CVE Field Guide

Critical CVEs

CVE	Title	Updated	Score
CVE-2026-2991	KiviCare – Clinic & Patient Management System (EHR) <= 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token	18.03.2026	9.8
CVE-2026-25449	WordPress Traveler theme < 3.2.8.1 - PHP Object Injection vulnerability	18.03.2026	9.8
CVE-2026-30884	mdjnelson/moodle-mod_customcert Vulnerable to Authorization Bypass Through User-Controlled Key	18.03.2026	9.6
CVE-2026-31938	jsPDF has HTML Injection in New Window paths	18.03.2026	9.6
CVE-2026-21994		18.03.2026	9.8
CVE-2026-32841	Edimax GS-5008PL <= 1.00.54 Global Authentication State Across All Clients	17.03.2026	9.2
CVE-2026-25769	Wazuh Cluster vulnerable to Remote Code Execution via Insecure Deserialization	18.03.2026	9.1
CVE-2026-25770	Wazuh has Privilege Escalation to Root via Cluster Protocol File Write	18.03.2026	9.1
CVE-2026-25534	Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames	17.03.2026	9.1
CVE-2026-32292	GL-iNet Comet (GL-RM1) KVM insufficient login rate-limiting	17.03.2026	9.3
CVE-2026-32295	JetKVM insufficient login rate limiting	17.03.2026	9.3
CVE-2026-32297	Angeet ES3 KVM unauthenticated arbitrary file write	17.03.2026	9.3
CVE-2026-3564	ScreenConnect Instance Level Cryptographic Material Exposure	18.03.2026	9
CVE-2026-4312	DrangSoft｜GCB/FCB Audit Software - Missing Authentication	17.03.2026	9.3
CVE-2026-28430	Chamilo LMS Vulnerable to Unauthenticated SQL Injection in chamiko-lms model.ajax.php	17.03.2026	9.3
CVE-2026-27962	Authlib JWS JWK Header Injection: Signature Verification Bypass	18.03.2026	9.1
CVE-2026-4254	Tenda AC8 HTTP Endpoint SysToolChangePwd doSystemCmd stack-based overflow	16.03.2026	9.3
CVE-2026-23489	Fields GLPI plugin vulnerable to RCE in dropdown generation	16.03.2026	9.1
CVE-2026-4252	Tenda AC8 IPv6 check_is_ipv6 ip address for authentication	16.03.2026	9.3
CVE-2025-62319	Boolean-Based SQL Injection in Multiple Unica Components	17.03.2026	9.8
CVE-2017-20223	Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference	16.03.2026	9.3
CVE-2017-20224	Telesquare SKT LTE Router SDT-CS3B1 WebDAV Arbitrary File Upload	16.03.2026	9.3
CVE-2026-4184	D-Link DIR-816 goahead form2Wl5BasicSetup.cgi stack-based overflow	16.03.2026	9.3
CVE-2026-4183	D-Link DIR-816 goahead form2WlanBasicSetup.cgi stack-based overflow	16.03.2026	9.3
CVE-2026-4181	D-Link DIR-816 goahead form2RepeaterStep2.cgi stack-based overflow	16.03.2026	9.3
CVE-2026-4182	D-Link DIR-816 goahead form2Wl5RepeaterStep2.cgi stack-based overflow	16.03.2026	9.3
CVE-2016-20024	ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation	16.03.2026	9.3
CVE-2016-20026	ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote Code Execution	16.03.2026	9.3
CVE-2016-20030	ZKTeco ZKBioSecurity 3.0 User Enumeration via authLoginAction	16.03.2026	9.3
CVE-2026-4170	Topsec TopACM HTTP Request nmc_sync.php os command injection	16.03.2026	9.3
CVE-2026-4164	Wavlink WL-WN578W2 POST Request wireless.cgi GuestWifi command injection	17.03.2026	9.3
CVE-2026-4163	Wavlink WL-WN579A3 POST Request wireless.cgi GuestWifi command injection	17.03.2026	9.3
CVE-2025-15060	claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability	16.03.2026	9.8
