Patch Tuesday — March 2026
2026-03-10 · 1262 CVEs
CVEs published or modified the week of 2026-03-10, partitioned by vendor.
Microsoft (128 CVEs)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3916 | Critical | 9.6 | — | 2026-03-11 | Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. |
CVE-2026-3910 | High | 8.8 | KEV | 2026-03-13 | Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
CVE-2026-3909 | High | 8.8 | KEV | 2026-03-13 | Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. |
CVE-2026-3936 | High | 8.8 | — | 2026-03-11 | Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2026-3931 | High | 8.8 | — | 2026-03-11 | Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. |
CVE-2026-3926 | High | 8.8 | — | 2026-03-11 | Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. |
CVE-2026-3923 | High | 8.8 | — | 2026-03-11 | Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2026-3922 | High | 8.8 | — | 2026-03-11 | Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2026-3921 | High | 8.8 | — | 2026-03-11 | Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2026-3920 | High | 8.8 | — | 2026-03-11 | Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2026-3919 | High | 8.8 | — | 2026-03-11 | Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. |
CVE-2026-3918 | High | 8.8 | — | 2026-03-11 | Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2026-3917 | High | 8.8 | — | 2026-03-11 | Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2026-3915 | High | 8.8 | — | 2026-03-11 | Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
CVE-2026-3914 | High | 8.8 | — | 2026-03-11 | Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2026-3913 | High | 8.8 | — | 2026-03-11 | Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2026-26118 | High | 8.8 | — | 2026-03-10 | Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network. |
CVE-2026-26116 | High | 8.8 | — | 2026-03-10 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. |
CVE-2026-26115 | High | 8.8 | — | 2026-03-10 | Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network. |
CVE-2026-26114 | High | 8.8 | — | 2026-03-10 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-26106 | High | 8.8 | — | 2026-03-10 | Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-25188 | High | 8.8 | — | 2026-03-10 | Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network. |
CVE-2026-25177 | High | 8.8 | — | 2026-03-10 | Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. |
CVE-2026-24283 | High | 8.8 | — | 2026-03-10 | Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally. |
CVE-2026-23669 | High | 8.8 | — | 2026-03-10 | Use after free in RPC Runtime allows an authorized attacker to execute code over a network. |
CVE-2026-23654 | High | 8.8 | — | 2026-03-10 | Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network. |
CVE-2026-21262 | High | 8.8 | — | 2026-03-10 | Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. |
CVE-2026-20967 | High | 8.8 | — | 2026-03-10 | Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network. |
CVE-2026-21333 | High | 8.6 | — | 2026-03-10 | Illustrator versions 29.8.4, 30.1 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. |
CVE-2026-26113 | High | 8.4 | — | 2026-03-10 | Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2026-26110 | High | 8.4 | — | 2026-03-10 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2026-26109 | High | 8.4 | — | 2026-03-10 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2026-26148 | High | 8.1 | — | 2026-03-10 | External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally. |
CVE-2026-26105 | High | 8.1 | — | 2026-03-10 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. |
CVE-2026-26111 | High | 8.0 | — | 2026-03-10 | Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. |
CVE-2026-25173 | High | 8.0 | — | 2026-03-10 | Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. |
CVE-2026-25172 | High | 8.0 | — | 2026-03-10 | Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. |
CVE-2026-27272 | High | 7.8 | — | 2026-03-10 | Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-27271 | High | 7.8 | — | 2026-03-10 | Illustrator versions 29.8.4, 30.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-27267 | High | 7.8 | — | 2026-03-10 | Illustrator versions 29.8.4, 30.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-21362 | High | 7.8 | — | 2026-03-10 | Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-27278 | High | 7.8 | — | 2026-03-10 | Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-27220 | High | 7.8 | — | 2026-03-10 | Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-27279 | High | 7.8 | — | 2026-03-10 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-27277 | High | 7.8 | — | 2026-03-10 | Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-27276 | High | 7.8 | — | 2026-03-10 | Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-27275 | High | 7.8 | — | 2026-03-10 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-27274 | High | 7.8 | — | 2026-03-10 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-27273 | High | 7.8 | — | 2026-03-10 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-27269 | High | 7.8 | — | 2026-03-10 | Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. |
CVE-2026-3315 | High | 7.8 | — | 2026-03-10 | Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.This issue affe… |
CVE-2026-26141 | High | 7.8 | — | 2026-03-10 | Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally. |
CVE-2026-26134 | High | 7.8 | — | 2026-03-10 | Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally. |
CVE-2026-26132 | High | 7.8 | — | 2026-03-10 | Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. |
CVE-2026-26131 | High | 7.8 | — | 2026-03-10 | Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally. |
CVE-2026-26128 | High | 7.8 | — | 2026-03-10 | Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. |
CVE-2026-26117 | High | 7.8 | — | 2026-03-10 | Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. |
CVE-2026-26112 | High | 7.8 | — | 2026-03-10 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2026-26108 | High | 7.8 | — | 2026-03-10 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2026-26107 | High | 7.8 | — | 2026-03-10 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2026-25190 | High | 7.8 | — | 2026-03-10 | Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. |
CVE-2026-25189 | High | 7.8 | — | 2026-03-10 | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. |
CVE-2026-25187 | High | 7.8 | — | 2026-03-10 | Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally. |
CVE-2026-25176 | High | 7.8 | — | 2026-03-10 | Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
CVE-2026-25175 | High | 7.8 | — | 2026-03-10 | Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally. |
CVE-2026-25174 | High | 7.8 | — | 2026-03-10 | Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally. |
CVE-2026-25166 | High | 7.8 | — | 2026-03-10 | Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally. |
CVE-2026-25165 | High | 7.8 | — | 2026-03-10 | Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally. |
CVE-2026-24294 | High | 7.8 | — | 2026-03-10 | Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. |
CVE-2026-24293 | High | 7.8 | — | 2026-03-10 | Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
CVE-2026-24292 | High | 7.8 | — | 2026-03-10 | Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. |
CVE-2026-24291 | High | 7.8 | — | 2026-03-10 | Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally. |
CVE-2026-24290 | High | 7.8 | — | 2026-03-10 | Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally. |
CVE-2026-24289 | High | 7.8 | — | 2026-03-10 | Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. |
CVE-2026-24287 | High | 7.8 | — | 2026-03-10 | External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally. |
CVE-2026-23673 | High | 7.8 | — | 2026-03-10 | Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally. |
CVE-2026-23672 | High | 7.8 | — | 2026-03-10 | Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability |
CVE-2026-23665 | High | 7.8 | — | 2026-03-10 | Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally. |
CVE-2026-23660 | High | 7.8 | — | 2026-03-10 | Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally. |
CVE-2026-3932 | High | 7.5 | — | 2026-03-11 | Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
CVE-2026-3924 | High | 7.5 | — | 2026-03-11 | use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
CVE-2026-26144 | High | 7.5 | — | 2026-03-10 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. |
CVE-2026-26130 | High | 7.5 | — | 2026-03-10 | Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. |
CVE-2026-26127 | High | 7.5 | — | 2026-03-10 | Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. |
CVE-2026-26121 | High | 7.5 | — | 2026-03-10 | Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network. |
CVE-2026-25181 | High | 7.5 | — | 2026-03-10 | Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network. |
CVE-2026-23674 | High | 7.5 | — | 2026-03-10 | Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. |
CVE-2026-23664 | High | 7.5 | — | 2026-03-10 | Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. |
CVE-2026-23662 | High | 7.5 | — | 2026-03-10 | Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. |
CVE-2026-23661 | High | 7.5 | — | 2026-03-10 | Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. |
CVE-2026-2713 | High | 7.4 | — | 2026-03-10 | IBM Trusteer Rapport installer 3.5.2309.290 IBM Trusteer Rapport could allow a local attacker to execute arbitrary code on the system, caused by DLL uncontrolled search path element vulnerability. |
CVE-2026-25167 | High | 7.4 | — | 2026-03-10 | Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally. |
CVE-2026-25179 | High | 7.0 | — | 2026-03-10 | Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
CVE-2026-25178 | High | 7.0 | — | 2026-03-10 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
CVE-2026-25171 | High | 7.0 | — | 2026-03-10 | Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. |
CVE-2026-25170 | High | 7.0 | — | 2026-03-10 | Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally. |
CVE-2026-24296 | High | 7.0 | — | 2026-03-10 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally. |
CVE-2026-24295 | High | 7.0 | — | 2026-03-10 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally. |
CVE-2026-24285 | High | 7.0 | — | 2026-03-10 | Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. |
CVE-2026-23671 | High | 7.0 | — | 2026-03-10 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally. |
CVE-2026-23668 | High | 7.0 | — | 2026-03-10 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. |
CVE-2026-23667 | High | 7.0 | — | 2026-03-10 | Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. |
CVE-2026-24288 | Medium | 6.8 | — | 2026-03-10 | Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack. |
CVE-2026-3937 | Medium | 6.5 | — | 2026-03-11 | Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. |
CVE-2026-3935 | Medium | 6.5 | — | 2026-03-11 | Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. |
CVE-2026-3934 | Medium | 6.5 | — | 2026-03-11 | Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. |
CVE-2026-24297 | Medium | 6.5 | — | 2026-03-10 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network. |
CVE-2026-25169 | Medium | 6.2 | — | 2026-03-10 | Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service locally. |
CVE-2026-25168 | Medium | 6.2 | — | 2026-03-10 | Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny service locally. |
CVE-2026-23656 | Medium | 5.9 | — | 2026-03-10 | Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network. |
CVE-2026-27270 | Medium | 5.5 | — | 2026-03-10 | Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. |
CVE-2026-27268 | Medium | 5.5 | — | 2026-03-10 | Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. |
CVE-2026-27221 | Medium | 5.5 | — | 2026-03-10 | Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. |
CVE-2026-26123 | Medium | 5.5 | — | 2026-03-10 | Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally. |
CVE-2026-25186 | Medium | 5.5 | — | 2026-03-10 | Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to disclose information locally. |
CVE-2026-25180 | Medium | 5.5 | — | 2026-03-10 | Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally. |
CVE-2026-24282 | Medium | 5.5 | — | 2026-03-10 | Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally. |
CVE-2026-3940 | Medium | 5.3 | — | 2026-03-11 | Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
CVE-2026-3939 | Medium | 5.3 | — | 2026-03-11 | Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. |
CVE-2026-3930 | Medium | 5.3 | — | 2026-03-11 | Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
CVE-2026-25185 | Medium | 5.3 | — | 2026-03-10 | Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network. |
CVE-2026-3942 | Medium | 4.3 | — | 2026-03-11 | Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. |
CVE-2026-3941 | Medium | 4.3 | — | 2026-03-11 | Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
CVE-2026-3938 | Medium | 4.3 | — | 2026-03-11 | Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. |
CVE-2026-3928 | Medium | 4.3 | — | 2026-03-11 | Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. |
CVE-2026-3927 | Medium | 4.3 | — | 2026-03-11 | Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. |
CVE-2026-3925 | Medium | 4.3 | — | 2026-03-11 | Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. |
CVE-2026-3929 | Low | 3.1 | — | 2026-03-11 | Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
Other vendors (1134 CVEs across 438 vendors)
Adobe · 63 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-21290 | High | 8.7 | — | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious s… |
CVE-2026-21361 | High | 8.1 | — | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vvulnerability that could be abused by a high-privileged attacker to inject malicious… |
CVE-2026-21284 | High | 8.1 | — | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious… |
CVE-2026-21311 | High | 8.0 | — | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious… |
CVE-2026-27280 | High | 7.8 | — | 2026-03-10 | DNG SDK versions 1.7.1 2471 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-21309 | High | 7.5 | — | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. |
CVE-2026-21289 | High | 7.5 | — | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. |
CVE-2026-21360 | Medium | 6.8 | — | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a se… |
CVE-2026-21294 | Medium | 5.5 | — | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. |
CVE-2026-21293 | Medium | 5.5 | — | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. |
CVE-2026-27281 | Medium | 5.5 | — | 2026-03-10 | DNG SDK versions 1.7.1 2471 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. |
CVE-2026-27219 | Medium | 5.5 | — | 2026-03-10 | Substance3D - Painter versions 11.1.2 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. |
CVE-2026-27218 | Medium | 5.5 | — | 2026-03-10 | Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. |
CVE-2026-27217 | Medium | 5.5 | — | 2026-03-10 | Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. |
CVE-2026-27216 | Medium | 5.5 | — | 2026-03-10 | Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. |
CVE-2026-27215 | Medium | 5.5 | — | 2026-03-10 | Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. |
CVE-2026-27214 | Medium | 5.5 | — | 2026-03-10 | Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. |
CVE-2026-21365 | Medium | 5.5 | — | 2026-03-10 | Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. |
CVE-2026-21364 | Medium | 5.5 | — | 2026-03-10 | Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. |
CVE-2026-21363 | Medium | 5.5 | — | 2026-03-10 | Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. |
CVE-2026-21292 | Medium | 5.4 | — | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker attacker to inject ma… |
CVE-2026-27266 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27265 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27262 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27257 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27256 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27255 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27254 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27253 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27252 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27251 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27250 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27249 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27248 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27247 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27244 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27242 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27241 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27240 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27239 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27237 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27236 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27235 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27234 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27233 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27232 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27231 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27230 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27229 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27228 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27226 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27225 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27224 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-27223 | Medium | 5.4 | — | 2026-03-11 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2026-21310 | Medium | 5.3 | — | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, with limited impact to integri… |
CVE-2026-21286 | Medium | 5.3 | — | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. |
CVE-2026-21282 | Medium | 5.3 | — | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. |
CVE-2026-21291 | Medium | 4.8 | — | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious… |
CVE-2026-21359 | Medium | 4.7 | — | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. |
CVE-2026-21297 | Medium | 4.3 | — | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. |
CVE-2026-21296 | Medium | 4.3 | — | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. |
CVE-2026-21285 | Medium | 4.3 | — | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. |
CVE-2026-21295 | Low | 3.1 | — | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. |
N/a · 53 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-66956 | Critical | 9.9 | — | 2026-03-11 | Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL. |
CVE-2026-25823 | Critical | 9.8 | — | 2026-03-13 | HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have a stack buffer overflow that leads to a Denial of Service, which can also be exploited to achiev… |
CVE-2025-70041 | Critical | 9.8 | — | 2026-03-11 | An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master. |
CVE-2025-70024 | Critical | 9.8 | — | 2026-03-11 | An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14. |
CVE-2026-30741 | Critical | 9.8 | — | 2026-03-11 | A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary code via a Request-Side prompt injection attack. |
CVE-2025-70042 | Critical | 9.8 | — | 2026-03-09 | An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master. |
CVE-2025-69614 | Critical | 9.4 | — | 2026-03-10 | Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. |
CVE-2026-25818 | Critical | 9.1 | — | 2026-03-13 | HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have weak entropy for authentication cookies, allowing an attacker with a stolen session cookie to fi… |
CVE-2025-69615 | Critical | 9.1 | — | 2026-03-10 | Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. |
CVE-2026-25817 | High | 8.8 | — | 2026-03-13 | HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution… |
CVE-2025-68623 | High | 8.8 | — | 2026-03-11 | In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. |
CVE-2025-70031 | High | 8.8 | — | 2026-03-09 | An issue pertaining to CWE-352: Cross-Site Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. |
CVE-2025-70802 | High | 8.4 | — | 2026-03-10 | Tenda G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. |
CVE-2025-70798 | High | 8.4 | — | 2026-03-10 | Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. |
CVE-2026-26738 | High | 7.8 | — | 2026-03-10 | Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows a remote attacker to execute arbitrary code via a crafted .sns snapshot file. |
CVE-2026-25819 | High | 7.5 | — | 2026-03-13 | HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 allows unauthenticated attackers to cause a Denial of Service by using a specially crafted HTTP reque… |
CVE-2025-70873 | High | 7.5 | — | 2026-03-12 | An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file. |
CVE-2025-70027 | High | 7.5 | — | 2026-03-11 | An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. |
CVE-2026-26801 | High | 7.5 | — | 2026-03-10 | Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. |
CVE-2025-70028 | High | 7.5 | — | 2026-03-09 | An issue pertaining to CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. |
CVE-2025-70030 | High | 7.5 | — | 2026-03-09 | An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. |
CVE-2026-30140 | High | 7.5 | — | 2026-03-09 | An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. |
CVE-2025-70048 | High | 7.5 | — | 2026-03-09 | An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterface v3.2.0-beta.2. |
