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting.
CVE-2025-36173Medium6.12026-03-10Affected Product(s)Version(s)InfoSphere Data Architect9.2.1
CVE-2025-13219Medium5.92026-03-10IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters.
CVE-2026-0835Medium5.42026-03-13IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 are vulnerable to cross-site scripting.
CVE-2025-14504Medium5.42026-03-13IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 is vulnerable to cross-site scripting.
CVE-2023-40693Medium5.42026-03-13IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, and 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1 are vulnerable to cross-site scripting.
CVE-2025-13213Medium5.42026-03-10IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
CVE-2025-36227Medium5.42026-03-10IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, includin…
CVE-2025-36226Medium5.42026-03-10IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting.
CVE-2025-13726Medium5.32026-03-13IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned.
CVE-2025-13723Medium5.32026-03-13IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token
CVE-2025-36105Medium4.42026-03-10IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables.
CVE-2025-14483Medium4.32026-03-13IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could disclose sensitive host information to authenticated users in responses that could…
CVE-2025-13718Low3.72026-03-13IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.
CVE-2025-14811Low3.12026-03-13IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained us…

Gitlab · 15 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1090High8.72026-03-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the `markdown_placeholders` feature flag was enab…
CVE-2026-1069High7.52026-03-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled re…
CVE-2025-14513High7.52026-03-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improp…
CVE-2025-13929High7.52026-03-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by issuing specially cra…
CVE-2025-13690Medium6.52026-03-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause a denial of service condition due to improper…
CVE-2025-12576Medium6.52026-03-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that under certain conditions could have allowed an authenticated user to cause a denial of service du…
CVE-2026-3848Medium5.02026-03-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to make unintended internal requests through proxy envi…
CVE-2026-1182Medium4.32026-03-12GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title…
CVE-2025-12555Medium4.32026-03-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that, under certain conditions, could have allowed an authenticated user to access previous pipeline…
CVE-2026-1732Medium4.32026-03-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose confidential issue titles due to improper f…
CVE-2026-1663Medium4.32026-03-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with group import permissions to create labels in priva…
CVE-2026-0602Medium4.32026-03-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge request…
CVE-2026-1230Medium4.12026-03-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause repository downloads to contain different code…
CVE-2025-12704Low3.52026-03-11GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to access Virtual Registry data in groups where they are n…
CVE-2025-12697Low2.22026-03-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API…

Mbs · 15 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-41765Critical9.12026-03-09Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data.
CVE-2025-41764Critical9.12026-03-09Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates.
CVE-2025-41766High8.82026-03-09A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise.
CVE-2025-41758High8.82026-03-09A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint.
CVE-2025-41757High8.82026-03-09A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere o…
CVE-2025-41756High8.12026-03-09A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system.
CVE-2025-41761High7.82026-03-09A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access.
CVE-2025-41772High7.52026-03-09An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR.
CVE-2025-41767High7.22026-03-09A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR.
CVE-2025-41763Medium6.52026-03-09A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files.
CVE-2025-41755Medium6.52026-03-09A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system.
CVE-2025-41754Medium6.52026-03-09A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system.
CVE-2025-41762Medium6.22026-03-09An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, including password hashes and certificates.
CVE-2025-41760Medium4.92026-03-09An administrator may attempt to block all traffic by configuring a pass filter with an empty table.
CVE-2025-41759Medium4.92026-03-09An administrator may attempt to block all networks by specifying "\*" or "all" as the network identifier.

Jettweb · 14 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25520High8.22026-03-12Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation.
CVE-2019-25519High8.22026-03-12Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter.
CVE-2019-25518High8.22026-03-12Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter.
CVE-2019-25517High8.22026-03-12Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter.
CVE-2019-25516High8.22026-03-12Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery_id parameter.
CVE-2019-25514High8.22026-03-12Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests.
CVE-2019-25513High8.22026-03-12Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter.
CVE-2019-25512High8.22026-03-12Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests.
CVE-2019-25511High8.22026-03-12Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter.
CVE-2019-25510High8.22026-03-12Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation.
CVE-2019-25508High8.22026-03-12Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter.
CVE-2019-25488High8.22026-03-12Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters.
CVE-2019-25482High8.22026-03-12Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter.
CVE-2019-25515High7.52026-03-12Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax.

Gvectors · 13 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-22192Critical9.92026-03-13Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management functions by manipulating browser localStorage values.
CVE-2026-22202High8.12026-03-13wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments associated with an email address by crafting a malicious GET request with a valid HMAC key.
CVE-2026-22193High8.12026-03-13wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parameters lack proper quote escaping in SQL queries.
CVE-2026-22199High7.52026-03-13Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows unauthenticated attackers to read arbitrary files on the device filesystem by supplying directory tr…
CVE-2026-22182High7.52026-03-13wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType() function.
CVE-2026-22216Medium6.52026-03-13wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.Wp…
CVE-2026-22183Medium6.12026-03-13wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allows authenticated users to inject malicious scripts by submitting comments with unescaped content.
CVE-2026-22209Medium5.52026-03-13wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags.
CVE-2026-22201Medium5.32026-03-13wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP() function that allows attackers to bypass IP-based rate limiting and ban enforcement by trusting untrusted HTTP headers.
CVE-2026-22203Medium4.92026-03-13wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON.
CVE-2026-22210Medium4.42026-03-13wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpload class.
CVE-2026-22215Medium4.32026-03-13wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage() function that allows attackers to trigger unauthorized actions without nonce validation.
CVE-2026-22204Low3.72026-03-13wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into the comment_author_email cookie.

Craftcms · 11 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31858High8.82026-03-11Craft is a content management system (CMS).
CVE-2026-31857High8.82026-03-11Craft is a content management system (CMS).
CVE-2026-29174High8.82026-03-10Craft Commerce is an ecommerce platform for Craft CMS.
CVE-2026-29172High8.82026-03-10Craft Commerce is an ecommerce platform for Craft CMS.
CVE-2026-31859Medium6.12026-03-11Craft is a content management system (CMS).
CVE-2026-29177Medium5.42026-03-10Craft Commerce is an ecommerce platform for Craft CMS.
CVE-2026-29175Medium5.42026-03-10Craft Commerce is an ecommerce platform for Craft CMS.
CVE-2026-31867Medium4.82026-03-11Craft Commerce is an ecommerce platform for Craft CMS.
CVE-2026-29176Medium4.82026-03-10Craft Commerce is an ecommerce platform for Craft CMS.
CVE-2026-29173Medium4.82026-03-10Craft Commerce is an ecommerce platform for Craft CMS.
CVE-2026-29113Medium4.32026-03-10Craft is a content management system (CMS).
CVESeverityCVSSKEVPublishedSummary
CVE-2025-70245Critical9.82026-03-12Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizardSelectMode.
CVE-2025-70244High7.52026-03-10Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanSetup.
CVE-2025-70251High7.52026-03-10Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanGuestSetup.
CVE-2025-70249High7.52026-03-10Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard2.
CVE-2025-70247High7.52026-03-10Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard1.
CVE-2025-70246High7.52026-03-10Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formVirtualServ.
CVE-2025-70242High7.52026-03-10Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formSetWanPPTP.
CVE-2025-70227High7.52026-03-10Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the nextPage parameter to goform/formLanguageChange.
CVE-2025-70250High7.52026-03-09Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formdumpeasysetup.
CVE-2025-70243High7.52026-03-09Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard534.
CVE-2025-70238High7.52026-03-09Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52.

Hackerbay · 10 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32306Critical9.92026-03-13OneUptime is a solution for monitoring and managing online services.
CVE-2026-30957Critical9.92026-03-10OneUptime is a solution for monitoring and managing online services.
CVE-2026-30956Critical9.92026-03-10OneUptime is a solution for monitoring and managing online services.
CVE-2026-30921Critical9.92026-03-10OneUptime is a solution for monitoring and managing online services.
CVE-2026-30887Critical9.92026-03-10OneUptime is a solution for monitoring and managing online services.
CVE-2026-30920High8.62026-03-10OneUptime is a solution for monitoring and managing online services.
CVE-2026-32308High7.62026-03-13OneUptime is a solution for monitoring and managing online services.
CVE-2026-30958High7.22026-03-10OneUptime is a solution for monitoring and managing online services.
CVE-2026-32598Medium6.52026-03-13OneUptime is a solution for monitoring and managing online services.
CVE-2026-30959Medium5.02026-03-10OneUptime is a solution for monitoring and managing online services.

Lenovo · 10 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2368High7.12026-03-11An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code.
CVE-2026-1716High7.12026-03-11An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges.
CVE-2026-1715High7.12026-03-11An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges.
CVE-2026-0940Medium6.72026-03-11A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code.
CVE-2026-1652Medium6.12026-03-11A potential buffer overflow vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to corrupt memory and cause a Windows blue screen error.
CVE-2026-2640Medium5.52026-03-11During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes.
CVE-2026-1717Medium5.52026-03-11An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges.
CVE-2026-1653Medium5.52026-03-11A potential divide by zero vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to cause a Windows blue screen error.
CVE-2026-1068Medium5.32026-03-11An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application.
CVE-2026-0520Low2.82026-03-11A potential vulnerability was reported in the Lenovo FileZ Android application that, under certain conditions, could allow a local authenticated user to retrieve some sensitive data stored in a log file.

Netartmedia · 10 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25543High8.22026-03-12Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter.
CVE-2019-25542High8.22026-03-12Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_email parameter.
CVE-2019-25541High8.22026-03-12Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters.
CVE-2019-25540High8.22026-03-12Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters.
CVE-2019-25537High8.22026-03-12Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter.
CVE-2019-25536High8.22026-03-12Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter.
CVE-2019-25535High8.22026-03-12Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter.
CVE-2019-25534High8.22026-03-12Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter.
CVE-2019-25532High8.22026-03-12Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter.
CVE-2019-25531High8.22026-03-12Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows unauthenticated attackers to manipulate database queries.

