CVE Field Guide

Critical CVEs

CVE	Title	Updated	Score
CVE-2026-0953	Tutor LMS Pro <= 3.9.5 - Authentication Bypass via Social Login	10.03.2026	9.8
CVE-2026-27685	Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration	10.03.2026	9.1
CVE-2026-30921	OneUptime Synthetic Monitor RCE via exposed Playwright browser object	09.03.2026	10
CVE-2026-30887	OneUptime Affected by Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCE	09.03.2026	10
CVE-2026-30862	Critical Stored XSS & Privilege Escalation in Appsmith	09.03.2026	9.1
CVE-2026-30869	SiYuan has a Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage	09.03.2026	9.3
CVE-2025-11158	Hitachi Vantara Pentaho Data Integration & Analytics - Missing Authorization	09.03.2026	9.1
CVE-2026-28431	Misskey lacks proper authorization checks and input validation	09.03.2026	9.2
CVE-2026-30240	Budibase PWA ZIP Upload Path Traversal Allows Reading Arbitrary Server Files Including All Environment Secrets	09.03.2026	9.6
CVE-2026-31816	Budibase Universal Auth Bypass via Webhook Query Param Injection	09.03.2026	9.1
CVE-2025-41764	Unchecked role in wwwupdate.cgi	09.03.2026	9.1
CVE-2025-41765	Unchecked role in wwwupload.cgi	09.03.2026	9.1
CVE-2026-3823	Atop Technologies｜EHG2408 series switch - Stack-based Buffer Overflow	09.03.2026	9.3
CVE-2026-3630	Stack-based Buffer Overflow Vulnerability in COMMGR2	09.03.2026	9.8
CVE-2026-3703	Wavlink NU516U1 login.cgi sub_401A10 out-of-bounds write	08.03.2026	9.3
CVE-2026-30860	WeKnora: Remote Code Execution via SQL Injection Bypass in AI Database Query Tool	09.03.2026	10
CVE-2026-30861	WeKnora: Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation	09.03.2026	10
CVE-2026-30863	Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters	09.03.2026	9.3
CVE-2026-30832	Soft Serve: SSRF via unvalidated LFS endpoint in repo import	09.03.2026	9.1
CVE-2026-29191	ZITADEL: 1-Click Account Takeover via XSS in /saml-post Endpoint	09.03.2026	9.3
CVE-2026-25070	XikeStor SKS8310-8X PingTestSet Command Injection	07.03.2026	9.3
CVE-2026-29789	Vito: Cross-project privilege escalation in workflow site-creation actions allows unauthorized server modification	09.03.2026	10
CVE-2026-30847	Wekan Credential Leak via notificationUsers Publication Exposes Password Hashes and Session Tokens	09.03.2026	9.3
CVE-2026-30843	Wekan has Cross-Board IDOR in Custom Fields Update Endpoints	09.03.2026	9.3
CVE-2026-30844	Wekan Vulnerable to SSRF through Lack of Validation or Filtering in Attachment URL Loading	09.03.2026	9.3
CVE-2026-28514	Rocket.Chat: Users can login with any password via the EE ddp-streamer-service	09.03.2026	9.3
CVE-2026-26288	Everon api.everon.io Missing Authentication for Critical Function	06.03.2026	9.3
CVE-2026-26051	Mobiliti e-mobi.hu Missing Authentication for Critical Function	09.03.2026	9.3
CVE-2026-2330	CVE-2026-2330	09.03.2026	9.4
CVE-2026-2331	CVE-2026-2331	09.03.2026	9.8
CVE-2026-29183	SiYuan: Unauthenticated reflected SVG XSS in `/api/icon/getDynamicIcon` (`type=8`) enables arbitrary JavaScript execution	06.03.2026	9.3
CVE-2026-29058	AVideo: Unauthenticated OS Command Injection via base64Url in objects/getImage.php	09.03.2026	9.8
CVE-2026-28794	oRPC: Prototype Pollution in `@orpc/client` via `StandardRPCJsonSerializer` Deserialization	09.03.2026	9.3
