| CVE-2025-46597 |
|
20.03.2026 |
|
| CVE-2025-67260 |
|
20.03.2026 |
|
| CVE-2026-32986 |
Textpattern CMS 4.9.0: Second-Order XSS via Atom Feed Injection |
20.03.2026 |
|
| CVE-2026-4488 |
UTT HiPER 1250GW setSysAdm strcpy buffer overflow |
20.03.2026 |
|
| CVE-2025-46598 |
|
20.03.2026 |
|
| CVE-2026-4519 |
webbrowser.open() allows leading dashes in URLs |
20.03.2026 |
|
| CVE-2026-22172 |
OpenClaw < 2026.3.12 - Scope Elevation in WebSocket Shared-Auth Connections |
20.03.2026 |
|
| CVE-2026-29794 |
Vikunja has Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers |
20.03.2026 |
5.3 |
| CVE-2026-33312 |
Read-only Vikunja users can delete project background images via broken object-level authorization |
20.03.2026 |
|
| CVE-2026-4487 |
UTT HiPER 1200GW websHostFilter strcpy buffer overflow |
20.03.2026 |
|
| CVE-2026-33368 |
|
20.03.2026 |
|
| CVE-2026-33369 |
|
20.03.2026 |
|
| CVE-2026-33370 |
|
20.03.2026 |
|
| CVE-2026-33371 |
|
20.03.2026 |
|
| CVE-2026-33372 |
|
20.03.2026 |
|
| CVE-2026-4486 |
D-Link DIR-513 Web Service formEasySetPassword stack-based overflow |
20.03.2026 |
|
| CVE-2024-44722 |
|
20.03.2026 |
|
| CVE-2026-4485 |
itsourcecode College Management System search_student.php sql injection |
20.03.2026 |
|
| CVE-2026-31381 |
Gainsight Assist plugin information disclosure |
20.03.2026 |
5.3 |
| CVE-2026-31382 |
Gainsight Assist reflected XSS/HTML injection |
20.03.2026 |
6.1 |
| CVE-2026-4434 |
|
20.03.2026 |
|
| CVE-2026-33133 |
WeGIA has an arbitrary SQL execution vulnerability via crafted backup archive |
20.03.2026 |
|
| CVE-2026-33134 |
WeGIA has Authenticated Time-Based Blind SQL Injection in `restaurar_produto.php` via `id_produto` parameter |
20.03.2026 |
9.3 |
| CVE-2026-33135 |
WeGIA has Reflected Cross-Site Scripting (XSS) in `novo_memorandoo.php` via `sccs` parameter |
20.03.2026 |
9.3 |
| CVE-2026-33136 |
WeGIA has Reflected Cross-Site Scripting (XSS) in `listar_memorandos_ativos.php` via `sccd` parameter |
20.03.2026 |
9.3 |
| CVE-2026-33131 |
h3 has a middleware bypass with one gadget |
20.03.2026 |
7.4 |
| CVE-2026-33132 |
ZITADEL is missing enforcement of organization scopes |
20.03.2026 |
5.3 |
| CVE-2026-25792 |
Greenshot Vulnerable to OS Command Injection via ExternalCommand Plugin |
20.03.2026 |
6.5 |
| CVE-2026-32305 |
Traefik mTLS bypass via fragmented ClientHello SNI extraction failure |
20.03.2026 |
|
| CVE-2026-32595 |
Traefik: BasicAuth Middleware Timing Attack Allows Username Enumeration |
20.03.2026 |
|
| CVE-2026-33129 |
h3 has an observable timing discrepancy in basic auth utils |
20.03.2026 |
5.9 |
| CVE-2026-33130 |
Uptime Kuma: SSTI in Notification Templates Allows Arbitrary File Read (Incomplete Fix for GHSA-vffh-c9pq-4crh) |
20.03.2026 |
6.5 |
| CVE-2026-0677 |
WordPress TotalContest Lite plugin <= 2.9.1 - PHP Object Injection vulnerability |
20.03.2026 |
7.2 |
| CVE-2026-22324 |
WordPress Melania theme <= 2.5.0 - Local File Inclusion vulnerability |
20.03.2026 |
8.1 |
| CVE-2026-33125 |
Frigate Broken Access Control: Users assigned the viewer role can delete admin and other low-privileged accounts |
20.03.2026 |
7.1 |
| CVE-2026-33128 |
h3 has a Server-Sent Events Injection via Unsanitized Newlines in Event Stream Fields |
20.03.2026 |
7.5 |
| CVE-2024-31119 |
WordPress Download Special Box for Content plugin <= 1 - Cross Site Scripting (XSS) vulnerability |
20.03.2026 |
5.9 |
| CVE-2024-32537 |
WordPress Flash Video Player plugin <= 5.0.4 - CSRF to XSS vulnerability |
20.03.2026 |
7.1 |
| CVE-2026-33081 |
PinchTab has Blind SSRF via browser-side redirect bypass in /download URL validation |
20.03.2026 |
5.8 |
| CVE-2026-33123 |
pypdf has inefficient decoding of array-based streams |
20.03.2026 |
|
| CVE-2026-33124 |
Frigate has insecure password change functionality |
20.03.2026 |
|
| CVE-2026-27625 |
Stirling-PDF Zip Slip: Arbitrary File Write via Path Traversal in Markdown-to-PDF ZIP Extraction |
20.03.2026 |
8.1 |
| CVE-2026-32701 |
Qwik has array method pollution in FormData processing, allowing type confusion and DoS |
20.03.2026 |
7.5 |