Red Hat · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-4111High7.52026-03-13A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path.
CVE-2026-4105Medium6.72026-03-13A flaw was found in systemd.
CVE-2025-8766Medium6.42026-03-13A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images.
CVE-2025-57849Medium6.42026-03-13A container privilege escalation flaw was found in certain Fuse images.
CVE-2026-2376Medium4.92026-03-12A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses.
CVE-2026-3234Medium4.32026-03-12A flaw was found in mod_proxy_cluster.
CVE-2026-3429Medium4.22026-03-11A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions.
CVE-2026-2366Low3.12026-03-12A flaw was found in Keycloak.
CVE-2026-3911Low2.72026-03-11A flaw was found in Keycloak.

Sap_se · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-27685Critical9.12026-03-10SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, could result in a high impact on the confidentiality, integrity, and availability of the h…
CVE-2026-27689High7.72026-03-10Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-…
CVE-2026-27684Medium6.42026-03-10SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields.
CVE-2026-0489Medium6.12026-03-10Due to insufficient validation of user-controlled input in the URLs query parameter.
CVE-2026-27686Medium5.92026-03-10Due to a Missing Authorization Check in SAP Business Warehouse (Service API), an authenticated attacker could perform unauthorized actions via an affected RFC function module.
CVE-2026-27687Medium5.82026-03-10Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company.
CVE-2026-24311Medium5.62026-03-10The SAP Customer Checkout application exhibits certain design characteristics that involve locally storing operational data using reversible protection mechanisms.
CVE-2026-24317Medium5.02026-03-10SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application.
CVE-2026-24313Medium5.02026-03-10SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed.

Siemens · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-40943Critical9.62026-03-10Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted t…
CVE-2026-25573High7.42026-03-10A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7).
CVE-2026-25570High7.42026-03-10A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7).
CVE-2026-25569High7.42026-03-10A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7).
CVE-2026-25605Medium6.72026-03-10A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7).
CVE-2026-25572Medium5.12026-03-10A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7).
CVE-2026-25571Medium5.12026-03-10A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7).
CVE-2026-27661Medium4.32026-03-10A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0).
CVE-2025-27769Low2.62026-03-10A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (All versions < F4.11.1), Heliox Mobile DC 40 kW EV Charging Station (All versions < L4.10.1).

Unknown · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2631Critical9.82026-03-11The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST endpoint that allows any remote user to modify the option `datalogics_token` without verification.
CVE-2026-2626High8.12026-03-11The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function, allowing unauthenticated users to modify stored divi-booster WordPress plugin before 5.0.2 options.
CVE-2026-2466High7.12026-03-11The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVE-2026-1753Medium6.82026-03-11The Gutena Forms WordPress plugin before 1.6.1 does not validate option to be updated, which could allow contributors and above role to update arbitrary boolean and array options (such as users_can_register).
CVE-2019-25474Medium6.22026-03-11Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code.
CVE-2026-1867Medium5.92026-03-11The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates.
CVE-2026-2687Medium4.32026-03-12The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capa…
CVE-2025-15473Medium4.32026-03-12The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type.
CVE-2026-1508Medium4.32026-03-10The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete them via a CSRF attack

Freerdp · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31806Critical9.82026-03-13FreeRDP is a free implementation of the Remote Desktop Protocol.
CVE-2026-31885Medium6.52026-03-13FreeRDP is a free implementation of the Remote Desktop Protocol.
CVE-2026-31884Medium6.52026-03-13FreeRDP is a free implementation of the Remote Desktop Protocol.
CVE-2026-31883Medium6.52026-03-13FreeRDP is a free implementation of the Remote Desktop Protocol.
CVE-2026-29775Medium5.32026-03-13FreeRDP is a free implementation of the Remote Desktop Protocol.
CVE-2026-29774Medium5.32026-03-13FreeRDP is a free implementation of the Remote Desktop Protocol.
CVE-2026-29776Low3.12026-03-13FreeRDP is a free implementation of the Remote Desktop Protocol.
CVE-2026-31897Unrated2026-03-13FreeRDP is a free implementation of the Remote Desktop Protocol.

Lantronix · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-70082Critical9.82026-03-11An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component
CVE-2025-67041Critical9.82026-03-11An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2.
CVE-2025-67038Critical9.8KEV2026-03-11An issue was discovered in Lantronix EDS5000 2.1.0.0R3.
CVE-2025-67035Critical9.82026-03-11An issue was discovered in Lantronix EDS5000 2.1.0.0R3.
CVE-2025-67039Critical9.12026-03-11An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2.
CVE-2025-67037High8.82026-03-11An issue was discovered in Lantronix EDS5000 2.1.0.0R3.
CVE-2025-67036High8.82026-03-11An issue was discovered in Lantronix EDS5000 2.1.0.0R3.
CVE-2025-67034High8.82026-03-11An issue was discovered in Lantronix EDS5000 2.1.0.0R3.

Open-emr · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32127High8.82026-03-11OpenEMR is a free and open source electronic health records and medical practice management application.
CVE-2026-32123High7.72026-03-11OpenEMR is a free and open source electronic health records and medical practice management application.
CVE-2026-32121High7.72026-03-11OpenEMR is a free and open source electronic health records and medical practice management application.
CVE-2026-32126High7.12026-03-11OpenEMR is a free and open source electronic health records and medical practice management application.
CVE-2026-32125Medium5.42026-03-11OpenEMR is a free and open source electronic health records and medical practice management application.
CVE-2026-32124Medium5.42026-03-11OpenEMR is a free and open source electronic health records and medical practice management application.
CVE-2026-32118Medium5.42026-03-11OpenEMR is a free and open source electronic health records and medical practice management application.
CVE-2026-32122Medium4.32026-03-11OpenEMR is a free and open source electronic health records and medical practice management application.

Veeam · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-21708Critical9.92026-03-12A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.
CVE-2026-21669Critical9.92026-03-12A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
CVE-2026-21667Critical9.92026-03-12A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
CVE-2026-21666Critical9.92026-03-12A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
CVE-2026-21671Critical9.12026-03-12A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.
CVE-2026-21672High8.82026-03-12A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers.
CVE-2026-21668High8.82026-03-12A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
CVE-2026-21670High7.72026-03-12A vulnerability allowing a low-privileged user to extract saved SSH credentials.

Apache · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-24713Critical9.82026-03-09Improper Input Validation vulnerability in Apache IoTDB.
CVE-2026-24015Critical9.82026-03-09A vulnerability in Apache IoTDB.
CVE-2025-69219High8.82026-03-09A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author.
CVE-2025-66249Medium6.32026-03-13Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Livy.
CVE-2025-60012Medium6.32026-03-13Malicious configuration can lead to unauthorized file access in Apache Livy.
CVE-2026-25604Medium5.42026-03-09In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL.  This allowed to gain access to different instances with potentially different access cont…
CVE-2026-23907Medium5.32026-03-10This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6.

Sylius · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31824High8.22026-03-10Sylius is an Open Source eCommerce Framework on Symfony.
CVE-2026-31820Medium6.52026-03-10Sylius is an Open Source eCommerce Framework on Symfony.
CVE-2026-31822Medium6.12026-03-10Sylius is an Open Source eCommerce Framework on Symfony.
CVE-2026-31819Medium6.12026-03-10Sylius is an Open Source eCommerce Framework on Symfony.
CVE-2026-31825Medium5.32026-03-10Sylius is an Open Source eCommerce Framework on Symfony.
CVE-2026-31821Medium5.32026-03-10Sylius is an Open Source eCommerce Framework on Symfony.
CVE-2026-31823Medium4.82026-03-10Sylius is an Open Source eCommerce Framework on Symfony.

Ays Pro · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31922High8.52026-03-13Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through <= 1.0.6.3.
CVE-2026-32428Medium5.32026-03-13Missing Authorization vulnerability in Ays Pro Popup Like box ays-facebook-popup-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Like box: from n/a through <= 3.7.7.
CVE-2026-32402Medium5.32026-03-13Missing Authorization vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through <= 2.7.1.
CVE-2026-32332Medium5.32026-03-13Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.9.
CVE-2026-32329Medium5.32026-03-13Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through <= 1.9.1.
CVE-2026-32342Medium4.32026-03-13Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.1.2.

Cisco · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-20046High8.82026-03-11A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerabili…
CVE-2026-20040High8.82026-03-11A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient v…
CVE-2026-20074High7.42026-03-11A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly. This…
CVE-2026-20118Medium6.82026-03-11A vulnerability in the handling of an Egress Packet Network Interface (EPNI) Aligner interrupt in Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series with NC57 line cards and Cisco NCS 5700 Routers and Cisco IOS XR…
CVE-2026-20117Medium6.12026-03-11A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. T…
CVE-2026-20116Medium6.12026-03-11A vulnerability in the web-based management interface of&nbsp; Cisco Finesse, Cisco Packaged Contact Center Enterprise (Packaged CCE), Cisco Unified Contact Center Enterprise (Unified CCE), Cisco Unified Contact Center Express (Unified CCX…

Freebsd · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-15547High8.82026-03-09By default, jailed processes cannot mount filesystems, including nullfs(4).
CVE-2026-3038High7.52026-03-09The rtsock_msg_buffer() function serializes routing information into a buffer.
CVE-2026-2261High7.52026-03-09Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives.
CVE-2025-15576High7.52026-03-09If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs…
CVE-2025-14769High7.52026-03-09In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine.
CVE-2025-14558High7.22026-03-09The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified.