CVE-2025-70047 | High | 7.5 | — | 2026-03-09 | An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.2. |
CVE-2025-70059 | High | 7.5 | — | 2026-03-09 | An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service. |
CVE-2026-4039 | Medium | 6.3 | — | 2026-03-12 | A vulnerability was determined in OpenClaw 2026.2.19-2. |
CVE-2026-3977 | Medium | 6.3 | — | 2026-03-12 | A security vulnerability has been detected in projectsend up to r1945. |
CVE-2026-3955 | Medium | 6.3 | — | 2026-03-11 | A security vulnerability has been detected in elecV2P up to 3.8.3. |
CVE-2026-3884 | Medium | 6.1 | — | 2026-03-11 | Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting (XSS) via the spin() function that allows a creation of more than 1 alert for each 'target' element. |
CVE-2025-70128 | Medium | 6.1 | — | 2026-03-10 | A Stored Cross-Site Scripting (XSS) vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. |
CVE-2025-70032 | Medium | 6.1 | — | 2026-03-09 | An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. |
CVE-2025-70033 | Medium | 5.4 | — | 2026-03-09 | An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. |
CVE-2025-70060 | Medium | 5.4 | — | 2026-03-09 | An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0. |
CVE-2026-4016 | Medium | 5.3 | — | 2026-03-12 | A security vulnerability has been detected in GPAC 26.03-DEV. |
CVE-2026-4015 | Medium | 5.3 | — | 2026-03-12 | A weakness has been identified in GPAC 26.03-DEV. |
CVE-2026-3964 | Medium | 5.3 | — | 2026-03-11 | A weakness has been identified in OpenAkita up to 1.24.3. |
CVE-2025-70129 | Medium | 5.3 | — | 2026-03-10 | If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this… |
CVE-2025-70973 | Medium | 4.8 | — | 2026-03-09 | ScadaBR 1.12.4 is vulnerable to Session Fixation. |
CVE-2026-4044 | Low | 3.8 | — | 2026-03-12 | A vulnerability was detected in projectsend up to r1945. |
CVE-2026-4045 | Low | 3.7 | — | 2026-03-12 | A flaw has been found in projectsend up to r1945. |
CVE-2026-3946 | Low | 3.5 | — | 2026-03-11 | A vulnerability was detected in PHPEMS 11.0. |
CVE-2026-4040 | Low | 3.3 | — | 2026-03-12 | A vulnerability was identified in OpenClaw up to 2026.2.17. |
CVE-2025-70330 | Low | 3.3 | — | 2026-03-11 | Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. |
CVE-2025-22850 | — | — | — | 2026-03-10 | Time-of-check time-of-use race condition in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure. |
CVE-2025-22444 | — | — | — | 2026-03-10 | Exposure of resource to wrong sphere in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure. |
CVE-2025-20105 | — | — | — | 2026-03-10 | Improper input validation in some UEFI firmware SMM module for the Intel(R) reference platforms may allow an escalation of privilege. |
CVE-2025-20096 | — | — | — | 2026-03-10 | Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escalation of privilege. |
CVE-2025-20073 | — | — | — | 2026-03-10 | Improper buffer restrictions in the UEFI DXE module for some Intel(R) Reference Platforms within UEFI may allow an information disclosure. |
CVE-2025-20068 | — | — | — | 2026-03-10 | Improper input validation in the UEFI ImcErrorHandler module for some Intel(R) reference platforms may allow an escalation of privilege. |
CVE-2025-20064 | — | — | — | 2026-03-10 | Improper input validation in the UEFI FlashUcAcmSmm module for some Intel(R) reference platforms may allow an escalation of privilege. |
CVE-2025-20028 | — | — | — | 2026-03-10 | Time-of-check time-of-use race condition in the WheaERST SMM module for some Intel(R) reference platforms may allow an escalation of privilege. |
CVE-2025-20027 | — | — | — | 2026-03-10 | Improper input validation in the UEFI WheaERST module for some Intel(R) reference platforms may allow an escalation of privilege. |
CVE-2025-20005 | — | — | — | 2026-03-10 | Improper buffer restrictions in some UEFI firmware for some Intel(R) reference platforms may allow an escalation of privilege. |
Google · 28 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48611 | Critical | 10.0 | — | 2026-03-10 | In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check. |
CVE-2026-0120 | Critical | 9.8 | — | 2026-03-10 | In modem, there is a possible out of bounds write due to an incorrect bounds check. |
CVE-2026-0116 | Critical | 9.8 | — | 2026-03-10 | In __mfc_handle_released_buf of mfc_core_isr.c, there is a possible out of bounds write due to a missing bounds check. |
CVE-2026-0114 | Critical | 9.8 | — | 2026-03-10 | In Modem, there is a possible out of bounds write due to an incorrect bounds check. |
CVE-2026-0113 | Critical | 9.8 | — | 2026-03-10 | In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of bounds write due to an incorrect bounds check. |
CVE-2026-0111 | Critical | 9.8 | — | 2026-03-10 | In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of bounds write due to an incorrect bounds check. |
CVE-2026-0110 | Critical | 9.8 | — | 2026-03-10 | In MM_DATA_IND of cn_NrSmMsgHdlrFromMM.cpp, there is a possible EoP due to memory corruption. |
CVE-2026-4092 | High | 8.8 | — | 2026-03-13 | Path Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences. |
CVE-2026-0123 | High | 8.4 | — | 2026-03-10 | In EfwApTransport::ProcessRxRing of efw_ap_transport.cc, there is a possible out of bounds write due to a missing bounds check. |
CVE-2026-0122 | High | 8.4 | — | 2026-03-10 | In multiple places, there is a possible out of bounds write due to memory corruption. |
CVE-2026-0118 | High | 8.4 | — | 2026-03-10 | In oobconfig, there is a possible bypass of carrier restrictions due to a logic error. |
CVE-2026-0117 | High | 8.4 | — | 2026-03-10 | In mfc_dec_dqbuf of mfc_dec_v4l2.c, there is a possible out of bounds write due to an incorrect bounds check. |
CVE-2026-0107 | High | 8.4 | — | 2026-03-10 | In gmc_ddr_handle_mba_mr_req of gmc_mba_ddr.c, there is a possible escalation of privileges due to a confused deputy. |
CVE-2025-36920 | High | 8.4 | — | 2026-03-10 | In hyp_alloc of arch/arm64/kvm/hyp/nvhe/alloc.c, there is a possible out of bounds write due to improper input validation. |
CVE-2026-0124 | High | 7.8 | — | 2026-03-10 | There is a possible out of bounds write due to a missing bounds check. |
CVE-2026-0109 | High | 7.5 | — | 2026-03-10 | In dhd_tcpdata_info_get of dhd_ip.c, there is a possible Denial of Service due to a precondition check failure. |
CVE-2025-69279 | High | 7.5 | — | 2026-03-09 | In nr modem, there is a possible system crash due to improper input validation. |
CVE-2025-69278 | High | 7.5 | — | 2026-03-09 | In nr modem, there is a possible system crash due to improper input validation. |
CVE-2025-61616 | High | 7.5 | — | 2026-03-09 | In nr modem, there is a possible system crash due to improper input validation. |
CVE-2025-61615 | High | 7.5 | — | 2026-03-09 | In nr modem, there is a possible system crash due to improper input validation. |
CVE-2025-61614 | High | 7.5 | — | 2026-03-09 | In nr modem, there is a possible system crash due to improper input validation. |
CVE-2025-61613 | High | 7.5 | — | 2026-03-09 | In nr modem, there is a possible system crash due to improper input validation. |
CVE-2025-61612 | High | 7.5 | — | 2026-03-09 | In nr modem, there is a possible system crash due to improper input validation. |
CVE-2026-0112 | High | 7.4 | — | 2026-03-10 | In vpu_open_inst of vpu_ioctl.c, there is a possible use after free due to a race condition. |
CVE-2026-0119 | Medium | 6.8 | — | 2026-03-10 | In usim_SendMCCMNCIndMsg of usim_Registration.c, there is a possible out of bounds write due to memory corruption. |
CVE-2026-0108 | Medium | 4.0 | — | 2026-03-10 | The register protection of the PowerVR GPU is incorrectly configured. |
CVE-2026-0121 | Low | 2.9 | — | 2026-03-10 | In VPU, there is a possible use-after-free read due to a race condition. |
CVE-2026-0115 | Low | 2.1 | — | 2026-03-10 | In Trusted Execution Environment, there is a possible key leak due to side channel information disclosure. |
Parse-community · 27 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30966 | Critical | 10.0 | — | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-32248 | Critical | 9.8 | — | 2026-03-12 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-31871 | Critical | 9.8 | — | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-31856 | Critical | 9.8 | — | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-31840 | Critical | 9.8 | — | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-31800 | Critical | 9.1 | — | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-30965 | Critical | 9.1 | — | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-31828 | High | 8.8 | — | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-30967 | High | 8.8 | — | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-30949 | High | 8.8 | — | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-32098 | High | 7.5 | — | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-31872 | High | 7.5 | — | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-30972 | High | 7.5 | — | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-30947 | High | 7.5 | — | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-30946 | High | 7.5 | — | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-30941 | High | 7.5 | — | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-30939 | High | 7.5 | — | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-30925 | High | 7.5 | — | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-32242 | High | 7.4 | — | 2026-03-12 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-32269 | Medium | 6.5 | — | 2026-03-12 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-30962 | Medium | 6.5 | — | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-31868 | Medium | 6.1 | — | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-31875 | Medium | 5.9 | — | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-30948 | Medium | 5.4 | — | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-31901 | Medium | 5.3 | — | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-30938 | Medium | 5.3 | — | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
CVE-2026-32234 | Medium | 4.7 | — | 2026-03-11 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. |
Raratheme · 24 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32487 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page: from n/a through <= 1.2.7. |
CVE-2026-32383 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme Ridhi ridhi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ridhi: from n/a through <= 1.1.2. |
CVE-2026-32382 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme Digital Download digital-download allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Digital Download: from n/a through <= 1.1.4. |
CVE-2026-32381 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme App Landing Page app-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App Landing Page: from n/a through <= 1.2.2. |
CVE-2026-32380 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme Numinous numinous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Numinous: from n/a through <= 1.3.0. |
CVE-2026-32379 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme Rara Academic rara-academic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Academic: from n/a through <= 1.2.2. |
CVE-2026-32378 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme Book Landing Page book-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Landing Page: from n/a through <= 1.2.7. |
CVE-2026-32377 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pranayama Yoga: from n/a through <= 1.2.2. |
CVE-2026-32376 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme Kalon kalon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kalon: from n/a through <= 1.2.9. |
CVE-2026-32375 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme Travel Diaries travel-diaries allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Diaries: from n/a through <= 1.2.4. |
CVE-2026-32374 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme The Minimal the-minimal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Minimal: from n/a through <= 1.2.9. |
CVE-2026-32371 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme Elegant Pink elegant-pink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elegant Pink: from n/a through <= 1.3.3. |
CVE-2026-32370 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Influencer: from n/a through <= 1.1.7. |
CVE-2026-32347 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme Restaurant and Cafe restaurant-and-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant and Cafe: from n/a through <= 1.2.5. |
CVE-2026-32346 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme Travel Agency travel-agency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Agency: from n/a through <= 1.5.5. |
CVE-2026-32345 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme Perfect Portfolio perfect-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Perfect Portfolio: from n/a through <= 1.2.4. |
CVE-2026-32341 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme Benevolent benevolent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Benevolent: from n/a through <= 1.3.9. |
CVE-2026-32340 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme Business One Page business-one-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business One Page: from n/a through <= 1.3.2. |
CVE-2026-32339 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme Bakes And Cakes bakes-and-cakes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bakes And Cakes: from n/a through <= 1.2.9. |
CVE-2026-32338 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme Construction Landing Page construction-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Landing Page: from n/a through <=… |
CVE-2026-32337 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme Preschool and Kindergarten preschool-and-kindergarten allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Preschool and Kindergarten: from n/a through… |
CVE-2026-32336 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme Rara Business rara-business allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Business: from n/a through <= 1.3.0. |
CVE-2026-32335 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through <= 1.2.5. |
CVE-2026-32334 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobScout: from n/a through <= 1.1.7. |
Fortinet · 22 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-22627 | High | 8.8 | — | 2026-03-10 | A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code o… |
CVE-2026-24017 | High | 8.1 | — | 2026-03-10 | An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through… |
CVE-2025-54820 | High | 8.1 | — | 2026-03-10 | A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unaut… |
CVE-2026-24018 | High | 7.8 | — | 2026-03-10 | A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root. |
CVE-2026-25836 | High | 7.2 | — | 2026-03-10 | An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI acc… |
CVE-2026-22572 | High | 7.2 | — | 2026-03-10 | An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiManager 7.6.0 through 7.6.3, FortiManager… |
CVE-2025-68648 | High | 7.2 | — | 2026-03-10 | A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.2, FortiAn… |
CVE-2025-66178 | High | 7.2 | — | 2026-03-10 | A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12… |
CVE-2025-68482 | Medium | 6.9 | — | 2026-03-10 | A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager… |
CVE-2025-48418 | Medium | 6.7 | — | 2026-03-10 | A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cl… |
CVE-2026-30897 | Medium | 6.6 | — | 2026-03-10 | A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attack… |
CVE-2026-24640 | Medium | 6.6 | — | 2026-03-10 | A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a rem… |
CVE-2026-25689 | Medium | 6.5 | — | 2026-03-10 | An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDecep… |
CVE-2025-49784 | Medium | 6.0 | — | 2026-03-10 | An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all v… |
CVE-2025-54659 | Medium | 5.8 | — | 2026-03-10 | An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow… |
CVE-2026-22628 | Medium | 5.3 | — | 2026-03-10 | An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an authenticated admin to execute system commands via a specifically crafted SSH config file. |
CVE-2025-48840 | Medium | 5.3 | — | 2026-03-10 | An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname… |
CVE-2025-53608 | Medium | 4.8 | — | 2026-03-10 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, For… |
CVE-2026-25972 | Medium | 4.3 | — | 2026-03-10 | An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling… |
CVE-2025-55717 | Medium | 4.0 | — | 2026-03-10 | A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0… |
CVE-2026-22629 | Low | 3.7 | — | 2026-03-10 | An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all… |
CVE-2026-24641 | Low | 2.7 | — | 2026-03-10 | A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authentic… |
Tenda · 22 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-4043 | High | 8.8 | — | 2026-03-12 | A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). |
CVE-2026-4042 | High | 8.8 | — | 2026-03-12 | A weakness has been identified in Tenda i12 1.0.0.6(2204). |
CVE-2026-4041 | High | 8.8 | — | 2026-03-12 | A security flaw has been discovered in Tenda i12 1.0.0.6(2204). |
CVE-2026-4008 | High | 8.8 | — | 2026-03-12 | A flaw has been found in Tenda W3 1.0.0.3(2204). |
CVE-2026-4007 | High | 8.8 | — | 2026-03-12 | A vulnerability was detected in Tenda W3 1.0.0.3(2204). |
CVE-2026-3976 | High | 8.8 | — | 2026-03-12 | A weakness has been identified in Tenda W3 1.0.0.3(2204). |
CVE-2026-3975 | High | 8.8 | — | 2026-03-12 | A security flaw has been discovered in Tenda W3 1.0.0.3(2204). |
CVE-2026-3974 | High | 8.8 | — | 2026-03-12 | A vulnerability was identified in Tenda W3 1.0.0.3(2204). |
CVE-2026-3973 | High | 8.8 | — | 2026-03-12 | A vulnerability was determined in Tenda W3 1.0.0.3(2204). |
CVE-2026-3972 | High | 8.8 | — | 2026-03-12 | A vulnerability was found in Tenda W3 1.0.0.3(2204). |
CVE-2026-3971 | High | 8.8 | — | 2026-03-12 | A vulnerability has been found in Tenda i3 1.0.0.6(2204). |
CVE-2026-3970 | High | 8.8 | — | 2026-03-12 | A flaw has been found in Tenda i3 1.0.0.6(2204). |
CVE-2026-3811 | High | 8.8 | — | 2026-03-09 | A vulnerability was found in Tenda FH1202 1.2.0.14(408). |
CVE-2026-3810 | High | 8.8 | — | 2026-03-09 | A vulnerability has been found in Tenda FH1202 1.2.0.14(408). |
CVE-2026-3809 | High | 8.8 | — | 2026-03-09 | A flaw has been found in Tenda FH1202 1.2.0.14(408). |
CVE-2026-3808 | High | 8.8 | — | 2026-03-09 | A vulnerability was detected in Tenda FH1202 1.2.0.14(408). |
CVE-2026-3807 | High | 8.8 | — | 2026-03-09 | A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). |
CVE-2026-3804 | High | 8.8 | — | 2026-03-09 | A security flaw has been discovered in Tenda i3 1.0.0.6(2204). |
CVE-2026-3803 | High | 8.8 | — | 2026-03-09 | A vulnerability was identified in Tenda i3 1.0.0.6(2204). |
CVE-2026-3802 | High | 8.8 | — | 2026-03-09 | A vulnerability was determined in Tenda i3 1.0.0.6(2204). |
CVE-2026-3801 | High | 8.8 | — | 2026-03-09 | A vulnerability was found in Tenda i3 1.0.0.6(2204). |
CVE-2026-3799 | High | 8.8 | — | 2026-03-09 | A flaw has been found in Tenda i3 1.0.0.6(2204). |
Imagemagick · 18 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-28693 | High | 8.1 | — | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. |
CVE-2026-30929 | High | 7.7 | — | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. |
CVE-2026-28691 | High | 7.5 | — | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. |
CVE-2026-28494 | High | 7.1 | — | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. |
CVE-2026-28690 | Medium | 6.9 | — | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. |
CVE-2026-30937 | Medium | 6.8 | — | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. |
CVE-2026-30931 | Medium | 6.8 | — | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. |
CVE-2026-28686 | Medium | 6.8 | — | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. |
CVE-2026-32259 | Medium | 6.7 | — | 2026-03-12 | ImageMagick is free and open-source software used for editing and manipulating digital images. |
CVE-2026-28493 | Medium | 6.5 | — | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. |
CVE-2026-28689 | Medium | 6.3 | — | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. |
CVE-2026-31853 | Medium | 5.7 | — | 2026-03-11 | ImageMagick is free and open-source software used for editing and manipulating digital images. |
CVE-2026-30883 | Medium | 5.7 | — | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. |
CVE-2026-30936 | Medium | 5.5 | — | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. |
CVE-2026-28687 | Medium | 5.3 | — | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. |
CVE-2026-28692 | Medium | 4.8 | — | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. |
CVE-2026-30935 | Medium | 4.4 | — | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. |
CVE-2026-28688 | Medium | 4.0 | — | 2026-03-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. |
Color · 16 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31796 | High | 7.8 | — | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. |
CVE-2026-31795 | High | 7.8 | — | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. |
CVE-2026-31792 | High | 7.8 | — | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. |
CVE-2026-30987 | High | 7.8 | — | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. |
CVE-2026-30985 | High | 7.8 | — | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. |
CVE-2026-30983 | High | 7.8 | — | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. |
CVE-2026-30979 | High | 7.8 | — | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. |
