CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2026-22172 OpenClaw < 2026.3.12 - Scope Elevation in WebSocket Shared-Auth Connections 20.03.2026 9.4
CVE-2026-33134 WeGIA has Authenticated Time-Based Blind SQL Injection in `restaurar_produto.php` via `id_produto` parameter 20.03.2026 9.3
CVE-2026-33135 WeGIA has Reflected Cross-Site Scripting (XSS) in `novo_memorandoo.php` via `sccs` parameter 20.03.2026 9.3
CVE-2026-33136 WeGIA has Reflected Cross-Site Scripting (XSS) in `listar_memorandos_ativos.php` via `sccd` parameter 20.03.2026 9.3
CVE-2026-33075 FastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.yml 20.03.2026 9.4
CVE-2026-33057 Mesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-py 20.03.2026 9.8
CVE-2026-33054 Mesop: Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion 20.03.2026 10
CVE-2026-4478 Yi Technology YI Home Camera HTTP Firmware Update ipc signature verification 20.03.2026 9.2
CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint 20.03.2026 9.3
CVE-2026-33024 AVideo-Encoder has Unauthenticated Blind Server-Side Request Forgery via Public Thumbnail Generator 20.03.2026 9.3
CVE-2026-32938 SiYuan has an Arbitrary File Read in its Desktop Publish Service 20.03.2026 9.9
CVE-2026-32940 SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183) 20.03.2026 9.3
CVE-2026-4038 Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call 20.03.2026 9.8
CVE-2026-21992 20.03.2026 9.8
CVE-2026-32890 Anchorr: Stored XSS in User Mapping dropdown allows unprivileged Discord users to exfiltrate all secrets via /api/config 20.03.2026 9.7
CVE-2026-32891 Anchorr Privilege Escalation: Jellyseerr User → Anchorr Admin via Stored XSS 20.03.2026 9.1
CVE-2026-32817 Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion 20.03.2026 9.1
CVE-2026-32767 SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API 20.03.2026 9.8
CVE-2026-32985 Xerte Online Toolkits <= 3.14 Unauthenticated Template Import Arbitrary File Upload Leading to Remote Code Execution 20.03.2026 9.3
CVE-2026-32760 File Browser Self Registration Grants Any User Admin Access When Default Permissions Include Admin 19.03.2026 10
CVE-2026-22732 Under Some Conditions Spring Security HTTP Headers Are not Written 20.03.2026 9.1
CVE-2026-29103 SuiteCRM Vulnerable to Remote Code Execution via Module Loader Package Scanner Bypass 19.03.2026 9.1
CVE-2026-32038 OpenClaw - Sandbox Network Isolation Bypass via docker.network=container Parameter 19.03.2026 9.3
CVE-2026-30872 OpenWrt Project has a Stack-based Buffer Overflow vulnerability via IPv6 reverse DNS lookup 19.03.2026 9.5
CVE-2026-30871 OpenWrt Project has Stack-based Buffer Overflow in DNS PTR Query 19.03.2026 9.5
CVE-2026-32754 FreeScout: Stored XSS via Unescaped Email Template Rendering ({!! $thread->body !!}) 19.03.2026 9.3
CVE-2026-32194 Microsoft Bing Images Remote Code Execution Vulnerability 19.03.2026 9.8
CVE-2026-32169 Azure Cloud Shell Elevation of Privilege Vulnerability 19.03.2026 10
CVE-2026-32191 Microsoft Bing Images Remote Code Execution Vulnerability 20.03.2026 9.8
CVE-2026-30924 qui CORS Misconfiguration: Arbitrary Origins Trusted 19.03.2026 9
CVE-2026-4428 CRL Distribution Point Scope Check Logic Error in AWS-LC 19.03.2026 9.1
CVE-2026-30836 Step CA: Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18) 19.03.2026 10
CVE-2026-32238 OpenEMR has Remote Code Execution in backup functionality 19.03.2026 9.1
CVE-2026-32865 OPEXUS eComplaint and eCase insecure password reset 19.03.2026 9.2
CVE-2026-22557 19.03.2026 10
CVE-2026-27065 WordPress BuilderPress plugin <= 2.0.1 - Local File Inclusion vulnerability 19.03.2026 9.8
CVE-2026-27067 WordPress Mobile App Editor plugin <= 1.3.1 - Arbitrary File Upload vulnerability 19.03.2026 9.1
CVE-2025-60233 WordPress Zuut theme <= 1.4.2 - PHP Object Injection vulnerability 19.03.2026 9.8
CVE-2025-60237 WordPress Finag theme <= 1.5.0 - PHP Object Injection vulnerability 19.03.2026 9.8
CVE-2026-27413 WordPress Profile Builder Pro plugin <= 3.13.9 - SQL Injection vulnerability 19.03.2026 9.3
CVE-2026-27540 WordPress Woocommerce Wholesale Lead Capture plugin <= 2.0.3.1 - Arbitrary File Upload vulnerability 19.03.2026 9
CVE-2026-27542 WordPress Woocommerce Wholesale Lead Capture plugin <= 2.0.3.1 - Privilege Escalation vulnerability 19.03.2026 9.8
CVE-2026-32731 ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction 19.03.2026 10
CVE-2026-32698 OpenProject has a SQL Injection via Custom Field Name that can be chained to Remote Code Execution 19.03.2026 9.1