| CVE-2026-33080 |
Filament: Unvalidated Range and Values summarizer values can be used for XSS |
20.03.2026 |
7.3 |
| CVE-2026-2421 |
ilGhera Carta Docente for WooCommerce <= 1.5.0 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'cert' Parameter |
20.03.2026 |
6.5 |
| CVE-2026-2432 |
CM Custom Reports <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Labels |
20.03.2026 |
4.4 |
| CVE-2026-33070 |
FileRise has Unauthenticated Share Link Deletion |
20.03.2026 |
3.7 |
| CVE-2026-33071 |
FileRise: WebDAV upload path bypasses filename validation enforced by regular uploads |
20.03.2026 |
4.3 |
| CVE-2026-33072 |
FileRise: Default Encryption Key Enables Token Forgery and Config Decryption |
20.03.2026 |
8.2 |
| CVE-2026-33075 |
FastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.yml |
20.03.2026 |
|
| CVE-2026-3550 |
RockPress <= 1.0.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via AJAX Actions |
20.03.2026 |
5.3 |
| CVE-2026-23271 |
perf: Fix __perf_event_overflow() vs perf_remove_from_context() race |
20.03.2026 |
|
| CVE-2026-23272 |
netfilter: nf_tables: unconditionally bump set->nelems before insertion |
20.03.2026 |
|
| CVE-2026-23273 |
macvlan: observe an RCU grace period in macvlan_common_newlink() error path |
20.03.2026 |
|
| CVE-2026-23274 |
netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels |
20.03.2026 |
|
| CVE-2026-23275 |
io_uring: ensure ctx->rings is stable for task work flags manipulation |
20.03.2026 |
|
| CVE-2026-23276 |
net: add xmit recursion limit to tunnel xmit functions |
20.03.2026 |
|
| CVE-2026-23277 |
net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit |
20.03.2026 |
|
| CVE-2026-23278 |
netfilter: nf_tables: always walk all pending catchall elements |
20.03.2026 |
|
| CVE-2026-33066 |
SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering |
20.03.2026 |
|
| CVE-2026-33067 |
SiYuan has Stored XSS to RCE via Unsanitized Bazaar Package Metadata |
20.03.2026 |
|
| CVE-2026-33068 |
Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File |
20.03.2026 |
|
| CVE-2026-33069 |
PJSIP has an Out-of-bounds Read in SIP multipart parsing |
20.03.2026 |
|
| CVE-2026-33192 |
free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques |
20.03.2026 |
|
| CVE-2026-33064 |
free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference |
20.03.2026 |
|
| CVE-2026-33065 |
free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request |
20.03.2026 |
|
| CVE-2026-33191 |
free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error |
20.03.2026 |
|
| CVE-2026-33022 |
Tekton Pipelines: Controller can panic when setting long resolver names in TaskRun/PipelineRun |
20.03.2026 |
6.5 |
| CVE-2026-33061 |
exactyl has Stored DOM Cross-Site Scripting (XSS) via unescaped JSON in Blade template |
20.03.2026 |
5.8 |
| CVE-2026-33056 |
tar-rs: unpack_in can chmod arbitrary directories by following symlinks |
20.03.2026 |
|
| CVE-2026-33057 |
Mesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-py |
20.03.2026 |
9.8 |
| CVE-2026-33060 |
CKAN MCP Server: SSRF via base_url allows access to internal networks |
20.03.2026 |
5.3 |
| CVE-2026-33053 |
Langflow has Missing Ownership Verification in API Key Deletion (IDOR) |
20.03.2026 |
|
| CVE-2026-33054 |
Mesop: Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion |
20.03.2026 |
10 |
| CVE-2026-33055 |
tar-rs incorrectly ignores PAX size headers if header size is nonzero |
20.03.2026 |
|
| CVE-2026-4477 |
Yi Technology YI Home Camera WPA/WPS hard-coded key |
20.03.2026 |
|
| CVE-2026-4478 |
Yi Technology YI Home Camera HTTP Firmware Update ipc signature verification |
20.03.2026 |
|
| CVE-2026-4476 |
Yi Technology YI Home Camera CGI Endpoint ipc missing authentication |
20.03.2026 |
|
| CVE-2026-4474 |
itsourcecode University Management System admin_single_student_update.php cross site scripting |
20.03.2026 |
|
| CVE-2026-4475 |
Yi Technology YI Home Camera ipc hard-coded credentials |
20.03.2026 |
|
| CVE-2026-33039 |
AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy |
20.03.2026 |
8.6 |
| CVE-2026-33040 |