Nodejs · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2229High7.52026-03-12ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the server_max_window_bits parameter in the permessage-deflate extension.
CVE-2026-1528High7.52026-03-12ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length.
CVE-2026-1526High7.52026-03-12The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression.
CVE-2026-1525Medium6.52026-03-12Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names (e.g., Content-Length and content-length).
CVE-2026-2581Medium5.92026-03-12This is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS).
CVE-2026-1527Medium4.62026-03-12ImpactWhen an application passes user-controlled input to the upgrade option of client.request(), an attacker can inject CRLF sequences (\r\n) to: * Inject arbitrary HTTP headers * Terminate the HTTP request prematurely and smuggle…

Openclaw · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32060High8.82026-03-11OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in apply_patch that allows attackers to write or delete files outside the configured workspace directory.
CVE-2026-32059High8.82026-03-11OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option abbreviations, allowing attackers to bypass denied-flag checks via abbreviated options.
CVE-2026-32302High8.12026-03-13OpenClaw is a personal AI assistant.
CVE-2026-32062High7.52026-03-11OpenClaw versions 2026.2.21-2 up to, but not including, 2026.2.22, and @openclaw/voice-call versions 2026.2.21 up to, but not including, 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated cl…
CVE-2026-32063High7.12026-03-11OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF characters, allowing newline injection to b…
CVE-2026-32061Medium4.42026-03-11OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary.

Schneider Electric · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2273High8.22026-03-10CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a poten…
CVE-2025-11739High7.82026-03-10CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization.
CVE-2026-1286Medium6.52026-03-10CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated user opens a malicious project file.
CVE-2025-13902Medium5.42026-03-10CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim…
CVE-2025-13901Medium5.32026-03-10CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels.
CVE-2025-139572026-03-10CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known.

Vowelweb · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32438Medium5.32026-03-13Missing Authorization vulnerability in vowelweb VW School Education vw-school-education allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW School Education: from n/a through <= 1.4.6.
CVE-2026-32437Medium5.32026-03-13Missing Authorization vulnerability in vowelweb VW Portfolio vw-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Portfolio: from n/a through <= 1.3.3.
CVE-2026-32436Medium5.32026-03-13Missing Authorization vulnerability in vowelweb VW Photography vw-photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Photography: from n/a through <= 1.3.8.
CVE-2026-32435Medium5.32026-03-13Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through <= 1.4.7.
CVE-2026-32434Medium5.32026-03-13Missing Authorization vulnerability in vowelweb VW Fitness vw-fitness allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Fitness: from n/a through <= 4.3.4.
CVE-2026-32427Medium5.32026-03-13Missing Authorization vulnerability in vowelweb VW Education Lite vw-education-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Education Lite: from n/a through <= 2.2.0.

B3log · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30869Critical9.32026-03-10SiYuan is a personal knowledge management system.
CVE-2026-32110High8.32026-03-11SiYuan is a personal knowledge management system.
CVE-2026-30926High7.12026-03-10SiYuan is a personal knowledge management system.
CVE-2026-31809Medium6.12026-03-10SiYuan is a personal knowledge management system.
CVE-2026-31807Medium6.12026-03-10SiYuan is a personal knowledge management system.

Budibase · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30240Critical9.62026-03-09Budibase is a low code platform for creating internal tools, workflows, and admin panels.
CVE-2026-31816Critical9.12026-03-09Budibase is a low code platform for creating internal tools, workflows, and admin panels.
CVE-2026-25737High8.92026-03-09Budibase is a low code platform for creating internal tools, workflows, and admin panels.
CVE-2026-25045High8.82026-03-09Budibase is a low code platform for creating internal tools, workflows, and admin panels.
CVE-2026-25041High7.22026-03-09Budibase is a low code platform for creating internal tools, workflows, and admin panels.

Envoyproxy · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26308High7.52026-03-10Envoy is a high-performance edge/middle/service proxy.
CVE-2026-26311Medium5.92026-03-10Envoy is a high-performance edge/middle/service proxy.
CVE-2026-26310Medium5.92026-03-10Envoy is a high-performance edge/middle/service proxy.
CVE-2026-26330Medium5.32026-03-10Envoy is a high-performance edge/middle/service proxy.
CVE-2026-26309Medium5.32026-03-10Envoy is a high-performance edge/middle/service proxy.

Gl-inet · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26793Critical9.82026-03-12GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set_config function.
CVE-2026-26795Critical9.82026-03-12GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function.
CVE-2026-26792Critical9.82026-03-12GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set_upgrade function via the modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type param…
CVE-2026-26791Critical9.82026-03-12GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function.
CVE-2026-26794High8.82026-03-12GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add_group() function.

Gnu · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32746Critical9.82026-03-13telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
CVE-2025-61154Medium6.52026-03-12Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.7571 up to v0.13.3.7835 allows a crafted DWG file to cause a Denial of Service (DoS) via the function decompress_R2004_section at decode.c.
CVE-2026-3904Medium6.22026-03-11Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified b…
CVE-2025-69648Medium6.22026-03-09GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data.
CVE-2025-69647Medium6.22026-03-09GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data.

Hewlett Packard Enterprise (Hpe) · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-23813Critical9.82026-03-11A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls.
CVE-2026-23814High8.82026-03-11A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior.
CVE-2026-23816High7.22026-03-11A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.
CVE-2026-23815High7.22026-03-11A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated remote attacker with high privileges to perform command injection.
CVE-2026-23817Medium6.52026-03-11A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthenticated remote attacker to redirect users to an arbitrary URL.

Inoutscripts · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25528High8.22026-03-12Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the property1 parameter.
CVE-2019-25527High8.22026-03-12Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the numguest parameter.
CVE-2019-25526High8.22026-03-12Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter.
CVE-2019-25525High8.22026-03-12Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter.
CVE-2019-25479High8.22026-03-12Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter.

Itsourcecode · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-4014High7.32026-03-12A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0.
CVE-2026-3981High7.32026-03-12A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0.
CVE-2026-3980High7.32026-03-12A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0.
CVE-2026-3993Medium4.32026-03-12A security vulnerability has been detected in itsourcecode Payroll Management System 1.0.
CVE-2026-3982Medium4.32026-03-12A vulnerability was determined in itsourcecode University Management System 1.0.

Openproject · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30239Medium6.52026-03-11OpenProject is an open-source, web-based project management software.
CVE-2026-30235Medium6.52026-03-11OpenProject is an open-source, web-based project management software.
CVE-2026-30234Medium6.52026-03-11OpenProject is an open-source, web-based project management software.
CVE-2026-30236Medium4.32026-03-11OpenProject is an open-source, web-based project management software.
CVE-2026-31974Low3.02026-03-11OpenProject is an open-source, web-based project management software.

Splunk · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-20163High7.22026-03-11In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability…
CVE-2026-20164Medium6.52026-03-11In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold the "admin" or "power" Splu…
CVE-2026-20165Medium6.32026-03-11In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splu…
CVE-2026-20162Medium6.32026-03-11In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the "admin" or "power" Splunk…
CVE-2026-20166Medium5.42026-03-11In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve the Ob…

Ssw · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-28792Critical9.62026-03-12Tina is a headless content management system.
CVE-2026-28793High8.42026-03-12Tina is a headless content management system.
CVE-2026-28791High7.42026-03-12Tina is a headless content management system.
CVE-2026-24125Medium6.32026-03-12Tina is a headless content management system.
CVE-2026-29066Medium6.22026-03-12Tina is a headless content management system.

Studiocms · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30944High8.82026-03-10StudioCMS is a server-side-rendered, Astro native, headless content management system.
CVE-2026-30945High7.12026-03-10StudioCMS is a server-side-rendered, Astro native, headless content management system.
CVE-2026-32103Medium6.82026-03-11StudioCMS is a server-side-rendered, Astro native, headless content management system.
CVE-2026-32104Medium5.42026-03-11StudioCMS is a server-side-rendered, Astro native, headless content management system.
CVE-2026-32106Medium4.72026-03-11StudioCMS is a server-side-rendered, Astro native, headless content management system.

Trane · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-28256Critical9.82026-03-12A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.
CVE-2026-28255Critical9.82026-03-12A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.
CVE-2026-28252Critical9.82026-03-12A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device.
CVE-2026-28254High7.52026-03-12A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs.
CVE-2026-28253High7.52026-03-12A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition

Xooscripts · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25524High8.22026-03-12XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter.
CVE-2019-25523High8.22026-03-12XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter.
CVE-2019-25522High8.22026-03-12XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photo_id parameter.
CVE-2019-25521High8.22026-03-12XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gal_id parameter.
CVE-2019-25509High8.22026-03-12XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter.

Ahsanriaz26gmailcom · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3793Medium6.32026-03-09A vulnerability was determined in SourceCodester Sales and Inventory System 1.0.
CVE-2026-3792Medium6.32026-03-09A vulnerability was found in SourceCodester Sales and Inventory System 1.0.
CVE-2026-3791Medium6.32026-03-09A vulnerability has been found in SourceCodester Sales and Inventory System 1.0.
CVE-2026-3790Medium6.32026-03-09A flaw has been found in SourceCodester Sales and Inventory System 1.0.

Anchore · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25076High7.32026-03-13Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API.
CVE-2026-31961Medium5.52026-03-11Quill provides simple mac binary signing and notarization from any platform.
CVE-2026-31960Medium5.32026-03-11Quill provides simple mac binary signing and notarization from any platform.
CVE-2026-31959Medium5.32026-03-11Quill provides simple mac binary signing and notarization from any platform.

Curl · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3805High7.52026-03-11When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.
CVE-2026-3784Medium6.52026-03-11curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy.
CVE-2026-1965Medium6.52026-03-11libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request.
CVE-2026-3783Medium5.32026-03-11When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances.

Digilent · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-0957High7.82026-03-13There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted file in Digilent DASYLab.
CVE-2026-0956High7.82026-03-13There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab.
CVE-2026-0955High7.82026-03-13There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab.
CVE-2026-0954High7.82026-03-13There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent DASYLab.

Github · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3854High8.82026-03-10An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance.
CVE-2026-2266Medium5.42026-03-10An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed DOM-based cross-site scripting via task list content.
CVE-2026-3582Medium4.32026-03-10An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token (PAT) lacking the repo scope to retrieve issues and commits from private and intern…
CVE-2026-3306Medium4.32026-03-10An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access to a repository and write access to a project to modify issue and pull request metadata through the project.