CVE-2026-32703 OpenProject's repository files are served with the MIME type allowing them to be used to bypass Content Security Policy 19.03.2026 9.1
CVE-2026-25873 OmniGen2-RL Reward Server Unsafe Deserialization RCE 19.03.2026 9.3
CVE-2026-32633 Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist` 18.03.2026 9.1
CVE-2026-2991 KiviCare – Clinic & Patient Management System (EHR) <= 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token 18.03.2026 9.8
CVE-2026-25449 WordPress Traveler theme < 3.2.8.1 - PHP Object Injection vulnerability 18.03.2026 9.8
CVE-2026-30884 mdjnelson/moodle-mod_customcert Vulnerable to Authorization Bypass Through User-Controlled Key 18.03.2026 9.6
CVE-2026-31938 jsPDF has HTML Injection in New Window paths 18.03.2026 9.6
CVE-2026-21994 18.03.2026 9.8
CVE-2026-32841 Edimax GS-5008PL <= 1.00.54 Global Authentication State Across All Clients 18.03.2026 9.2
CVE-2026-25769 Wazuh Cluster vulnerable to Remote Code Execution via Insecure Deserialization 18.03.2026 9.1
CVE-2026-25770 Wazuh has Privilege Escalation to Root via Cluster Protocol File Write 18.03.2026 9.1
CVE-2026-25534 Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames 17.03.2026 9.1
CVE-2026-32292 GL-iNet Comet (GL-RM1) KVM insufficient login rate-limiting 17.03.2026 9.3
CVE-2026-32295 JetKVM insufficient login rate limiting 17.03.2026 9.3
CVE-2026-32297 Angeet ES3 KVM unauthenticated arbitrary file write 17.03.2026 9.3
CVE-2026-3564 ScreenConnect Instance Level Cryptographic Material Exposure 18.03.2026 9
CVE-2026-4312 DrangSoft|GCB/FCB Audit Software - Missing Authentication 17.03.2026 9.3
CVE-2026-28430 Chamilo LMS Vulnerable to Unauthenticated SQL Injection in chamiko-lms model.ajax.php 17.03.2026 9.3
CVE-2026-27962 Authlib JWS JWK Header Injection: Signature Verification Bypass 18.03.2026 9.1
CVE-2026-4254 Tenda AC8 HTTP Endpoint SysToolChangePwd doSystemCmd stack-based overflow 16.03.2026 9.3
CVE-2026-23489 Fields GLPI plugin vulnerable to RCE in dropdown generation 16.03.2026 9.1
CVE-2026-4252 Tenda AC8 IPv6 check_is_ipv6 ip address for authentication 16.03.2026 9.3
CVE-2025-62319 Boolean-Based SQL Injection in Multiple Unica Components 17.03.2026 9.8
CVE-2017-20223 Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference 16.03.2026 9.3
CVE-2017-20224 Telesquare SKT LTE Router SDT-CS3B1 WebDAV Arbitrary File Upload 16.03.2026 9.3
CVE-2026-4184 D-Link DIR-816 goahead form2Wl5BasicSetup.cgi stack-based overflow 16.03.2026 9.3
CVE-2026-4183 D-Link DIR-816 goahead form2WlanBasicSetup.cgi stack-based overflow 16.03.2026 9.3
CVE-2026-4181 D-Link DIR-816 goahead form2RepeaterStep2.cgi stack-based overflow 16.03.2026 9.3
CVE-2026-4182 D-Link DIR-816 goahead form2Wl5RepeaterStep2.cgi stack-based overflow 16.03.2026 9.3
CVE-2016-20024 ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation 16.03.2026 9.3
CVE-2016-20026 ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote Code Execution 16.03.2026 9.3
CVE-2016-20030 ZKTeco ZKBioSecurity 3.0 User Enumeration via authLoginAction 16.03.2026 9.3
CVE-2026-4170 Topsec TopACM HTTP Request nmc_sync.php os command injection 16.03.2026 9.3
CVE-2026-4164 Wavlink WL-WN578W2 POST Request wireless.cgi GuestWifi command injection 17.03.2026 9.3
CVE-2026-4163 Wavlink WL-WN579A3 POST Request wireless.cgi GuestWifi command injection 17.03.2026 9.3
CVE-2025-15060 claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability 16.03.2026 9.8
CVE-2026-32621 Apollo Federation has prototype pollution via incomplete key sanitization 16.03.2026 9.9
CVE-2026-32626 AnythingLLM has a Streaming Phase XSS to RCE via LLM Response Injection 16.03.2026 9.7
CVE-2026-31886 Dagu has a Path Traversal via `dagRunId` in Inline DAG Execution 13.03.2026 9.1

Latest Updates

CVE Title Updated Score
CVE-2025-46597 20.03.2026
CVE-2025-67260 20.03.2026
CVE-2026-32986 Textpattern CMS 4.9.0: Second-Order XSS via Atom Feed Injection 20.03.2026
CVE-2026-4488 UTT HiPER 1250GW setSysAdm strcpy buffer overflow 20.03.2026
CVE-2025-46598 20.03.2026
CVE-2026-4519 webbrowser.open() allows leading dashes in URLs 20.03.2026
CVE-2026-22172 OpenClaw < 2026.3.12 - Scope Elevation in WebSocket Shared-Auth Connections 20.03.2026
CVE-2026-29794 Vikunja has Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers 20.03.2026 5.3
CVE-2026-33312 Read-only Vikunja users can delete project background images via broken object-level authorization 20.03.2026
CVE-2026-4487 UTT HiPER 1200GW websHostFilter strcpy buffer overflow 20.03.2026
CVE-2026-33368 20.03.2026