libp2p-rust: Gossipsub PRUNE.backoff Duration Overflow |
20.03.2026 |
|
| CVE-2026-33041 |
AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php |
20.03.2026 |
5.3 |
| CVE-2026-33043 |
AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS |
20.03.2026 |
8.1 |
| CVE-2026-33051 |
Craft CMS Vulnerable to Stored XSS in Revision Context Menu |
20.03.2026 |
|
| CVE-2026-32768 |
Chall-Manager's invalid NetworkPolicy enables a malicious actor to pivot into another namespace |
20.03.2026 |
|
| CVE-2026-33036 |
fast-xml-parser affected by numeric entity expansion bypassing all entity expansion limits (incomplete fix for CVE-2026-26278) |
20.03.2026 |
7.5 |
| CVE-2026-33037 |
WWBN AVideo has predictable default admin credentials in official Docker deployment path |
20.03.2026 |
8.1 |
| CVE-2026-33038 |
AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments |
20.03.2026 |
8.1 |
| CVE-2026-4473 |
itsourcecode Online Doctor Appointment System appointment_action.php sql injection |
20.03.2026 |
|
| CVE-2026-33012 |
Micronaut Framework vulnerable to a Denial of Service in HTML error response caching |
20.03.2026 |
7.5 |
| CVE-2026-33013 |
Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices |
20.03.2026 |
|
| CVE-2026-33017 |
Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint |
20.03.2026 |
|
| CVE-2026-33024 |
AVideo-Encoder has Unauthenticated Blind Server-Side Request Forgery via Public Thumbnail Generator |
20.03.2026 |
|
| CVE-2026-33025 |
AVideo-Encoder is Vulnerable to Authenticated SQL Injection via ORDER BY Clause |
20.03.2026 |
|
| CVE-2026-33035 |
Unauthenticated Reflected XSS via innerHTML in AVideo |
20.03.2026 |
|
| CVE-2026-4471 |
itsourcecode Online Frozen Foods Ordering System admin_edit_employee.php sql injection |
20.03.2026 |
|
| CVE-2026-4472 |
itsourcecode Online Frozen Foods Ordering System admin_edit_supplier.php sql injection |
20.03.2026 |
|
| CVE-2026-32947 |
Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier) |
20.03.2026 |
|
| CVE-2026-32949 |
SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL |
20.03.2026 |
|
| CVE-2026-32950 |
SQLBot: RCE via SQL Injection in Excel Upload Endpoint |
20.03.2026 |
|
| CVE-2026-32953 |
Tillitis: TKey Client has an Error in Protocol Implementation |
20.03.2026 |
|
| CVE-2026-32954 |
ERP has a possibility SQL Injection vulnerability due to missing validation |
20.03.2026 |
7.1 |
| CVE-2026-33011 |
Nest Fastify HEAD Request Middleware Bypass |
20.03.2026 |
|
| CVE-2026-4469 |
itsourcecode Online Frozen Foods Ordering System admin_edit_menu_action.php sql injection |
20.03.2026 |
|
| CVE-2026-4470 |
itsourcecode Online Frozen Foods Ordering System admin_edit_menu.php sql injection |
20.03.2026 |
|
| CVE-2026-32114 |
Discourse's unscoped status lookups leak restricted metadata |
20.03.2026 |
|
| CVE-2026-32938 |
SiYuan has an Arbitrary File Read in its Desktop Publish Service |
20.03.2026 |
9.9 |
| CVE-2026-32939 |
DataEase is Vulnerable to H2 JDBC RCE Bypass |
20.03.2026 |
|
| CVE-2026-32940 |
SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183) |
20.03.2026 |
9.3 |
| CVE-2026-32941 |
Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports |
20.03.2026 |
|
| CVE-2026-32942 |
PJSIP has ICE session use-after-free race conditions |
20.03.2026 |
|
| CVE-2026-32945 |
PJSIP is vulnerable to Heap-based Buffer Overflow through DNS parser |
20.03.2026 |
|
| CVE-2026-32946 |
Egress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier) |
20.03.2026 |
|
| CVE-2026-4038 |
Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call |
20.03.2026 |
9.8 |
| CVE-2026-4136 |
Membership Plugin – Restrict Content <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect |
20.03.2026 |
4.3 |
| CVE-2026-4468 |
Comfast CF-AC100 mbox-config command injection |
20.03.2026 |
|
| CVE-2026-21992 |
|
20.03.2026 |
9.8 |
| CVE-2026-30888 |
Discourse has moderator privilege escalation via arbitrary post_id in suspend/silence endpoint |
20.03.2026 |
2.2 |
| CVE-2026-30889 |
Discourse has Unauthorized Post Data Exposure in discourse-user-notes |
20.03.2026 |
|
| CVE-2026-30891 |