CVE-2026-30978 | High | 7.8 | — | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. |
CVE-2026-31797 | Medium | 6.1 | — | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. |
CVE-2026-30984 | Medium | 6.1 | — | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. |
CVE-2026-30982 | Medium | 6.1 | — | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. |
CVE-2026-30981 | Medium | 6.1 | — | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. |
CVE-2026-31794 | Medium | 5.5 | — | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. |
CVE-2026-31793 | Medium | 5.5 | — | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. |
CVE-2026-30986 | Medium | 5.5 | — | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. |
CVE-2026-30980 | Medium | 5.5 | — | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. |
Ibm · 16 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-36368 | Medium | 6.5 | — | 2026-03-13 | IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection. |
CVE-2025-13702 | Medium | 6.1 | — | 2026-03-13 | IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. |
CVE-2025-36173 | Medium | 6.1 | — | 2026-03-10 | Affected Product(s)Version(s)InfoSphere Data Architect9.2.1 |
CVE-2025-13219 | Medium | 5.9 | — | 2026-03-10 | IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. |
CVE-2026-0835 | Medium | 5.4 | — | 2026-03-13 | IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 are vulnerable to cross-site scripting. |
CVE-2025-14504 | Medium | 5.4 | — | 2026-03-13 | IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 is vulnerable to cross-site scripting. |
CVE-2023-40693 | Medium | 5.4 | — | 2026-03-13 | IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, and 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1 are vulnerable to cross-site scripting. |
CVE-2025-13213 | Medium | 5.4 | — | 2026-03-10 | IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. |
CVE-2025-36227 | Medium | 5.4 | — | 2026-03-10 | IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, includin… |
CVE-2025-36226 | Medium | 5.4 | — | 2026-03-10 | IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. |
CVE-2025-13726 | Medium | 5.3 | — | 2026-03-13 | IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. |
CVE-2025-13723 | Medium | 5.3 | — | 2026-03-13 | IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token |
CVE-2025-36105 | Medium | 4.4 | — | 2026-03-10 | IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables. |
CVE-2025-14483 | Medium | 4.3 | — | 2026-03-13 | IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could disclose sensitive host information to authenticated users in responses that could… |
CVE-2025-13718 | Low | 3.7 | — | 2026-03-13 | IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors. |
CVE-2025-14811 | Low | 3.1 | — | 2026-03-13 | IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained us… |
Gitlab · 15 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1090 | High | 8.7 | — | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the `markdown_placeholders` feature flag was enab… |
CVE-2026-1069 | High | 7.5 | — | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled re… |
CVE-2025-14513 | High | 7.5 | — | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improp… |
CVE-2025-13929 | High | 7.5 | — | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by issuing specially cra… |
CVE-2025-13690 | Medium | 6.5 | — | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause a denial of service condition due to improper… |
CVE-2025-12576 | Medium | 6.5 | — | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that under certain conditions could have allowed an authenticated user to cause a denial of service du… |
CVE-2026-3848 | Medium | 5.0 | — | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to make unintended internal requests through proxy envi… |
CVE-2026-1182 | Medium | 4.3 | — | 2026-03-12 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title… |
CVE-2025-12555 | Medium | 4.3 | — | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that, under certain conditions, could have allowed an authenticated user to access previous pipeline… |
CVE-2026-1732 | Medium | 4.3 | — | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose confidential issue titles due to improper f… |
CVE-2026-1663 | Medium | 4.3 | — | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with group import permissions to create labels in priva… |
CVE-2026-0602 | Medium | 4.3 | — | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge request… |
CVE-2026-1230 | Medium | 4.1 | — | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause repository downloads to contain different code… |
CVE-2025-12704 | Low | 3.5 | — | 2026-03-11 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to access Virtual Registry data in groups where they are n… |
CVE-2025-12697 | Low | 2.2 | — | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API… |
Mbs · 15 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-41765 | Critical | 9.1 | — | 2026-03-09 | Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. |
CVE-2025-41764 | Critical | 9.1 | — | 2026-03-09 | Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates. |
CVE-2025-41766 | High | 8.8 | — | 2026-03-09 | A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise. |
CVE-2025-41758 | High | 8.8 | — | 2026-03-09 | A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. |
CVE-2025-41757 | High | 8.8 | — | 2026-03-09 | A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere o… |
CVE-2025-41756 | High | 8.1 | — | 2026-03-09 | A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system. |
CVE-2025-41761 | High | 7.8 | — | 2026-03-09 | A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. |
CVE-2025-41772 | High | 7.5 | — | 2026-03-09 | An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR. |
CVE-2025-41767 | High | 7.2 | — | 2026-03-09 | A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR. |
CVE-2025-41763 | Medium | 6.5 | — | 2026-03-09 | A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files. |
CVE-2025-41755 | Medium | 6.5 | — | 2026-03-09 | A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. |
CVE-2025-41754 | Medium | 6.5 | — | 2026-03-09 | A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system. |
CVE-2025-41762 | Medium | 6.2 | — | 2026-03-09 | An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, including password hashes and certificates. |
CVE-2025-41760 | Medium | 4.9 | — | 2026-03-09 | An administrator may attempt to block all traffic by configuring a pass filter with an empty table. |
CVE-2025-41759 | Medium | 4.9 | — | 2026-03-09 | An administrator may attempt to block all networks by specifying "\*" or "all" as the network identifier. |
Jettweb · 14 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25520 | High | 8.2 | — | 2026-03-12 | Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. |
CVE-2019-25519 | High | 8.2 | — | 2026-03-12 | Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. |
CVE-2019-25518 | High | 8.2 | — | 2026-03-12 | Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. |
CVE-2019-25517 | High | 8.2 | — | 2026-03-12 | Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. |
CVE-2019-25516 | High | 8.2 | — | 2026-03-12 | Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery_id parameter. |
CVE-2019-25514 | High | 8.2 | — | 2026-03-12 | Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. |
CVE-2019-25513 | High | 8.2 | — | 2026-03-12 | Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. |
CVE-2019-25512 | High | 8.2 | — | 2026-03-12 | Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. |
CVE-2019-25511 | High | 8.2 | — | 2026-03-12 | Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. |
CVE-2019-25510 | High | 8.2 | — | 2026-03-12 | Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. |
CVE-2019-25508 | High | 8.2 | — | 2026-03-12 | Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter. |
CVE-2019-25488 | High | 8.2 | — | 2026-03-12 | Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. |
CVE-2019-25482 | High | 8.2 | — | 2026-03-12 | Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter. |
CVE-2019-25515 | High | 7.5 | — | 2026-03-12 | Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. |
Gvectors · 13 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-22192 | Critical | 9.9 | — | 2026-03-13 | Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management functions by manipulating browser localStorage values. |
CVE-2026-22202 | High | 8.1 | — | 2026-03-13 | wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments associated with an email address by crafting a malicious GET request with a valid HMAC key. |
CVE-2026-22193 | High | 8.1 | — | 2026-03-13 | wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parameters lack proper quote escaping in SQL queries. |
CVE-2026-22199 | High | 7.5 | — | 2026-03-13 | Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows unauthenticated attackers to read arbitrary files on the device filesystem by supplying directory tr… |
CVE-2026-22182 | High | 7.5 | — | 2026-03-13 | wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType() function. |
CVE-2026-22216 | Medium | 6.5 | — | 2026-03-13 | wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.Wp… |
CVE-2026-22183 | Medium | 6.1 | — | 2026-03-13 | wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allows authenticated users to inject malicious scripts by submitting comments with unescaped content. |
CVE-2026-22209 | Medium | 5.5 | — | 2026-03-13 | wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags. |
CVE-2026-22201 | Medium | 5.3 | — | 2026-03-13 | wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP() function that allows attackers to bypass IP-based rate limiting and ban enforcement by trusting untrusted HTTP headers. |
CVE-2026-22203 | Medium | 4.9 | — | 2026-03-13 | wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. |
CVE-2026-22210 | Medium | 4.4 | — | 2026-03-13 | wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpload class. |
CVE-2026-22215 | Medium | 4.3 | — | 2026-03-13 | wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage() function that allows attackers to trigger unauthorized actions without nonce validation. |
CVE-2026-22204 | Low | 3.7 | — | 2026-03-13 | wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into the comment_author_email cookie. |
Craftcms · 11 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31858 | High | 8.8 | — | 2026-03-11 | Craft is a content management system (CMS). |
CVE-2026-31857 | High | 8.8 | — | 2026-03-11 | Craft is a content management system (CMS). |
CVE-2026-29174 | High | 8.8 | — | 2026-03-10 | Craft Commerce is an ecommerce platform for Craft CMS. |
CVE-2026-29172 | High | 8.8 | — | 2026-03-10 | Craft Commerce is an ecommerce platform for Craft CMS. |
CVE-2026-31859 | Medium | 6.1 | — | 2026-03-11 | Craft is a content management system (CMS). |
CVE-2026-29177 | Medium | 5.4 | — | 2026-03-10 | Craft Commerce is an ecommerce platform for Craft CMS. |
CVE-2026-29175 | Medium | 5.4 | — | 2026-03-10 | Craft Commerce is an ecommerce platform for Craft CMS. |
CVE-2026-31867 | Medium | 4.8 | — | 2026-03-11 | Craft Commerce is an ecommerce platform for Craft CMS. |
CVE-2026-29176 | Medium | 4.8 | — | 2026-03-10 | Craft Commerce is an ecommerce platform for Craft CMS. |
CVE-2026-29173 | Medium | 4.8 | — | 2026-03-10 | Craft Commerce is an ecommerce platform for Craft CMS. |
CVE-2026-29113 | Medium | 4.3 | — | 2026-03-10 | Craft is a content management system (CMS). |
Dlink · 11 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-70245 | Critical | 9.8 | — | 2026-03-12 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizardSelectMode. |
CVE-2025-70244 | High | 7.5 | — | 2026-03-10 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanSetup. |
CVE-2025-70251 | High | 7.5 | — | 2026-03-10 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanGuestSetup. |
CVE-2025-70249 | High | 7.5 | — | 2026-03-10 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard2. |
CVE-2025-70247 | High | 7.5 | — | 2026-03-10 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard1. |
CVE-2025-70246 | High | 7.5 | — | 2026-03-10 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formVirtualServ. |
CVE-2025-70242 | High | 7.5 | — | 2026-03-10 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formSetWanPPTP. |
CVE-2025-70227 | High | 7.5 | — | 2026-03-10 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the nextPage parameter to goform/formLanguageChange. |
CVE-2025-70250 | High | 7.5 | — | 2026-03-09 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formdumpeasysetup. |
CVE-2025-70243 | High | 7.5 | — | 2026-03-09 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard534. |
CVE-2025-70238 | High | 7.5 | — | 2026-03-09 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52. |
Hackerbay · 10 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32306 | Critical | 9.9 | — | 2026-03-13 | OneUptime is a solution for monitoring and managing online services. |
CVE-2026-30957 | Critical | 9.9 | — | 2026-03-10 | OneUptime is a solution for monitoring and managing online services. |
CVE-2026-30956 | Critical | 9.9 | — | 2026-03-10 | OneUptime is a solution for monitoring and managing online services. |
CVE-2026-30921 | Critical | 9.9 | — | 2026-03-10 | OneUptime is a solution for monitoring and managing online services. |
CVE-2026-30887 | Critical | 9.9 | — | 2026-03-10 | OneUptime is a solution for monitoring and managing online services. |
CVE-2026-30920 | High | 8.6 | — | 2026-03-10 | OneUptime is a solution for monitoring and managing online services. |
CVE-2026-32308 | High | 7.6 | — | 2026-03-13 | OneUptime is a solution for monitoring and managing online services. |
CVE-2026-30958 | High | 7.2 | — | 2026-03-10 | OneUptime is a solution for monitoring and managing online services. |
CVE-2026-32598 | Medium | 6.5 | — | 2026-03-13 | OneUptime is a solution for monitoring and managing online services. |
CVE-2026-30959 | Medium | 5.0 | — | 2026-03-10 | OneUptime is a solution for monitoring and managing online services. |
Lenovo · 10 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2368 | High | 7.1 | — | 2026-03-11 | An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code. |
CVE-2026-1716 | High | 7.1 | — | 2026-03-11 | An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges. |
CVE-2026-1715 | High | 7.1 | — | 2026-03-11 | An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges. |
CVE-2026-0940 | Medium | 6.7 | — | 2026-03-11 | A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code. |
CVE-2026-1652 | Medium | 6.1 | — | 2026-03-11 | A potential buffer overflow vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to corrupt memory and cause a Windows blue screen error. |
CVE-2026-2640 | Medium | 5.5 | — | 2026-03-11 | During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes. |
CVE-2026-1717 | Medium | 5.5 | — | 2026-03-11 | An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges. |
CVE-2026-1653 | Medium | 5.5 | — | 2026-03-11 | A potential divide by zero vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to cause a Windows blue screen error. |
CVE-2026-1068 | Medium | 5.3 | — | 2026-03-11 | An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application. |
CVE-2026-0520 | Low | 2.8 | — | 2026-03-11 | A potential vulnerability was reported in the Lenovo FileZ Android application that, under certain conditions, could allow a local authenticated user to retrieve some sensitive data stored in a log file. |
Netartmedia · 10 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25543 | High | 8.2 | — | 2026-03-12 | Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. |
CVE-2019-25542 | High | 8.2 | — | 2026-03-12 | Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_email parameter. |
CVE-2019-25541 | High | 8.2 | — | 2026-03-12 | Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. |
CVE-2019-25540 | High | 8.2 | — | 2026-03-12 | Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. |
CVE-2019-25537 | High | 8.2 | — | 2026-03-12 | Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. |
CVE-2019-25536 | High | 8.2 | — | 2026-03-12 | Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. |
CVE-2019-25535 | High | 8.2 | — | 2026-03-12 | Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. |
CVE-2019-25534 | High | 8.2 | — | 2026-03-12 | Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. |
CVE-2019-25532 | High | 8.2 | — | 2026-03-12 | Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. |
CVE-2019-25531 | High | 8.2 | — | 2026-03-12 | Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows unauthenticated attackers to manipulate database queries. |
Red Hat · 9 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-4111 | High | 7.5 | — | 2026-03-13 | A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. |
CVE-2026-4105 | Medium | 6.7 | — | 2026-03-13 | A flaw was found in systemd. |
CVE-2025-8766 | Medium | 6.4 | — | 2026-03-13 | A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. |
CVE-2025-57849 | Medium | 6.4 | — | 2026-03-13 | A container privilege escalation flaw was found in certain Fuse images. |
CVE-2026-2376 | Medium | 4.9 | — | 2026-03-12 | A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. |
CVE-2026-3234 | Medium | 4.3 | — | 2026-03-12 | A flaw was found in mod_proxy_cluster. |
CVE-2026-3429 | Medium | 4.2 | — | 2026-03-11 | A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. |
CVE-2026-2366 | Low | 3.1 | — | 2026-03-12 | A flaw was found in Keycloak. |
CVE-2026-3911 | Low | 2.7 | — | 2026-03-11 | A flaw was found in Keycloak. |
Sap_se · 9 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-27685 | Critical | 9.1 | — | 2026-03-10 | SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, could result in a high impact on the confidentiality, integrity, and availability of the h… |
CVE-2026-27689 | High | 7.7 | — | 2026-03-10 | Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-… |
CVE-2026-27684 | Medium | 6.4 | — | 2026-03-10 | SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. |
CVE-2026-0489 | Medium | 6.1 | — | 2026-03-10 | Due to insufficient validation of user-controlled input in the URLs query parameter. |
CVE-2026-27686 | Medium | 5.9 | — | 2026-03-10 | Due to a Missing Authorization Check in SAP Business Warehouse (Service API), an authenticated attacker could perform unauthorized actions via an affected RFC function module. |
CVE-2026-27687 | Medium | 5.8 | — | 2026-03-10 | Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. |
CVE-2026-24311 | Medium | 5.6 | — | 2026-03-10 | The SAP Customer Checkout application exhibits certain design characteristics that involve locally storing operational data using reversible protection mechanisms. |
CVE-2026-24317 | Medium | 5.0 | — | 2026-03-10 | SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. |
CVE-2026-24313 | Medium | 5.0 | — | 2026-03-10 | SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. |
Siemens · 9 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-40943 | Critical | 9.6 | — | 2026-03-10 | Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted t… |
CVE-2026-25573 | High | 7.4 | — | 2026-03-10 | A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). |
CVE-2026-25570 | High | 7.4 | — | 2026-03-10 | A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). |
CVE-2026-25569 | High | 7.4 | — | 2026-03-10 | A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). |
CVE-2026-25605 | Medium | 6.7 | — | 2026-03-10 | A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). |
CVE-2026-25572 | Medium | 5.1 | — | 2026-03-10 | A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). |
CVE-2026-25571 | Medium | 5.1 | — | 2026-03-10 | A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). |
CVE-2026-27661 | Medium | 4.3 | — | 2026-03-10 | A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). |
CVE-2025-27769 | Low | 2.6 | — | 2026-03-10 | A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (All versions < F4.11.1), Heliox Mobile DC 40 kW EV Charging Station (All versions < L4.10.1). |
Unknown · 9 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2631 | Critical | 9.8 | — | 2026-03-11 | The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST endpoint that allows any remote user to modify the option `datalogics_token` without verification. |
CVE-2026-2626 | High | 8.1 | — | 2026-03-11 | The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function, allowing unauthenticated users to modify stored divi-booster WordPress plugin before 5.0.2 options. |
CVE-2026-2466 | High | 7.1 | — | 2026-03-11 | The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. |
CVE-2026-1753 | Medium | 6.8 | — | 2026-03-11 | The Gutena Forms WordPress plugin before 1.6.1 does not validate option to be updated, which could allow contributors and above role to update arbitrary boolean and array options (such as users_can_register). |
CVE-2019-25474 | Medium | 6.2 | — | 2026-03-11 | Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. |
CVE-2026-1867 | Medium | 5.9 | — | 2026-03-11 | The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. |
CVE-2026-2687 | Medium | 4.3 | — | 2026-03-12 | The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capa… |
CVE-2025-15473 | Medium | 4.3 | — | 2026-03-12 | The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type. |
CVE-2026-1508 | Medium | 4.3 | — | 2026-03-10 | The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete them via a CSRF attack |
Freerdp · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31806 | Critical | 9.8 | — | 2026-03-13 | FreeRDP is a free implementation of the Remote Desktop Protocol. |
CVE-2026-31885 | Medium | 6.5 | — | 2026-03-13 | FreeRDP is a free implementation of the Remote Desktop Protocol. |