CVE-2026-28508	Idno: Unauthenticated SSRF via URL Unfurl Endpoint	06.03.2026	9.2
CVE-2026-28680	Ghostfolio: Full-Read SSRF in Manual Asset Import	06.03.2026	9.3
CVE-2026-28785	Ghostfolio: Time-Based Blind SQL Injection in Manual Asset Import	06.03.2026	9.3
CVE-2025-59542	Chamilo: Account Takeover via Stored XSS in Course Learning Paths	06.03.2026	9.1
CVE-2025-59543	Chamilo: Account Takeover via Stored XSS in Course Description	09.03.2026	9.1
CVE-2026-28497	TinyWeb: Integer Overflow in `_Val` (HTTP Request Smuggling)	06.03.2026	9.3
CVE-2026-28501	WWBN AVideo: Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php	06.03.2026	9.8
CVE-2026-28502	WWBN AVideo: Authenticated Remote Code Execution via Unsafe Plugin ZIP Extraction	06.03.2026	9.3
CVE-2026-29046	TinyWeb: HTTP Header Control Character Injection into CGI Environment	06.03.2026	9.2
CVE-2026-22552	ePower epower.ie Missing Authentication for Critical Function	09.03.2026	9.3
CVE-2026-21536	Microsoft Devices Pricing Program Remote Code Execution Vulnerability	09.03.2026	9.8
CVE-2026-28391	OpenClaw < 2026.2.2 - Command Injection via cmd.exe Parsing Bypass in Allowlist Enforcement	06.03.2026	9.2
CVE-2026-28446	OpenClaw < 2026.2.1 - Inbound Allowlist Policy Bypass in voice-call Extension via Empty Caller ID and Suffix Matching	06.03.2026	9.2
CVE-2026-28466	OpenClaw < 2026.2.14 - Remote Code Execution via Node Invoke Approval Bypass	09.03.2026	9.4
CVE-2026-28470	OpenClaw < 2026.2.2 - Exec Allowlist Bypass via Command Substitution in Double Quotes	09.03.2026	9.2
CVE-2026-28472	OpenClaw < 2026.2.2 - Device Identity Check Bypass in Gateway WebSocket Connect Handshake	09.03.2026	9.2
CVE-2026-28474	OpenClaw Nextcloud Talk < 2026.2.6 - Allowlist Bypass via actor.name Display Name Spoofing	09.03.2026	9.3
CVE-2026-21622	Password Reset Tokens Do Not Expire	05.03.2026	9.5
CVE-2025-55208	Chamilo LMS has Stored Cross Site Scripting on Social Networks Uploaded Files	06.03.2026	9.1
CVE-2026-29188	File Browser: TUS Delete Endpoint Bypasses Delete Permission Check	06.03.2026	9.1
CVE-2026-0848	Arbitrary Code Execution in NLTK StanfordSegmenter via Untrusted JAR Loading	06.03.2026	10
CVE-2026-28353	Trivy Vulnerability Scanner: Unauthorized AI Agent Execution Code Included in OpenVSX Extension Release	06.03.2026	10
CVE-2026-25921	Gogs: Cross-repository LFS object overwrite via missing content hash verification	06.03.2026	9.3
CVE-2026-24457		06.03.2026	9.1
CVE-2026-27944	Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure	06.03.2026	9.8
CVE-2026-30789	RustDesk Client Generates Auth Proof Without Client-Side Nonce, Enabling Replay Attacks	05.03.2026	9.3
CVE-2026-30790	RustDesk Server Controls All Handshake Entropy (Salt/Challenge), Enabling Offline Brute-Force	05.03.2026	9.3
CVE-2026-30797	RustDesk rustdesk://config/ URI Silently Re-homes Client to Attacker-Controlled Server	05.03.2026	9.3
CVE-2026-30792	RustDesk Client Blindly Merges Unauthenticated Strategy Payloads, Bypassing Local Security Settings	06.03.2026	9.1
CVE-2026-30793	RustDesk Flutter URI Handler Sets Permanent Password Without Privilege Check or User Confirmation	05.03.2026	9.3
CVE-2026-30794	RustDesk HTTP Client Silently Accepts Invalid TLS Certificates After Handshake Failure	05.03.2026	9.1