Discourse hasUnauthorized Exposure of Private User Action Types |
20.03.2026 |
|
| CVE-2026-31805 |
Discourse has a poll authorization bypass via post_id array parameter |
20.03.2026 |
5.3 |
| CVE-2026-31869 |
Discourse: Composer mentions endpoint leaks hidden group membership through PM `allowed_names` check |
20.03.2026 |
|
| CVE-2026-32888 |
Open Source Point of Sale is Vulnerable to SQL Injection Through its Item Search Functionality |
20.03.2026 |
8.8 |
| CVE-2026-32889 |
tinytag: Denial of Service via non-terminating SYLT frame parsing loop |
20.03.2026 |
6.5 |
| CVE-2026-32890 |
Anchorr: Stored XSS in User Mapping dropdown allows unprivileged Discord users to exfiltrate all secrets via /api/config |
20.03.2026 |
9.7 |
| CVE-2026-32891 |
Anchorr Privilege Escalation: Jellyseerr User → Anchorr Admin via Stored XSS |
20.03.2026 |
9.1 |
| CVE-2026-32933 |
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion |
20.03.2026 |
7.5 |
| CVE-2026-32935 |
phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack |
20.03.2026 |
|
| CVE-2026-32937 |
free5GC CHF has Out-of-Bounds Slice Access that Leads to DoS |
20.03.2026 |
|
| CVE-2026-33062 |
free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter |
20.03.2026 |
|
| CVE-2026-33063 |
free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion |
20.03.2026 |
|
| CVE-2026-4467 |
Comfast CF-AC100 mbox-config command injection |
20.03.2026 |
|
| CVE-2026-32711 |
pydicom: Path traversal in FileSet/DICOMDIR ReferencedFileID allows file access outside the File-set root |
20.03.2026 |
7.8 |
| CVE-2026-32808 |
pyLoad: Arbitrary File Deletion via Path Traversal during Encrypted 7z Password Verification |
20.03.2026 |
8.1 |
| CVE-2026-32811 |
Heimdall: Path received via Envoy gRPC corrupted when containing query string |
20.03.2026 |
8.2 |
| CVE-2026-32812 |
Admidio Vulnerable to SSRF and Local File Read via Unrestricted URL Fetch in SSO Metadata Endpoint |
20.03.2026 |
6.8 |
| CVE-2026-32813 |
Admidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter) |
20.03.2026 |
8 |
| CVE-2026-32817 |
Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion |
20.03.2026 |
9.1 |
| CVE-2026-32874 |
UltraJSON has a Memory Leak parsing large integers allows DoS |
20.03.2026 |
7.5 |
| CVE-2026-32875 |
UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop |
20.03.2026 |
7.5 |
| CVE-2026-4439 |
|
20.03.2026 |
|
| CVE-2026-4440 |
|
20.03.2026 |
|
| CVE-2026-4441 |
|
20.03.2026 |
|
| CVE-2026-4442 |
|
20.03.2026 |
|
| CVE-2026-4443 |
|
20.03.2026 |
|
| CVE-2026-4444 |
|
20.03.2026 |
|
| CVE-2026-4445 |
|
20.03.2026 |
|
| CVE-2026-4446 |
|
20.03.2026 |
|
| CVE-2026-4447 |
|
20.03.2026 |
|
| CVE-2026-4448 |
|
20.03.2026 |
|
| CVE-2026-4449 |
|
20.03.2026 |
|
| CVE-2026-4450 |
|
20.03.2026 |
|
| CVE-2026-4451 |
|
20.03.2026 |
|
| CVE-2026-4452 |
|
20.03.2026 |
|
| CVE-2026-4453 |
|
20.03.2026 |
|
| CVE-2026-4454 |
|
20.03.2026 |
|
| CVE-2026-4455 |
|
20.03.2026 |
|
| CVE-2026-4456 |
|
20.03.2026 |
|
| CVE-2026-4457 |
|
20.03.2026 |
|
| CVE-2026-4458 |
|
20.03.2026 |
|
| CVE-2026-4459 |
|
20.03.2026 |
|
| CVE-2026-4460 |
|
20.03.2026 |
|
| CVE-2026-4461 |
|
20.03.2026 |
|
| CVE-2026-4462 |
|
20.03.2026 |
|
| CVE-2026-4463 |
|
20.03.2026 |
|
| CVE-2026-4464 |
|
20.03.2026 |
|
| CVE-2026-4465 |
D-Link DIR-513 formSysCmd os command injection |
20.03.2026 |
|
| CVE-2026-4466 |
Comfast CF-AC100 mbox-config command injection |
20.03.2026 |
|
| CVE-2026-32873 |
ewe: Loop with Unreachable Exit Condition ('Infinite Loop') |
20.03.2026 |
7.5 |
| CVE-2026-32880 |
ChurchCRM is vulnerable to Stored XSS through JSON handling in SystemSettings.php |
20.03.2026 |
6.4 |
| CVE-2026-32881 |
ewe has an Overly Permissive List of Allowed Inputs |
20.03.2026 |
5.3 |
| CVE-2026-32767 |
SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API |
20.03.2026 |
9.8 |
| CVE-2026-32769 |
Fullchain's Invalid NetworkPolicy enables a malicious actor to pivot into another namespace |
20.03.2026 |
|
| CVE-2026-32771 |
Monitoring is vulnerable to Archive Slip due to missing checks in sanitization |
20.03.2026 |