Janitza · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-41709Critical9.82026-03-10An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device.
CVE-2025-41712Medium6.52026-03-10An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device.
CVE-2025-41710Medium6.52026-03-10An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges.
CVE-2025-41711Medium5.32026-03-10An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access.

Mozilla · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3847High8.82026-03-10Memory safety bugs present in Firefox 148.0.2.
CVE-2026-3845High8.82026-03-10Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android.
CVE-2026-3846Medium6.52026-03-10Same-origin policy bypass in the CSS Parsing and Computation component.
CVE-2026-2919Medium4.32026-03-09Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without…

Qnap · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-59388Critical9.82026-03-12A use of hard-coded password vulnerability has been reported to affect Hyper Data Protector.
CVE-2024-14026High7.82026-03-11A command injection vulnerability has been reported to affect several QNAP operating system versions.
CVE-2024-14025Medium6.72026-03-11An SQL injection vulnerability has been reported to affect Video Station.
CVE-2024-14024Medium6.72026-03-11An improper certificate validation vulnerability has been reported to affect Video Station.

Sap · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-24316Medium6.42026-03-10SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints.
CVE-2026-24309Medium6.42026-03-10Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP syst…
CVE-2026-27688Medium5.02026-03-10Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module.
CVE-2026-24310Low3.52026-03-10Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system.

Shopware · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31889High8.92026-03-11Shopware is an open commerce platform.
CVE-2026-31887High7.52026-03-11Shopware is an open commerce platform.
CVE-2026-32142Medium5.32026-03-12Shopware is an open commerce platform.
CVE-2026-31888Medium5.32026-03-11Shopware is an open commerce platform.

Themefusion · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32454Medium6.52026-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a through < 5.15.0.
CVE-2026-32451Medium6.52026-03-13Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0.
CVE-2026-32453Medium5.32026-03-13Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avada Core: from n/a through < 5.15.0.
CVE-2026-32452Medium5.32026-03-13Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0.

Zoom · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30903Critical9.62026-03-11External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.
CVE-2026-30902High7.82026-03-11Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2026-30900High7.82026-03-11Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2026-30901High7.02026-03-11Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access.

9001 · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32108Medium6.52026-03-11Copyparty is a portable file server.
CVE-2026-30974Medium4.62026-03-10Copyparty is a portable file server.
CVE-2026-32109Low3.72026-03-11Copyparty is a portable file server.

@Backstage · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32236High7.52026-03-12Backstage is an open framework for building developer portals.
CVE-2026-32235Medium5.92026-03-12Backstage is an open framework for building developer portals.
CVE-2026-32237Medium4.42026-03-12Backstage is an open framework for building developer portals.

Abb · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-13779High8.32026-03-13Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.
CVE-2025-13777High8.32026-03-13Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.
CVE-2025-13778Medium6.52026-03-13Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.

Asus · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-18782026-03-12An Insufficient Integrity Verification vulnerability in the ASUS ROG peripheral driver installation process allows privilege escalation to SYSTEM.
CVE-2025-150382026-03-12An Out-of-Bounds Read vulnerability exists in the ASUS Business System Control Interface driver.
CVE-2025-150372026-03-12An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver.

Boldgrid · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32401High7.22026-03-13Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows PHP Local File Inclusion.This issue affects Client…
CVE-2026-32424Medium6.52026-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Stored XSS.This issue affects Sprout Clients: from n/a through <= 3.2.2.
CVE-2026-2707Medium6.42026-03-11The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API entry submission endpoint in all versions up to, and including, 1.6.27.

Cloudcli · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31975Critical9.82026-03-11Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI.
CVE-2026-31862Critical9.12026-03-11Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI.
CVE-2026-31861High8.82026-03-11Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI.

Codepeople · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32433High8.52026-03-13Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Pay…
CVE-2026-3986Medium6.42026-03-13The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and including, 5.4.5.0.
CVE-2026-32432Medium5.32026-03-13Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through…

Coralos · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30968Critical9.82026-03-10Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents.
CVE-2026-30970Critical9.12026-03-10Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents.
CVE-2026-30969Critical9.12026-03-10Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents.

Croixhaug · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3045High7.52026-03-13The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29.
CVE-2026-1708High7.52026-03-11The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and including, 1.6.9.27.
CVE-2026-1704Medium4.32026-03-13The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29.

Dataease · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32140High8.82026-03-12Dataease is an open source data visualization analysis tool.
CVE-2026-32137High8.82026-03-12Dataease is an open source data visualization analysis tool.
CVE-2026-32139Medium5.42026-03-12Dataease is an open source data visualization analysis tool.

Dell · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-24510Medium6.72026-03-11Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerability.
CVE-2026-24509Low3.62026-03-11Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Access Control vulnerability.
CVE-2026-24508Low2.52026-03-11Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Certificate Validation vulnerability.

Erlang · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-23941Critical9.42026-03-13Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling.
CVE-2026-23942Medium5.42026-03-13Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal.
CVE-2026-23943Medium5.32026-03-13Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion.

Forceu · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30955Medium6.52026-03-13Gokapi is a self-hosted file sharing server with automatic expiration and encryption support.
CVE-2026-30961Medium4.32026-03-13Gokapi is a self-hosted file sharing server with automatic expiration and encryption support.
CVE-2026-30943Medium4.12026-03-13Gokapi is a self-hosted file sharing server with automatic expiration and encryption support.

Frappe · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31877Critical9.82026-03-11Frappe is a full-stack web application framework.
CVE-2026-31879Medium5.42026-03-11Frappe is a full-stack web application framework.
CVE-2026-31878Medium5.02026-03-11Frappe is a full-stack web application framework.

Labredescefetrj · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31896Critical9.82026-03-11WeGIA is a web manager for charitable institutions.
CVE-2026-31895High8.82026-03-11WeGIA is a web manager for charitable institutions.
CVE-2026-31894High7.52026-03-11WeGIA is a web manager for charitable institutions.

Linagora · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-70039Critical9.82026-03-09An issue pertaining to CWE-78: Improper Neutralization of Special Elements used in an OS Command was discovered in linagora Twake v2023.Q1.1223.
CVE-2025-70038High8.82026-03-09An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223.
CVE-2025-70037Medium6.12026-03-09An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in linagora Twake v2023.Q1.1223.

Linethemes · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32391Medium5.42026-03-13Missing Authorization vulnerability in linethemes SmartFix smartfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SmartFix: from n/a through < 1.2.4.
CVE-2026-32390Medium5.42026-03-13Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nanosoft: from n/a through < 1.3.2.
CVE-2026-32388Medium5.42026-03-13Missing Authorization vulnerability in linethemes GLB glb allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GLB: from n/a through <= 1.2.2.

Linux · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-23240Critical9.82026-03-10In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was discovered during a code audit.
CVE-2026-23239High7.82026-03-10In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcp_close() This issue was discovered during a code audit.
CVE-2024-14027Medium5.52026-03-09In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput() in fremovexattr error path In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a file reference but returns early without…

Micro Research Ltd. · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-27842Critical9.82026-03-11Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration.
CVE-2026-24448Critical9.82026-03-11Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access.
CVE-2026-20892High7.22026-03-11Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands.

Misskey · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-28432High7.52026-03-10Misskey is an open source, federated social media platform.
CVE-2026-28431High7.52026-03-10Misskey is an open source, federated social media platform.
CVE-2026-28433Medium4.32026-03-10Misskey is an open source, federated social media platform.

Neo4j · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1524Critical9.82026-03-11An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions: If a neo4j admin configures two or more OIDC providers AND configures one or…
CVE-2026-1497High7.22026-03-11Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario:  an admin that intends to give a user an access to a remote database constituent…
CVE-2026-1471Medium6.52026-03-11Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart.

Opentext · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-12455High7.52026-03-13Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing.   The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 thro…
CVE-2025-12454Medium6.12026-03-13Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS.  The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica manageme…
CVE-2025-12453Medium6.12026-03-13Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS.  The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica manageme…

Radiustheme · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32369High7.52026-03-13Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Medilink-Core medilink-core allows PHP Local File Inclusion.This issue affects Medilink-Core: from n/a thr…
CVE-2026-32396Medium5.32026-03-13Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.13.
CVE-2026-32372Medium5.32026-03-13Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder –…

Realmag777 · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32458High7.62026-03-13Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through <= 1.0.8.7.
CVE-2026-32455Medium6.52026-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects MDTF: from n/a through <= 1.3.5.
CVE-2026-32450Medium6.52026-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active P…

Top-password · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25477Medium6.22026-03-11RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog.
CVE-2019-25476Medium6.22026-03-11Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload.
CVE-2019-25475Medium6.22026-03-11SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload.
CVESeverityCVSSKEVPublishedSummary
CVE-2026-1668Critical9.82026-03-13The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests.
CVE-2026-3841High8.82026-03-12A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3.
CVE-2025-15568High8.02026-03-09A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router.

Umbraco · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31834High7.22026-03-10Umbraco is an ASP.NET CMS.
CVE-2026-31833Medium6.72026-03-10Umbraco is an ASP.NET CMS.
CVE-2026-31832Medium5.42026-03-10Umbraco is an ASP.NET CMS.

Wellchoose · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3826Critical9.82026-03-11IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.
CVE-2026-3825Medium6.12026-03-11IFTOP developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVE-2026-3824Medium6.12026-03-11IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote attackers to craft a URL that tricks users into visiting malicious website.

Zitadel · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32131High7.72026-03-11ZITADEL is an open source identity management platform.
CVE-2026-32130High7.52026-03-11ZITADEL is an open source identity management platform.
CVE-2026-32132High7.42026-03-11ZITADEL is an open source identity management platform.

@Feathersjs · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-29793Critical9.82026-03-10Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript.
CVE-2026-29792Critical9.82026-03-10Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript.

Angeljudesuarez · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3944High7.32026-03-11A vulnerability was determined in itsourcecode University Management System 1.0.
CVE-2026-3812Medium4.32026-03-09A vulnerability was determined in itsourcecode Payroll Management System 1.0.