CVE-2026-2599	Database for Contact Form 7, WPforms, Elementor forms <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv'	05.03.2026	9.8
CVE-2026-21628	Extension - astroidframe.work - Unauthenticated Remote Code Execution in Astroid Framework 2.0.0 - 3.3.10 for Joomla	05.03.2026	10
CVE-2026-28536		05.03.2026	9.6
CVE-2026-2743	SEPPmail User Web Interface Arbitrary File Write to RCE	05.03.2026	10
CVE-2026-1678	dns: memory‑safety issue in the DNS name parser	05.03.2026	9.4
CVE-2026-29127	Incorrect Permission Assignment(777) on `monitor` Users Home Directory Containing SUID Root Binaries in IDC SFX2100	05.03.2026	9.2
CVE-2026-2835	HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing	06.03.2026	9.3
CVE-2026-2833	HTTP Request Smuggling via Premature Upgrade	06.03.2026	9.3
CVE-2026-29000	pac4j-jwt JwtAuthenticator Authentication Bypass	07.03.2026	10
CVE-2026-20079		05.03.2026	10
CVE-2026-20131		05.03.2026	10
CVE-2026-28783	Craft has a Twig Function Blocklist Bypass	06.03.2026	9.4
CVE-2026-28697	Craft Affected by Authenticated RCE via "craft.app.fs.write()" in Twig Templates	06.03.2026	9.4
CVE-2026-27441	PDF Password CMDi	04.03.2026	9.5
CVE-2026-27442	zip_attachments Path Traversal	04.03.2026	9.3
CVE-2026-27446	Apache Artemis, Apache ActiveMQ Artemis: Auth bypass for Core downstream federation	05.03.2026	9.3
CVE-2026-29120	Insecure, Hardcoded Root Password Stored in Anaconda Configuration File On IDC SFX2100 Satellite Receiver	05.03.2026	9.2
CVE-2026-28777	Hardcoded and Insecure Credentials for "User" Local Account with SSH Access On IDC SFX2100 Satellite Receiver	05.03.2026	9.2
CVE-2026-28773	Authenticated OS Command Injection via Ping Utility Leading to RCE as Root	05.03.2026	9.3
CVE-2026-28774	Authenticated OS Command Injection via Traceroute Utility leads to Root RCE	05.03.2026	9.3
CVE-2026-28775	Unauthenticated RCE via SNMP Default Writable Community String	05.03.2026	10
CVE-2026-27971	Qwik affected by unauthenticated RCE via server$ Deserialization	04.03.2026	9.2
CVE-2026-28289	FreeScout 1.8.206 Patch Bypass for CVE-2026-27636 via Zero-Width Space Character Leads to Remote Code Execution	05.03.2026	10
CVE-2026-26279	Froxlor Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection	04.03.2026	9.1
CVE-2026-26266	AliasVault affected by Cross-Site Scripting (XSS) via Email HTML Rendering	04.03.2026	9.3
CVE-2026-24898	OpenEMR has an Unauthenticated MedEx Token Disclosure	04.03.2026	10
CVE-2026-25146	OpenEMR's payments gateway_api_key secret rendered into client JS code	04.03.2026	9.6
CVE-2026-27012	Unauthenticated privilege escalation in OpenSTAManager via modules/utenti/actions.php	04.03.2026	9.8
CVE-2026-3485	D-Link DIR-868L SSDP Service sub_1BF84 os command injection	03.03.2026	9.3
CVE-2026-3437	Improper Restriction of Operations within the Bounds of a Memory Buffer in Portwell Engineering Toolkits	03.03.2026	9.3
CVE-2026-22891		03.03.2026	9.8

Latest Updates

CVE	Title	Updated	Score
CVE-2026-2364	CODESYS Installer TOCTOU Privilege Escalation	10.03.2026	7.3
CVE-2026-1508	Court Reservation < 1.10.9 - Event Deletion via CSRF	10.03.2026
CVE-2026-0953	Tutor LMS Pro <= 3.9.5 - Authentication Bypass via Social Login	10.03.2026	9.8