CVE-2026-32621	Apollo Federation has prototype pollution via incomplete key sanitization	16.03.2026	9.9
CVE-2026-32626	AnythingLLM has a Streaming Phase XSS to RCE via LLM Response Injection	16.03.2026	9.7
CVE-2026-31886	Dagu has a Path Traversal via `dagRunId` in Inline DAG Execution	13.03.2026	9.1
CVE-2026-31806	FreeRDP has a Heap Buffer Overflow in nsc_process_message() via Unchecked SURFACE_BITS_COMMAND Bitmap Dimensions	15.03.2026	9.3
CVE-2026-32746		18.03.2026	9.8
CVE-2026-26954	SandboxJS has a Sandbox Escape	16.03.2026	10
CVE-2026-3891	Pix for WooCommerce <= 1.5.0 - Unauthenticated Arbitrary File Upload	13.03.2026	9.8
CVE-2026-22193	wpDiscuz before 7.6.47 - SQL Injection in getAllSubscriptions()	13.03.2026	9.2
CVE-2026-32301	Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL	13.03.2026	9.3
CVE-2026-32304	Locutus: RCE via unsanitized input in create_function()	13.03.2026	9.8
CVE-2026-32306	OneUptime ClickHouse SQL Injection via Aggregate Query Parameters	14.03.2026	10
CVE-2026-3611	Honeywell IQ4x BMS Controller Missing authentication for critical function	13.03.2026	10
CVE-2026-32248	Parse Server: Account takeover via operator injection in authentication data identifier	13.03.2026	9.3
CVE-2026-32251	Tolgee has an XXE Injection in Translation Import	13.03.2026	9.3
CVE-2026-32242	Parse Server OAuth2 adapter shares mutable state across providers via singleton instance	12.03.2026	9.1
CVE-2026-32140	Dataease: Redshift JDBC RCE Bypass	13.03.2026	9.3
CVE-2026-32137	DataEase SQL Injection Vulnerability	13.03.2026	9.3
CVE-2026-28252	Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge	13.03.2026	9.2
CVE-2026-28792	Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS	13.03.2026	9.7
CVE-2026-21708		13.03.2026	10
CVE-2026-21666		13.03.2026	10
CVE-2026-21667		13.03.2026	10
CVE-2026-21669		13.03.2026	10
CVE-2026-21671		13.03.2026	9.1
CVE-2026-28384	Authenticated RCE via unsanitized compression_algorithm	13.03.2026	9.4
CVE-2026-32136	AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass	12.03.2026	9.8
CVE-2026-27591	Winter: Privilege escalation by authenticated backend users	12.03.2026	10
CVE-2026-32096	Plunk has SSRF via unvalidated AWS SNS SubscriptionConfirmation in POST /webhooks/sns	12.03.2026	9.3
CVE-2026-27478	Unity Catalog has a JWT Issuer Validation Bypass Allows Complete User Impersonation	12.03.2026	9.1
CVE-2026-31976	xygeni-action v5 tag poisoned with C2 backdoor	12.03.2026	9.3
CVE-2026-31957	Himmelblau unset domain configuration can allow any-tenant authentication at first login for remote deployments	12.03.2026	10
CVE-2026-31896	WeGIA has a Time-Based Blind SQL Injection in remover_produto_ocultar.php	12.03.2026	9.8

Latest Updates

CVE	Title	Updated	Score
CVE-2026-24062	Insufficient XPC Client validation leading to local privilege escalation in Arturia Software Center	18.03.2026
CVE-2026-24063	World-writable uninstall script executed as root in Arturia Software Center	18.03.2026
CVE-2026-2512	Code Embed <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields	18.03.2026	6.4