CVE-2026-33369 20.03.2026
CVE-2026-33370 20.03.2026
CVE-2026-33371 20.03.2026
CVE-2026-33372 20.03.2026
CVE-2026-4486 D-Link DIR-513 Web Service formEasySetPassword stack-based overflow 20.03.2026
CVE-2024-44722 20.03.2026
CVE-2026-4485 itsourcecode College Management System search_student.php sql injection 20.03.2026
CVE-2026-31381 Gainsight Assist plugin information disclosure 20.03.2026 5.3
CVE-2026-31382 Gainsight Assist reflected XSS/HTML injection 20.03.2026 6.1
CVE-2026-4434 20.03.2026
CVE-2026-33133 WeGIA has an arbitrary SQL execution vulnerability via crafted backup archive 20.03.2026
CVE-2026-33134 WeGIA has Authenticated Time-Based Blind SQL Injection in `restaurar_produto.php` via `id_produto` parameter 20.03.2026 9.3
CVE-2026-33135 WeGIA has Reflected Cross-Site Scripting (XSS) in `novo_memorandoo.php` via `sccs` parameter 20.03.2026 9.3
CVE-2026-33136 WeGIA has Reflected Cross-Site Scripting (XSS) in `listar_memorandos_ativos.php` via `sccd` parameter 20.03.2026 9.3
CVE-2026-33131 h3 has a middleware bypass with one gadget 20.03.2026 7.4
CVE-2026-33132 ZITADEL is missing enforcement of organization scopes 20.03.2026 5.3
CVE-2026-25792 Greenshot Vulnerable to OS Command Injection via ExternalCommand Plugin 20.03.2026 6.5
CVE-2026-32305 Traefik mTLS bypass via fragmented ClientHello SNI extraction failure 20.03.2026
CVE-2026-32595 Traefik: BasicAuth Middleware Timing Attack Allows Username Enumeration 20.03.2026
CVE-2026-33129 h3 has an observable timing discrepancy in basic auth utils 20.03.2026 5.9
CVE-2026-33130 Uptime Kuma: SSTI in Notification Templates Allows Arbitrary File Read (Incomplete Fix for GHSA-vffh-c9pq-4crh) 20.03.2026 6.5
CVE-2026-0677 WordPress TotalContest Lite plugin <= 2.9.1 - PHP Object Injection vulnerability 20.03.2026 7.2
CVE-2026-22324 WordPress Melania theme <= 2.5.0 - Local File Inclusion vulnerability 20.03.2026 8.1
CVE-2026-33125 Frigate Broken Access Control: Users assigned the viewer role can delete admin and other low-privileged accounts 20.03.2026 7.1
CVE-2026-33128 h3 has a Server-Sent Events Injection via Unsanitized Newlines in Event Stream Fields 20.03.2026 7.5
CVE-2024-31119 WordPress Download Special Box for Content plugin <= 1 - Cross Site Scripting (XSS) vulnerability 20.03.2026 5.9
CVE-2024-32537 WordPress Flash Video Player plugin <= 5.0.4 - CSRF to XSS vulnerability 20.03.2026 7.1
CVE-2026-33081 PinchTab has Blind SSRF via browser-side redirect bypass in /download URL validation 20.03.2026 5.8
CVE-2026-33123 pypdf has inefficient decoding of array-based streams 20.03.2026
CVE-2026-33124 Frigate has insecure password change functionality 20.03.2026
CVE-2026-27625 Stirling-PDF Zip Slip: Arbitrary File Write via Path Traversal in Markdown-to-PDF ZIP Extraction 20.03.2026 8.1
CVE-2026-32701 Qwik has array method pollution in FormData processing, allowing type confusion and DoS 20.03.2026 7.5
CVE-2026-33080 Filament: Unvalidated Range and Values summarizer values can be used for XSS 20.03.2026 7.3
CVE-2026-2421 ilGhera Carta Docente for WooCommerce <= 1.5.0 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'cert' Parameter 20.03.2026 6.5
CVE-2026-2432 CM Custom Reports <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Labels 20.03.2026 4.4
CVE-2026-33070 FileRise has Unauthenticated Share Link Deletion 20.03.2026 3.7
CVE-2026-33071 FileRise: WebDAV upload path bypasses filename validation enforced by regular uploads 20.03.2026 4.3
CVE-2026-33072 FileRise: Default Encryption Key Enables Token Forgery and Config Decryption 20.03.2026 8.2
CVE-2026-33075 FastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.yml 20.03.2026
CVE-2026-3550 RockPress <= 1.0.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via AJAX Actions 20.03.2026 5.3
CVE-2026-23271 perf: Fix __perf_event_overflow() vs perf_remove_from_context() race 20.03.2026
CVE-2026-23272 netfilter: nf_tables: unconditionally bump set->nelems before insertion 20.03.2026
CVE-2026-23273 macvlan: observe an RCU grace period in macvlan_common_newlink() error path 20.03.2026
CVE-2026-23274 netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels 20.03.2026
CVE-2026-23275 io_uring: ensure ctx->rings is stable for task work flags manipulation 20.03.2026
CVE-2026-23276 net: add xmit recursion limit to tunnel xmit functions 20.03.2026
CVE-2026-23277 net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit 20.03.2026
CVE-2026-23278 netfilter: nf_tables: always walk all pending catchall elements 20.03.2026