CVE-2025-2399	Denial of Service (DoS) Vulnerability in Mitsubishi Electric CNC Series	10.03.2026	5.9
CVE-2026-3585	The Events Calendar <= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_create_import	10.03.2026	7.5
CVE-2026-1919	Booktics <= 1.0.16 - Missing Authorization to Get Items via REST API endpoints	10.03.2026	5.3
CVE-2026-1920	Booktics <= 1.0.16 - Missing Authorization to Addon Plugin Installation	10.03.2026	5.3
CVE-2025-36173	InfoSphere Data Architect (IDA) 9.2.1 Vulnerability Fixes.	10.03.2026	6.1
CVE-2025-36105	IBM Planning Analytics Advanced Certified Containers is vulnerable to a sensitive information disclosure vulnerability	10.03.2026	4.4
CVE-2026-0489	DOM-based Cross-Site Scripting (XSS) Vulnerability in SAP Business One (Job Service)	10.03.2026	6.1
CVE-2026-24309	Missing Authorization check in SAP NetWeaver Application Server for ABAP	10.03.2026	6.4
CVE-2026-24310	Missing Authorization check in SAP NetWeaver Application Server for ABAP	10.03.2026	3.5
CVE-2026-24311	Insecure Storage Protection vulnerability in SAP Customer Checkout 2.0	10.03.2026	5.6
CVE-2026-24313	Missing Authorization check in SAP Solution Tools Plug-In (ST-PI)	10.03.2026	5
CVE-2026-24316	Server-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAP	10.03.2026	6.4
CVE-2026-24317	DLL Hijacking vulnerability in SAP GUI for Windows with active GuiXT	10.03.2026	5
CVE-2026-27684	SQL Injection Vulnerability in SAP NetWeaver (Feedback Notification)	10.03.2026	6.4
CVE-2026-27685	Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration	10.03.2026	9.1
CVE-2026-27686	Missing Authorization check in SAP Business Warehouse (Service API)	10.03.2026	5.9
CVE-2026-27687	Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal	10.03.2026	5.8
CVE-2026-27688	Missing Authorization check in SAP NetWeaver Application Server for ABAP	10.03.2026	5
CVE-2026-27689	Denial of service (DOS) in SAP Supply Chain Management	10.03.2026	7.7
CVE-2026-30925	Parse Server affected by Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQuery	09.03.2026
CVE-2026-30927	Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter	09.03.2026
CVE-2026-30917	Stored XSS on Bucket namespace pages	09.03.2026
CVE-2026-30918	facileManager Affected by Reflected Cross-Site Scripting (XSS)	09.03.2026	7.6
CVE-2026-30919	facileManager Affected by Stored Cross-Site Scripting (XSS)	09.03.2026	7.6
CVE-2026-30920	OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding	09.03.2026	8.6
CVE-2026-30921	OneUptime Synthetic Monitor RCE via exposed Playwright browser object	09.03.2026	10
CVE-2026-30887	OneUptime Affected by Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCE	09.03.2026	10
CVE-2026-30913	flarum/nickname: Display name injection in notification emails (autolink & markdown)	09.03.2026	4.6
CVE-2026-30916	Shescape has possible misidentification of shell due to link chains	09.03.2026
CVE-2026-28267		09.03.2026
CVE-2026-29773	kubewarden-controller cross-namespace data exfiltration via deprecated host callback binding	09.03.2026	4.3
CVE-2026-30862	Critical Stored XSS & Privilege Escalation in Appsmith	09.03.2026	9.1
CVE-2026-30869	SiYuan has a Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage	09.03.2026	9.3
CVE-2026-30870	Some sync filters in PowerSync Service ignored using `config.edition: 3`	09.03.2026	6.5