CVE-2026-31884 | Medium | 6.5 | — | 2026-03-13 | FreeRDP is a free implementation of the Remote Desktop Protocol. |
CVE-2026-31883 | Medium | 6.5 | — | 2026-03-13 | FreeRDP is a free implementation of the Remote Desktop Protocol. |
CVE-2026-29775 | Medium | 5.3 | — | 2026-03-13 | FreeRDP is a free implementation of the Remote Desktop Protocol. |
CVE-2026-29774 | Medium | 5.3 | — | 2026-03-13 | FreeRDP is a free implementation of the Remote Desktop Protocol. |
CVE-2026-29776 | Low | 3.1 | — | 2026-03-13 | FreeRDP is a free implementation of the Remote Desktop Protocol. |
CVE-2026-31897 | Unrated | — | — | 2026-03-13 | FreeRDP is a free implementation of the Remote Desktop Protocol. |
Lantronix · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-70082 | Critical | 9.8 | — | 2026-03-11 | An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component |
CVE-2025-67041 | Critical | 9.8 | — | 2026-03-11 | An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. |
CVE-2025-67038 | Critical | 9.8 | KEV | 2026-03-11 | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. |
CVE-2025-67035 | Critical | 9.8 | — | 2026-03-11 | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. |
CVE-2025-67039 | Critical | 9.1 | — | 2026-03-11 | An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. |
CVE-2025-67037 | High | 8.8 | — | 2026-03-11 | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. |
CVE-2025-67036 | High | 8.8 | — | 2026-03-11 | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. |
CVE-2025-67034 | High | 8.8 | — | 2026-03-11 | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. |
Open-emr · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32127 | High | 8.8 | — | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. |
CVE-2026-32123 | High | 7.7 | — | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. |
CVE-2026-32121 | High | 7.7 | — | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. |
CVE-2026-32126 | High | 7.1 | — | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. |
CVE-2026-32125 | Medium | 5.4 | — | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. |
CVE-2026-32124 | Medium | 5.4 | — | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. |
CVE-2026-32118 | Medium | 5.4 | — | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. |
CVE-2026-32122 | Medium | 4.3 | — | 2026-03-11 | OpenEMR is a free and open source electronic health records and medical practice management application. |
Veeam · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-21708 | Critical | 9.9 | — | 2026-03-12 | A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user. |
CVE-2026-21669 | Critical | 9.9 | — | 2026-03-12 | A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. |
CVE-2026-21667 | Critical | 9.9 | — | 2026-03-12 | A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. |
CVE-2026-21666 | Critical | 9.9 | — | 2026-03-12 | A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. |
CVE-2026-21671 | Critical | 9.1 | — | 2026-03-12 | A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication. |
CVE-2026-21672 | High | 8.8 | — | 2026-03-12 | A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers. |
CVE-2026-21668 | High | 8.8 | — | 2026-03-12 | A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository. |
CVE-2026-21670 | High | 7.7 | — | 2026-03-12 | A vulnerability allowing a low-privileged user to extract saved SSH credentials. |
Apache · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-24713 | Critical | 9.8 | — | 2026-03-09 | Improper Input Validation vulnerability in Apache IoTDB. |
CVE-2026-24015 | Critical | 9.8 | — | 2026-03-09 | A vulnerability in Apache IoTDB. |
CVE-2025-69219 | High | 8.8 | — | 2026-03-09 | A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. |
CVE-2025-66249 | Medium | 6.3 | — | 2026-03-13 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Livy. |
CVE-2025-60012 | Medium | 6.3 | — | 2026-03-13 | Malicious configuration can lead to unauthorized file access in Apache Livy. |
CVE-2026-25604 | Medium | 5.4 | — | 2026-03-09 | In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access cont… |
CVE-2026-23907 | Medium | 5.3 | — | 2026-03-10 | This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. |
Sylius · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31824 | High | 8.2 | — | 2026-03-10 | Sylius is an Open Source eCommerce Framework on Symfony. |
CVE-2026-31820 | Medium | 6.5 | — | 2026-03-10 | Sylius is an Open Source eCommerce Framework on Symfony. |
CVE-2026-31822 | Medium | 6.1 | — | 2026-03-10 | Sylius is an Open Source eCommerce Framework on Symfony. |
CVE-2026-31819 | Medium | 6.1 | — | 2026-03-10 | Sylius is an Open Source eCommerce Framework on Symfony. |
CVE-2026-31825 | Medium | 5.3 | — | 2026-03-10 | Sylius is an Open Source eCommerce Framework on Symfony. |
CVE-2026-31821 | Medium | 5.3 | — | 2026-03-10 | Sylius is an Open Source eCommerce Framework on Symfony. |
CVE-2026-31823 | Medium | 4.8 | — | 2026-03-10 | Sylius is an Open Source eCommerce Framework on Symfony. |
Ays Pro · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31922 | High | 8.5 | — | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through <= 1.0.6.3. |
CVE-2026-32428 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in Ays Pro Popup Like box ays-facebook-popup-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Like box: from n/a through <= 3.7.7. |
CVE-2026-32402 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through <= 2.7.1. |
CVE-2026-32332 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.9. |
CVE-2026-32329 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through <= 1.9.1. |
CVE-2026-32342 | Medium | 4.3 | — | 2026-03-13 | Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.1.2. |
Cisco · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-20046 | High | 8.8 | — | 2026-03-11 | A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerabili… |
CVE-2026-20040 | High | 8.8 | — | 2026-03-11 | A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient v… |
CVE-2026-20074 | High | 7.4 | — | 2026-03-11 | A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly. This… |
CVE-2026-20118 | Medium | 6.8 | — | 2026-03-11 | A vulnerability in the handling of an Egress Packet Network Interface (EPNI) Aligner interrupt in Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series with NC57 line cards and Cisco NCS 5700 Routers and Cisco IOS XR… |
CVE-2026-20117 | Medium | 6.1 | — | 2026-03-11 | A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. T… |
CVE-2026-20116 | Medium | 6.1 | — | 2026-03-11 | A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise (Packaged CCE), Cisco Unified Contact Center Enterprise (Unified CCE), Cisco Unified Contact Center Express (Unified CCX… |
Freebsd · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-15547 | High | 8.8 | — | 2026-03-09 | By default, jailed processes cannot mount filesystems, including nullfs(4). |
CVE-2026-3038 | High | 7.5 | — | 2026-03-09 | The rtsock_msg_buffer() function serializes routing information into a buffer. |
CVE-2026-2261 | High | 7.5 | — | 2026-03-09 | Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. |
CVE-2025-15576 | High | 7.5 | — | 2026-03-09 | If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs… |
CVE-2025-14769 | High | 7.5 | — | 2026-03-09 | In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. |
CVE-2025-14558 | High | 7.2 | — | 2026-03-09 | The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified. |
Nodejs · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2229 | High | 7.5 | — | 2026-03-12 | ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the server_max_window_bits parameter in the permessage-deflate extension. |
CVE-2026-1528 | High | 7.5 | — | 2026-03-12 | ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. |
CVE-2026-1526 | High | 7.5 | — | 2026-03-12 | The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. |
CVE-2026-1525 | Medium | 6.5 | — | 2026-03-12 | Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names (e.g., Content-Length and content-length). |
CVE-2026-2581 | Medium | 5.9 | — | 2026-03-12 | This is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS). |
CVE-2026-1527 | Medium | 4.6 | — | 2026-03-12 | ImpactWhen an application passes user-controlled input to the upgrade option of client.request(), an attacker can inject CRLF sequences (\r\n) to: * Inject arbitrary HTTP headers * Terminate the HTTP request prematurely and smuggle… |
Openclaw · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32060 | High | 8.8 | — | 2026-03-11 | OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in apply_patch that allows attackers to write or delete files outside the configured workspace directory. |
CVE-2026-32059 | High | 8.8 | — | 2026-03-11 | OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option abbreviations, allowing attackers to bypass denied-flag checks via abbreviated options. |
CVE-2026-32302 | High | 8.1 | — | 2026-03-13 | OpenClaw is a personal AI assistant. |
CVE-2026-32062 | High | 7.5 | — | 2026-03-11 | OpenClaw versions 2026.2.21-2 up to, but not including, 2026.2.22, and @openclaw/voice-call versions 2026.2.21 up to, but not including, 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated cl… |
CVE-2026-32063 | High | 7.1 | — | 2026-03-11 | OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF characters, allowing newline injection to b… |
CVE-2026-32061 | Medium | 4.4 | — | 2026-03-11 | OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. |
Schneider Electric · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2273 | High | 8.2 | — | 2026-03-10 | CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a poten… |
CVE-2025-11739 | High | 7.8 | — | 2026-03-10 | CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization. |
CVE-2026-1286 | Medium | 6.5 | — | 2026-03-10 | CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated user opens a malicious project file. |
CVE-2025-13902 | Medium | 5.4 | — | 2026-03-10 | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim… |
CVE-2025-13901 | Medium | 5.3 | — | 2026-03-10 | CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels. |
CVE-2025-13957 | — | — | — | 2026-03-10 | CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. |
Vowelweb · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32438 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in vowelweb VW School Education vw-school-education allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW School Education: from n/a through <= 1.4.6. |
CVE-2026-32437 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in vowelweb VW Portfolio vw-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Portfolio: from n/a through <= 1.3.3. |
CVE-2026-32436 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in vowelweb VW Photography vw-photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Photography: from n/a through <= 1.3.8. |
CVE-2026-32435 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through <= 1.4.7. |
CVE-2026-32434 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in vowelweb VW Fitness vw-fitness allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Fitness: from n/a through <= 4.3.4. |
CVE-2026-32427 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in vowelweb VW Education Lite vw-education-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Education Lite: from n/a through <= 2.2.0. |
B3log · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30869 | Critical | 9.3 | — | 2026-03-10 | SiYuan is a personal knowledge management system. |
CVE-2026-32110 | High | 8.3 | — | 2026-03-11 | SiYuan is a personal knowledge management system. |
CVE-2026-30926 | High | 7.1 | — | 2026-03-10 | SiYuan is a personal knowledge management system. |
CVE-2026-31809 | Medium | 6.1 | — | 2026-03-10 | SiYuan is a personal knowledge management system. |
CVE-2026-31807 | Medium | 6.1 | — | 2026-03-10 | SiYuan is a personal knowledge management system. |
Budibase · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30240 | Critical | 9.6 | — | 2026-03-09 | Budibase is a low code platform for creating internal tools, workflows, and admin panels. |
CVE-2026-31816 | Critical | 9.1 | — | 2026-03-09 | Budibase is a low code platform for creating internal tools, workflows, and admin panels. |
CVE-2026-25737 | High | 8.9 | — | 2026-03-09 | Budibase is a low code platform for creating internal tools, workflows, and admin panels. |
CVE-2026-25045 | High | 8.8 | — | 2026-03-09 | Budibase is a low code platform for creating internal tools, workflows, and admin panels. |
CVE-2026-25041 | High | 7.2 | — | 2026-03-09 | Budibase is a low code platform for creating internal tools, workflows, and admin panels. |
Envoyproxy · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26308 | High | 7.5 | — | 2026-03-10 | Envoy is a high-performance edge/middle/service proxy. |
CVE-2026-26311 | Medium | 5.9 | — | 2026-03-10 | Envoy is a high-performance edge/middle/service proxy. |
CVE-2026-26310 | Medium | 5.9 | — | 2026-03-10 | Envoy is a high-performance edge/middle/service proxy. |
CVE-2026-26330 | Medium | 5.3 | — | 2026-03-10 | Envoy is a high-performance edge/middle/service proxy. |
CVE-2026-26309 | Medium | 5.3 | — | 2026-03-10 | Envoy is a high-performance edge/middle/service proxy. |
Gl-inet · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26793 | Critical | 9.8 | — | 2026-03-12 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set_config function. |
CVE-2026-26795 | Critical | 9.8 | — | 2026-03-12 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. |
CVE-2026-26792 | Critical | 9.8 | — | 2026-03-12 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set_upgrade function via the modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type param… |
CVE-2026-26791 | Critical | 9.8 | — | 2026-03-12 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. |
CVE-2026-26794 | High | 8.8 | — | 2026-03-12 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add_group() function. |
Gnu · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32746 | Critical | 9.8 | — | 2026-03-13 | telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full. |
CVE-2025-61154 | Medium | 6.5 | — | 2026-03-12 | Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.7571 up to v0.13.3.7835 allows a crafted DWG file to cause a Denial of Service (DoS) via the function decompress_R2004_section at decode.c. |
CVE-2026-3904 | Medium | 6.2 | — | 2026-03-11 | Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified b… |
CVE-2025-69648 | Medium | 6.2 | — | 2026-03-09 | GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. |
CVE-2025-69647 | Medium | 6.2 | — | 2026-03-09 | GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. |
Hewlett Packard Enterprise (Hpe) · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-23813 | Critical | 9.8 | — | 2026-03-11 | A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls. |
CVE-2026-23814 | High | 8.8 | — | 2026-03-11 | A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior. |
CVE-2026-23816 | High | 7.2 | — | 2026-03-11 | A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system. |
CVE-2026-23815 | High | 7.2 | — | 2026-03-11 | A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated remote attacker with high privileges to perform command injection. |
CVE-2026-23817 | Medium | 6.5 | — | 2026-03-11 | A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthenticated remote attacker to redirect users to an arbitrary URL. |
Inoutscripts · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25528 | High | 8.2 | — | 2026-03-12 | Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the property1 parameter. |
CVE-2019-25527 | High | 8.2 | — | 2026-03-12 | Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the numguest parameter. |
CVE-2019-25526 | High | 8.2 | — | 2026-03-12 | Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter. |
CVE-2019-25525 | High | 8.2 | — | 2026-03-12 | Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter. |
CVE-2019-25479 | High | 8.2 | — | 2026-03-12 | Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. |
Itsourcecode · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-4014 | High | 7.3 | — | 2026-03-12 | A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0. |
CVE-2026-3981 | High | 7.3 | — | 2026-03-12 | A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. |
CVE-2026-3980 | High | 7.3 | — | 2026-03-12 | A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. |
CVE-2026-3993 | Medium | 4.3 | — | 2026-03-12 | A security vulnerability has been detected in itsourcecode Payroll Management System 1.0. |
CVE-2026-3982 | Medium | 4.3 | — | 2026-03-12 | A vulnerability was determined in itsourcecode University Management System 1.0. |
Openproject · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30239 | Medium | 6.5 | — | 2026-03-11 | OpenProject is an open-source, web-based project management software. |
CVE-2026-30235 | Medium | 6.5 | — | 2026-03-11 | OpenProject is an open-source, web-based project management software. |
CVE-2026-30234 | Medium | 6.5 | — | 2026-03-11 | OpenProject is an open-source, web-based project management software. |
CVE-2026-30236 | Medium | 4.3 | — | 2026-03-11 | OpenProject is an open-source, web-based project management software. |
CVE-2026-31974 | Low | 3.0 | — | 2026-03-11 | OpenProject is an open-source, web-based project management software. |
Splunk · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-20163 | High | 7.2 | — | 2026-03-11 | In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability… |
CVE-2026-20164 | Medium | 6.5 | — | 2026-03-11 | In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold the "admin" or "power" Splu… |
CVE-2026-20165 | Medium | 6.3 | — | 2026-03-11 | In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splu… |
CVE-2026-20162 | Medium | 6.3 | — | 2026-03-11 | In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the "admin" or "power" Splunk… |
CVE-2026-20166 | Medium | 5.4 | — | 2026-03-11 | In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve the Ob… |
Ssw · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-28792 | Critical | 9.6 | — | 2026-03-12 | Tina is a headless content management system. |
CVE-2026-28793 | High | 8.4 | — | 2026-03-12 | Tina is a headless content management system. |
CVE-2026-28791 | High | 7.4 | — | 2026-03-12 | Tina is a headless content management system. |
CVE-2026-24125 | Medium | 6.3 | — | 2026-03-12 | Tina is a headless content management system. |
CVE-2026-29066 | Medium | 6.2 | — | 2026-03-12 | Tina is a headless content management system. |
Studiocms · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30944 | High | 8.8 | — | 2026-03-10 | StudioCMS is a server-side-rendered, Astro native, headless content management system. |
CVE-2026-30945 | High | 7.1 | — | 2026-03-10 | StudioCMS is a server-side-rendered, Astro native, headless content management system. |
CVE-2026-32103 | Medium | 6.8 | — | 2026-03-11 | StudioCMS is a server-side-rendered, Astro native, headless content management system. |
CVE-2026-32104 | Medium | 5.4 | — | 2026-03-11 | StudioCMS is a server-side-rendered, Astro native, headless content management system. |
CVE-2026-32106 | Medium | 4.7 | — | 2026-03-11 | StudioCMS is a server-side-rendered, Astro native, headless content management system. |
Trane · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-28256 | Critical | 9.8 | — | 2026-03-12 | A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts. |
CVE-2026-28255 | Critical | 9.8 | — | 2026-03-12 | A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts. |
CVE-2026-28252 | Critical | 9.8 | — | 2026-03-12 | A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device. |
CVE-2026-28254 | High | 7.5 | — | 2026-03-12 | A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs. |
CVE-2026-28253 | High | 7.5 | — | 2026-03-12 | A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition |
Xooscripts · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25524 | High | 8.2 | — | 2026-03-12 | XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. |
CVE-2019-25523 | High | 8.2 | — | 2026-03-12 | XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. |
CVE-2019-25522 | High | 8.2 | — | 2026-03-12 | XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photo_id parameter. |
CVE-2019-25521 | High | 8.2 | — | 2026-03-12 | XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gal_id parameter. |
CVE-2019-25509 | High | 8.2 | — | 2026-03-12 | XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. |
Ahsanriaz26gmailcom · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3793 | Medium | 6.3 | — | 2026-03-09 | A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. |
CVE-2026-3792 | Medium | 6.3 | — | 2026-03-09 | A vulnerability was found in SourceCodester Sales and Inventory System 1.0. |
CVE-2026-3791 | Medium | 6.3 | — | 2026-03-09 | A vulnerability has been found in SourceCodester Sales and Inventory System 1.0. |
CVE-2026-3790 | Medium | 6.3 | — | 2026-03-09 | A flaw has been found in SourceCodester Sales and Inventory System 1.0. |
Anchore · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25076 | High | 7.3 | — | 2026-03-13 | Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. |
CVE-2026-31961 | Medium | 5.5 | — | 2026-03-11 | Quill provides simple mac binary signing and notarization from any platform. |
CVE-2026-31960 | Medium | 5.3 | — | 2026-03-11 | Quill provides simple mac binary signing and notarization from any platform. |
CVE-2026-31959 | Medium | 5.3 | — | 2026-03-11 | Quill provides simple mac binary signing and notarization from any platform. |
Curl · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3805 | High | 7.5 | — | 2026-03-11 | When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory. |
CVE-2026-3784 | Medium | 6.5 | — | 2026-03-11 | curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. |