CVE-2026-33066 SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering 20.03.2026
CVE-2026-33067 SiYuan has Stored XSS to RCE via Unsanitized Bazaar Package Metadata 20.03.2026
CVE-2026-33068 Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File 20.03.2026
CVE-2026-33069 PJSIP has an Out-of-bounds Read in SIP multipart parsing 20.03.2026
CVE-2026-33192 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques 20.03.2026
CVE-2026-33064 free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference 20.03.2026
CVE-2026-33065 free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request 20.03.2026
CVE-2026-33191 free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error 20.03.2026
CVE-2026-33022 Tekton Pipelines: Controller can panic when setting long resolver names in TaskRun/PipelineRun 20.03.2026 6.5
CVE-2026-33061 exactyl has Stored DOM Cross-Site Scripting (XSS) via unescaped JSON in Blade template 20.03.2026 5.8
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks 20.03.2026
CVE-2026-33057 Mesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-py 20.03.2026 9.8
CVE-2026-33060 CKAN MCP Server: SSRF via base_url allows access to internal networks 20.03.2026 5.3
CVE-2026-33053 Langflow has Missing Ownership Verification in API Key Deletion (IDOR) 20.03.2026
CVE-2026-33054 Mesop: Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion 20.03.2026 10
CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero 20.03.2026
CVE-2026-4477 Yi Technology YI Home Camera WPA/WPS hard-coded key 20.03.2026
CVE-2026-4478 Yi Technology YI Home Camera HTTP Firmware Update ipc signature verification 20.03.2026
CVE-2026-4476 Yi Technology YI Home Camera CGI Endpoint ipc missing authentication 20.03.2026
CVE-2026-4474 itsourcecode University Management System admin_single_student_update.php cross site scripting 20.03.2026
CVE-2026-4475 Yi Technology YI Home Camera ipc hard-coded credentials 20.03.2026
CVE-2026-33039 AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy 20.03.2026 8.6
CVE-2026-33040 libp2p-rust: Gossipsub PRUNE.backoff Duration Overflow 20.03.2026
CVE-2026-33041 AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php 20.03.2026 5.3
CVE-2026-33043 AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS 20.03.2026 8.1
CVE-2026-33051 Craft CMS Vulnerable to Stored XSS in Revision Context Menu 20.03.2026
CVE-2026-32768 Chall-Manager's invalid NetworkPolicy enables a malicious actor to pivot into another namespace 20.03.2026
CVE-2026-33036 fast-xml-parser affected by numeric entity expansion bypassing all entity expansion limits (incomplete fix for CVE-2026-26278) 20.03.2026 7.5
CVE-2026-33037 WWBN AVideo has predictable default admin credentials in official Docker deployment path 20.03.2026 8.1
CVE-2026-33038 AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments 20.03.2026 8.1
CVE-2026-4473 itsourcecode Online Doctor Appointment System appointment_action.php sql injection 20.03.2026
CVE-2026-33012 Micronaut Framework vulnerable to a Denial of Service in HTML error response caching 20.03.2026 7.5
CVE-2026-33013 Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices 20.03.2026
CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint 20.03.2026
CVE-2026-33024 AVideo-Encoder has Unauthenticated Blind Server-Side Request Forgery via Public Thumbnail Generator 20.03.2026
CVE-2026-33025 AVideo-Encoder is Vulnerable to Authenticated SQL Injection via ORDER BY Clause 20.03.2026
CVE-2026-33035 Unauthenticated Reflected XSS via innerHTML in AVideo 20.03.2026
CVE-2026-4471 itsourcecode Online Frozen Foods Ordering System admin_edit_employee.php sql injection 20.03.2026
CVE-2026-4472 itsourcecode Online Frozen Foods Ordering System admin_edit_supplier.php sql injection 20.03.2026
CVE-2026-32947 Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier) 20.03.2026
CVE-2026-32949 SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL 20.03.2026
CVE-2026-32950 SQLBot: RCE via SQL Injection in Excel Upload Endpoint 20.03.2026
CVE-2026-32953 Tillitis: TKey Client has an Error in Protocol Implementation 20.03.2026
CVE-2026-32954 ERP has a possibility SQL Injection vulnerability due to missing validation 20.03.2026 7.1
CVE-2026-33011 Nest Fastify HEAD Request Middleware Bypass 20.03.2026
CVE-2026-4469 itsourcecode Online Frozen Foods Ordering System admin_edit_menu_action.php sql injection 20.03.2026
CVE-2026-4470 itsourcecode Online Frozen Foods Ordering System admin_edit_menu.php sql injection 20.03.2026
CVE-2026-32114 Discourse's unscoped status lookups leak restricted metadata 20.03.2026
