CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2016-20049 JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow Remote Code Execution 28.03.2026 9.3
CVE-2017-20225 TiEmu 2.08 Stack-Based Buffer Overflow Vulnerability 28.03.2026 9.3
CVE-2017-20227 JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow 28.03.2026 9.3
CVE-2017-20229 MAWK 1.3.3-17 Stack-Based Buffer Overflow 28.03.2026 9.3
CVE-2018-25220 Bochs 2.6-5 Buffer Overflow Remote Code Execution 28.03.2026 9.3
CVE-2018-25221 EChat Server 3.1 Buffer Overflow via chat.ghp username Parameter 28.03.2026 9.3
CVE-2018-25223 Crashmail 1.6 Stack-based Buffer Overflow Remote Code Execution 28.03.2026 9.3
CVE-2026-33992 pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration 27.03.2026 9.3
CVE-2026-33976 Notesnook vulnerable to RCE via stored XSS in Web Clipper rendering 27.03.2026 9.7
CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion 27.03.2026 9.8
CVE-2026-33875 Authenticator Vulnerable to Authentication Flow Hijack 27.03.2026 9.3
CVE-2026-33873 Langflow has Authenticated Code Execution in Agentic Assistant Validation 27.03.2026 9.3
CVE-2026-34205 Home Assistant: Unauthenticated App (Add-on) Endpoints Exposed to Local Network via Host Network Mode 27.03.2026 9.7
CVE-2026-34374 AVideo has SQL Injection in Live_schedule::keyExists() via Unparameterized Stream Key 27.03.2026 9.1
CVE-2026-33867 AVideo has Plaintext Video Password Storage 27.03.2026 9.1
CVE-2026-27876 RCE on Grafana via sqlExpressions 28.03.2026 9.1
CVE-2026-1496 Coverity CLI Authentication Bypass 27.03.2026 9.3
CVE-2026-33757 OpenBao lacks user confirmation for OIDC direct callback mode 27.03.2026 9.6
CVE-2026-33758 OpenBao has Reflected XSS in its OIDC authentication error message 27.03.2026 9.4
CVE-2026-22738 SpEL Injection via Unescaped Filter Key in SimpleVectorStore Leads to Remote Code Execution 28.03.2026 9.8
CVE-2026-33701 OpenTelemetry: Unsafe Deserialization in RMI Instrumentation may Lead to Remote Code Execution 27.03.2026 9.3
CVE-2026-33728 dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution 27.03.2026 9.3
CVE-2026-33945 Abitrary file write through systemd-creds option 27.03.2026 10
CVE-2026-33897 Incus vulnerable to arbitrary file read and write through pongo templates 27.03.2026 10
CVE-2026-33669 SiYuan has Arbitrary Document Reading within the Publishing Service 27.03.2026 9.8
CVE-2026-33670 SiYuan has directory traversal within its publishing service 26.03.2026 9.8
CVE-2026-33640 Outline has a rate limit bypass that allows brute force of email login OTP 26.03.2026 9.1
CVE-2026-33152 Tandoor Recipes Vulnerable to Unrestricted Brute-Force via BasicAuthentication 26.03.2026 9.1
CVE-2026-33494 Ory Oathkeeper has a path traversal authorization bypass 27.03.2026 10
CVE-2026-33396 OneUptime has sandbox escape in Synthetic Monitor Playwright runtime allows project members to execute arbitrary commands on Probe 26.03.2026 10
CVE-2026-4809 Unsafe Client MIME Type Handling Can Enable Arbitrary File Upload in plank/laravel-mediable 26.03.2026 9.3
CVE-2026-4484 Masteriyo LMS <= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator 26.03.2026 9.8
CVE-2026-33526 Squid vulnerable to Denial of Service in ICP Request handling 26.03.2026 9.2
CVE-2026-33696 n8n Vulnerable to Prototype Pollution in XML & GSuiteAdmin node parameters lead to RCE 25.03.2026 9.4
CVE-2026-33660 n8n Has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode 28.03.2026 9.4
CVE-2026-26832 25.03.2026 9.8
CVE-2026-26830 27.03.2026 9.8
CVE-2025-33244 25.03.2026 9
CVE-2026-33322 MinIO: JWT Algorithm Confusion in OIDC Authentication 25.03.2026 9.2
CVE-2026-33419 MinIO: LDAP login brute-force via user enumeration and missing rate limit 25.03.2026 9.1