CVE-2026-1965 | Medium | 6.5 | — | 2026-03-11 | libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. |
CVE-2026-3783 | Medium | 5.3 | — | 2026-03-11 | When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. |
Digilent · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-0957 | High | 7.8 | — | 2026-03-13 | There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted file in Digilent DASYLab. |
CVE-2026-0956 | High | 7.8 | — | 2026-03-13 | There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. |
CVE-2026-0955 | High | 7.8 | — | 2026-03-13 | There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. |
CVE-2026-0954 | High | 7.8 | — | 2026-03-13 | There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent DASYLab. |
Github · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3854 | High | 8.8 | — | 2026-03-10 | An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. |
CVE-2026-2266 | Medium | 5.4 | — | 2026-03-10 | An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed DOM-based cross-site scripting via task list content. |
CVE-2026-3582 | Medium | 4.3 | — | 2026-03-10 | An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token (PAT) lacking the repo scope to retrieve issues and commits from private and intern… |
CVE-2026-3306 | Medium | 4.3 | — | 2026-03-10 | An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access to a repository and write access to a project to modify issue and pull request metadata through the project. |
Janitza · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-41709 | Critical | 9.8 | — | 2026-03-10 | An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device. |
CVE-2025-41712 | Medium | 6.5 | — | 2026-03-10 | An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. |
CVE-2025-41710 | Medium | 6.5 | — | 2026-03-10 | An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges. |
CVE-2025-41711 | Medium | 5.3 | — | 2026-03-10 | An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access. |
Mozilla · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3847 | High | 8.8 | — | 2026-03-10 | Memory safety bugs present in Firefox 148.0.2. |
CVE-2026-3845 | High | 8.8 | — | 2026-03-10 | Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. |
CVE-2026-3846 | Medium | 6.5 | — | 2026-03-10 | Same-origin policy bypass in the CSS Parsing and Computation component. |
CVE-2026-2919 | Medium | 4.3 | — | 2026-03-09 | Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without… |
Qnap · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-59388 | Critical | 9.8 | — | 2026-03-12 | A use of hard-coded password vulnerability has been reported to affect Hyper Data Protector. |
CVE-2024-14026 | High | 7.8 | — | 2026-03-11 | A command injection vulnerability has been reported to affect several QNAP operating system versions. |
CVE-2024-14025 | Medium | 6.7 | — | 2026-03-11 | An SQL injection vulnerability has been reported to affect Video Station. |
CVE-2024-14024 | Medium | 6.7 | — | 2026-03-11 | An improper certificate validation vulnerability has been reported to affect Video Station. |
Sap · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-24316 | Medium | 6.4 | — | 2026-03-10 | SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. |
CVE-2026-24309 | Medium | 6.4 | — | 2026-03-10 | Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP syst… |
CVE-2026-27688 | Medium | 5.0 | — | 2026-03-10 | Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. |
CVE-2026-24310 | Low | 3.5 | — | 2026-03-10 | Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. |
Shopware · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31889 | High | 8.9 | — | 2026-03-11 | Shopware is an open commerce platform. |
CVE-2026-31887 | High | 7.5 | — | 2026-03-11 | Shopware is an open commerce platform. |
CVE-2026-32142 | Medium | 5.3 | — | 2026-03-12 | Shopware is an open commerce platform. |
CVE-2026-31888 | Medium | 5.3 | — | 2026-03-11 | Shopware is an open commerce platform. |
Themefusion · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32454 | Medium | 6.5 | — | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a through < 5.15.0. |
CVE-2026-32451 | Medium | 6.5 | — | 2026-03-13 | Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0. |
CVE-2026-32453 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avada Core: from n/a through < 5.15.0. |
CVE-2026-32452 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0. |
Zoom · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30903 | Critical | 9.6 | — | 2026-03-11 | External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access. |
CVE-2026-30902 | High | 7.8 | — | 2026-03-11 | Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. |
CVE-2026-30900 | High | 7.8 | — | 2026-03-11 | Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. |
CVE-2026-30901 | High | 7.0 | — | 2026-03-11 | Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access. |
9001 · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32108 | Medium | 6.5 | — | 2026-03-11 | Copyparty is a portable file server. |
CVE-2026-30974 | Medium | 4.6 | — | 2026-03-10 | Copyparty is a portable file server. |
CVE-2026-32109 | Low | 3.7 | — | 2026-03-11 | Copyparty is a portable file server. |
@Backstage · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32236 | High | 7.5 | — | 2026-03-12 | Backstage is an open framework for building developer portals. |
CVE-2026-32235 | Medium | 5.9 | — | 2026-03-12 | Backstage is an open framework for building developer portals. |
CVE-2026-32237 | Medium | 4.4 | — | 2026-03-12 | Backstage is an open framework for building developer portals. |
Abb · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-13779 | High | 8.3 | — | 2026-03-13 | Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. |
CVE-2025-13777 | High | 8.3 | — | 2026-03-13 | Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. |
CVE-2025-13778 | Medium | 6.5 | — | 2026-03-13 | Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. |
Asus · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1878 | — | — | — | 2026-03-12 | An Insufficient Integrity Verification vulnerability in the ASUS ROG peripheral driver installation process allows privilege escalation to SYSTEM. |
CVE-2025-15038 | — | — | — | 2026-03-12 | An Out-of-Bounds Read vulnerability exists in the ASUS Business System Control Interface driver. |
CVE-2025-15037 | — | — | — | 2026-03-12 | An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. |
Boldgrid · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32401 | High | 7.2 | — | 2026-03-13 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows PHP Local File Inclusion.This issue affects Client… |
CVE-2026-32424 | Medium | 6.5 | — | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Stored XSS.This issue affects Sprout Clients: from n/a through <= 3.2.2. |
CVE-2026-2707 | Medium | 6.4 | — | 2026-03-11 | The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API entry submission endpoint in all versions up to, and including, 1.6.27. |
Cloudcli · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31975 | Critical | 9.8 | — | 2026-03-11 | Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. |
CVE-2026-31862 | Critical | 9.1 | — | 2026-03-11 | Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. |
CVE-2026-31861 | High | 8.8 | — | 2026-03-11 | Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. |
Codepeople · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32433 | High | 8.5 | — | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Pay… |
CVE-2026-3986 | Medium | 6.4 | — | 2026-03-13 | The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and including, 5.4.5.0. |
CVE-2026-32432 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through… |
Coralos · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30968 | Critical | 9.8 | — | 2026-03-10 | Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. |
CVE-2026-30970 | Critical | 9.1 | — | 2026-03-10 | Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. |
CVE-2026-30969 | Critical | 9.1 | — | 2026-03-10 | Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. |
Croixhaug · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3045 | High | 7.5 | — | 2026-03-13 | The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. |
CVE-2026-1708 | High | 7.5 | — | 2026-03-11 | The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and including, 1.6.9.27. |
CVE-2026-1704 | Medium | 4.3 | — | 2026-03-13 | The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. |
Dataease · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32140 | High | 8.8 | — | 2026-03-12 | Dataease is an open source data visualization analysis tool. |
CVE-2026-32137 | High | 8.8 | — | 2026-03-12 | Dataease is an open source data visualization analysis tool. |
CVE-2026-32139 | Medium | 5.4 | — | 2026-03-12 | Dataease is an open source data visualization analysis tool. |
Dell · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-24510 | Medium | 6.7 | — | 2026-03-11 | Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerability. |
CVE-2026-24509 | Low | 3.6 | — | 2026-03-11 | Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Access Control vulnerability. |
CVE-2026-24508 | Low | 2.5 | — | 2026-03-11 | Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Certificate Validation vulnerability. |
Erlang · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-23941 | Critical | 9.4 | — | 2026-03-13 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. |
CVE-2026-23942 | Medium | 5.4 | — | 2026-03-13 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. |
CVE-2026-23943 | Medium | 5.3 | — | 2026-03-13 | Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. |
Forceu · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30955 | Medium | 6.5 | — | 2026-03-13 | Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. |
CVE-2026-30961 | Medium | 4.3 | — | 2026-03-13 | Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. |
CVE-2026-30943 | Medium | 4.1 | — | 2026-03-13 | Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. |
Frappe · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31877 | Critical | 9.8 | — | 2026-03-11 | Frappe is a full-stack web application framework. |
CVE-2026-31879 | Medium | 5.4 | — | 2026-03-11 | Frappe is a full-stack web application framework. |
CVE-2026-31878 | Medium | 5.0 | — | 2026-03-11 | Frappe is a full-stack web application framework. |
Labredescefetrj · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31896 | Critical | 9.8 | — | 2026-03-11 | WeGIA is a web manager for charitable institutions. |
CVE-2026-31895 | High | 8.8 | — | 2026-03-11 | WeGIA is a web manager for charitable institutions. |
CVE-2026-31894 | High | 7.5 | — | 2026-03-11 | WeGIA is a web manager for charitable institutions. |
Linagora · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-70039 | Critical | 9.8 | — | 2026-03-09 | An issue pertaining to CWE-78: Improper Neutralization of Special Elements used in an OS Command was discovered in linagora Twake v2023.Q1.1223. |
CVE-2025-70038 | High | 8.8 | — | 2026-03-09 | An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. |
CVE-2025-70037 | Medium | 6.1 | — | 2026-03-09 | An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in linagora Twake v2023.Q1.1223. |
Linethemes · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32391 | Medium | 5.4 | — | 2026-03-13 | Missing Authorization vulnerability in linethemes SmartFix smartfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SmartFix: from n/a through < 1.2.4. |
CVE-2026-32390 | Medium | 5.4 | — | 2026-03-13 | Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nanosoft: from n/a through < 1.3.2. |
CVE-2026-32388 | Medium | 5.4 | — | 2026-03-13 | Missing Authorization vulnerability in linethemes GLB glb allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GLB: from n/a through <= 1.2.2. |
Linux · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-23240 | Critical | 9.8 | — | 2026-03-10 | In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was discovered during a code audit. |
CVE-2026-23239 | High | 7.8 | — | 2026-03-10 | In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcp_close() This issue was discovered during a code audit. |
CVE-2024-14027 | Medium | 5.5 | — | 2026-03-09 | In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput() in fremovexattr error path In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a file reference but returns early without… |
Micro Research Ltd. · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-27842 | Critical | 9.8 | — | 2026-03-11 | Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration. |
CVE-2026-24448 | Critical | 9.8 | — | 2026-03-11 | Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access. |
CVE-2026-20892 | High | 7.2 | — | 2026-03-11 | Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands. |
Misskey · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-28432 | High | 7.5 | — | 2026-03-10 | Misskey is an open source, federated social media platform. |
CVE-2026-28431 | High | 7.5 | — | 2026-03-10 | Misskey is an open source, federated social media platform. |
CVE-2026-28433 | Medium | 4.3 | — | 2026-03-10 | Misskey is an open source, federated social media platform. |
Neo4j · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1524 | Critical | 9.8 | — | 2026-03-11 | An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions: If a neo4j admin configures two or more OIDC providers AND configures one or… |
CVE-2026-1497 | High | 7.2 | — | 2026-03-11 | Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent… |
CVE-2026-1471 | Medium | 6.5 | — | 2026-03-11 | Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. |
Opentext · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-12455 | High | 7.5 | — | 2026-03-13 | Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 thro… |
CVE-2025-12454 | Medium | 6.1 | — | 2026-03-13 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica manageme… |
CVE-2025-12453 | Medium | 6.1 | — | 2026-03-13 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica manageme… |
Radiustheme · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32369 | High | 7.5 | — | 2026-03-13 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Medilink-Core medilink-core allows PHP Local File Inclusion.This issue affects Medilink-Core: from n/a thr… |
CVE-2026-32396 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.13. |
CVE-2026-32372 | Medium | 5.3 | — | 2026-03-13 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder –… |
Realmag777 · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32458 | High | 7.6 | — | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through <= 1.0.8.7. |
CVE-2026-32455 | Medium | 6.5 | — | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects MDTF: from n/a through <= 1.3.5. |
CVE-2026-32450 | Medium | 6.5 | — | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active P… |
Top-password · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25477 | Medium | 6.2 | — | 2026-03-11 | RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog. |
CVE-2019-25476 | Medium | 6.2 | — | 2026-03-11 | Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. |
CVE-2019-25475 | Medium | 6.2 | — | 2026-03-11 | SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. |
Tp-link · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1668 | Critical | 9.8 | — | 2026-03-13 | The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. |
CVE-2026-3841 | High | 8.8 | — | 2026-03-12 | A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. |
CVE-2025-15568 | High | 8.0 | — | 2026-03-09 | A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. |
Umbraco · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31834 | High | 7.2 | — | 2026-03-10 | Umbraco is an ASP.NET CMS. |
CVE-2026-31833 | Medium | 6.7 | — | 2026-03-10 | Umbraco is an ASP.NET CMS. |
CVE-2026-31832 | Medium | 5.4 | — | 2026-03-10 | Umbraco is an ASP.NET CMS. |
Wellchoose · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3826 | Critical | 9.8 | — | 2026-03-11 | IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server. |
CVE-2026-3825 | Medium | 6.1 | — | 2026-03-11 | IFTOP developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. |
CVE-2026-3824 | Medium | 6.1 | — | 2026-03-11 | IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote attackers to craft a URL that tricks users into visiting malicious website. |
Zitadel · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32131 | High | 7.7 | — | 2026-03-11 | ZITADEL is an open source identity management platform. |
CVE-2026-32130 | High | 7.5 | — | 2026-03-11 | ZITADEL is an open source identity management platform. |
CVE-2026-32132 | High | 7.4 | — | 2026-03-11 | ZITADEL is an open source identity management platform. |
@Feathersjs · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-29793 | Critical | 9.8 | — | 2026-03-10 | Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. |
CVE-2026-29792 | Critical | 9.8 | — | 2026-03-10 | Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. |
Angeljudesuarez · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3944 | High | 7.3 | — | 2026-03-11 | A vulnerability was determined in itsourcecode University Management System 1.0. |
CVE-2026-3812 | Medium | 4.3 | — | 2026-03-09 | A vulnerability was determined in itsourcecode Payroll Management System 1.0. |
Argoproj · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-28229 | Critical | 9.8 | — | 2026-03-11 | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. |
CVE-2026-31892 | High | 8.1 | — | 2026-03-11 | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. |
Arraytics · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1920 | Medium | 5.3 | — | 2026-03-10 | The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'Extension_Controller::update_item_permissions_check'… |
CVE-2026-1919 | Medium | 5.3 | — | 2026-03-10 | The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including… |
Bplugins · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32359 | Medium | 6.5 | — | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Icon List Block icon-list-block allows Stored XSS.This issue affects Icon List Block: from n/a through <= 1.2.3. |
CVE-2026-32416 | Medium | 5.4 | — | 2026-03-13 | Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through <= 2.4.0. |
Bytedesk · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3789 | Medium | 6.3 | — | 2026-03-09 | A vulnerability was detected in Bytedesk up to 1.3.9. |
CVE-2026-3788 | Medium | 6.3 | — | 2026-03-09 | A security vulnerability has been detected in Bytedesk up to 1.3.9. |
Campcodes · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3984 | Low | 3.5 | — | 2026-03-12 | A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. |
CVE-2026-3983 | Low | 3.5 | — | 2026-03-12 | A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. |
Canonical · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3497 | High | 7.5 | — | 2026-03-12 | Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. |
CVE-2026-28384 | — | — | — | 2026-03-12 | An improper sanitization of the compression_algorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. |
Capnproto · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32240 | Medium | 6.5 | — | 2026-03-12 | Cap'n Proto is a data interchange format and capability-based RPC system. |
CVE-2026-32239 | Medium | 6.5 | — | 2026-03-12 | Cap'n Proto is a data interchange format and capability-based RPC system. |
Checkmk · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2859 | Medium | 4.3 | — | 2026-03-13 | Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deploy_agent endpoint… |
CVE-2026-24097 | Medium | 4.3 | — | 2026-03-13 | Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows authenticated users to enumerate existing hosts by observing different HTTP response codes in agent-receiver/register_… |
Creatives_planet · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32393 | High | 7.5 | — | 2026-03-13 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.This issue affects Greenly Theme… |
CVE-2026-32392 | High | 7.5 | — | 2026-03-13 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly greenly allows PHP Local File Inclusion.This issue affects Greenly: from n/a through <= 8.1. |
Crocoblock · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32355 | High | 8.8 | — | 2026-03-13 | Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through < 3.8.4.1. |
CVE-2026-3496 | High | 7.5 | — | 2026-03-11 | The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'check_in_date' parameter in all versions up to, and including, 4.0.3. |
Dagu · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31886 | Critical | 9.1 | — | 2026-03-13 | Dagu is a workflow engine with a built-in Web user interface. |
CVE-2026-31882 | High | 7.5 | — | 2026-03-13 | Dagu is a workflow engine with a built-in Web user interface. |
Danny-avila · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31944 | High | 7.6 | — | 2026-03-13 | LibreChat is a ChatGPT clone with additional features. |
CVE-2026-31949 | Medium | 6.5 | — | 2026-03-13 | LibreChat is a ChatGPT clone with additional features. |
Deltaww · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3630 | Critical | 9.8 | — | 2026-03-09 | Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability. |
CVE-2026-3631 | High | 7.5 | — | 2026-03-09 | Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability. |
Doramart · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3794 | High | 7.3 | — | 2026-03-09 | A vulnerability was identified in doramart DoraCMS 3.0.x. |
CVE-2026-3795 | Medium | 6.3 | — | 2026-03-09 | A security flaw has been discovered in doramart DoraCMS 3.0.x. |
Drakkan · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30914 | High | 8.1 | — | 2026-03-13 | SFTPGo is an open source, event-driven file transfer solution. |