CVE-2026-32938 SiYuan has an Arbitrary File Read in its Desktop Publish Service 20.03.2026 9.9
CVE-2026-32939 DataEase is Vulnerable to H2 JDBC RCE Bypass 20.03.2026
CVE-2026-32940 SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183) 20.03.2026 9.3
CVE-2026-32941 Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports 20.03.2026
CVE-2026-32942 PJSIP has ICE session use-after-free race conditions 20.03.2026
CVE-2026-32945 PJSIP is vulnerable to Heap-based Buffer Overflow through DNS parser 20.03.2026
CVE-2026-32946 Egress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier) 20.03.2026
CVE-2026-4038 Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call 20.03.2026 9.8
CVE-2026-4136 Membership Plugin – Restrict Content <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect 20.03.2026 4.3
CVE-2026-4468 Comfast CF-AC100 mbox-config command injection 20.03.2026
CVE-2026-21992 20.03.2026 9.8
CVE-2026-30888 Discourse has moderator privilege escalation via arbitrary post_id in suspend/silence endpoint 20.03.2026 2.2
CVE-2026-30889 Discourse has Unauthorized Post Data Exposure in discourse-user-notes 20.03.2026
CVE-2026-30891 Discourse hasUnauthorized Exposure of Private User Action Types 20.03.2026
CVE-2026-31805 Discourse has a poll authorization bypass via post_id array parameter 20.03.2026 5.3
CVE-2026-31869 Discourse: Composer mentions endpoint leaks hidden group membership through PM `allowed_names` check 20.03.2026
CVE-2026-32888 Open Source Point of Sale is Vulnerable to SQL Injection Through its Item Search Functionality 20.03.2026 8.8
CVE-2026-32889 tinytag: Denial of Service via non-terminating SYLT frame parsing loop 20.03.2026 6.5
CVE-2026-32890 Anchorr: Stored XSS in User Mapping dropdown allows unprivileged Discord users to exfiltrate all secrets via /api/config 20.03.2026 9.7
CVE-2026-32891 Anchorr Privilege Escalation: Jellyseerr User → Anchorr Admin via Stored XSS 20.03.2026 9.1
CVE-2026-32933 AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion 20.03.2026 7.5
CVE-2026-32935 phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack 20.03.2026
CVE-2026-32937 free5GC CHF has Out-of-Bounds Slice Access that Leads to DoS 20.03.2026
CVE-2026-33062 free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter 20.03.2026
CVE-2026-33063 free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion 20.03.2026
CVE-2026-4467 Comfast CF-AC100 mbox-config command injection 20.03.2026
CVE-2026-32711 pydicom: Path traversal in FileSet/DICOMDIR ReferencedFileID allows file access outside the File-set root 20.03.2026 7.8
CVE-2026-32808 pyLoad: Arbitrary File Deletion via Path Traversal during Encrypted 7z Password Verification 20.03.2026 8.1
CVE-2026-32811 Heimdall: Path received via Envoy gRPC corrupted when containing query string 20.03.2026 8.2
CVE-2026-32812 Admidio Vulnerable to SSRF and Local File Read via Unrestricted URL Fetch in SSO Metadata Endpoint 20.03.2026 6.8
CVE-2026-32813 Admidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter) 20.03.2026 8
CVE-2026-32817 Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion 20.03.2026 9.1
CVE-2026-32874 UltraJSON has a Memory Leak parsing large integers allows DoS 20.03.2026 7.5
CVE-2026-32875 UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop 20.03.2026 7.5
CVE-2026-4439 20.03.2026
CVE-2026-4440 20.03.2026
CVE-2026-4441 20.03.2026
CVE-2026-4442 20.03.2026
CVE-2026-4443 20.03.2026
CVE-2026-4444 20.03.2026
CVE-2026-4445 20.03.2026
CVE-2026-4446 20.03.2026
CVE-2026-4447 20.03.2026
CVE-2026-4448 20.03.2026
CVE-2026-4449 20.03.2026
CVE-2026-4450 20.03.2026
CVE-2026-4451 20.03.2026
CVE-2026-4452 20.03.2026
CVE-2026-4453 20.03.2026
CVE-2026-4454 20.03.2026
CVE-2026-4455 20.03.2026
CVE-2026-4456 20.03.2026
CVE-2026-4457 20.03.2026
CVE-2026-4458 20.03.2026
CVE-2026-4459 20.03.2026
CVE-2026-4460 20.03.2026
CVE-2026-4461 20.03.2026
CVE-2026-4462 20.03.2026
CVE-2026-4463 20.03.2026
CVE-2026-4464 20.03.2026
CVE-2026-4465 D-Link DIR-513 formSysCmd os command injection 20.03.2026
CVE-2026-4466 Comfast CF-AC100 mbox-config command injection 20.03.2026
CVE-2026-32873 ewe: Loop with Unreachable Exit Condition ('Infinite Loop') 20.03.2026 7.5
CVE-2026-32880 ChurchCRM is vulnerable to Stored XSS through JSON handling in SystemSettings.php 20.03.2026 6.4
CVE-2026-32881 ewe has an Overly Permissive List of Allowed Inputs 20.03.2026 5.3
CVE-2026-32767 SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API 20.03.2026 9.8