Argoproj · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-28229Critical9.82026-03-11Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes.
CVE-2026-31892High8.12026-03-11Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes.

Arraytics · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1920Medium5.32026-03-10The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'Extension_Controller::update_item_permissions_check'…
CVE-2026-1919Medium5.32026-03-10The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including…

Bplugins · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32359Medium6.52026-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Icon List Block icon-list-block allows Stored XSS.This issue affects Icon List Block: from n/a through <= 1.2.3.
CVE-2026-32416Medium5.42026-03-13Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through <= 2.4.0.

Bytedesk · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3789Medium6.32026-03-09A vulnerability was detected in Bytedesk up to 1.3.9.
CVE-2026-3788Medium6.32026-03-09A security vulnerability has been detected in Bytedesk up to 1.3.9.

Campcodes · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3984Low3.52026-03-12A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1.
CVE-2026-3983Low3.52026-03-12A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1.

Canonical · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3497High7.52026-03-12Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions.
CVE-2026-283842026-03-12An improper sanitization of the compression_algorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints.

Capnproto · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32240Medium6.52026-03-12Cap'n Proto is a data interchange format and capability-based RPC system.
CVE-2026-32239Medium6.52026-03-12Cap'n Proto is a data interchange format and capability-based RPC system.

Checkmk · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2859Medium4.32026-03-13Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deploy_agent endpoint…
CVE-2026-24097Medium4.32026-03-13Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows authenticated users to enumerate existing hosts by observing different HTTP response codes in agent-receiver/register_…

Creatives_planet · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32393High7.52026-03-13Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.This issue affects Greenly Theme…
CVE-2026-32392High7.52026-03-13Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly greenly allows PHP Local File Inclusion.This issue affects Greenly: from n/a through <= 8.1.

Crocoblock · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32355High8.82026-03-13Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through < 3.8.4.1.
CVE-2026-3496High7.52026-03-11The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'check_in_date' parameter in all versions up to, and including, 4.0.3.

Dagu · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31886Critical9.12026-03-13Dagu is a workflow engine with a built-in Web user interface.
CVE-2026-31882High7.52026-03-13Dagu is a workflow engine with a built-in Web user interface.

Danny-avila · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31944High7.62026-03-13LibreChat is a ChatGPT clone with additional features.
CVE-2026-31949Medium6.52026-03-13LibreChat is a ChatGPT clone with additional features.

Deltaww · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3630Critical9.82026-03-09Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability.
CVE-2026-3631High7.52026-03-09Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability.

Doramart · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3794High7.32026-03-09A vulnerability was identified in doramart DoraCMS 3.0.x.
CVE-2026-3795Medium6.32026-03-09A security flaw has been discovered in doramart DoraCMS 3.0.x.

Drakkan · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30914High8.12026-03-13SFTPGo is an open source, event-driven file transfer solution.
CVE-2026-30915Medium4.32026-03-13SFTPGo is an open source, event-driven file transfer solution.

Dronecode · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26742High8.12026-03-10PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic.
CVE-2026-26741High8.12026-03-10PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism.

Elementor · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32352Medium6.52026-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows DOM-Based XSS.This issue affects Elementor Website Builder: from n/a through <= 3.35…
CVE-2026-32445Low2.72026-03-13Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.

Ellanetworks · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32319High7.52026-03-13Ella Core is a 5G core designed for private networks.
CVE-2026-32320Medium6.52026-03-13Ella Core is a 5G core designed for private networks.

Eventobot · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-40639Critical9.82026-03-09A SQL injection vulnerability has been found in Eventobot.
CVE-2025-40638Medium6.12026-03-09A reflected Cross-Site Scripting (XSS) vulnerability has been found in Eventobot.

Facilemanager · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30919High7.62026-03-10facileManager is a modular suite of web apps built with the sysadmin in mind.
CVE-2026-30918High7.62026-03-10facileManager is a modular suite of web apps built with the sysadmin in mind.

Filebrowser · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30934High8.92026-03-10FileBrowser Quantum is a free, self-hosted, web-based file manager.
CVE-2026-30933High7.52026-03-10FileBrowser Quantum is a free, self-hosted, web-based file manager.

Fit2cloud · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31864Medium6.82026-03-13JumpServer is an open source bastion host and an operation and maintenance security audit system.
CVE-2026-31798Medium5.02026-03-13JumpServer is an open source bastion host and an operation and maintenance security audit system.

Freshrss · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-62166High7.52026-03-09FreshRSS is a free, self-hostable RSS aggregator.
CVE-2025-684022026-03-09FreshRSS is a free, self-hostable RSS aggregator.

Himmelblau-idm · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31957Critical10.02026-03-11Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune.
CVE-2026-31979High8.82026-03-11Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune.

Homeassistant-ai · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32112Medium6.82026-03-11ha-mcp is a Home Assistant MCP Server.
CVE-2026-32111Medium5.32026-03-11ha-mcp is a Home Assistant MCP Server.

Istio · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31837High7.52026-03-10Istio is an open platform to connect, manage, and secure microservices.
CVE-2026-31838Medium5.32026-03-10Istio is an open platform to connect, manage, and secure microservices.

Janobe · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3806Medium6.32026-03-09A weakness has been identified in SourceCodester/janobe Resort Reservation System 1.0.
CVE-2026-3800Medium6.32026-03-09A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0.

Jetbrains · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32229Medium6.82026-03-11In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled
CVE-2026-32745Medium6.32026-03-13In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings

Josh Kohlbach · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32443Medium6.52026-03-13Cross-Site Request Forgery (CSRF) vulnerability in Josh Kohlbach Product Feed PRO for WooCommerce woo-product-feed-pro allows Cross Site Request Forgery.This issue affects Product Feed PRO for WooCommerce: from n/a through <= 13.5.2.
CVE-2026-31919Medium4.32026-03-13Missing Authorization vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Coupons…

Konradpl99 · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25539High8.22026-03-12202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter.
CVE-2019-25538High8.22026-03-12202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter.

Kovah · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30953High7.72026-03-10LinkAce is a self-hosted archive to collect website links.
CVE-2026-30954Medium4.32026-03-10LinkAce is a self-hosted archive to collect website links.

Lexbor · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-29079High7.52026-03-13Lexbor is a web browser engine library.
CVE-2026-29078High7.52026-03-13Lexbor is a web browser engine library.

Limesurvey · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-56422Critical9.82026-03-10A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server.
CVE-2025-56421High7.52026-03-10SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database.

Linknacional · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3891Critical9.82026-03-13The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' function in all versions up to, and inc…
CVE-2026-32425Medium5.32026-03-13Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Pix For GiveWP: fr…

Lmsys · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3060Critical9.82026-03-12SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.
CVE-2026-3059Critical9.82026-03-12SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.

Magepeopleteam · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32384High7.52026-03-13Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam WpBookingly service-booking-manager allows PHP Local File Inclusion.This issue affects WpBookingly: fro…
CVE-2026-32354Medium5.32026-03-13Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through < 5.1.9.

Nicolargo · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30930Critical9.82026-03-10Glances is an open-source system cross-platform monitoring tool.
CVE-2026-30928High7.52026-03-10Glances is an open-source system cross-platform monitoring tool.

Noor Alam · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32429Medium6.52026-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.This issue affects Magical Addons For Elementor: fr…
CVE-2026-32387Medium5.32026-03-13Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout for PayPal: from n/a through <= 1.0.46.

Olivetin · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31817High8.52026-03-10OliveTin gives access to predefined shell commands from a web interface.
CVE-2026-32102Medium6.52026-03-11OliveTin gives access to predefined shell commands from a web interface.

Palo Alto Networks · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-02312026-03-11An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration s…
CVE-2026-02302026-03-11A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent.

Pocket-id · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-28513High8.52026-03-10Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services.
CVE-2026-28512High7.12026-03-10Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services.

Progress Software · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25142026-03-12In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a vulnerability exists whereby an adversary with access to Flowmon monitoring ports may craft malicious network data that, when processed by Flowmon ADS and viewed by an authenti…
CVE-2026-25132026-03-12A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web se…

Psf · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31900Critical9.82026-03-11Black is the uncompromising Python code formatter.
CVE-2026-32274High7.52026-03-12Black is the uncompromising Python code formatter.

Robfelty · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32366High8.52026-03-13Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a throug…
CVE-2026-32365High8.52026-03-13Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Collapsing Archives: from n/a through <= 3…

Roxnor · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2257Medium6.42026-03-13The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2 due to missing validation on a user controlled key in the `action` function.
CVE-2026-2879Medium5.42026-03-13The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2.

Smub · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1993High8.82026-03-11The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in versions 7.1.0 through 9.0.2.
CVE-2026-1992High8.82026-03-11The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2.

Stellar · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32322Medium5.32026-03-13soroban-sdk is a Rust SDK for Soroban contracts.
CVE-2026-321292026-03-12soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts.

Steveiliop56 · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32246High8.52026-03-12Tinyauth is an authentication and authorization server.
CVE-2026-32245Medium6.52026-03-12Tinyauth is an authentication and authorization server.

Strategy11team · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2890High7.52026-03-13The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28.
CVE-2026-2888Medium5.32026-03-13The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28.

Strukturag · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3950Low3.32026-03-11A vulnerability was identified in strukturag libheif up to 1.21.2.
CVE-2026-3949Low3.32026-03-11A vulnerability was determined in strukturag libheif up to 1.21.2.

Thehappymonster · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2918Medium6.42026-03-11The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the `ha_condition_update` AJAX action.
CVE-2026-2917Medium5.42026-03-11The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the `ha_duplicate_thing` admin action handler.

Tiandy · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3818High7.32026-03-09A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0.
CVE-2026-3797Medium6.32026-03-09A security vulnerability has been detected in Tiandy Video Surveillance System 视频监控平台 7.17.0.

Unjs · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31860Medium6.12026-03-12Unhead is a document head and template manager.
CVE-2026-31873Unrated2026-03-12Unhead is a document head and template manager.