|
| CVE-2026-32828 |
Kargo: SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration |
20.03.2026 |
|
| CVE-2026-32829 |
lz4_flex: Decompression can leak information from uninitialized memory or reused output buffer |
20.03.2026 |
|
| CVE-2026-32766 |
astral-tokio-tar insufficiently validates PAX extensions during extraction |
20.03.2026 |
|
| CVE-2026-32985 |
Xerte Online Toolkits <= 3.14 Unauthenticated Template Import Arbitrary File Upload Leading to Remote Code Execution |
20.03.2026 |
|
| CVE-2026-22737 |
Spring Framework Improper Path Limitation with Script View Templates |
20.03.2026 |
5.9 |
| CVE-2026-32761 |
File Browser has an Authorization Policy Bypass in its Public Share Download Flow |
19.03.2026 |
6.5 |
| CVE-2026-32764 |
|
19.03.2026 |
|
| CVE-2026-32765 |
|
19.03.2026 |
|
| CVE-2026-22735 |
Server Sent Event stream corruption |
20.03.2026 |
2.6 |
| CVE-2026-32759 |
File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely |
19.03.2026 |
|
| CVE-2026-32760 |
File Browser Self Registration Grants Any User Admin Access When Default Permissions Include Admin |
19.03.2026 |
|
| CVE-2026-22733 |
Authentication Bypass under Actuator CloudFoundry endpoints |
20.03.2026 |
8.2 |
| CVE-2026-32758 |
File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter |
19.03.2026 |
6.5 |
| CVE-2026-29108 |
Authenticated SuiteCRM Users Can Retrieve The Password Hash of Any User |
19.03.2026 |
6.5 |
| CVE-2026-29109 |
SuiteCRM Authenticated Remote Code Execution via Unsafe Deserialization in SavedSearch Filter Processing |
19.03.2026 |
|
| CVE-2026-29189 |
SuiteCRM has a REST API V8 IDOR: Missing ACL Checks on User Preferences and Relationship Endpoints |
20.03.2026 |
8.1 |
| CVE-2026-32697 |
SuiteCRM: RecordHandler::getRecord() missing ACLAccess('view') check allows any authenticated user to read any record (IDOR) |
19.03.2026 |
6.5 |
| CVE-2026-32756 |
Admidio: Unrestricted File Upload via CSRF Token Validation Bypass in Documents & Files Module |
19.03.2026 |
8.8 |
| CVE-2026-32757 |
Admidio: HTMLPurifier Bypass in eCard Message Allows HTML Email Injection |
19.03.2026 |
5.4 |
| CVE-2026-32763 |
SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`. |
19.03.2026 |
8.2 |
| CVE-2026-33288 |
SuiteCRM has Authenticated SQL Injection in Authentication Module |
19.03.2026 |
8.8 |
| CVE-2026-33289 |
SuiterCRM has LDAP Filter Injection in Authentication Module |
20.03.2026 |
8.8 |
| CVE-2026-29104 |
SuiteCRM Vulnerable to Authenticated Arbitrary File Upload via Configurator addfontresult View in SuiteCRM |
19.03.2026 |
2.7 |
| CVE-2026-29105 |
SuiteCRM has Unauthenticated Open Redirect in Leads WebToLead Capture |
19.03.2026 |
5.4 |
| CVE-2026-29106 |
SuiteCRM has blind XSS in return_id parameter |
20.03.2026 |
5.9 |
| CVE-2026-29107 |
SuiteCRM vulnerable to authenticated SSRF via PDF export |
19.03.2026 |
5 |
| CVE-2026-32816 |
Admidio has Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions |
19.03.2026 |
5.7 |
| CVE-2026-32818 |
Admidio is Missing Authorization on Forum Topic and Post Deletion |
19.03.2026 |
6.5 |
| CVE-2026-22732 |
Under Some Conditions Spring Security HTTP Headers Are not Written |
20.03.2026 |
9.1 |
| CVE-2026-29098 |
SuiteCRM has Relative Path Traversal via ModuleBuilder Modules ExportCustom Action |
19.03.2026 |
4.9 |
| CVE-2026-29099 |
SuiteCRM has Authenticated Blind SQL Injection in OutboundEmail Legacy Functionality. |
19.03.2026 |
8.8 |
| CVE-2026-29100 |
SuiteCRM has Reflected HTML Injection in Login Page via default_user_name Parameter |
19.03.2026 |
7.1 |
| CVE-2026-29101 |
SuiteCRM Vulnerable to Directory Traversal to DoS in Modules |
19.03.2026 |
4.9 |
| CVE-2026-29102 |
SuiteCRM has Authenticated RCE in Modules |
20.03.2026 |
7.2 |
| CVE-2026-29103 |
SuiteCRM Vulnerable to Remote Code Execution via Module Loader Package Scanner Bypass |
19.03.2026 |
9.1 |
| CVE-2026-32721 |
LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal |
19.03.2026 |
8.6 |
| CVE-2026-32755 |
Admidio is Missing CSRF Protection on Role Membership Date Changes |
19.03.2026 |
5.7 |
| CVE-2026-22731 |