CVE-2026-32769 Fullchain's Invalid NetworkPolicy enables a malicious actor to pivot into another namespace 20.03.2026
CVE-2026-32771 Monitoring is vulnerable to Archive Slip due to missing checks in sanitization 20.03.2026
CVE-2026-32828 Kargo: SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration 20.03.2026
CVE-2026-32829 lz4_flex: Decompression can leak information from uninitialized memory or reused output buffer 20.03.2026
CVE-2026-32766 astral-tokio-tar insufficiently validates PAX extensions during extraction 20.03.2026
CVE-2026-32985 Xerte Online Toolkits <= 3.14 Unauthenticated Template Import Arbitrary File Upload Leading to Remote Code Execution 20.03.2026
CVE-2026-22737 Spring Framework Improper Path Limitation with Script View Templates 20.03.2026 5.9
CVE-2026-32761 File Browser has an Authorization Policy Bypass in its Public Share Download Flow 19.03.2026 6.5
CVE-2026-32764 19.03.2026
CVE-2026-32765 19.03.2026
CVE-2026-22735 Server Sent Event stream corruption 20.03.2026 2.6
CVE-2026-32759 File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely 19.03.2026
CVE-2026-32760 File Browser Self Registration Grants Any User Admin Access When Default Permissions Include Admin 19.03.2026
CVE-2026-22733 Authentication Bypass under Actuator CloudFoundry endpoints 20.03.2026 8.2
CVE-2026-32758 File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter 19.03.2026 6.5
CVE-2026-29108 Authenticated SuiteCRM Users Can Retrieve The Password Hash of Any User 19.03.2026 6.5
CVE-2026-29109 SuiteCRM Authenticated Remote Code Execution via Unsafe Deserialization in SavedSearch Filter Processing 19.03.2026
CVE-2026-29189 SuiteCRM has a REST API V8 IDOR: Missing ACL Checks on User Preferences and Relationship Endpoints 20.03.2026 8.1
CVE-2026-32697 SuiteCRM: RecordHandler::getRecord() missing ACLAccess('view') check allows any authenticated user to read any record (IDOR) 19.03.2026 6.5
CVE-2026-32756 Admidio: Unrestricted File Upload via CSRF Token Validation Bypass in Documents & Files Module 19.03.2026 8.8
CVE-2026-32757 Admidio: HTMLPurifier Bypass in eCard Message Allows HTML Email Injection 19.03.2026 5.4
CVE-2026-32763 SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`. 19.03.2026 8.2
CVE-2026-33288 SuiteCRM has Authenticated SQL Injection in Authentication Module 19.03.2026 8.8
CVE-2026-33289 SuiterCRM has LDAP Filter Injection in Authentication Module 20.03.2026 8.8
CVE-2026-29104 SuiteCRM Vulnerable to Authenticated Arbitrary File Upload via Configurator addfontresult View in SuiteCRM 19.03.2026 2.7
CVE-2026-29105 SuiteCRM has Unauthenticated Open Redirect in Leads WebToLead Capture 19.03.2026 5.4
CVE-2026-29106 SuiteCRM has blind XSS in return_id parameter 20.03.2026 5.9
CVE-2026-29107 SuiteCRM vulnerable to authenticated SSRF via PDF export 19.03.2026 5
CVE-2026-32816 Admidio has Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions 19.03.2026 5.7
CVE-2026-32818 Admidio is Missing Authorization on Forum Topic and Post Deletion 19.03.2026 6.5
CVE-2026-22732 Under Some Conditions Spring Security HTTP Headers Are not Written 20.03.2026 9.1
CVE-2026-29098 SuiteCRM has Relative Path Traversal via ModuleBuilder Modules ExportCustom Action 19.03.2026 4.9
CVE-2026-29099 SuiteCRM has Authenticated Blind SQL Injection in OutboundEmail Legacy Functionality. 19.03.2026 8.8
CVE-2026-29100 SuiteCRM has Reflected HTML Injection in Login Page via default_user_name Parameter 19.03.2026 7.1
CVE-2026-29101 SuiteCRM Vulnerable to Directory Traversal to DoS in Modules 19.03.2026 4.9
CVE-2026-29102 SuiteCRM has Authenticated RCE in Modules 20.03.2026 7.2
CVE-2026-29103 SuiteCRM Vulnerable to Remote Code Execution via Module Loader Package Scanner Bypass 19.03.2026 9.1
CVE-2026-32721 LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal 19.03.2026 8.6
CVE-2026-32755 Admidio is Missing CSRF Protection on Role Membership Date Changes 19.03.2026 5.7
CVE-2026-22731 Authentication Bypass under Actuator Health groups paths 20.03.2026 8.2
CVE-2026-29096 SuiteCRM vulnerable to Authenticated SQL Injection via unsanitized field_function in Report Fields 19.03.2026 8.1
CVE-2026-29097 SuiteCRM Server-Side Request Forgery and Denial of Service via RSS Feed Dashlet 19.03.2026
CVE-2026-30874 OpenWrt procd PATH Environment Variable Filter Bypass via Incorrect String Comparison Leads to Privilege Escalation 19.03.2026
CVE-2026-33395 Discourse has stored click‑based XSS via Graphviz SVG javascript: links 19.03.2026 4.4
CVE-2026-33408 Discourse has Improper Authorization in "Post Edits" Report For Moderators 19.03.2026 2.2