Useplunk · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32096Critical9.32026-03-11Plunk is an open-source email platform built on top of AWS SES.
CVE-2026-32095Medium5.42026-03-11Plunk is an open-source email platform built on top of AWS SES.

Utt · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3815High8.82026-03-09A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711.
CVE-2026-3814High8.82026-03-09A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711.

Vaadin · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2741Medium6.82026-03-10Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 15.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2.
CVE-2026-2742Medium5.32026-03-10An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserve…

Wpclever · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32407Medium4.32026-03-13Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Smart Wishlist for WooCommerce: from n/a t…
CVE-2026-32406Medium4.32026-03-13Missing Authorization vulnerability in WPClever WPC Product Bundles for WooCommerce woo-product-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Product Bundles for WooCommerce: from n/a…

Xierongwkhd · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3957Medium4.72026-03-11A flaw has been found in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2.
CVE-2026-3956Medium4.72026-03-11A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2.

0xkoda · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3959Medium5.32026-03-11A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e.

10web · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32330Medium4.32026-03-13Cross-Site Request Forgery (CSRF) vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.37.

2fauth · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32133Critical9.12026-03-112FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes.

648540858 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3966Medium6.32026-03-12A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107.

@Appium · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30973Medium6.52026-03-10Appium is an automation framework that provides WebDriver-based automation possibilities for a wide range platforms.

@Powersync · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30870Medium6.52026-03-10PowerSync Service is the server-side component of the PowerSync sync engine.

@Studiocms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32101High7.62026-03-11StudioCMS is a server-side-rendered, Astro native, headless content management system.

Activity-log.com · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32362Medium5.32026-03-13Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sessions Time Monitoring Full Aut…

Actual · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3089Medium6.52026-03-09Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file.

Adguard · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32136Critical9.82026-03-11AdGuard Home is a network-wide software for blocking ads and tracking.

Admidio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30927Medium5.42026-03-10Admidio is an open-source user management solution.

Agile Logix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32421Medium5.32026-03-13Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a through <= 2.4.1.

Aisarlabs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32232Critical9.82026-03-12ZeptoClaw is a personal AI assistant.

Alfresco · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3967Medium6.32026-03-12A flaw has been found in Alfresco Activiti up to 7.19/8.8.0.

Alimir · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2358Medium6.42026-03-11The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[wp_ulike_likers_box]` shortcode `template` attribute in all versions up to, and including, 5.0.1.

Andy Fragen · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32349Medium4.92026-03-13Server-Side Request Forgery (SSRF) vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer allows Server Side Request Forgery.This issue affects Embed PDF Viewer: from n/a through <= 2.4.7.

Anyproto · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31863Low3.62026-03-11Anytype Heart is the middleware library for Anytype.

Anysphere · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31854High8.82026-03-11Cursor is a code editor built for programming with AI.

Apich-organization · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-309602026-03-10rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities.

Apple · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-43010High8.82026-03-12The issue was addressed with improved memory handling.

Appsmith · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30862Critical9.02026-03-10Appsmith is a platform to build admin panels, internal tools, and dashboards.

Armbot · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25480High7.52026-03-11ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences.

Asseco · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-66955Medium6.52026-03-12Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API cal…

At&t Bell Labs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-71263High7.42026-03-13In UNIX Fourth Research Edition (v4), the su command is vulnerable to a buffer overflow due to the 'password' variable having a fixed size of 100 bytes.

Atop Technologies · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3823High8.82026-03-09EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.

Autohomecorp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3968Medium6.32026-03-12A vulnerability has been found in AutohomeCorp frostmourne up to 1.0.

Beghelli · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-22191Medium5.22026-03-13Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts.

Blubrry · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32351Medium5.92026-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blubrry PowerPress Podcasting powerpress allows Stored XSS.This issue affects PowerPress Podcasting: from n/a through <= 11.15.13.

Blue-b · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-318272026-03-10Alienbin is an anonymous code and text sharing web service.

Bogdan Bendziukov · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32415Medium5.02026-03-13Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7.

Bowo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32423Medium5.42026-03-13Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a th…

Brainstorm Force · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32431Medium6.52026-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through <= 1.2.10.

Brainstormforce · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3534Medium6.42026-03-11The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `ast-page-background-meta` and `ast-content-background-meta` post meta fields in all versions up to, and including, 4.12.3.

Broadcom · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3862Medium4.82026-03-10Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page.

Bukts · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3843Critical9.82026-03-10Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module.

Calibre-ebook · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30853Medium5.02026-03-13calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books.

Centrifugal · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32301Critical9.32026-03-13Centrifugo is an open-source scalable real-time messaging server.

Cesiumgs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3990Medium4.32026-03-12A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0.

Citeum · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-21887High7.72026-03-12OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.

Classroomio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-67298High8.12026-03-11An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile

Codegenieapp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3992Medium6.32026-03-12A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1.

Codesys · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2364High7.32026-03-10If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer.

Comfast · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3798Medium4.72026-03-09A vulnerability was detected in Comfast CF-AC100 2.6.0.8.

Comppolicylab · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32097High8.82026-03-11PingPong is a platform for using large language models (LLMs) for teaching and learning.

Comtrend · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25483High8.42026-03-11Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $( ).
CVESeverityCVSSKEVPublishedSummary
CVE-2026-30132026-03-11Coppermine Photo Gallery in versions 1.6.09 through 1.6.27 is vulnerable to path traversal.

Courtbouillon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31899High7.52026-03-13CairoSVG is an SVG converter based on Cairo, a 2D graphics library.

Cozy Vision · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32373Medium5.42026-03-13Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Alert Order Notifications: from n/a through <= 3.9.0.

Cyberchimps · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32543Medium5.32026-03-13Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Blocks: from n/a through <= 2.2.0.
CVESeverityCVSSKEVPublishedSummary
CVE-2026-3978High8.82026-03-12A vulnerability was detected in D-Link DIR-513 1.10.

David Lingren · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32399High8.52026-03-13Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from…

Dearhive · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2569Medium6.42026-03-11The Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via PDF page labels in all versions up to, and including, 2.4.20 due to insufficient input sanitization…

Defnull · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-28356High7.52026-03-12multipart is a fast multipart/form-data parser for python.

Delphiknight · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32368High8.52026-03-13Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through <= 1.0.19.

Deno · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32260High8.12026-03-12Deno is a JavaScript, TypeScript, and WebAssembly runtime.

Desertthemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32344Medium4.32026-03-13Cross-Site Request Forgery (CSRF) vulnerability in desertthemes Corpiva corpiva allows Cross Site Request Forgery.This issue affects Corpiva: from n/a through <= 1.0.96.

Devolutions · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3638Medium5.92026-03-09Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-privileged authenticated user to restore deleted users and roles via crafted API requests.

Digital Arts Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-28267Medium5.52026-03-10Multiple i-フィルター products are configured with improper file access permission settings.

Django-commons · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31815Medium5.32026-03-10Unicorn adds modern reactive component functionality to your Django templates.

Dsd Consulting Services Llc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25464Medium5.52026-03-11InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string.

Dvankooten · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1781Medium6.52026-03-11The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1.

E2pdf · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32442Medium5.02026-03-13Missing Authorization vulnerability in E2Pdf e2pdf e2pdf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through <= 1.28.15.

Eaton · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-22614Medium6.12026-03-10The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and…

Ekacnet · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32117High7.62026-03-11The grafanacubism-panel plugin allows use of cubism.js in Grafana.

Elemntor · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2413High7.52026-03-11The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3.

Elysiajs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30837High7.52026-03-10Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication.

Emlog · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31954Unrated2026-03-11Emlog is an open source website building system.

Emqx · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-21888High7.52026-03-11NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform.

Envothemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32386Medium4.32026-03-13Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Extra: from n/a through <= 1.9.13.

Epross · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2018-25159Critical9.82026-03-11Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL) injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions.

Eric Teubert · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32448Medium6.52026-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publi…

Ericcornelissen · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32094Medium6.52026-03-11Shescape is a simple shell escape library for JavaScript.

Ewon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25470High7.52026-03-11eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint.

Ex-themes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32440Medium5.32026-03-13Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Food: from n/a through < 2.7.1.

Fastgpt · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32128Medium6.32026-03-11FastGPT is an AI Agent building platform.

Feminer · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3969High7.32026-03-12A vulnerability was detected in FeMiner wms up to 1.0.

Fernando Briano · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32419Medium5.92026-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fernando Briano List category posts list-category-posts allows DOM-Based XSS.This issue affects List category posts: from n/a through <=…

Filethingie · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25471Critical9.82026-03-11FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files by sending ZIP archives through the ft2.php endpoint.

Flarum · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30913Medium4.62026-03-10Flarum is open-source forum software.

Flintsh · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30942Medium6.52026-03-10Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools.

Flippercode · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3222High7.52026-03-11The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'location_id' parameter in all versions up to, and including, 4.9.1.

Flowiseai · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31829High7.12026-03-10Flowise is a drag & drop user interface to build a customized large language model flow.

Flycart · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32459High7.62026-03-13Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects UpsellWP: from n/a through <= 2.2.4.

Forcepoint · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-12690High7.82026-03-11Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation.This issue affects NGFW Engine through 6.10.19, through 7.3.0, through 7.2.4, through 7.1.10.

Funlus Oy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32363Medium5.32026-03-13Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-info allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLifeCycle: from n/a through <= 3.3.1.

Generatedata · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-70025Medium6.12026-03-10An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in benkeen generatedata 4.0.14.

Getgosoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25478High7.52026-03-11GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers.

Getsimple-ce · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-28495Critical9.62026-03-10GetSimple CMS is a content management system.

Getzep · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32247High8.12026-03-12Graphiti is a framework for building and querying temporal context graphs for AI agents.

Ggml · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-27940High7.82026-03-12llama.cpp is an inference of several LLM models in C/C++.