Authentication Bypass under Actuator Health groups paths |
20.03.2026 |
8.2 |
| CVE-2026-29096 |
SuiteCRM vulnerable to Authenticated SQL Injection via unsanitized field_function in Report Fields |
19.03.2026 |
8.1 |
| CVE-2026-29097 |
SuiteCRM Server-Side Request Forgery and Denial of Service via RSS Feed Dashlet |
19.03.2026 |
|
| CVE-2026-30874 |
OpenWrt procd PATH Environment Variable Filter Bypass via Incorrect String Comparison Leads to Privilege Escalation |
19.03.2026 |
|
| CVE-2026-33395 |
Discourse has stored click‑based XSS via Graphviz SVG javascript: links |
19.03.2026 |
4.4 |
| CVE-2026-33408 |
Discourse has Improper Authorization in "Post Edits" Report For Moderators |
19.03.2026 |
2.2 |
| CVE-2026-3948 |
|
19.03.2026 |
|
| CVE-2026-32001 |
OpenClaw < 2026.2.22 - Node Role Device-Identity Bypass via WebSocket Authentication |
19.03.2026 |
|
| CVE-2026-32002 |
OpenClaw < 2026.2.23 - Sandbox Boundary Bypass via Image Tool workspaceOnly Bypass |
19.03.2026 |
|
| CVE-2026-32003 |
OpenClaw < 2026.2.22 - Remote Code Execution via SHELLOPTS/PS4 Environment Injection in system.run |
19.03.2026 |
|
| CVE-2026-32004 |
OpenClaw < 2026.3.2 - Authentication Bypass via Encoded Path in /api/channels Route |
19.03.2026 |
|
| CVE-2026-32005 |
OpenClaw < 2026.2.25 - Authorization Bypass in Interactive Callbacks via Sender Check Skip |
20.03.2026 |
|
| CVE-2026-32006 |
OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Fallback in Group Allowlist |
19.03.2026 |
|
| CVE-2026-32007 |
OpenClaw < 2026.2.23 - Sandbox Bypass in apply_patch Tool via Workspace-Only Check Bypass |
19.03.2026 |
|
| CVE-2026-32008 |
OpenClaw < 2026.2.21 - Arbitrary Local File Read via Browser Navigation Guard |
19.03.2026 |
|
| CVE-2026-32009 |
OpenClaw < 2026.2.24 - Binary Hijacking via Static Default Trusted Directories in safeBins |
19.03.2026 |
|
| CVE-2026-32010 |
OpenClaw < 2026.2.22 - Allowlist Bypass via sort --compress-program Parameter |
19.03.2026 |
|
| CVE-2026-32011 |
OpenClaw < 2026.3.2 - Slow-Request Denial of Service via Pre-Auth Webhook Body Parsing |
20.03.2026 |
|
| CVE-2026-32013 |
OpenClaw < 2026.2.25 - Symlink Traversal in agents.files Methods |
19.03.2026 |
|
| CVE-2026-32014 |
OpenClaw < 2026.2.26 - Node Reconnect Metadata Spoofing via Unsigned Platform Fields |
19.03.2026 |
|
| CVE-2026-32015 |
OpenClaw 2026.1.21 < 2026.2.19 - PATH Hijacking Bypass in tools.exec.safeBins Allowlist Validation |
19.03.2026 |
|
| CVE-2026-32016 |
OpenClaw < 2026.2.22 - Path Traversal via Basename-Only Allowlist Matching on macOS |
19.03.2026 |
|
| CVE-2026-32017 |
OpenClaw < 2026.2.19 - Arbitrary File Write via Short-Option Bypass in exec Allowlist |
19.03.2026 |
|
| CVE-2026-32018 |
OpenClaw < 2026.2.19 - Race Condition in Sandbox Registry Write Operations |
20.03.2026 |
|
| CVE-2026-32019 |
OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard |
19.03.2026 |
|
| CVE-2026-32020 |
OpenClaw < 2026.2.22 - Arbitrary File Read via Symlink Following in Static File Handler |
19.03.2026 |
|
| CVE-2026-32021 |
OpenClaw < 2026.2.22 - Authorization Bypass via Display Name Collision in Feishu allowFrom |
19.03.2026 |
|
| CVE-2026-32022 |
OpenClaw < 2026.2.21 - Arbitrary File Read via grep -e Flag Policy Bypass |
19.03.2026 |
|
| CVE-2026-32023 |
OpenClaw < 2026.2.24 - Approval Gating Bypass via Dispatch-Wrapper Depth-Cap Mismatch in system.run |
19.03.2026 |
|
| CVE-2026-32024 |
OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling |
20.03.2026 |
|
| CVE-2026-32025 |
OpenClaw < 2026.2.25 - Password Brute-Force via Browser-Origin WebSocket Authentication Bypass |
19.03.2026 |
|
| CVE-2026-32026 |
OpenClaw < 2026.2.24 - Arbitrary File Read via Improper Temporary Path Validation in Sandbox |
19.03.2026 |
|
| CVE-2026-32027 |
OpenClaw < 2026.2.26 - Improper Authorization via DM Pairing Store Identity Inheritance in Group Allowlist |
19.03.2026 |
|
| CVE-2026-32028 |
OpenClaw < 2026.2.25 - Missing Authorization Check in Discord DM Reaction Ingress |
19.03.2026 |
|
| CVE-2026-32029 |
OpenClaw < 2026.2.21 - Client IP Spoofing via X-Forwarded-For Header Parsing |