CVE-2026-3948 19.03.2026
CVE-2026-32001 OpenClaw < 2026.2.22 - Node Role Device-Identity Bypass via WebSocket Authentication 19.03.2026
CVE-2026-32002 OpenClaw < 2026.2.23 - Sandbox Boundary Bypass via Image Tool workspaceOnly Bypass 19.03.2026
CVE-2026-32003 OpenClaw < 2026.2.22 - Remote Code Execution via SHELLOPTS/PS4 Environment Injection in system.run 19.03.2026
CVE-2026-32004 OpenClaw < 2026.3.2 - Authentication Bypass via Encoded Path in /api/channels Route 19.03.2026
CVE-2026-32005 OpenClaw < 2026.2.25 - Authorization Bypass in Interactive Callbacks via Sender Check Skip 20.03.2026
CVE-2026-32006 OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Fallback in Group Allowlist 19.03.2026
CVE-2026-32007 OpenClaw < 2026.2.23 - Sandbox Bypass in apply_patch Tool via Workspace-Only Check Bypass 19.03.2026
CVE-2026-32008 OpenClaw < 2026.2.21 - Arbitrary Local File Read via Browser Navigation Guard 19.03.2026
CVE-2026-32009 OpenClaw < 2026.2.24 - Binary Hijacking via Static Default Trusted Directories in safeBins 19.03.2026
CVE-2026-32010 OpenClaw < 2026.2.22 - Allowlist Bypass via sort --compress-program Parameter 19.03.2026
CVE-2026-32011 OpenClaw < 2026.3.2 - Slow-Request Denial of Service via Pre-Auth Webhook Body Parsing 20.03.2026
CVE-2026-32013 OpenClaw < 2026.2.25 - Symlink Traversal in agents.files Methods 19.03.2026
CVE-2026-32014 OpenClaw < 2026.2.26 - Node Reconnect Metadata Spoofing via Unsigned Platform Fields 19.03.2026
CVE-2026-32015 OpenClaw 2026.1.21 < 2026.2.19 - PATH Hijacking Bypass in tools.exec.safeBins Allowlist Validation 19.03.2026
CVE-2026-32016 OpenClaw < 2026.2.22 - Path Traversal via Basename-Only Allowlist Matching on macOS 19.03.2026
CVE-2026-32017 OpenClaw < 2026.2.19 - Arbitrary File Write via Short-Option Bypass in exec Allowlist 19.03.2026
CVE-2026-32018 OpenClaw < 2026.2.19 - Race Condition in Sandbox Registry Write Operations 20.03.2026
CVE-2026-32019 OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard 19.03.2026
CVE-2026-32020 OpenClaw < 2026.2.22 - Arbitrary File Read via Symlink Following in Static File Handler 19.03.2026
CVE-2026-32021 OpenClaw < 2026.2.22 - Authorization Bypass via Display Name Collision in Feishu allowFrom 19.03.2026
CVE-2026-32022 OpenClaw < 2026.2.21 - Arbitrary File Read via grep -e Flag Policy Bypass 19.03.2026
CVE-2026-32023 OpenClaw < 2026.2.24 - Approval Gating Bypass via Dispatch-Wrapper Depth-Cap Mismatch in system.run 19.03.2026
CVE-2026-32024 OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling 20.03.2026
CVE-2026-32025 OpenClaw < 2026.2.25 - Password Brute-Force via Browser-Origin WebSocket Authentication Bypass 19.03.2026
CVE-2026-32026 OpenClaw < 2026.2.24 - Arbitrary File Read via Improper Temporary Path Validation in Sandbox 19.03.2026
CVE-2026-32027 OpenClaw < 2026.2.26 - Improper Authorization via DM Pairing Store Identity Inheritance in Group Allowlist 19.03.2026
CVE-2026-32028 OpenClaw < 2026.2.25 - Missing Authorization Check in Discord DM Reaction Ingress 19.03.2026
CVE-2026-32029 OpenClaw < 2026.2.21 - Client IP Spoofing via X-Forwarded-For Header Parsing 19.03.2026
CVE-2026-32030 OpenClaw < 2026.2.19 - Sensitive File Disclosure via stageSandboxMedia Path Traversal 20.03.2026
CVE-2026-32031 OpenClaw < 2026.2.26 - Authentication Bypass via Path Canonicalization Mismatch in /api/channels Gateway 19.03.2026
CVE-2026-32032 OpenClaw < 2026.2.22 - Arbitrary Shell Execution via Unvalidated SHELL Environment Variable 19.03.2026
CVE-2026-32033 OpenClaw < 2026.2.24 - Path Traversal via @-prefixed Absolute Paths in Workspace Boundary Validation 19.03.2026
CVE-2026-32034 OpenClaw < 2026.2.21 - Insecure Control UI Authentication over Plaintext HTTP 19.03.2026
CVE-2026-32035 OpenClaw < 2026.3.2 - Missing Owner Flag Validation in Discord Voice Transcript Handler 19.03.2026
CVE-2026-32036 OpenClaw < 2026.2.26- Authentication Bypass via Encoded Dot-Segment Traversal in /api/channels 20.03.2026
CVE-2026-32037 OpenClaw < 2026.2.22 - Redirect Chain Bypass of Media Host Allowlist in MSTeams Attachment Handling 19.03.2026
CVE-2026-32038 OpenClaw - Sandbox Network Isolation Bypass via docker.network=container Parameter 19.03.2026
CVE-2026-32039 OpenClaw < 2026.2.22 - Sender Authorization Bypass via Identity Collision in toolsBySender 19.03.2026
CVE-2026-32040 OpenClaw < 2026.2.23 - HTML Injection via Unvalidated Image MIME Type in Data-URL Interpolation 19.03.2026