CVE-2026-2417 Missing Authentication for Critical Function in Pharos Controls Mosaic Show Controller 24.03.2026 9.3
CVE-2026-33340 LoLLMs WEBUI has unauthenticated Server-Side Request Forgery (SSRF) in /api/proxy endpoint 24.03.2026 9.1
CVE-2026-33309 Langflow has an Arbitrary File Write (RCE) via v2 API 25.03.2026 10
CVE-2026-33475 Langflow GitHub Actions Shell Injection 25.03.2026 9.1
CVE-2019-25628 Download Accelerator Plus DAP 10.0.6.0 SEH Buffer Overflow 24.03.2026 9.3
CVE-2019-25646 Tabs Mail Carrier 2.5.1 Buffer Overflow via MAIL FROM 24.03.2026 9.3
CVE-2026-4755 CWE-20 in MolotovCherry Android-ImageMagick7 24.03.2026 9.8
CVE-2026-4750 Out-of-bounds Read in fabiangreffrath woof 24.03.2026 9.1
CVE-2026-4753 Out-of-bounds Read in slajerek RetroDebugger 24.03.2026 9.1
CVE-2026-4283 WP DSGVO Tools (GDPR) <= 3.1.38 - Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users 24.03.2026 9.1
CVE-2026-4745 Arbitrary Code Execution via Crafted Bytecode in dendibakh/perf-ninja 24.03.2026 10
CVE-2026-4746 Heap Buffer Over-Write Vulenrabilty in timeplus-io/proton 24.03.2026 10
CVE-2026-4734 Heap Buffer Overflow in yoyofr/modizer 24.03.2026 9.4
CVE-2026-4738 GDAL Bundled zlib (inftree9.c) Pointer Offset Optimization Undefined Behavior Allows Heap Corruption or Remote Code Execution 24.03.2026 9.4
CVE-2026-4739 Integer overflow vulnerabilities in InsightSoftwareConsortium/ITK 24.03.2026 9.4
CVE-2026-4744 Notepad3 Bundled Oniguruma compile_string_node() Heap Buffer Overflow via Crafted Regex Pattern Allows Arbitrary Code Execution 24.03.2026 9.3
CVE-2026-33211 Tekton Pipelines git resolver has path traversal that allows reading arbitrary files from the resolver pod 24.03.2026 9.6
CVE-2026-33286 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names 24.03.2026 9.1
CVE-2026-4001 Woocommerce Custom Product Addons Pro <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula 24.03.2026 9.8
CVE-2026-4681 Critical Remote Code Execution vulnerability reported in Windchill 24.03.2026 9.3
CVE-2026-33634 Trivy ecosystem supply chain briefly compromised 27.03.2026 9.4
CVE-2025-60949 Census CSWeb leaked configuration files 25.03.2026 9.3
CVE-2026-3055 Insufficient input validation leading to memory overread 24.03.2026 9.3
CVE-2026-30849 MantisBT SOAP API has an authentication bypass vulnerability on MySQL 24.03.2026 9.3
CVE-2026-0898 An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. 24.03.2026 9
CVE-2026-33716 AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php 24.03.2026 9.4
CVE-2026-33502 AVideo has Unauthenticated SSRF via plugin/Live/test.php 24.03.2026 9.3
CVE-2026-33478 AVideo Multi-Chain Attack: Unauthenticated Remote Code Execution via Clone Key Disclosure, Database Dump, and Command Injection 23.03.2026 10
CVE-2026-33351 AVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification Bypass 23.03.2026 9.1
CVE-2026-33352 AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass) 24.03.2026 9.8
CVE-2025-41008 SQL Injection in Sinturno 23.03.2026 9.3
CVE-2025-41007 SQL Injection in Cuantis 23.03.2026 9.3
CVE-2026-32968 Unauthenticated RCE in com_mb24sysapi 23.03.2026 9.8
CVE-2026-4585 Tiandy Easy7 Integrated Management Platform Configuration ImportSystemConfiguration.jsp os command injection 23.03.2026 9.3
CVE-2026-3587 Hidden CLI Function Allows Root Access 24.03.2026 10
CVE-2026-4599 23.03.2026 9.3
CVE-2026-4600 23.03.2026 9.1
CVE-2026-4601 23.03.2026 9.4
CVE-2026-4567 Tenda A15 UploadCfg stack-based overflow 23.03.2026 9.3
CVE-2026-4606 GeoVision ERM Improper Privilege Assignment Leads to SYSTEM-Level Privilege 24.03.2026 10
CVE-2019-25614 Free Float FTP 1.0 STOR Command Remote Buffer Overflow 23.03.2026 9.3

Latest Updates

CVE Title Updated Score
CVE-2026-4999 z-9527 admin isImg Check upload.js uploadFile path traversal 28.03.2026