CVE-2026-2559	Post SMTP <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite	18.03.2026	5.3
CVE-2026-2991	KiviCare – Clinic & Patient Management System (EHR) <= 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token	18.03.2026	9.8
CVE-2026-2992	KiviCare <= 4.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via Setup Wizard	18.03.2026	8.2
CVE-2026-33001		18.03.2026
CVE-2026-33002		18.03.2026
CVE-2026-33003		18.03.2026
CVE-2026-33004		18.03.2026
CVE-2026-3090	Post SMTP <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting via 'event_type'	18.03.2026	7.2
CVE-2026-32609	Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials	18.03.2026	7.5
CVE-2026-3278	XSS Vulnerability discovered in OpenText™ ZENworks Service Desk.	18.03.2026
CVE-2026-25449	WordPress Traveler theme < 3.2.8.1 - PHP Object Injection vulnerability	18.03.2026	9.8
CVE-2026-32694	Insecure Direct Object Reference attack via predictable secret ID in Juju	18.03.2026	6.6
CVE-2026-32692	Unauthorized update of out-of-scope Vault secrets	18.03.2026	7.6
CVE-2026-32693	Unauthorized access to Kubernetes secrets in Juju	18.03.2026	8.8
CVE-2026-32691	Timing ownership claim attack on new external back-end secrets	18.03.2026	5.3
CVE-2025-41258	LibreChat RAG API Authentication Bypass	18.03.2026	8
CVE-2026-33265		18.03.2026	6.3
CVE-2025-12518	Stored XSS in beefree.io	18.03.2026
CVE-2025-71265	fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata	18.03.2026
CVE-2025-71266	fs: ntfs3: check return value of indx_find to avoid infinite loop	18.03.2026
CVE-2025-71267	fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST	18.03.2026
CVE-2026-23242	RDMA/siw: Fix potential NULL pointer dereference in header processing	18.03.2026
CVE-2026-23243	RDMA/umad: Reject negative data_len in ib_umad_write	18.03.2026
CVE-2026-23244	nvme: fix memory allocation in nvme_pr_read_keys()	18.03.2026
CVE-2026-23245	net/sched: act_gate: snapshot parameters with RCU on replace	18.03.2026
CVE-2026-23246	wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration	18.03.2026
CVE-2026-23247	tcp: secure_seq: add back ports to TS offset	18.03.2026
CVE-2026-23248	perf/core: Fix refcount bug and potential UAF in perf_mmap	18.03.2026
CVE-2026-1217	Yoast Duplicate Post <= 4.5 - Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite	18.03.2026	5.4
CVE-2026-32565	WordPress Contextual Related Posts plugin < 4.2.2 - Broken Access Control vulnerability	18.03.2026	5.3
CVE-2026-22729	CVE-2026-22729: JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter	18.03.2026	8.6
CVE-2026-22730	CVE-2026-22730: SQL Injection in Spring AI MariaDBFilterExpressionConverter	18.03.2026	8.8
CVE-2025-31703		18.03.2026
CVE-2026-22316	Buffer Overflow using TFTP Filename	18.03.2026	6.5
CVE-2026-22317	Command Injection Vulnerability in Root CA Certificate Transfer Workflow	18.03.2026	7.2
CVE-2026-22318	Stack-Based Buffer Overflow in File Transfer Parameter Handling	18.03.2026	4.9
CVE-2026-22319	Stack-Based Buffer Overflow in File Install Parameter Handling	18.03.2026	4.9
CVE-2026-22320	Stack-Based Buffer Overflow in TFTP File-Transfer Command Handling over CLI	18.03.2026	6.5