CVE-2026-30885	WWBN AVideo - Unauthenticated IDOR - Playlist Information Disclosure	09.03.2026
CVE-2025-11158	Hitachi Vantara Pentaho Data Integration & Analytics - Missing Authorization	09.03.2026	9.1
CVE-2026-28281	InstantCMS has Multiple CSRF Vulnerabilities	09.03.2026	7.1
CVE-2026-28512	Pocket ID: OAuth redirect_uri validation bypass via userinfo/host confusion	09.03.2026	7.1
CVE-2026-28513	Pocket ID: OIDC authorization code validation uses AND instead of OR, allowing cross-client token exchange	09.03.2026	8.5
CVE-2026-30929	ImageMagick has a stack buffer overflow in MagnifyImage	09.03.2026	7.7
CVE-2026-30931	ImageMagick has a heap-based buffer overflow in UHDR encoder	09.03.2026	6.8
CVE-2026-30935	ImageMagick has a heap Buffer Over-Read in BilateralBlurImage	09.03.2026	4.4
CVE-2026-30936	ImageMagick has a heap Buffer Overflow in WaveletDenoiseImage	09.03.2026	5.5
CVE-2026-30937	ImageMagick has a heap buffer overflow in WriteXWDImage due to CARD32 arithmetic overflow in bytes_per_line calculation	09.03.2026	6.8
CVE-2026-28494	ImageMagick affected by stack corruption through long morphology kernel names or arrays	09.03.2026	7.1
CVE-2026-28686	ImageMagick has a write heap-buffer-overflow in PCL encoder via undersized output buffer	09.03.2026	6.8
CVE-2026-28687	ImageMagick has a Heap Use-After-Free in ImageMagick MSL decoder	09.03.2026	5.3
CVE-2026-28688	ImageMagick has a heap use-after-free in the MSL encoder	09.03.2026	4
CVE-2026-28689	ImageMagick has a Path Policy TOCTOU symlink race bypass	09.03.2026	6.3
CVE-2026-28690	ImageMagick has a stack write buffer overflow in MNG encoder	09.03.2026	6.9
CVE-2026-28691	ImageMagick has an uninitialized pointer dereference in JBIG decoder	09.03.2026	7.5
CVE-2026-28692	ImageMagick has a heap buffer over-read via 32-bit integer overflow in MAT decoder	09.03.2026	4.8
CVE-2026-28693	ImageMagick has an integer overflow in DIB coder can result in out of bounds read or write	09.03.2026	8.1
CVE-2026-30883	ImageMagick has a Heap Overflow when writing extremely large image profile in the PNG encoder	09.03.2026	5.7
CVE-2026-28431	Misskey lacks proper authorization checks and input validation	09.03.2026
CVE-2026-28432	HTTP signature verification can be bypassed	09.03.2026
CVE-2026-28433	Misskey lacks resource ownership validation	09.03.2026
CVE-2026-28493	ImageMagick has a Integer Overflow leading to out of bounds write in SIXEL decoder	09.03.2026	6.5
CVE-2026-1776	Camaleon CMS AWS Uploader Authenticated Path Traversal Arbitrary File Read	09.03.2026
CVE-2026-26982	Ghostty affected by arbitrary command execution via control characters in paste and drag-and-drop operations	09.03.2026	6.3
CVE-2026-30926	SiYuan Note publish service authorization bypass allows low-privilege users to modify notebook content	09.03.2026	7.1
CVE-2026-31802	node-tar Symlink Path Traversal via Drive-Relative Linkpath	09.03.2026
CVE-2026-25960	SSRF Protection Bypass in vLLM	09.03.2026	7.1
CVE-2026-30240	Budibase PWA ZIP Upload Path Traversal Allows Reading Arbitrary Server Files Including All Environment Secrets	09.03.2026	9.6
CVE-2026-31816	Budibase Universal Auth Bypass via Webhook Query Param Injection	09.03.2026	9.1