CVE-2026-5000 PromtEngineer localGPT API Endpoint server.py LocalGPTHandler missing authentication 28.03.2026
CVE-2026-4998 Sinaptik AI PandasAI Chat Message code_executor.py CodeExecutor.execute code injection 28.03.2026
CVE-2026-4997 Sinaptik AI PandasAI sql_sanitizer.py is_sql_query_safe path traversal 28.03.2026
CVE-2016-20037 xwpe 1.5.30a-2.1 Stack-based Buffer Overflow 28.03.2026
CVE-2016-20038 yTree 1.94-1.1 Stack-Based Buffer Overflow 28.03.2026
CVE-2016-20039 Multi Emulator Super System 0.154-3.1 Buffer Overflow 28.03.2026
CVE-2016-20040 TiEmu 3.03-nogdb+dfsg-3 Buffer Overflow via ROM Parameter 28.03.2026
CVE-2016-20041 Yasr 0.6.9-5 Buffer Overflow via Command-line Parameter 28.03.2026
CVE-2016-20042 TRN 3.6-23 Stack Buffer Overflow Local Code Execution 28.03.2026
CVE-2016-20043 NRSS RSS Reader 0.3.9-1 Stack Buffer Overflow 28.03.2026
CVE-2016-20044 PInfo 0.6.9-5.1 Local Buffer Overflow via -m Parameter 28.03.2026
CVE-2016-20045 HNB Organizer 1.9.18-10 Local Buffer Overflow via -rc Parameter 28.03.2026
CVE-2016-20046 zFTP Client 20061220+dfsg3-4.1 Local Buffer Overflow 28.03.2026
CVE-2016-20047 EKG Gadu 1.9 Local Buffer Overflow via Username Parameter 28.03.2026
CVE-2016-20048 iSelect 1.4.0-2+b1 Local Buffer Overflow via key parameter 28.03.2026
CVE-2016-20049 JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow Remote Code Execution 28.03.2026
CVE-2017-20225 TiEmu 2.08 Stack-Based Buffer Overflow Vulnerability 28.03.2026
CVE-2017-20226 Mapscrn 2.0.3 Stack-Based Buffer Overflow 28.03.2026
CVE-2017-20227 JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow 28.03.2026
CVE-2017-20228 Flat Assembler 1.71.21 Stack-Based Buffer Overflow ROP 28.03.2026
CVE-2017-20229 MAWK 1.3.3-17 Stack-Based Buffer Overflow 28.03.2026
CVE-2018-25220 Bochs 2.6-5 Buffer Overflow Remote Code Execution 28.03.2026
CVE-2018-25221 EChat Server 3.1 Buffer Overflow via chat.ghp username Parameter 28.03.2026
CVE-2018-25222 SC v7.16 Stack-Based Buffer Overflow Remote Code Execution 28.03.2026
CVE-2018-25223 Crashmail 1.6 Stack-based Buffer Overflow Remote Code Execution 28.03.2026
CVE-2018-25224 PMS 0.42 Stack-Based Buffer Overflow via Configuration File 28.03.2026
CVE-2018-25225 SIPP 3.3 Stack-Based Buffer Overflow via Configuration File 28.03.2026
CVE-2026-4996 Sinaptik AI PandasAI pandasai-lancedb Extension lancedb.py get_relevant_docs_by_id sql injection 28.03.2026
CVE-2026-2595 Quads Ads Manager for Google AdSense <= 2.0.98.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Ad Metadata Parameters 28.03.2026 5.4
CVE-2025-9497 Hardcoded Upgrade Decryption Passwords 28.03.2026
CVE-2026-4995 wandb OpenUI Window Message Event index.html cross site scripting 28.03.2026
CVE-2026-2442 Pagelayer <= 2.0.7 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via 'email' 28.03.2026 5.3
CVE-2026-4993 wandb OpenUI config.py hard-coded credentials 28.03.2026
CVE-2026-4994 wandb OpenUI APIStatusError server.py generic_exception_handler information exposure 28.03.2026
CVE-2026-23399 nf_tables: nft_dynset: fix possible stateful expression memleak in error path 28.03.2026
CVE-2026-1307 Ninja Forms <= 3.14.1 - Authenticated (Contributor+) Sensitive Information Disclosure via Block Editor Token 28.03.2026 6.5
CVE-2025-15445 Restaurant Cafeteria <= 0.4.6 - Subscriber+ Arbitrary Plugin Installation/Activation 28.03.2026
CVE-2025-12886 Oxygen <= 6.0.8 - Unauthenticated Server-Side Request Forgery via route_path 28.03.2026 7.2
CVE-2026-4987 SureForms <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id' 28.03.2026 7.5
CVE-2026-1679 net: eswifi socket send payload length not bounded 27.03.2026 7.3
CVE-2026-33996 LibJWT has NULL/bounds validation in JWK octet and RSA PSS parsing 27.03.2026