19.03.2026 |
|
| CVE-2026-32030 |
OpenClaw < 2026.2.19 - Sensitive File Disclosure via stageSandboxMedia Path Traversal |
20.03.2026 |
|
| CVE-2026-32031 |
OpenClaw < 2026.2.26 - Authentication Bypass via Path Canonicalization Mismatch in /api/channels Gateway |
19.03.2026 |
|
| CVE-2026-32032 |
OpenClaw < 2026.2.22 - Arbitrary Shell Execution via Unvalidated SHELL Environment Variable |
19.03.2026 |
|
| CVE-2026-32033 |
OpenClaw < 2026.2.24 - Path Traversal via @-prefixed Absolute Paths in Workspace Boundary Validation |
19.03.2026 |
|
| CVE-2026-32034 |
OpenClaw < 2026.2.21 - Insecure Control UI Authentication over Plaintext HTTP |
19.03.2026 |
|
| CVE-2026-32035 |
OpenClaw < 2026.3.2 - Missing Owner Flag Validation in Discord Voice Transcript Handler |
19.03.2026 |
|
| CVE-2026-32036 |
OpenClaw < 2026.2.26- Authentication Bypass via Encoded Dot-Segment Traversal in /api/channels |
20.03.2026 |
|
| CVE-2026-32037 |
OpenClaw < 2026.2.22 - Redirect Chain Bypass of Media Host Allowlist in MSTeams Attachment Handling |
19.03.2026 |
|
| CVE-2026-32038 |
OpenClaw - Sandbox Network Isolation Bypass via docker.network=container Parameter |
19.03.2026 |
|
| CVE-2026-32039 |
OpenClaw < 2026.2.22 - Sender Authorization Bypass via Identity Collision in toolsBySender |
19.03.2026 |
|
| CVE-2026-32040 |
OpenClaw < 2026.2.23 - HTML Injection via Unvalidated Image MIME Type in Data-URL Interpolation |
19.03.2026 |
|
| CVE-2026-32041 |
OpenClaw < 2026.3.1 - Unauthenticated Browser Control Access via Failed Auth Bootstrap |
19.03.2026 |
|
| CVE-2026-33393 |
Discourse fixes loose hostname matching in spam host allowlist |
19.03.2026 |
4.3 |
| CVE-2026-33394 |
Discourse leaks PM post edits to moderators |
19.03.2026 |
2.7 |
| CVE-2026-30872 |
OpenWrt Project has a Stack-based Buffer Overflow vulnerability via IPv6 reverse DNS lookup |
19.03.2026 |
|
| CVE-2026-30873 |
OpenWrt Project jsonpath: Memory leak when processing strings, labels, and regexp tokens |
19.03.2026 |
|
| CVE-2026-33355 |
Discourse filters whisper posts from private-posts feed |
19.03.2026 |
6.5 |
| CVE-2026-33410 |
Discourse hardens chat DM channel creation and expansion |
19.03.2026 |
5.4 |
| CVE-2026-27936 |
Discourse discloses restricted post-action counts to non-privileged users |
19.03.2026 |
|
| CVE-2026-28282 |
Discourse vulnerable to group membership addition permission bypass via discourse-policy plugin |
19.03.2026 |
|
| CVE-2026-29072 |
Discourse missing permission check for policy creation in discourse-policy |
19.03.2026 |
|
| CVE-2026-30871 |
OpenWrt Project has Stack-based Buffer Overflow in DNS PTR Query |
19.03.2026 |
|
| CVE-2026-32099 |
Discourse prevents hidden profile data leak via user onebox |
19.03.2026 |
4.3 |
| CVE-2026-4342 |
ingress-nginx comment-based nginx configuration injection |
19.03.2026 |
8.8 |
| CVE-2026-27935 |
Discourse leaks private topic metadata to non-authorized users |
19.03.2026 |
|
| CVE-2026-32753 |
FreeScout: Stored XSS through SVG file upload with filter bypass |
19.03.2026 |
|
| CVE-2026-32754 |
FreeScout: Stored XSS via Unescaped Email Template Rendering ({!! $thread->body !!}) |
19.03.2026 |
9.3 |
| CVE-2026-32815 |
SiYuan: Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure |
19.03.2026 |
|
| CVE-2026-27934 |
Discourse leaks private topic title and post excerpt via user action API endpoint |
19.03.2026 |
|
| CVE-2026-32194 |
Microsoft Bing Images Remote Code Execution Vulnerability |
19.03.2026 |
9.8 |
| CVE-2026-32750 |
SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes |
19.03.2026 |
6.8 |
| CVE-2026-32751 |
SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface |
19.03.2026 |
|
| CVE-2026-32752 |
FreeScout: Broken Access Control in ThreadPolicy — Any User Can Read/Edit All Customer Messages |
19.03.2026 |
0 |
| CVE-2026-4159 |
wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read |
19.03.2026 |
|
| CVE-2026-23658 |
Azure DevOps: msazure Elevation of Privilege Vulnerability |
19.03.2026 |
8.6 |
| CVE-2026-23659 |
Azure Data Factory Information Disclosure Vulnerability |