CVE-2026-3288	ingress-nginx rewrite-target nginx configuration injection	09.03.2026	8.8
CVE-2025-15603	open-webui JWT Key start_windows.bat random values	09.03.2026
CVE-2025-70028		09.03.2026
CVE-2025-70973		09.03.2026
CVE-2026-25045	Budibase Critical Privilege Escalation & IDOR via Missing RBAC on User Role Management (Creator-Role)	09.03.2026
CVE-2026-25737	Budibase Arbitrary File Upload Leading to Multiple Critical Vulnerabilities (SSRF, Stored XSS)	09.03.2026	8.9
CVE-2026-25041	Budibase has a Command Injection in PostgreSQL Dump Command	09.03.2026
CVE-2025-62166	FreshRSS has an IDOR which allows for viewing feeds of any user and leaking tokens	09.03.2026	7.5
CVE-2025-68402	FreshRSS has an authentication bypass due to truncated bcrypt hash [edge branch]	09.03.2026
CVE-2025-70030		09.03.2026
CVE-2025-70031		09.03.2026
CVE-2026-0846	Arbitrary File Read via Absolute Path Input in nltk.util.filestring()	09.03.2026
CVE-2025-70032		09.03.2026
CVE-2026-3638		09.03.2026
CVE-2026-30140		09.03.2026
CVE-2026-29023	Keygraph Shannon Hard-coded Router API Key	09.03.2026
CVE-2025-70033		09.03.2026
CVE-2025-70034		09.03.2026
CVE-2025-70038		09.03.2026
CVE-2025-70039		09.03.2026
CVE-2025-70037		09.03.2026
CVE-2025-15568	Command Injection Vulnerability on TP-Link Archer AXE75	10.03.2026
CVE-2024-14027	xattr: switch to CLASS(fd)	09.03.2026
CVE-2025-70040		09.03.2026
CVE-2025-70060		09.03.2026
CVE-2026-3588	Server-Side Request Forgery (SSRF) in ikea dirigera	09.03.2026	7.5
CVE-2025-70042		09.03.2026
CVE-2025-70046		09.03.2026
CVE-2025-70050		09.03.2026
CVE-2026-25866	MobaXterm < 26.1 Notepad++ Unquoted Service Path	09.03.2026
CVE-2025-70047		09.03.2026
CVE-2025-70048		09.03.2026
CVE-2025-70059		09.03.2026
CVE-2025-70238		09.03.2026
CVE-2025-69647		09.03.2026
CVE-2025-69648		09.03.2026
CVE-2025-70243		09.03.2026
CVE-2025-70250		09.03.2026
CVE-2026-3089	Actual Sync Server 26.2.1 - Authenticated Path Traversal	09.03.2026
CVE-2026-2919	Attacker-controlled content shown under spoofed domains in Focus for iOS via stalled navigation and iframe redirect	09.03.2026
CVE-2026-3819	SourceCodester Resort Reservation System Reservation Management page cross site scripting	09.03.2026
CVE-2026-21736	GPU DDK - Insufficient permission check in PhysmemWrapExtMem() when write attribute support enabled	09.03.2026
CVE-2026-2261	blocklistd(8) socket leak	09.03.2026
CVE-2026-3038	Local DoS and possible privilege escalation via routing sockets	09.03.2026
CVE-2025-15576	Jail chroot escape via fd exchange with a different jail	09.03.2026
CVE-2026-3818	Tiandy Easy7 CMS Windows GetDBData.jsp sql injection	09.03.2026
CVE-2025-15547	Jail escape by a privileged user via nullfs	09.03.2026
CVE-2025-14558	Remote code execution via ND6 Router Advertisements	10.03.2026
CVE-2025-14769	ipfw denial of service	09.03.2026
CVE-2026-3817	SourceCodester Patients Waiting Area Queue Management System patient-search.php improper authorization	09.03.2026
CVE-2026-3816	OWASP DefectDojo SonarQubeParser/MSDefenderParser parser.py input_zip.read denial of service	09.03.2026
CVE-2026-25604	Apache Airflow AWS Auth Manager - Host Header Injection Leading to SAML Authentication Bypass	09.03.2026
CVE-2026-3815	UTT HiPER 810G formApMail strcpy buffer overflow	09.03.2026