CVE-2026-4248 Ultimate Member <= 2.11.2 - Authenticated (Contributor+) Sensitive Information Exposure to Account Takeover via Shortcode Template Tag 27.03.2026 8
CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys 27.03.2026 5.3
CVE-2026-33991 WeGIA has SQL Injection in deletar_tag.php 27.03.2026 8.8
CVE-2026-33992 pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration 27.03.2026
CVE-2026-33993 Locutus has Prototype Pollution via __proto__ Key Injection in unserialize() 27.03.2026
CVE-2026-33994 Locutus Prototype Pollution due to incomplete fix for CVE-2026-25521 27.03.2026
CVE-2026-4991 QDOCS Smart School Management System Admission Enquiry enquiry cross site scripting 27.03.2026
CVE-2026-4992 wandb OpenUI HTMLAnnotator server.py get_share HTML injection 28.03.2026
CVE-2026-33981 Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters 27.03.2026
CVE-2026-33989 @mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools 27.03.2026 8.1
CVE-2026-33954 LinkAce discloses private notesto unauthorized authenticated users via the web link detail page 27.03.2026 6.5
CVE-2026-33955 Notesnook vulnerable to RCE via stored XSS in Note History diff viewer 27.03.2026 8.6
CVE-2026-33976 Notesnook vulnerable to RCE via stored XSS in Web Clipper rendering 27.03.2026 9.7
CVE-2026-33979 Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk) 27.03.2026 8.2
CVE-2026-33980 Azure Data Explorer MCP Server: KQL Injection in multiple tools allows MCP client to execute arbitrary Kusto queries 27.03.2026 8.3
CVE-2026-4985 dloebl CGIF GIF Image cgif.c cgif_addframe integer overflow 27.03.2026
CVE-2026-4988 Open5GS CCA Message smf_s6b denial of service 27.03.2026
CVE-2026-4990 chatwoot Signup Endpoint login improper authorization 27.03.2026
CVE-2019-25651 Ubiquiti UniFi Devices Use of AES-CBC Allows Key Recovery and Unauthorized Device Control 27.03.2026
CVE-2019-25652 UniFi Network Controller Improper Certificate Validation Leading to Credential Theft via MITM 27.03.2026
CVE-2026-27309 Substance3D - Stager | Use After Free (CWE-416) 27.03.2026 7.8
CVE-2026-33939 Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation 27.03.2026 7.5
CVE-2026-33940 Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial 27.03.2026 8.1
CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options 27.03.2026 8.3
CVE-2026-33943 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code 27.03.2026 8.8
CVE-2026-33946 MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay 27.03.2026
CVE-2026-33953 LinkAce's SSRF protection can be bypassed via internal hostname resolution in LinkAce 27.03.2026 8.5
CVE-2026-34226 Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies 27.03.2026 7.5
CVE-2026-33904 Ella Core has a Denial of Service via SCTP connection cleanup deadlock 27.03.2026 6.5
CVE-2026-33906 Ella Core has Privilege Escalation via Database Restore by NetworkManager role 27.03.2026 7.2
CVE-2026-33907 Ella Core Panics during NAS Authentication Response/Failure with missing IEs 27.03.2026 6.5
CVE-2026-33916 Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection 27.03.2026 4.7
CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion 27.03.2026 9.8
CVE-2026-33938 Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block 27.03.2026 8.1
CVE-2026-32187 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability 27.03.2026 4.2
CVE-2026-33882 Statamic's Markdown preview endpoint exposes sensitive user data 27.03.2026 6.5
CVE-2026-33883 Statamic has Reflected XSS via unescaped redirect parameter in its password reset form tag 27.03.2026 6.1
CVE-2026-33884 Statamic's live preview token bypasses content protection for unrelated entries 27.03.2026 4.3
CVE-2026-33885 Statamic has an Open Redirect on unauthenticated endpoints via URL parsing differential 27.03.2026 6.1