Ghostty · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26982Medium6.32026-03-10Ghostty is a cross-platform terminal emulator.

Giflib · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-23868Medium5.12026-03-10Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling.

Gift Up! · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32412Medium5.42026-03-13Server-Side Request Forgery (SSRF) vulnerability in Gift Up!

Git-for-windows · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-66413High7.42026-03-10Git for Windows is the Windows port of Git.

Gleam-wisp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-28807High7.52026-03-10Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal.

Glpi-project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-22248High8.02026-03-11GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing.

Gnome · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3099Medium5.82026-03-12A flaw was found in Libsoup.

Gravity Forms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3492Medium6.42026-03-11The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1.

H3c · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3943High7.32026-03-11A vulnerability was found in H3C ACG1000-AK230 up to 20260227.

Harttle · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30952High7.52026-03-10liquidjs is a Shopify / GitHub Pages compatible template engine in pure JavaScript.

Hashicorp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2808Medium6.82026-03-12HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication.

Hcl · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-21791Low3.32026-03-10HCL Sametime for Android is impacted by a sensitive information disclosure.

Hclsoftware · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-62328Low3.72026-03-11HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors.

Hex · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-23940Medium6.52026-03-13Uncontrolled Resource Consumption vulnerability in hexpm hexpm/hexpm allows Excessive Allocation.

Hisilicon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25465High7.52026-03-11Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory.

Hitachi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-11158Critical9.12026-03-10Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE.

Honeywell · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3611Critical10.02026-03-12The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration.

Hotel-booking-script · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25530High8.22026-03-12uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the system_page GET parameter.

Hyperterse · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31841Medium6.52026-03-12Hyperterse is a tool-first MCP framework for building AI-ready backend surfaces from declarative config.

Ideabox Creations · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32430Medium6.52026-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IdeaBox Creations PowerPack Addons for Elementor powerpack-lite-for-elementor allows Stored XSS.This issue affects PowerPack Addons for E…

Ikea · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3588High7.52026-03-09A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request.

Illid · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32414High7.22026-03-13Improper Control of Generation of Code ('Code Injection') vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Remote Code Inclusion.This issue affects Advanced Woo Labels: from n/a through <= 2.36.

Imaginationtech · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-21736Medium4.42026-03-09Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory.

Immonex · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31918Medium6.52026-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in immonex immonex Kickstart immonex-kickstart allows Stored XSS.This issue affects immonex Kickstart: from n/a through <= 1.13.0.

Inductive Automation · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-13913Medium6.32026-03-12A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code.

Inspektor-gadget · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31890Medium5.52026-03-12Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF.

Instantcms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-28281High7.12026-03-10InstantCMS is a free and open source content management system.

Intelbras · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25472High7.52026-03-11IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint.

Isaacs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31802Medium5.52026-03-10node-tar is a full-featured Tar for Node.js.

Iscripts · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25481High8.22026-03-12iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter.

Israpil · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32331Medium5.42026-03-13Missing Authorization vulnerability in Israpil Textmetrics webtexttool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Textmetrics: from n/a through <= 3.6.4.

Iulia Cazan · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31916Medium5.32026-03-13Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through <= 14.2.1.

Ivanti · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3483High7.82026-03-10An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges.

Janis Elsts · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32456Medium4.32026-03-13Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through <= 1.14.1.

Jarikomppa · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-4009Low3.32026-03-12A vulnerability has been found in jarikomppa soloud up to 20200207.

Jcharis · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3962Medium4.32026-03-11A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5.

Jellyfin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31852Critical10.02026-03-11Jellyfin is an open-source media system.

Jeroenpeters1986 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3178High7.22026-03-11The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name_directory_name' parameter in all versions up to, and including, 1.32.1 due to insufficient input sanitization and output escaping.

Jordy Meow · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32418High7.62026-03-13Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through <= 5.4.4.

Jpadilla · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32597High7.52026-03-13PyJWT is a JSON Web Token implementation in Python.

Katsushi Kawamori · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32357Medium6.42026-03-13Server-Side Request Forgery (SSRF) vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple Blog Card: from n/a through <= 2.37.

Keygraphhq · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-29023High7.32026-03-09Keygraph Shannon contains a hard-coded API key in its router configuration that, when the router component is enabled and exposed, allows network attackers to authenticate using the publicly known static key.

Koha · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31844High8.82026-03-11An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionali…

Kubernetes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3288High8.82026-03-09A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx.

Kubewarden · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-29773Medium4.32026-03-10Kubewarden is a policy engine for Kubernetes.

Latepoint · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2324Medium6.12026-03-11The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.7.

Lesspass · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-70050Medium6.52026-03-09An issue pertaining to CWE-312: Cleartext Storage of Sensitive Information was discovered in lesspass lesspass v9.6.9 which allows attackers to obtain sensitive information.

Levelfourdevelopment · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32422High8.52026-03-13Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13.

Libp2p · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31814High7.52026-03-13Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP.

Lihaohong6 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-309772026-03-10RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScript.

Linuxfoundation · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-61611High7.52026-03-09In modem, there is a possible improper input validation.

Liton Arefin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32462Medium5.92026-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Master Addons for Elementor: from n/a thro…

Lockerproject · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3951Medium4.32026-03-11A security flaw has been discovered in LockerProject Locker 0.0.0/0.0.1/0.1.0.

Locutus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32304Critical9.82026-03-13Locutus brings stdlibs of other programming languages to JavaScript for educational purposes.

Louislam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32230Medium5.32026-03-12Uptime Kuma is an open source, self-hosted monitoring tool.

Lupinlin1 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-70040Medium5.32026-03-09An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2.

Maciej Bis · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32413Medium5.32026-03-13Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Permalink Manager Lite: from n/a through < 2.5.3.

Madrasthemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32348Medium5.32026-03-13Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through <= 1.3.2.

Magazine3 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32343Medium4.32026-03-13Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Easy Table of Contents easy-table-of-contents allows Cross Site Request Forgery.This issue affects Easy Table of Contents: from n/a through <= 2.0.80.

Magic-wormhole · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32116High8.12026-03-12Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another.

Mailerpress Team · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32353Medium6.42026-03-13Server-Side Request Forgery (SSRF) vulnerability in MailerPress Team MailerPress mailerpress allows Server Side Request Forgery.This issue affects MailerPress: from n/a through <= 1.4.2.

Marketing Fire · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32361Medium6.52026-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows DOM-Based XSS.This issue affects Editorial Calendar: from n/a through <= 3.9…

Maykinmedia · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-28803Medium6.52026-03-11Open Forms allows users create and publish smart forms.

Mcp-atlassian · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-27825Critical9.02026-03-10MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira).

Metagauss · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32385Medium5.42026-03-13Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from…

Miazzy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-70046Critical9.82026-03-09An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-front-service master.

Micode · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-29515Critical9.82026-03-11MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials.

Mitsubishi Electric Corporation · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2399Medium5.92026-03-10Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric CNC M800V Series M800VW and M800VS, M80V Series M80V and M80VW, M800 Series M800W and M800S, M80 Series M80 and M80W, E80 Series E80…

Mobatek · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25866High7.82026-03-09MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability.

Modulards · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3903Medium4.32026-03-11The Modular DS: Monitor, update, and backup multiple websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1.

Mscdex · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-70034High7.52026-03-09An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in mscdex ssh2 v1.17.0.

Nerves-hub · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-28806High8.82026-03-10Improper Authorization vulnerability in nerves-hub nerves_hub_web allows cross-organization device control via device bulk actions and device update API.

Netbox-community · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-27573Critical9.02026-03-11netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN).

Netgain Systems · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25468Critical9.82026-03-11NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the script_test.jsp endpoint.

Newsoftwares · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25469Medium6.22026-03-11Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload.

Nextscripts · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3228Medium6.42026-03-10The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[nxs_fbembed]` shortcode in all versions up to, and including, 4.4.6.

Nltk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-0846High7.52026-03-09A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths.

Nsauditor · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25463Medium6.22026-03-11SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string.

Nyariv · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26954Critical10.02026-03-13SandboxJS is a JavaScript sandboxing library.

Open-feature · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31866High7.52026-03-11flagd is a feature flag daemon with a Unix philosophy.

Openbmb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3954Medium6.52026-03-11A weakness has been identified in OpenBMB XAgent 1.0.0.

Opencc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3813Medium6.32026-03-09A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe.

Openssl · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2673Medium6.52026-03-13Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword.

Opnsense · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30868Medium6.32026-03-11OPNsense is a FreeBSD based firewall and routing platform.

Oretnom23 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3819Low3.52026-03-09A vulnerability has been found in SourceCodester Resort Reservation System 1.0.

Owasp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3816Medium4.32026-03-09A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4.

Owen2345 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1776Medium6.52026-03-10Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem.

Pamzey · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3817Medium5.32026-03-09A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0.

Perfree · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3963Low3.72026-03-11A security flaw has been discovered in perfree go-fastdfs-web up to 1.3.7.

Phpbusinessdirectory · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25533High8.22026-03-12Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter.

Pointsharp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3999High8.82026-03-13A broken access control may allow an authenticated user to perform a horizontal privilege escalation.

Postalserver · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25529High8.12026-03-12Postal is an open source SMTP server.

Premio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3657High7.52026-03-12The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the `stickymenu_contact_lead_form` AJAX action in all versions up to, and including, 2.8.6.

Project-zot · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31801High7.72026-03-10zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification.

Properfraction · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3453High8.12026-03-11The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11.

Publishpress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32394Medium4.32026-03-13Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a throug…

Py-pdf · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31826Medium5.52026-03-10pypdf is a free and open-source pure-python PDF library.

Python · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-13462Low3.32026-03-12The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK.

Q-see · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30896High7.82026-03-09The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs).

Qhkm · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32231High8.22026-03-12ZeptoClaw is a personal AI assistant.

Qi-anxin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3796Medium5.32026-03-09A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 2025-10-22.