CVE-2026-30915 | Medium | 4.3 | — | 2026-03-13 | SFTPGo is an open source, event-driven file transfer solution. |
Dronecode · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26742 | High | 8.1 | — | 2026-03-10 | PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. |
CVE-2026-26741 | High | 8.1 | — | 2026-03-10 | PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. |
Elementor · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32352 | Medium | 6.5 | — | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows DOM-Based XSS.This issue affects Elementor Website Builder: from n/a through <= 3.35… |
CVE-2026-32445 | Low | 2.7 | — | 2026-03-13 | Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.35.5. |
Ellanetworks · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32319 | High | 7.5 | — | 2026-03-13 | Ella Core is a 5G core designed for private networks. |
CVE-2026-32320 | Medium | 6.5 | — | 2026-03-13 | Ella Core is a 5G core designed for private networks. |
Eventobot · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-40639 | Critical | 9.8 | — | 2026-03-09 | A SQL injection vulnerability has been found in Eventobot. |
CVE-2025-40638 | Medium | 6.1 | — | 2026-03-09 | A reflected Cross-Site Scripting (XSS) vulnerability has been found in Eventobot. |
Facilemanager · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30919 | High | 7.6 | — | 2026-03-10 | facileManager is a modular suite of web apps built with the sysadmin in mind. |
CVE-2026-30918 | High | 7.6 | — | 2026-03-10 | facileManager is a modular suite of web apps built with the sysadmin in mind. |
Filebrowser · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30934 | High | 8.9 | — | 2026-03-10 | FileBrowser Quantum is a free, self-hosted, web-based file manager. |
CVE-2026-30933 | High | 7.5 | — | 2026-03-10 | FileBrowser Quantum is a free, self-hosted, web-based file manager. |
Fit2cloud · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31864 | Medium | 6.8 | — | 2026-03-13 | JumpServer is an open source bastion host and an operation and maintenance security audit system. |
CVE-2026-31798 | Medium | 5.0 | — | 2026-03-13 | JumpServer is an open source bastion host and an operation and maintenance security audit system. |
Freshrss · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-62166 | High | 7.5 | — | 2026-03-09 | FreshRSS is a free, self-hostable RSS aggregator. |
CVE-2025-68402 | — | — | — | 2026-03-09 | FreshRSS is a free, self-hostable RSS aggregator. |
Himmelblau-idm · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31957 | Critical | 10.0 | — | 2026-03-11 | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. |
CVE-2026-31979 | High | 8.8 | — | 2026-03-11 | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. |
Homeassistant-ai · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32112 | Medium | 6.8 | — | 2026-03-11 | ha-mcp is a Home Assistant MCP Server. |
CVE-2026-32111 | Medium | 5.3 | — | 2026-03-11 | ha-mcp is a Home Assistant MCP Server. |
Istio · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31837 | High | 7.5 | — | 2026-03-10 | Istio is an open platform to connect, manage, and secure microservices. |
CVE-2026-31838 | Medium | 5.3 | — | 2026-03-10 | Istio is an open platform to connect, manage, and secure microservices. |
Janobe · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3806 | Medium | 6.3 | — | 2026-03-09 | A weakness has been identified in SourceCodester/janobe Resort Reservation System 1.0. |
CVE-2026-3800 | Medium | 6.3 | — | 2026-03-09 | A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. |
Jetbrains · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32229 | Medium | 6.8 | — | 2026-03-11 | In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled |
CVE-2026-32745 | Medium | 6.3 | — | 2026-03-13 | In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings |
Josh Kohlbach · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32443 | Medium | 6.5 | — | 2026-03-13 | Cross-Site Request Forgery (CSRF) vulnerability in Josh Kohlbach Product Feed PRO for WooCommerce woo-product-feed-pro allows Cross Site Request Forgery.This issue affects Product Feed PRO for WooCommerce: from n/a through <= 13.5.2. |
CVE-2026-31919 | Medium | 4.3 | — | 2026-03-13 | Missing Authorization vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Coupons… |
Konradpl99 · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25539 | High | 8.2 | — | 2026-03-12 | 202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. |
CVE-2019-25538 | High | 8.2 | — | 2026-03-12 | 202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. |
Kovah · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30953 | High | 7.7 | — | 2026-03-10 | LinkAce is a self-hosted archive to collect website links. |
CVE-2026-30954 | Medium | 4.3 | — | 2026-03-10 | LinkAce is a self-hosted archive to collect website links. |
Lexbor · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-29079 | High | 7.5 | — | 2026-03-13 | Lexbor is a web browser engine library. |
CVE-2026-29078 | High | 7.5 | — | 2026-03-13 | Lexbor is a web browser engine library. |
Limesurvey · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-56422 | Critical | 9.8 | — | 2026-03-10 | A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server. |
CVE-2025-56421 | High | 7.5 | — | 2026-03-10 | SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database. |
Linknacional · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3891 | Critical | 9.8 | — | 2026-03-13 | The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' function in all versions up to, and inc… |
CVE-2026-32425 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Pix For GiveWP: fr… |
Lmsys · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3060 | Critical | 9.8 | — | 2026-03-12 | SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication. |
CVE-2026-3059 | Critical | 9.8 | — | 2026-03-12 | SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication. |
Magepeopleteam · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32384 | High | 7.5 | — | 2026-03-13 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam WpBookingly service-booking-manager allows PHP Local File Inclusion.This issue affects WpBookingly: fro… |
CVE-2026-32354 | Medium | 5.3 | — | 2026-03-13 | Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through < 5.1.9. |
Nicolargo · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30930 | Critical | 9.8 | — | 2026-03-10 | Glances is an open-source system cross-platform monitoring tool. |
CVE-2026-30928 | High | 7.5 | — | 2026-03-10 | Glances is an open-source system cross-platform monitoring tool. |
Noor Alam · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32429 | Medium | 6.5 | — | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.This issue affects Magical Addons For Elementor: fr… |
CVE-2026-32387 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout for PayPal: from n/a through <= 1.0.46. |
Olivetin · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31817 | High | 8.5 | — | 2026-03-10 | OliveTin gives access to predefined shell commands from a web interface. |
CVE-2026-32102 | Medium | 6.5 | — | 2026-03-11 | OliveTin gives access to predefined shell commands from a web interface. |
Palo Alto Networks · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-0231 | — | — | — | 2026-03-11 | An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration s… |
CVE-2026-0230 | — | — | — | 2026-03-11 | A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. |
Pocket-id · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-28513 | High | 8.5 | — | 2026-03-10 | Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. |
CVE-2026-28512 | High | 7.1 | — | 2026-03-10 | Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. |
Progress Software · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2514 | — | — | — | 2026-03-12 | In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a vulnerability exists whereby an adversary with access to Flowmon monitoring ports may craft malicious network data that, when processed by Flowmon ADS and viewed by an authenti… |
CVE-2026-2513 | — | — | — | 2026-03-12 | A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web se… |
Psf · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31900 | Critical | 9.8 | — | 2026-03-11 | Black is the uncompromising Python code formatter. |
CVE-2026-32274 | High | 7.5 | — | 2026-03-12 | Black is the uncompromising Python code formatter. |
Robfelty · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32366 | High | 8.5 | — | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a throug… |
CVE-2026-32365 | High | 8.5 | — | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Collapsing Archives: from n/a through <= 3… |
Roxnor · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2257 | Medium | 6.4 | — | 2026-03-13 | The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2 due to missing validation on a user controlled key in the `action` function. |
CVE-2026-2879 | Medium | 5.4 | — | 2026-03-13 | The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2. |
Smub · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1993 | High | 8.8 | — | 2026-03-11 | The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in versions 7.1.0 through 9.0.2. |
CVE-2026-1992 | High | 8.8 | — | 2026-03-11 | The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. |
Stellar · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32322 | Medium | 5.3 | — | 2026-03-13 | soroban-sdk is a Rust SDK for Soroban contracts. |
CVE-2026-32129 | — | — | — | 2026-03-12 | soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. |
Steveiliop56 · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32246 | High | 8.5 | — | 2026-03-12 | Tinyauth is an authentication and authorization server. |
CVE-2026-32245 | Medium | 6.5 | — | 2026-03-12 | Tinyauth is an authentication and authorization server. |
Strategy11team · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2890 | High | 7.5 | — | 2026-03-13 | The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. |
CVE-2026-2888 | Medium | 5.3 | — | 2026-03-13 | The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. |
Strukturag · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3950 | Low | 3.3 | — | 2026-03-11 | A vulnerability was identified in strukturag libheif up to 1.21.2. |
CVE-2026-3949 | Low | 3.3 | — | 2026-03-11 | A vulnerability was determined in strukturag libheif up to 1.21.2. |
Thehappymonster · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2918 | Medium | 6.4 | — | 2026-03-11 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the `ha_condition_update` AJAX action. |
CVE-2026-2917 | Medium | 5.4 | — | 2026-03-11 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the `ha_duplicate_thing` admin action handler. |
Tiandy · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3818 | High | 7.3 | — | 2026-03-09 | A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. |
CVE-2026-3797 | Medium | 6.3 | — | 2026-03-09 | A security vulnerability has been detected in Tiandy Video Surveillance System 视频监控平台 7.17.0. |
Unjs · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31860 | Medium | 6.1 | — | 2026-03-12 | Unhead is a document head and template manager. |
CVE-2026-31873 | Unrated | — | — | 2026-03-12 | Unhead is a document head and template manager. |
Useplunk · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32096 | Critical | 9.3 | — | 2026-03-11 | Plunk is an open-source email platform built on top of AWS SES. |
CVE-2026-32095 | Medium | 5.4 | — | 2026-03-11 | Plunk is an open-source email platform built on top of AWS SES. |
Utt · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3815 | High | 8.8 | — | 2026-03-09 | A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. |
CVE-2026-3814 | High | 8.8 | — | 2026-03-09 | A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. |
Vaadin · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2741 | Medium | 6.8 | — | 2026-03-10 | Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 15.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. |
CVE-2026-2742 | Medium | 5.3 | — | 2026-03-10 | An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserve… |
Wpclever · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32407 | Medium | 4.3 | — | 2026-03-13 | Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Smart Wishlist for WooCommerce: from n/a t… |
CVE-2026-32406 | Medium | 4.3 | — | 2026-03-13 | Missing Authorization vulnerability in WPClever WPC Product Bundles for WooCommerce woo-product-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Product Bundles for WooCommerce: from n/a… |
Xierongwkhd · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3957 | Medium | 4.7 | — | 2026-03-11 | A flaw has been found in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. |
CVE-2026-3956 | Medium | 4.7 | — | 2026-03-11 | A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. |
0xkoda · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3959 | Medium | 5.3 | — | 2026-03-11 | A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. |
10web · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32330 | Medium | 4.3 | — | 2026-03-13 | Cross-Site Request Forgery (CSRF) vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.37. |
2fauth · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32133 | Critical | 9.1 | — | 2026-03-11 | 2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. |
648540858 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3966 | Medium | 6.3 | — | 2026-03-12 | A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. |
@Appium · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30973 | Medium | 6.5 | — | 2026-03-10 | Appium is an automation framework that provides WebDriver-based automation possibilities for a wide range platforms. |
@Powersync · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30870 | Medium | 6.5 | — | 2026-03-10 | PowerSync Service is the server-side component of the PowerSync sync engine. |
@Studiocms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32101 | High | 7.6 | — | 2026-03-11 | StudioCMS is a server-side-rendered, Astro native, headless content management system. |
Activity-log.com · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32362 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sessions Time Monitoring Full Aut… |
Actual · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3089 | Medium | 6.5 | — | 2026-03-09 | Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. |
Adguard · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32136 | Critical | 9.8 | — | 2026-03-11 | AdGuard Home is a network-wide software for blocking ads and tracking. |
Admidio · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30927 | Medium | 5.4 | — | 2026-03-10 | Admidio is an open-source user management solution. |
Agile Logix · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32421 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a through <= 2.4.1. |
Aisarlabs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32232 | Critical | 9.8 | — | 2026-03-12 | ZeptoClaw is a personal AI assistant. |
Alfresco · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3967 | Medium | 6.3 | — | 2026-03-12 | A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. |
Alimir · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2358 | Medium | 6.4 | — | 2026-03-11 | The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[wp_ulike_likers_box]` shortcode `template` attribute in all versions up to, and including, 5.0.1. |
Andy Fragen · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32349 | Medium | 4.9 | — | 2026-03-13 | Server-Side Request Forgery (SSRF) vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer allows Server Side Request Forgery.This issue affects Embed PDF Viewer: from n/a through <= 2.4.7. |
Anyproto · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31863 | Low | 3.6 | — | 2026-03-11 | Anytype Heart is the middleware library for Anytype. |
Anysphere · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31854 | High | 8.8 | — | 2026-03-11 | Cursor is a code editor built for programming with AI. |
Apich-organization · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30960 | — | — | — | 2026-03-10 | rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities. |
Apple · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-43010 | High | 8.8 | — | 2026-03-12 | The issue was addressed with improved memory handling. |
Appsmith · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30862 | Critical | 9.0 | — | 2026-03-10 | Appsmith is a platform to build admin panels, internal tools, and dashboards. |
Armbot · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25480 | High | 7.5 | — | 2026-03-11 | ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. |
Asseco · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-66955 | Medium | 6.5 | — | 2026-03-12 | Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API cal… |
At&t Bell Labs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-71263 | High | 7.4 | — | 2026-03-13 | In UNIX Fourth Research Edition (v4), the su command is vulnerable to a buffer overflow due to the 'password' variable having a fixed size of 100 bytes. |
Atop Technologies · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3823 | High | 8.8 | — | 2026-03-09 | EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code. |
Autohomecorp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3968 | Medium | 6.3 | — | 2026-03-12 | A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. |
Beghelli · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-22191 | Medium | 5.2 | — | 2026-03-13 | Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. |
Blubrry · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32351 | Medium | 5.9 | — | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blubrry PowerPress Podcasting powerpress allows Stored XSS.This issue affects PowerPress Podcasting: from n/a through <= 11.15.13. |
Blue-b · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31827 | — | — | — | 2026-03-10 | Alienbin is an anonymous code and text sharing web service. |
Bogdan Bendziukov · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32415 | Medium | 5.0 | — | 2026-03-13 | Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7. |
Bowo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32423 | Medium | 5.4 | — | 2026-03-13 | Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a th… |
Brainstorm Force · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32431 | Medium | 6.5 | — | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through <= 1.2.10. |
Brainstormforce · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3534 | Medium | 6.4 | — | 2026-03-11 | The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `ast-page-background-meta` and `ast-content-background-meta` post meta fields in all versions up to, and including, 4.12.3. |
Broadcom · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3862 | Medium | 4.8 | — | 2026-03-10 | Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page. |
Bukts · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3843 | Critical | 9.8 | — | 2026-03-10 | Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module. |
Calibre-ebook · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30853 | Medium | 5.0 | — | 2026-03-13 | calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. |
Centrifugal · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32301 | Critical | 9.3 | — | 2026-03-13 | Centrifugo is an open-source scalable real-time messaging server. |
Cesiumgs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3990 | Medium | 4.3 | — | 2026-03-12 | A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0. |
Citeum · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-21887 | High | 7.7 | — | 2026-03-12 | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. |
Classroomio · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-67298 | High | 8.1 | — | 2026-03-11 | An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile |
Codegenieapp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3992 | Medium | 6.3 | — | 2026-03-12 | A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. |
Codesys · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2364 | High | 7.3 | — | 2026-03-10 | If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer. |
Comfast · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3798 | Medium | 4.7 | — | 2026-03-09 | A vulnerability was detected in Comfast CF-AC100 2.6.0.8. |
Comppolicylab · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32097 | High | 8.8 | — | 2026-03-11 | PingPong is a platform for using large language models (LLMs) for teaching and learning. |
Comtrend · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25483 | High | 8.4 | — | 2026-03-11 | Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $( ). |
Coppermine Photo Gallery · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3013 | — | — | — | 2026-03-11 | Coppermine Photo Gallery in versions 1.6.09 through 1.6.27 is vulnerable to path traversal. |
Courtbouillon · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31899 | High | 7.5 | — | 2026-03-13 | CairoSVG is an SVG converter based on Cairo, a 2D graphics library. |
Cozy Vision · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32373 | Medium | 5.4 | — | 2026-03-13 | Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Alert Order Notifications: from n/a through <= 3.9.0. |
Cyberchimps · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32543 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Blocks: from n/a through <= 2.2.0. |