CVE-2026-22321	Stack-Based Buffer Overflow in CLI Login Username Handling over CLI	18.03.2026	5.3
CVE-2026-22322	Stored Cross‑Site Scripting in Link Aggregation Name Handling	18.03.2026	7.1
CVE-2026-22323	Cross‑Site Request Forgery in Link Aggregation Configuration	18.03.2026	7.1
CVE-2026-3512	Writeprint Stylometry <= 0.1 - Reflected Cross-Site Scripting via 'p' Parameter	18.03.2026	6.1
CVE-2025-15363	Get Use APIs < 2.0.10 - Contributor+ Stored XSS	18.03.2026
CVE-2026-32608	Glances has a Command Injection via Process Names in Action Command Templates	18.03.2026	7
CVE-2026-32268	Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability	18.03.2026
CVE-2026-32596	Glances exposes the REST API without authentication	18.03.2026
CVE-2026-32606	IncusOS has a LUKS encryption bypass due to insufficient TPM policy	18.03.2026	7.7
CVE-2026-1780	[CR]Paid Link Manager <= 0.5 - Reflected Cross-Site Scripting	18.03.2026	6.1
CVE-2026-1926	Subscriptions for WooCommerce <= 1.9.2 - Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation	18.03.2026	5.3
CVE-2026-2575	Keycloak: keycloak: denial of service due to excessive samlrequest decompression	18.03.2026
CVE-2026-32256	music-metadata has an infinite loop vulnerability in ASF parser	18.03.2026	7.5
CVE-2026-32265	Amazon S3 for Craft CMS has an Information Disclosure vulnerability	18.03.2026
CVE-2026-32266	Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability	18.03.2026
CVE-2026-4366	Keycloak-services: blind server-side request forgery (ssrf) via http redirect handling in keycloak	18.03.2026
CVE-2026-29112	@dicebear/converter vulnerable to ncontrolled memory allocation via crafted SVG dimensions	18.03.2026	7.5
CVE-2026-30884	mdjnelson/moodle-mod_customcert Vulnerable to Authorization Bypass Through User-Controlled Key	18.03.2026	9.6
CVE-2026-30922	pyasn1 Vulnerable to Denial of Service via Unbounded Recursion	18.03.2026	7.5
CVE-2026-31865	Elysia Cookie Value Prototype Pollution	18.03.2026	6.5
CVE-2026-31891	Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()	18.03.2026	7.7
CVE-2026-31898	jsPDF has a PDF Object Injection via FreeText color	18.03.2026	8.1
CVE-2026-31938	jsPDF has HTML Injection in New Window paths	18.03.2026	9.6
CVE-2026-32254	Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS	18.03.2026	7.1
CVE-2026-33058	Kanboard has Authenticated SQL Injection in Project Permissions Handler	18.03.2026
CVE-2026-33187		18.03.2026
CVE-2026-33188		18.03.2026
CVE-2026-33189		18.03.2026
CVE-2026-22168	OpenClaw < 2026.2.21 - Command Injection via cmd.exe /c Trailing Arguments in system.run	18.03.2026
CVE-2026-22169	OpenClaw < 2026.2.22 - Allowlist Bypass via sort Configuration in safeBins	18.03.2026
CVE-2026-22170	OpenClaw < 2026.2.22 BlueBubbles - Access Control Bypass via Empty allowFrom Configuration	18.03.2026
CVE-2026-22171	OpenClaw < 2026.2.19 - Path Traversal in Feishu Media Temporary File Naming	18.03.2026
CVE-2026-22174	OpenClaw < 2026.2.22 - Gateway Token Disclosure via Chrome CDP Probe	18.03.2026
CVE-2026-22175	OpenClaw < 2026.2.23 - Exec Approval Bypass via Unrecognized Multiplexer Shell Wrappers	18.03.2026
CVE-2026-22177	OpenClaw < 2026.2.21 - Environment Variable Injection via Config env.vars	18.03.2026