20.03.2026 |
8.6 |
| CVE-2026-24299 |
M365 Copilot Information Disclosure Vulnerability |
19.03.2026 |
5.3 |
| CVE-2026-26120 |
Microsoft Bing Tampering Vulnerability |
19.03.2026 |
6.5 |
| CVE-2026-26136 |
Microsoft Copilot Information Disclosure Vulnerability |
19.03.2026 |
6.5 |
| CVE-2026-26137 |
Microsoft 365 Copilot BizChat Elevation of Privilege Vulnerability |
20.03.2026 |
8.9 |
| CVE-2026-26138 |
Microsoft Purview Elevation of Privilege Vulnerability |
19.03.2026 |
8.6 |
| CVE-2026-26139 |
Microsoft Purview Elevation of Privilege Vulnerability |
19.03.2026 |
8.6 |
| CVE-2026-27740 |
Discourse has Stored XSS in AI Triage Automation |
19.03.2026 |
|
| CVE-2026-32169 |
Azure Cloud Shell Elevation of Privilege Vulnerability |
19.03.2026 |
10 |
| CVE-2026-32191 |
Microsoft Bing Images Remote Code Execution Vulnerability |
20.03.2026 |
9.8 |
| CVE-2026-32747 |
SiYuan: Incomplete sensitive path blocklist in globalCopyFiles allows reading /proc and Docker secrets |
19.03.2026 |
6.8 |
| CVE-2026-32749 |
SiYuan importSY/importZipMd: Path Traversal via multipart filename enables arbitrary file write |
19.03.2026 |
7.6 |
| CVE-2026-3229 |
Integer Overflow in Certificate Chain Allocation |
19.03.2026 |
|
| CVE-2026-3230 |
Improper key_share validation in TLS 1.3 HelloRetryRequest |
19.03.2026 |
|
| CVE-2026-27454 |
Discourse has check revision visibility on posts endpoint |
19.03.2026 |
5.3 |
| CVE-2026-27491 |
Discourse has a bypass of official warnings messages by non-staff users |
19.03.2026 |
|
| CVE-2026-27570 |
Discourse Vulnerable to Stored XSS via Shared AI Conversation Onebox |
19.03.2026 |
|
| CVE-2026-30924 |
qui CORS Misconfiguration: Arbitrary Origins Trusted |
19.03.2026 |
|
| CVE-2026-32622 |
SQLBot: Remote Code Execution via Terminology Poisoning |
19.03.2026 |
|
| CVE-2026-4395 |
Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path |
19.03.2026 |
|
| CVE-2026-4428 |
CRL Distribution Point Scope Check Logic Error in AWS-LC |
19.03.2026 |
7.4 |
| CVE-2026-27166 |
Discourse vulnerable to HTML injection via prohibited iframe URLs |
19.03.2026 |
4.1 |
| CVE-2026-27953 |
ormar has a Pydantic Validation Bypass via Kwargs Injection in Model Constructor |
19.03.2026 |
7.1 |
| CVE-2026-30836 |
Step CA: Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18) |
19.03.2026 |
10 |
| CVE-2026-33302 |
OpenEMR: zhAclCheck Ignores Explicit ACL Denies |
19.03.2026 |
|
| CVE-2026-33303 |
OpenEMR Vulnerable to Stored XSS via Unescaped portal_login_username in Credential Print View |
19.03.2026 |
5.4 |
| CVE-2026-33304 |
OpenEMR has Authorization Bypass in Dated Reminders Log |
19.03.2026 |
6.5 |
| CVE-2026-33305 |
OpenEMR has Authorization Bypass in FaxSMS AppDispatch Constructor |
19.03.2026 |
5.4 |
| CVE-2026-33346 |
OpenEMR has stored XSS in portal_payment.php via Unescaped table_args |
19.03.2026 |
8.7 |
| CVE-2026-3849 |
Buffer Overflow in HPKE via Oversized ECH Config |
19.03.2026 |
|
| CVE-2026-33299 |
OpenEMR has Stored XSS in patient encounter Eye Exam form answers |
19.03.2026 |
|
| CVE-2026-33301 |
OpenEMR has arbitrary image file read via PDF generator |
19.03.2026 |
|
| CVE-2026-33321 |
OpenEMR has Out-of-Band Server-Side Request Forgery (OOB SSRF) |
19.03.2026 |
|
| CVE-2026-3547 |
wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation |
19.03.2026 |
7.5 |
| CVE-2026-3549 |
ECH parsing heap buffer overflow |
19.03.2026 |
|
| CVE-2026-32119 |
OpenEMR has Stored DOM XSS via SearchHighlight text-node reconstruction on Custom Report page |
19.03.2026 |
4.4 |
| CVE-2026-3580 |
Compiler-induced timing leak in sp_256_get_entry_256_9 on RISC-V |
19.03.2026 |
|
| CVE-2026-25744 |
OpenEMR: POST /api/.../vital Accepts Attacker-Supplied id and Overwrites Arbitrary Vitals |
19.03.2026 |
6.5 |
| CVE-2026-25928 |
OpenEMR Vulnerable to Path Traversal When Zipping DICOM Folders |
19.03.2026 |
6.5 |
| CVE-2026-32238 |
OpenEMR has Remote Code Execution in backup functionality |
19.03.2026 |
9.1 |
| CVE-2026-3579 |
Non-constant time multiplication subroutine __muldi3 on RISC-V RV32I |
19.03.2026 |
|