D-link · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3978 | High | 8.8 | — | 2026-03-12 | A vulnerability was detected in D-Link DIR-513 1.10. |
David Lingren · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32399 | High | 8.5 | — | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from… |
Dearhive · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2569 | Medium | 6.4 | — | 2026-03-11 | The Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via PDF page labels in all versions up to, and including, 2.4.20 due to insufficient input sanitization… |
Defnull · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-28356 | High | 7.5 | — | 2026-03-12 | multipart is a fast multipart/form-data parser for python. |
Delphiknight · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32368 | High | 8.5 | — | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through <= 1.0.19. |
Deno · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32260 | High | 8.1 | — | 2026-03-12 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. |
Desertthemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32344 | Medium | 4.3 | — | 2026-03-13 | Cross-Site Request Forgery (CSRF) vulnerability in desertthemes Corpiva corpiva allows Cross Site Request Forgery.This issue affects Corpiva: from n/a through <= 1.0.96. |
Devolutions · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3638 | Medium | 5.9 | — | 2026-03-09 | Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-privileged authenticated user to restore deleted users and roles via crafted API requests. |
Digital Arts Inc. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-28267 | Medium | 5.5 | — | 2026-03-10 | Multiple i-フィルター products are configured with improper file access permission settings. |
Django-commons · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31815 | Medium | 5.3 | — | 2026-03-10 | Unicorn adds modern reactive component functionality to your Django templates. |
Dsd Consulting Services Llc. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25464 | Medium | 5.5 | — | 2026-03-11 | InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. |
Dvankooten · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1781 | Medium | 6.5 | — | 2026-03-11 | The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. |
E2pdf · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32442 | Medium | 5.0 | — | 2026-03-13 | Missing Authorization vulnerability in E2Pdf e2pdf e2pdf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through <= 1.28.15. |
Eaton · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-22614 | Medium | 6.1 | — | 2026-03-10 | The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and… |
Ekacnet · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32117 | High | 7.6 | — | 2026-03-11 | The grafanacubism-panel plugin allows use of cubism.js in Grafana. |
Elemntor · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2413 | High | 7.5 | — | 2026-03-11 | The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. |
Elysiajs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30837 | High | 7.5 | — | 2026-03-10 | Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. |
Emlog · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31954 | Unrated | — | — | 2026-03-11 | Emlog is an open source website building system. |
Emqx · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-21888 | High | 7.5 | — | 2026-03-11 | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. |
Envothemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32386 | Medium | 4.3 | — | 2026-03-13 | Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Extra: from n/a through <= 1.9.13. |
Epross · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2018-25159 | Critical | 9.8 | — | 2026-03-11 | Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL) injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. |
Eric Teubert · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32448 | Medium | 6.5 | — | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publi… |
Ericcornelissen · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32094 | Medium | 6.5 | — | 2026-03-11 | Shescape is a simple shell escape library for JavaScript. |
Ewon · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25470 | High | 7.5 | — | 2026-03-11 | eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. |
Ex-themes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32440 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Food: from n/a through < 2.7.1. |
Fastgpt · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32128 | Medium | 6.3 | — | 2026-03-11 | FastGPT is an AI Agent building platform. |
Feminer · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3969 | High | 7.3 | — | 2026-03-12 | A vulnerability was detected in FeMiner wms up to 1.0. |
Fernando Briano · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32419 | Medium | 5.9 | — | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fernando Briano List category posts list-category-posts allows DOM-Based XSS.This issue affects List category posts: from n/a through <=… |
Filethingie · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25471 | Critical | 9.8 | — | 2026-03-11 | FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files by sending ZIP archives through the ft2.php endpoint. |
Flarum · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30913 | Medium | 4.6 | — | 2026-03-10 | Flarum is open-source forum software. |
Flintsh · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30942 | Medium | 6.5 | — | 2026-03-10 | Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. |
Flippercode · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3222 | High | 7.5 | — | 2026-03-11 | The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'location_id' parameter in all versions up to, and including, 4.9.1. |
Flowiseai · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31829 | High | 7.1 | — | 2026-03-10 | Flowise is a drag & drop user interface to build a customized large language model flow. |
Flycart · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32459 | High | 7.6 | — | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects UpsellWP: from n/a through <= 2.2.4. |
Forcepoint · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-12690 | High | 7.8 | — | 2026-03-11 | Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation.This issue affects NGFW Engine through 6.10.19, through 7.3.0, through 7.2.4, through 7.1.10. |
Funlus Oy · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32363 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-info allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLifeCycle: from n/a through <= 3.3.1. |
Generatedata · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-70025 | Medium | 6.1 | — | 2026-03-10 | An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in benkeen generatedata 4.0.14. |
Getgosoft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25478 | High | 7.5 | — | 2026-03-11 | GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. |
Getsimple-ce · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-28495 | Critical | 9.6 | — | 2026-03-10 | GetSimple CMS is a content management system. |
Getzep · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32247 | High | 8.1 | — | 2026-03-12 | Graphiti is a framework for building and querying temporal context graphs for AI agents. |
Ggml · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-27940 | High | 7.8 | — | 2026-03-12 | llama.cpp is an inference of several LLM models in C/C++. |
Ghostty · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26982 | Medium | 6.3 | — | 2026-03-10 | Ghostty is a cross-platform terminal emulator. |
Giflib · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-23868 | Medium | 5.1 | — | 2026-03-10 | Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. |
Gift Up! · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32412 | Medium | 5.4 | — | 2026-03-13 | Server-Side Request Forgery (SSRF) vulnerability in Gift Up! |
Git-for-windows · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-66413 | High | 7.4 | — | 2026-03-10 | Git for Windows is the Windows port of Git. |
Gleam-wisp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-28807 | High | 7.5 | — | 2026-03-10 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. |
Glpi-project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-22248 | High | 8.0 | — | 2026-03-11 | GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. |
Gnome · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3099 | Medium | 5.8 | — | 2026-03-12 | A flaw was found in Libsoup. |
Gravity Forms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3492 | Medium | 6.4 | — | 2026-03-11 | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. |
H3c · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3943 | High | 7.3 | — | 2026-03-11 | A vulnerability was found in H3C ACG1000-AK230 up to 20260227. |
Harttle · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30952 | High | 7.5 | — | 2026-03-10 | liquidjs is a Shopify / GitHub Pages compatible template engine in pure JavaScript. |
Hashicorp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2808 | Medium | 6.8 | — | 2026-03-12 | HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. |
Hcl · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-21791 | Low | 3.3 | — | 2026-03-10 | HCL Sametime for Android is impacted by a sensitive information disclosure. |
Hclsoftware · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-62328 | Low | 3.7 | — | 2026-03-11 | HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors. |
Hex · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-23940 | Medium | 6.5 | — | 2026-03-13 | Uncontrolled Resource Consumption vulnerability in hexpm hexpm/hexpm allows Excessive Allocation. |
Hisilicon · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25465 | High | 7.5 | — | 2026-03-11 | Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. |
Hitachi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-11158 | Critical | 9.1 | — | 2026-03-10 | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE. |
Honeywell · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3611 | Critical | 10.0 | — | 2026-03-12 | The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. |
Hotel-booking-script · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25530 | High | 8.2 | — | 2026-03-12 | uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the system_page GET parameter. |
Hyperterse · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31841 | Medium | 6.5 | — | 2026-03-12 | Hyperterse is a tool-first MCP framework for building AI-ready backend surfaces from declarative config. |
Ideabox Creations · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32430 | Medium | 6.5 | — | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IdeaBox Creations PowerPack Addons for Elementor powerpack-lite-for-elementor allows Stored XSS.This issue affects PowerPack Addons for E… |
Ikea · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3588 | High | 7.5 | — | 2026-03-09 | A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request. |
Illid · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32414 | High | 7.2 | — | 2026-03-13 | Improper Control of Generation of Code ('Code Injection') vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Remote Code Inclusion.This issue affects Advanced Woo Labels: from n/a through <= 2.36. |
Imaginationtech · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-21736 | Medium | 4.4 | — | 2026-03-09 | Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory. |
Immonex · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31918 | Medium | 6.5 | — | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in immonex immonex Kickstart immonex-kickstart allows Stored XSS.This issue affects immonex Kickstart: from n/a through <= 1.13.0. |
Inductive Automation · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-13913 | Medium | 6.3 | — | 2026-03-12 | A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code. |
Inspektor-gadget · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31890 | Medium | 5.5 | — | 2026-03-12 | Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. |
Instantcms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-28281 | High | 7.1 | — | 2026-03-10 | InstantCMS is a free and open source content management system. |
Intelbras · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25472 | High | 7.5 | — | 2026-03-11 | IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. |
Isaacs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31802 | Medium | 5.5 | — | 2026-03-10 | node-tar is a full-featured Tar for Node.js. |
Iscripts · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25481 | High | 8.2 | — | 2026-03-12 | iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. |
Israpil · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32331 | Medium | 5.4 | — | 2026-03-13 | Missing Authorization vulnerability in Israpil Textmetrics webtexttool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Textmetrics: from n/a through <= 3.6.4. |
Iulia Cazan · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31916 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through <= 14.2.1. |
Ivanti · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3483 | High | 7.8 | — | 2026-03-10 | An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges. |
Janis Elsts · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32456 | Medium | 4.3 | — | 2026-03-13 | Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through <= 1.14.1. |
Jarikomppa · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-4009 | Low | 3.3 | — | 2026-03-12 | A vulnerability has been found in jarikomppa soloud up to 20200207. |
Jcharis · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3962 | Medium | 4.3 | — | 2026-03-11 | A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. |
Jellyfin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31852 | Critical | 10.0 | — | 2026-03-11 | Jellyfin is an open-source media system. |
Jeroenpeters1986 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3178 | High | 7.2 | — | 2026-03-11 | The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name_directory_name' parameter in all versions up to, and including, 1.32.1 due to insufficient input sanitization and output escaping. |
Jordy Meow · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32418 | High | 7.6 | — | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through <= 5.4.4. |
Jpadilla · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32597 | High | 7.5 | — | 2026-03-13 | PyJWT is a JSON Web Token implementation in Python. |
Katsushi Kawamori · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32357 | Medium | 6.4 | — | 2026-03-13 | Server-Side Request Forgery (SSRF) vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple Blog Card: from n/a through <= 2.37. |
Keygraphhq · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-29023 | High | 7.3 | — | 2026-03-09 | Keygraph Shannon contains a hard-coded API key in its router configuration that, when the router component is enabled and exposed, allows network attackers to authenticate using the publicly known static key. |
Koha · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31844 | High | 8.8 | — | 2026-03-11 | An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionali… |
Kubernetes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3288 | High | 8.8 | — | 2026-03-09 | A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. |
Kubewarden · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-29773 | Medium | 4.3 | — | 2026-03-10 | Kubewarden is a policy engine for Kubernetes. |
Latepoint · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2324 | Medium | 6.1 | — | 2026-03-11 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.7. |
Lesspass · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-70050 | Medium | 6.5 | — | 2026-03-09 | An issue pertaining to CWE-312: Cleartext Storage of Sensitive Information was discovered in lesspass lesspass v9.6.9 which allows attackers to obtain sensitive information. |
Levelfourdevelopment · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32422 | High | 8.5 | — | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13. |
Libp2p · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31814 | High | 7.5 | — | 2026-03-13 | Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. |
Lihaohong6 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30977 | — | — | — | 2026-03-10 | RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScript. |
Linuxfoundation · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-61611 | High | 7.5 | — | 2026-03-09 | In modem, there is a possible improper input validation. |
Liton Arefin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32462 | Medium | 5.9 | — | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Master Addons for Elementor: from n/a thro… |
Lockerproject · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3951 | Medium | 4.3 | — | 2026-03-11 | A security flaw has been discovered in LockerProject Locker 0.0.0/0.0.1/0.1.0. |
Locutus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32304 | Critical | 9.8 | — | 2026-03-13 | Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. |
Louislam · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32230 | Medium | 5.3 | — | 2026-03-12 | Uptime Kuma is an open source, self-hosted monitoring tool. |
Lupinlin1 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-70040 | Medium | 5.3 | — | 2026-03-09 | An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. |
Maciej Bis · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32413 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Permalink Manager Lite: from n/a through < 2.5.3. |
Madrasthemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32348 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through <= 1.3.2. |
Magazine3 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32343 | Medium | 4.3 | — | 2026-03-13 | Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Easy Table of Contents easy-table-of-contents allows Cross Site Request Forgery.This issue affects Easy Table of Contents: from n/a through <= 2.0.80. |
Magic-wormhole · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32116 | High | 8.1 | — | 2026-03-12 | Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. |
Mailerpress Team · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32353 | Medium | 6.4 | — | 2026-03-13 | Server-Side Request Forgery (SSRF) vulnerability in MailerPress Team MailerPress mailerpress allows Server Side Request Forgery.This issue affects MailerPress: from n/a through <= 1.4.2. |
Marketing Fire · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32361 | Medium | 6.5 | — | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows DOM-Based XSS.This issue affects Editorial Calendar: from n/a through <= 3.9… |
Maykinmedia · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-28803 | Medium | 6.5 | — | 2026-03-11 | Open Forms allows users create and publish smart forms. |
Mcp-atlassian · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-27825 | Critical | 9.0 | — | 2026-03-10 | MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). |
Metagauss · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32385 | Medium | 5.4 | — | 2026-03-13 | Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from… |
Miazzy · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-70046 | Critical | 9.8 | — | 2026-03-09 | An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-front-service master. |
Micode · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-29515 | Critical | 9.8 | — | 2026-03-11 | MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. |
Mitsubishi Electric Corporation · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-2399 | Medium | 5.9 | — | 2026-03-10 | Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric CNC M800V Series M800VW and M800VS, M80V Series M80V and M80VW, M800 Series M800W and M800S, M80 Series M80 and M80W, E80 Series E80… |
Mobatek · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25866 | High | 7.8 | — | 2026-03-09 | MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. |
Modulards · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3903 | Medium | 4.3 | — | 2026-03-11 | The Modular DS: Monitor, update, and backup multiple websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. |
Mscdex · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-70034 | High | 7.5 | — | 2026-03-09 | An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in mscdex ssh2 v1.17.0. |
Nerves-hub · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-28806 | High | 8.8 | — | 2026-03-10 | Improper Authorization vulnerability in nerves-hub nerves_hub_web allows cross-organization device control via device bulk actions and device update API. |
Netbox-community · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-27573 | Critical | 9.0 | — | 2026-03-11 | netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). |
Netgain Systems · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25468 | Critical | 9.8 | — | 2026-03-11 | NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the script_test.jsp endpoint. |
Newsoftwares · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25469 | Medium | 6.2 | — | 2026-03-11 | Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. |
Nextscripts · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3228 | Medium | 6.4 | — | 2026-03-10 | The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[nxs_fbembed]` shortcode in all versions up to, and including, 4.4.6. |
Nltk · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-0846 | High | 7.5 | — | 2026-03-09 | A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. |