CVE-2026-22178	OpenClaw < 2026.2.19 - ReDoS and Regex Injection via Unescaped Feishu Mention Metadata	18.03.2026
CVE-2026-22179	OpenClaw < 2026.2.22 - Allowlist Bypass via Command Substitution in system.run	18.03.2026
CVE-2026-22180	OpenClaw < 2026.3.2 - Path Confinement Bypass in Browser Output and File Write Operations	18.03.2026
CVE-2026-22181	OpenClaw < 2026.3.2 - DNS Pinning Bypass via Environment Proxy Configuration in web_fetch	18.03.2026
CVE-2026-22217	OpenClaw 2026.2.22 < 2026.2.23 - Arbitrary Binary Execution via $SHELL Environment Variable Trusted Prefix Fallback	18.03.2026
CVE-2026-27522	OpenClaw < 2026.2.24 - Arbitrary File Read via sendAttachment and setGroupIcon Message Actions	18.03.2026
CVE-2026-27523	OpenClaw < 2026.2.24 - Sandbox Bind Validation Bypass via Symlink-Parent Missing-Leaf Paths	18.03.2026
CVE-2026-27524	OpenClaw < 2026.2.21 - Prototype Pollution via Debug Override Path	18.03.2026
CVE-2026-27545	OpenClaw < 2026.2.26 - Approval Bypass via Parent Symlink Current Working Directory Rebind	18.03.2026
CVE-2026-29056	Kanboard's privilege escalation via mass assignment in user invite registration allows any invited user to become admin	18.03.2026
CVE-2026-4268	WP Go Maps (formerly WP Google Maps) <= 10.0.05 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via admin_post_wpgmza_save_settings	18.03.2026	6.4
CVE-2026-28499	LeafKit's HTML escaping may be skipped for Collection values, enabling XSS	18.03.2026
CVE-2026-28500	ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack	18.03.2026	8.6
CVE-2026-2092	Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions	18.03.2026
CVE-2026-2603	Keycloak: keycloak: unauthorized authentication via disabled saml identity provider	18.03.2026
CVE-2026-4356	itsourcecode University Management System add_result.php cross site scripting	18.03.2026
CVE-2026-27979	Next.js: Unbounded postponed resume buffering can lead to DoS	18.03.2026
CVE-2026-27980	Next.js: Unbounded next/image disk cache growth can exhaust storage	18.03.2026
CVE-2026-28673	xiaoheiFS Vulnerable to RCE via Unrestricted Plugin Installation (Manifest Manipulation)	18.03.2026	7.2
CVE-2026-28674	xiaoheiFS Vulnerable to RCE via Arbitrary Payment Plugin Upload (Automatic Execution)	18.03.2026	7.2
CVE-2026-29057	Next.js: HTTP request smuggling in rewrites	18.03.2026
CVE-2026-27895	LAM has incorrect regular expression in PDF export component that allows user to upload files of any type	17.03.2026	4.3
CVE-2026-27977	Next.js: null origin can bypass dev HMR websocket CSRF checks	18.03.2026
CVE-2026-27978	Next.js: null origin can bypass Server Actions CSRF checks	18.03.2026
CVE-2026-27811	Roxy-WI has a Command Injection via diff parameter in config comparison allows authenticated RCE	17.03.2026	8.8
CVE-2026-27894	LAM has Authenticated Local File Inclusion (LFI) in PDF export	17.03.2026	8.8
CVE-2026-26004	Sentry allows unauthorized access to event data across organizational boundaries	17.03.2026
CVE-2026-27448	pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback	17.03.2026
CVE-2026-27459	pyOpenSSL DTLS cookie callback buffer overflow	17.03.2026