CVE-2026-33886 Statamic's sensitive configuration values are exposed to content editors via Antlers-enabled fields 27.03.2026 6.5
CVE-2026-33887 Statamic allows unauthorized content access through missing authorization in its revision controllers 27.03.2026 5.4
CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input 27.03.2026 7.5
CVE-2026-33894 Forge has signature forgery in RSA-PKCS due to ASN.1 extra field 27.03.2026 7.5
CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check 27.03.2026 7.5
CVE-2026-33896 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation) 27.03.2026 7.4
CVE-2026-33903 Ella Core panics when processing a crafted NGAP LocationReport message 27.03.2026 6.5
CVE-2026-33874 Authenticator vulnerable to Remote Code Execution 27.03.2026 7.8
CVE-2026-33875 Authenticator Vulnerable to Authentication Flow Hijack 27.03.2026 9.3
CVE-2026-33879 FLIP doesn't have rate limiting or brute-force protection on login 27.03.2026
CVE-2026-33881 Windmill: Rogue Workspace Admins can inject code via unescaped workspace environment variable interpolation in NativeTS executor 27.03.2026
CVE-2026-4976 Totolink LR350 cstecgi.cgi setWiFiGuestCfg buffer overflow 27.03.2026
CVE-2026-33873 Langflow has Authenticated Code Execution in Agentic Assistant Validation 27.03.2026
CVE-2026-34046 Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check 27.03.2026
CVE-2026-33869 Mastodon has a denial of service for quote authorization 27.03.2026 4.8
CVE-2026-33870 Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing 27.03.2026 7.5
CVE-2026-33871 Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass 27.03.2026
CVE-2026-33872 elixir-nodejs has Cross-User Data Leakage or Information Disclosure due to Worker Protocol Race Condition 27.03.2026
CVE-2026-4973 SourceCodester Online Quiz System add-question.php cross site scripting 27.03.2026
CVE-2026-4974 Tenda AC7 POST Request SetSysTimeCfg fromSetSysTime memory corruption 27.03.2026
CVE-2026-4975 Tenda AC15 POST Request setcfm formSetCfm memory corruption 27.03.2026
CVE-2026-33044 Home Assistant has stored XSS in Map-card through malicious device name 27.03.2026
CVE-2026-33045 Home Assistant has stored XSS in history-graphs 27.03.2026
CVE-2026-33654 Zero-Click Indirect Prompt Injection and Authentication Bypass via Email Polling 27.03.2026
CVE-2026-33739 FOG has Stored XSS in Multiple Management Pages 27.03.2026 5.7
CVE-2026-33765 Pi-hole Web Interface has a Command Injection Vulnerability 27.03.2026
CVE-2026-33868 Mastodon has a GET-Based Open Redirect via '/web/%2F<domain>' 27.03.2026 4.3
CVE-2026-34205 Home Assistant: Unauthenticated App (Add-on) Endpoints Exposed to Local Network via Host Network Mode 27.03.2026 9.7
CVE-2026-34475 27.03.2026 5.4
CVE-2026-31943 LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP 27.03.2026 8.5
CVE-2026-31945 LibreChat Server-Side Request Forgery using DNS resolution 27.03.2026 7.7
CVE-2026-31950 LibreChat's IDOR in SSE Stream Subscription Allows Reading Other Users' Chats 27.03.2026 5.3
CVE-2026-31951 LibreChat's MCP Server Header Injection Enables OAuth Token Theft 27.03.2026 6.8
CVE-2026-32241 Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection 27.03.2026 7.5
CVE-2026-34389 Fleet's user account creation via invite does not enforce invited email address 27.03.2026
CVE-2026-34391 Fleet Vulnerable to Windows MDM cross-device command disclosure 27.03.2026
CVE-2026-34388 Fleet vulnerable to Denial of Service via unhandled gRPC log type in launcher endpoint 27.03.2026
CVE-2026-4971 SourceCodester Note Taking App cross-site request forgery 27.03.2026
CVE-2026-4972 code-projects Online Reviewer System btn_functions.php cross site scripting 27.03.2026