Nsauditor · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25463 | Medium | 6.2 | — | 2026-03-11 | SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. |
Nyariv · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26954 | Critical | 10.0 | — | 2026-03-13 | SandboxJS is a JavaScript sandboxing library. |
Open-feature · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31866 | High | 7.5 | — | 2026-03-11 | flagd is a feature flag daemon with a Unix philosophy. |
Openbmb · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3954 | Medium | 6.5 | — | 2026-03-11 | A weakness has been identified in OpenBMB XAgent 1.0.0. |
Opencc · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3813 | Medium | 6.3 | — | 2026-03-09 | A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. |
Openssl · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2673 | Medium | 6.5 | — | 2026-03-13 | Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. |
Opnsense · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30868 | Medium | 6.3 | — | 2026-03-11 | OPNsense is a FreeBSD based firewall and routing platform. |
Oretnom23 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3819 | Low | 3.5 | — | 2026-03-09 | A vulnerability has been found in SourceCodester Resort Reservation System 1.0. |
Owasp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3816 | Medium | 4.3 | — | 2026-03-09 | A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. |
Owen2345 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1776 | Medium | 6.5 | — | 2026-03-10 | Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. |
Pamzey · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3817 | Medium | 5.3 | — | 2026-03-09 | A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. |
Perfree · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3963 | Low | 3.7 | — | 2026-03-11 | A security flaw has been discovered in perfree go-fastdfs-web up to 1.3.7. |
Phpbusinessdirectory · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25533 | High | 8.2 | — | 2026-03-12 | Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. |
Pointsharp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3999 | High | 8.8 | — | 2026-03-13 | A broken access control may allow an authenticated user to perform a horizontal privilege escalation. |
Postalserver · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25529 | High | 8.1 | — | 2026-03-12 | Postal is an open source SMTP server. |
Premio · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3657 | High | 7.5 | — | 2026-03-12 | The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the `stickymenu_contact_lead_form` AJAX action in all versions up to, and including, 2.8.6. |
Project-zot · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31801 | High | 7.7 | — | 2026-03-10 | zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. |
Properfraction · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3453 | High | 8.1 | — | 2026-03-11 | The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. |
Publishpress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32394 | Medium | 4.3 | — | 2026-03-13 | Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a throug… |
Py-pdf · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31826 | Medium | 5.5 | — | 2026-03-10 | pypdf is a free and open-source pure-python PDF library. |
Python · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-13462 | Low | 3.3 | — | 2026-03-12 | The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. |
Q-see · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30896 | High | 7.8 | — | 2026-03-09 | The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). |
Qhkm · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32231 | High | 8.2 | — | 2026-03-12 | ZeptoClaw is a personal AI assistant. |
Qi-anxin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3796 | Medium | 5.3 | — | 2026-03-09 | A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 2025-10-22. |
Quickjs-ng · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3979 | Medium | 5.3 | — | 2026-03-12 | A flaw has been found in quickjs-ng quickjs up to 0.12.1. |
Quinn-rs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31812 | Medium | 5.3 | — | 2026-03-10 | Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. |
R-project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25485 | Medium | 6.2 | — | 2026-03-11 | R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. |
Really Simple Plugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32461 | Medium | 4.3 | — | 2026-03-13 | Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple SSL: from n/a through <= 9.5.7. |
Redqteam · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32364 | High | 7.5 | — | 2026-03-13 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in redqteam Turbo Manager turbo-manager allows PHP Local File Inclusion.This issue affects Turbo Manager: from n/a throug… |
Richplugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32360 | Medium | 5.9 | — | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richplugins Rich Showcase for Google Reviews widget-google-reviews allows Stored XSS.This issue affects Rich Showcase for Google Reviews… |
Riot-os · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-27703 | High | 7.5 | — | 2026-03-11 | RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. |
Robosoft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32356 | Medium | 6.5 | — | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery robo-gallery allows DOM-Based XSS.This issue affects Robo Gallery: from n/a through <= 5.1.2. |
Rometheme · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-12473 | Medium | 6.1 | — | 2026-03-11 | The RTMKit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'themebuilder' parameter in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. |
Ruben Garcia · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32420 | Medium | 5.4 | — | 2026-03-13 | Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garcia GamiPress gamipress allows Cross Site Request Forgery.This issue affects GamiPress: from n/a through <= 7.6.6. |
Rui314 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3994 | Medium | 5.3 | — | 2026-03-12 | A vulnerability was detected in rui314 mold up to 2.40.4. |
Runtipi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31881 | High | 7.7 | — | 2026-03-11 | Runtipi is a personal homeserver orchestrator. |
Rxi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-4012 | Low | 3.3 | — | 2026-03-12 | A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. |
Sapido · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25487 | Critical | 9.8 | — | 2026-03-11 | SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the formSysCmd endpoint. |
Sequelize · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30951 | High | 7.5 | — | 2026-03-10 | Sequelize is a Node.js ORM tool. |
Sglang · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3989 | High | 7.8 | — | 2026-03-12 | SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization. |
Sharing-file · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25466 | High | 8.4 | — | 2026-03-11 | Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. |
Shufflehound · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32328 | Medium | 5.4 | — | 2026-03-13 | Cross-Site Request Forgery (CSRF) vulnerability in shufflehound Lemmony lemmony allows Cross Site Request Forgery.This issue affects Lemmony: from n/a through < 1.7.1. |
Sigstore · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31830 | High | 7.5 | — | 2026-03-10 | sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. |
Simple-git_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-28292 | Critical | 9.8 | — | 2026-03-10 | `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remot… |
Simpma · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32411 | Medium | 6.5 | — | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendly: from n/a through <= 4.4. |
Sindresorhus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31808 | Medium | 5.3 | — | 2026-03-10 | file-type detects the file type of a file, stream, or data. |
Softwebinternational · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25473 | High | 7.1 | — | 2026-03-12 | Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. |
Sooperset · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-27826 | High | 8.2 | — | 2026-03-10 | MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). |
Sourcecodester · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-4013 | Medium | 6.3 | — | 2026-03-12 | A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. |
Sourceforge · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25529 | High | 7.1 | — | 2026-03-12 | Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. |
Specialk · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2987 | Medium | 6.1 | — | 2026-03-12 | The Simple Ajax Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'c' parameter in versions up to, and including, 20260217 due to insufficient input sanitization and output escaping. |
Spomky-labs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30964 | Medium | 5.4 | — | 2026-03-10 | web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. |
Stalin-143 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32138 | High | 8.2 | — | 2026-03-12 | NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. |
Statamic · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32612 | Medium | 5.4 | — | 2026-03-13 | Statamic is a Laravel and Git powered content management system (CMS). |
Stellarwp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3585 | High | 7.5 | — | 2026-03-10 | The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the 'ajax_create_import' function. |
Streamsoft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-0809 | — | — | — | 2026-03-12 | Use of a custom token encoding algorithm in Streamsoft Prestiż software allows the value of the KSeF (Krajowy System e-Faktur) token to be guessed after analyzing how tokens with know values are encoded. |
Streetwriters · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31876 | Medium | 5.4 | — | 2026-03-11 | Notesnook is a note-taking app focused on user privacy & ease of use. |
Striae · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31839 | High | 8.2 | — | 2026-03-11 | Striae is a firearms examiner's comparison companion. |
Studio99 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32404 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor: from n/a through <= 1.0.3. |
Subrata Mal · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32398 | Medium | 6.5 | — | 2026-03-13 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This issue affects TeraWallet – For WooComme… |
Supabase · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31813 | Medium | 4.8 | — | 2026-03-11 | Supabase Auth is a JWT based API for managing users and issuing JWT tokens. |
Svelte · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30226 | High | 7.5 | — | 2026-03-11 | Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. |
Swag · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32100 | Medium | 5.3 | — | 2026-03-12 | Shopware is an open commerce platform. |
Syed Balkhi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32446 | Medium | 4.3 | — | 2026-03-13 | Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through <= 1.9.9.3. |
Syslink Software Ag · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3873 | High | 7.2 | — | 2026-03-13 | Use of Hard-coded Credentials vulnerability in Avantra allows Accessing Functionality Not Properly Constrained by ACLs. |
Taipower · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3822 | Medium | 6.5 | — | 2026-03-09 | Taipower APP for Andorid developed by Taipower has an Improper Certificate Validation vulnerability. |
Taskosaur · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31874 | Critical | 9.8 | — | 2026-03-11 | Taskosaur is an open source project management platform with conversational AI for task execution in-app. |
Thakeenathees · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-4010 | Low | 3.3 | — | 2026-03-12 | A vulnerability was found in ThakeeNathees pocketlang up to cc73ca61b113d48ee130d837a7a8b145e41de5ce. |
Thejoshwolfe · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31988 | Medium | 5.3 | — | 2026-03-11 | yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate() function. |
Themefic · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32460 | Medium | 6.5 | — | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Se… |
Themefusecom · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32408 | Medium | 4.3 | — | 2026-03-13 | Missing Authorization vulnerability in themefusecom Brizy brizy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy: from n/a through <= 2.7.23. |
Themehigh · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3231 | High | 7.2 | — | 2026-03-11 | The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom radio and checkboxgroup field values submitted through the WooCommerce Block Checkout Store API in al… |
Themehunk · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1454 | High | 7.2 | — | 2026-03-11 | The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 via form field submissions. |
Themelexus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32426 | High | 7.5 | — | 2026-03-13 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a t… |
Themetechmount · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32400 | High | 7.5 | — | 2026-03-13 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion.This issue affects Boldman: from n/a through <= 7.7. |
Themeum · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-0953 | Critical | 9.8 | — | 2026-03-10 | The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. |
Themifyme · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32449 | Medium | 6.5 | — | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post themify-event-post allows Stored XSS.This issue affects Themify Event Post: from n/a through <= 1.3.4. |
Thimpress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3226 | Medium | 4.3 | — | 2026-03-12 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4… |
Tolgee · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32251 | Medium | 6.5 | — | 2026-03-12 | Tolgee is an open-source localization platform. |
Toocheke · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32403 | Medium | 6.5 | — | 2026-03-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through <= 1.194. |
Tornadoweb · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31958 | High | 7.5 | — | 2026-03-11 | Tornado is a Python web framework and asynchronous networking library. |
Traefik · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-29777 | Medium | 6.5 | — | 2026-03-11 | Traefik is an HTTP reverse proxy and load balancer. |
Tubitak Bilgem Software Technologies Research Institute · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2339 | High | 7.5 | — | 2026-03-10 | Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection. |
Unitecms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2724 | High | 7.2 | — | 2026-03-10 | The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form entry fields in all versions up to, and including, 2.0.5. |
Unitycatalog · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-27478 | Critical | 9.1 | — | 2026-03-11 | Unity Catalog is an open, multi-modal Catalog for data and AI. |
Ux-themes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31915 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flatsome: from n/a through <= 3.19.6. |
Varient · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25486 | High | 8.2 | — | 2026-03-11 | Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_id parameter. |
Verypdf · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25467 | High | 8.4 | — | 2026-03-11 | Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Pas… |
Vim · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32249 | Medium | 5.3 | — | 2026-03-12 | Vim is an open source, command line text editor. |
Vito Peleg · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32447 | Medium | 4.3 | — | 2026-03-13 | Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.3.2. |
Vivo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-15515 | Medium | 5.5 | — | 2026-03-13 | The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. |
Vllm · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25960 | High | 7.1 | — | 2026-03-09 | vLLM is an inference and serving engine for large language models (LLMs). |
Wanderingastronomer · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-27897 | Critical | 10.0 | — | 2026-03-11 | Vociferous provides cross-platform, offline speech-to-text with local AI refinement. |
Wbw Plugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32410 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WBW Currency Switcher for WooCommerce: from n/… |
Webgeniuslab · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32439 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in WebGeniusLab BigHearts bighearts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BigHearts: from n/a through <= 3.1.14. |
Webreflection · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32141 | High | 7.5 | — | 2026-03-12 | flatted is a circular JSON parser. |
Wedevs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31917 | High | 8.5 | — | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through <= 1.16.10. |
Weirdgloop · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30917 | — | — | — | 2026-03-10 | Bucket is a MediaWiki extension to store and retrieve structured data on articles. |
Whyour · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3965 | Medium | 6.3 | — | 2026-03-12 | A security vulnerability has been detected in whyour qinglong up to 2.20.1. |
Winmpg · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25484 | Medium | 6.2 | — | 2026-03-11 | WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. |
Wintercms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-27591 | Critical | 9.9 | — | 2026-03-11 | Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. |
Woahai321 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3958 | Medium | 6.3 | — | 2026-03-11 | A vulnerability has been found in Woahai321 ListSync up to 0.6.6. |
Wombat Plugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32457 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields (Product Addons) for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec… |
Wordpress Foundation · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3906 | Medium | 4.3 | — | 2026-03-11 | WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. |
Wpdevelop · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32358 | High | 7.6 | — | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection.This issue affects Booking Calendar: from n/a through <= 10.14.15. |
Wpmet · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1261 | High | 7.2 | — | 2026-03-10 | The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz feature in all versions up to, and including, 3.9.6 due to insufficient input sanitization and output escaping. |
Wpmu Dev - Your All-in-one Wordpress Platform · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32409 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Forminator: from n/a through <= 1.50.2. |
Wppochipp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32417 | Medium | 5.4 | — | 2026-03-13 | Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through < 1.18.9. |
Wpradiant · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32350 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through <= 1.1.5. |
Wproyal · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-13067 | High | 8.8 | — | 2026-03-11 | The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.7.1049. |
Wptravelengine · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32486 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a through <= 1.3.9. |
Wpzoom · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-4063 | Medium | 4.3 | — | 2026-03-13 | The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the add_menu_item() method hooked to admin_menu in all versions up to, and including, 4.5.8. |
Wwbn · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-30885 | Medium | 5.3 | — | 2026-03-10 | WWBN AVideo is an open source video platform. |
Xpro · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32395 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Addons For Beaver Builde… |
Xtemos · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32405 | Medium | 5.3 | — | 2026-03-13 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through <= 8.3.9. |
Xygeni · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31976 | Critical | 9.8 | — | 2026-03-11 | xygeni-action is the GitHub Action for Xygeni Scanner. |
Yannick Lefebvre · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32367 | Critical | 9.1 | — | 2026-03-13 | Improper Control of Generation of Code ('Code Injection') vulnerability in Yannick Lefebvre Modal Dialog modal-dialog allows Remote Code Inclusion.This issue affects Modal Dialog: from n/a through <= 3.5.16. |
Yhirose · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-31870 | High | 7.5 | — | 2026-03-11 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. |
Ymc · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32397 | Medium | 5.3 | — | 2026-03-13 | Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter & Grids: from n/a through <= 3.5.1. |
Zyddnys · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-3961 | Medium | 6.3 | — | 2026-03-11 | A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. |