CVE-2026-4354	TRENDnet TEW-824DRU Web apply_sec.cgi sub_420A78 cross site scripting	17.03.2026
CVE-2026-4355	Portabilis i-Educar Endpoint educar_servidor_curso_lst.php cross site scripting	17.03.2026
CVE-2026-25937	GLPI has a MFA bypass	17.03.2026	6.5
CVE-2026-26001	GLPI Inventory Plugin has SQL Injection on dropdown_calendar Report	17.03.2026	7.1
CVE-2025-14031	IBM Sterling B2B Integrator and IBM Sterling File Gateway Denial of Service	17.03.2026	7.5
CVE-2026-1264	IBM Sterling B2B Integrator and IBM Sterling File Gateway Improper Access Controls	17.03.2026	7.1
CVE-2026-21994		18.03.2026	9.8
CVE-2026-22727	Cloud Foundry unprotected internal endpoints	17.03.2026	7.5
CVE-2026-20643		18.03.2026
CVE-2026-3856	IBM Db2 Recovery Expert Missing Integrity Check	17.03.2026	5.3
CVE-2025-14806	IBM Planning Analytics Information Disclosure	18.03.2026	5.7
CVE-2026-1267	IBM Planning Analytics Information Disclosure	18.03.2026	6.5
CVE-2026-1376	IBM i Denial of Service	17.03.2026	7.5
CVE-2026-32838	Edimax GS-5008PL <= 1.00.54 Transmits Credentials Over Cleartext HTTP	17.03.2026
CVE-2026-32839	Edimax GS-5008PL <= 1.00.54 CSRF via Management CGI Endpoints	17.03.2026
CVE-2026-32840	Edimax GS-5008PL <= 1.00.54 Stored XSS via Device Name	17.03.2026
CVE-2026-32841	Edimax GS-5008PL <= 1.00.54 Global Authentication State Across All Clients	17.03.2026
CVE-2026-32842	Edimax GS-5008PL <= 1.00.54 Admin Credentials Stored in Cleartext	17.03.2026
CVE-2026-4349	Duende IdentityServer Token Renewal Endpoint authorize improper authentication	17.03.2026
CVE-2026-2809	Endpoint DLP Driver DLL	17.03.2026
CVE-2026-25936	GLPI Vulnerable to Authenticated SQL Injection	17.03.2026	6.5
CVE-2026-32981	Ray Dashboard <= 2.8.0 Path Traversal Leading to Local File Disclosure	17.03.2026
CVE-2026-4359	Heap-buffer-over-read in _mongoc_http_send via strstr on non-null-terminated buffer	17.03.2026
CVE-2025-15584	Endpoint DLP Driver Filter Communication Port Integer Overflow	18.03.2026
CVE-2026-30707		18.03.2026
CVE-2026-32836	mackron / dr_libs Excessive Memory Allocation in PICTURE Metadata Parsing	18.03.2026
CVE-2026-32837	mackron / miniaudio Out-of-Bounds Read in BEXT Coding History Parsing	17.03.2026
CVE-2026-3563		17.03.2026
CVE-2026-4064		17.03.2026
CVE-2026-4295	Arbitrary code execution via crafted project files in Kiro IDE	18.03.2026	7.8
CVE-2026-4358	Memory safety issues in slot-based execution hash table spill	17.03.2026
CVE-2025-47873		18.03.2026	6.1
CVE-2025-58427		18.03.2026	6.1
CVE-2025-61952		18.03.2026	6.1
CVE-2025-61979		17.03.2026	6.1
CVE-2025-62403		18.03.2026	6.1
CVE-2025-62500		17.03.2026	6.1
CVE-2025-64301		18.03.2026	7.8
CVE-2025-64733		18.03.2026	6.1
CVE-2025-64735		18.03.2026	6.1
CVE-2025-64776		18.03.2026	6.1
CVE-2025-65119		17.03.2026	6.1
CVE-2025-66000		18.03.2026	6.1
CVE-2025-66042		18.03.2026	6.1
CVE-2025-66342		17.03.2026	7.8
CVE-2025-66503		18.03.2026	6.1
CVE-2025-66617		18.03.2026	6.1
CVE-2025-66633		18.03.2026	6.1
CVE-2026-20726		18.03.2026	6.1
CVE-2026-22882		18.03.2026	6.1
CVE-2026-25790	Wazuh has Stack-Based Buffer Overflow in Security Configuration Assessment JSON Parser	18.03.2026	4.9