Quickjs-ng · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3979Medium5.32026-03-12A flaw has been found in quickjs-ng quickjs up to 0.12.1.

Quinn-rs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31812Medium5.32026-03-10Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol.

R-project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25485Medium6.22026-03-11R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections.

Really Simple Plugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32461Medium4.32026-03-13Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple SSL: from n/a through <= 9.5.7.

Redqteam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32364High7.52026-03-13Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in redqteam Turbo Manager turbo-manager allows PHP Local File Inclusion.This issue affects Turbo Manager: from n/a throug…

Richplugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32360Medium5.92026-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richplugins Rich Showcase for Google Reviews widget-google-reviews allows Stored XSS.This issue affects Rich Showcase for Google Reviews…

Riot-os · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-27703High7.52026-03-11RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices.

Robosoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32356Medium6.52026-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery robo-gallery allows DOM-Based XSS.This issue affects Robo Gallery: from n/a through <= 5.1.2.

Rometheme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-12473Medium6.12026-03-11The RTMKit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'themebuilder' parameter in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping.

Ruben Garcia · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32420Medium5.42026-03-13Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garcia GamiPress gamipress allows Cross Site Request Forgery.This issue affects GamiPress: from n/a through <= 7.6.6.

Rui314 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3994Medium5.32026-03-12A vulnerability was detected in rui314 mold up to 2.40.4.

Runtipi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31881High7.72026-03-11Runtipi is a personal homeserver orchestrator.

Rxi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-4012Low3.32026-03-12A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91.

Sapido · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25487Critical9.82026-03-11SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the formSysCmd endpoint.

Sequelize · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30951High7.52026-03-10Sequelize is a Node.js ORM tool.

Sglang · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3989High7.82026-03-12SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization.

Sharing-file · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25466High8.42026-03-11Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username.

Shufflehound · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32328Medium5.42026-03-13Cross-Site Request Forgery (CSRF) vulnerability in shufflehound Lemmony lemmony allows Cross Site Request Forgery.This issue affects Lemmony: from n/a through < 1.7.1.

Sigstore · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31830High7.52026-03-10sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project.

Simple-git_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-28292Critical9.82026-03-10`simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remot…

Simpma · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32411Medium6.52026-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendly: from n/a through <= 4.4.

Sindresorhus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31808Medium5.32026-03-10file-type detects the file type of a file, stream, or data.

Softwebinternational · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25473High7.12026-03-12Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter.

Sooperset · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-27826High8.22026-03-10MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira).

Sourcecodester · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-4013Medium6.32026-03-12A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0.

Sourceforge · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25529High7.12026-03-12Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter.

Specialk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2987Medium6.12026-03-12The Simple Ajax Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'c' parameter in versions up to, and including, 20260217 due to insufficient input sanitization and output escaping.

Spomky-labs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30964Medium5.42026-03-10web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications.

Stalin-143 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32138High8.22026-03-12NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester.

Statamic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32612Medium5.42026-03-13Statamic is a Laravel and Git powered content management system (CMS).

Stellarwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3585High7.52026-03-10The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the 'ajax_create_import' function.

Streamsoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-08092026-03-12Use of a custom token encoding algorithm in Streamsoft Prestiż software allows the value of the KSeF (Krajowy System e-Faktur) token to be guessed after analyzing how tokens with know values are encoded.

Streetwriters · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31876Medium5.42026-03-11Notesnook is a note-taking app focused on user privacy & ease of use.

Striae · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31839High8.22026-03-11Striae is a firearms examiner's comparison companion.

Studio99 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32404Medium5.32026-03-13Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor: from n/a through <= 1.0.3.

Subrata Mal · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32398Medium6.52026-03-13Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This issue affects TeraWallet – For WooComme…

Supabase · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31813Medium4.82026-03-11Supabase Auth is a JWT based API for managing users and issuing JWT tokens.

Svelte · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30226High7.52026-03-11Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job.

Swag · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32100Medium5.32026-03-12Shopware is an open commerce platform.

Syed Balkhi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32446Medium4.32026-03-13Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through <= 1.9.9.3.
CVESeverityCVSSKEVPublishedSummary
CVE-2026-3873High7.22026-03-13Use of Hard-coded Credentials vulnerability in Avantra allows Accessing Functionality Not Properly Constrained by ACLs.

Taipower · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3822Medium6.52026-03-09Taipower APP for Andorid developed by Taipower has an Improper Certificate Validation vulnerability.

Taskosaur · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31874Critical9.82026-03-11Taskosaur is an open source project management platform with conversational AI for task execution in-app.

Thakeenathees · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-4010Low3.32026-03-12A vulnerability was found in ThakeeNathees pocketlang up to cc73ca61b113d48ee130d837a7a8b145e41de5ce.

Thejoshwolfe · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31988Medium5.32026-03-11yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate() function.

Themefic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32460Medium6.52026-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Se…

Themefusecom · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32408Medium4.32026-03-13Missing Authorization vulnerability in themefusecom Brizy brizy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy: from n/a through <= 2.7.23.

Themehigh · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3231High7.22026-03-11The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom radio and checkboxgroup field values submitted through the WooCommerce Block Checkout Store API in al…

Themehunk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1454High7.22026-03-11The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 via form field submissions.

Themelexus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32426High7.52026-03-13Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a t…

Themetechmount · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32400High7.52026-03-13Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion.This issue affects Boldman: from n/a through <= 7.7.

Themeum · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-0953Critical9.82026-03-10The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon.

Themifyme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32449Medium6.52026-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post themify-event-post allows Stored XSS.This issue affects Themify Event Post: from n/a through <= 1.3.4.

Thimpress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3226Medium4.32026-03-12The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4…

Tolgee · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32251Medium6.52026-03-12Tolgee is an open-source localization platform.

Toocheke · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32403Medium6.52026-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through <= 1.194.

Tornadoweb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31958High7.52026-03-11Tornado is a Python web framework and asynchronous networking library.

Traefik · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-29777Medium6.52026-03-11Traefik is an HTTP reverse proxy and load balancer.

Tubitak Bilgem Software Technologies Research Institute · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2339High7.52026-03-10Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.

Unitecms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2724High7.22026-03-10The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form entry fields in all versions up to, and including, 2.0.5.

Unitycatalog · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-27478Critical9.12026-03-11Unity Catalog is an open, multi-modal Catalog for data and AI.

Ux-themes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31915Medium5.32026-03-13Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flatsome: from n/a through <= 3.19.6.

Varient · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25486High8.22026-03-11Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_id parameter.

Verypdf · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25467High8.42026-03-11Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Pas…

Vim · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32249Medium5.32026-03-12Vim is an open source, command line text editor.

Vito Peleg · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32447Medium4.32026-03-13Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.3.2.

Vivo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-15515Medium5.52026-03-13The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability.

Vllm · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25960High7.12026-03-09vLLM is an inference and serving engine for large language models (LLMs).

Wanderingastronomer · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-27897Critical10.02026-03-11Vociferous provides cross-platform, offline speech-to-text with local AI refinement.

Wbw Plugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32410Medium5.32026-03-13Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WBW Currency Switcher for WooCommerce: from n/…

Webgeniuslab · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32439Medium5.32026-03-13Missing Authorization vulnerability in WebGeniusLab BigHearts bighearts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BigHearts: from n/a through <= 3.1.14.

Webreflection · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32141High7.52026-03-12flatted is a circular JSON parser.

Wedevs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31917High8.52026-03-13Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through <= 1.16.10.

Weirdgloop · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-309172026-03-10Bucket is a MediaWiki extension to store and retrieve structured data on articles.

Whyour · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3965Medium6.32026-03-12A security vulnerability has been detected in whyour qinglong up to 2.20.1.

Winmpg · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25484Medium6.22026-03-11WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload.

Wintercms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-27591Critical9.92026-03-11Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework.

Woahai321 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3958Medium6.32026-03-11A vulnerability has been found in Woahai321 ListSync up to 0.6.6.

Wombat Plugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32457Medium5.32026-03-13Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields (Product Addons) for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec…

Wordpress Foundation · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3906Medium4.32026-03-11WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1.

Wpdevelop · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32358High7.62026-03-13Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection.This issue affects Booking Calendar: from n/a through <= 10.14.15.

Wpmet · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1261High7.22026-03-10The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz feature in all versions up to, and including, 3.9.6 due to insufficient input sanitization and output escaping.

Wpmu Dev - Your All-in-one Wordpress Platform · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32409Medium5.32026-03-13Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Forminator: from n/a through <= 1.50.2.

Wppochipp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32417Medium5.42026-03-13Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through < 1.18.9.

Wpradiant · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32350Medium5.32026-03-13Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through <= 1.1.5.

Wproyal · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-13067High8.82026-03-11The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.7.1049.

Wptravelengine · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32486Medium5.32026-03-13Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a through <= 1.3.9.

Wpzoom · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-4063Medium4.32026-03-13The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the add_menu_item() method hooked to admin_menu in all versions up to, and including, 4.5.8.

Wwbn · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-30885Medium5.32026-03-10WWBN AVideo is an open source video platform.

Xpro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32395Medium5.32026-03-13Missing Authorization vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Addons For Beaver Builde…

Xtemos · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32405Medium5.32026-03-13Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through <= 8.3.9.

Xygeni · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31976Critical9.82026-03-11xygeni-action is the GitHub Action for Xygeni Scanner.

Yannick Lefebvre · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32367Critical9.12026-03-13Improper Control of Generation of Code ('Code Injection') vulnerability in Yannick Lefebvre Modal Dialog modal-dialog allows Remote Code Inclusion.This issue affects Modal Dialog: from n/a through <= 3.5.16.

Yhirose · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-31870High7.52026-03-11cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library.

Ymc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-32397Medium5.32026-03-13Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter & Grids: from n/a through <= 3.5.1.

Zyddnys · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-3961Medium6.32026-03-11A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3.