CVE-2026-32041 OpenClaw < 2026.3.1 - Unauthenticated Browser Control Access via Failed Auth Bootstrap 19.03.2026
CVE-2026-33393 Discourse fixes loose hostname matching in spam host allowlist 19.03.2026 4.3
CVE-2026-33394 Discourse leaks PM post edits to moderators 19.03.2026 2.7
CVE-2026-30872 OpenWrt Project has a Stack-based Buffer Overflow vulnerability via IPv6 reverse DNS lookup 19.03.2026
CVE-2026-30873 OpenWrt Project jsonpath: Memory leak when processing strings, labels, and regexp tokens 19.03.2026
CVE-2026-33355 Discourse filters whisper posts from private-posts feed 19.03.2026 6.5
CVE-2026-33410 Discourse hardens chat DM channel creation and expansion 19.03.2026 5.4
CVE-2026-27936 Discourse discloses restricted post-action counts to non-privileged users 19.03.2026
CVE-2026-28282 Discourse vulnerable to group membership addition permission bypass via discourse-policy plugin 19.03.2026
CVE-2026-29072 Discourse missing permission check for policy creation in discourse-policy 19.03.2026
CVE-2026-30871 OpenWrt Project has Stack-based Buffer Overflow in DNS PTR Query 19.03.2026
CVE-2026-32099 Discourse prevents hidden profile data leak via user onebox 19.03.2026 4.3
CVE-2026-4342 ingress-nginx comment-based nginx configuration injection 19.03.2026 8.8
CVE-2026-27935 Discourse leaks private topic metadata to non-authorized users 19.03.2026
CVE-2026-32753 FreeScout: Stored XSS through SVG file upload with filter bypass 19.03.2026
CVE-2026-32754 FreeScout: Stored XSS via Unescaped Email Template Rendering ({!! $thread->body !!}) 19.03.2026 9.3
CVE-2026-32815 SiYuan: Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure 19.03.2026
CVE-2026-27934 Discourse leaks private topic title and post excerpt via user action API endpoint 19.03.2026
CVE-2026-32194 Microsoft Bing Images Remote Code Execution Vulnerability 19.03.2026 9.8
CVE-2026-32750 SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes 19.03.2026 6.8
CVE-2026-32751 SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface 19.03.2026
CVE-2026-32752 FreeScout: Broken Access Control in ThreadPolicy — Any User Can Read/Edit All Customer Messages 19.03.2026 0
CVE-2026-4159 wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read 19.03.2026
CVE-2026-23658 Azure DevOps: msazure Elevation of Privilege Vulnerability 19.03.2026 8.6
CVE-2026-23659 Azure Data Factory Information Disclosure Vulnerability 20.03.2026 8.6
CVE-2026-24299 M365 Copilot Information Disclosure Vulnerability 19.03.2026 5.3
CVE-2026-26120 Microsoft Bing Tampering Vulnerability 19.03.2026 6.5
CVE-2026-26136 Microsoft Copilot Information Disclosure Vulnerability 19.03.2026 6.5
CVE-2026-26137 Microsoft 365 Copilot BizChat Elevation of Privilege Vulnerability 20.03.2026 8.9
CVE-2026-26138 Microsoft Purview Elevation of Privilege Vulnerability 19.03.2026 8.6
CVE-2026-26139 Microsoft Purview Elevation of Privilege Vulnerability 19.03.2026 8.6
CVE-2026-27740 Discourse has Stored XSS in AI Triage Automation 19.03.2026
CVE-2026-32169 Azure Cloud Shell Elevation of Privilege Vulnerability 19.03.2026 10
CVE-2026-32191 Microsoft Bing Images Remote Code Execution Vulnerability 20.03.2026 9.8
CVE-2026-32747 SiYuan: Incomplete sensitive path blocklist in globalCopyFiles allows reading /proc and Docker secrets 19.03.2026 6.8
CVE-2026-32749 SiYuan importSY/importZipMd: Path Traversal via multipart filename enables arbitrary file write 19.03.2026 7.6
CVE-2026-3229 Integer Overflow in Certificate Chain Allocation 19.03.2026
CVE-2026-3230 Improper key_share validation in TLS 1.3 HelloRetryRequest 19.03.2026
CVE-2026-27454 Discourse has check revision visibility on posts endpoint 19.03.2026 5.3
CVE-2026-27491 Discourse has a bypass of official warnings messages by non-staff users 19.03.2026
CVE-2026-27570 Discourse Vulnerable to Stored XSS via Shared AI Conversation Onebox 19.03.2026
CVE-2026-30924 qui CORS Misconfiguration: Arbitrary Origins Trusted 19.03.2026
CVE-2026-32622 SQLBot: Remote Code Execution via Terminology Poisoning 19.03.2026
CVE-2026-4395 Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path 19.03.2026
CVE-2026-4428 CRL Distribution Point Scope Check Logic Error in AWS-LC 19.03.2026 7.4
CVE-2026-27166 Discourse vulnerable to HTML injection via prohibited iframe URLs 19.03.2026 4.1
CVE-2026-27953 ormar has a Pydantic Validation Bypass via Kwargs Injection in Model Constructor 19.03.2026 7.1
CVE-2026-30836 Step CA: Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18) 19.03.2026 10
CVE-2026-33302 OpenEMR: zhAclCheck Ignores Explicit ACL Denies 19.03.2026
CVE-2026-33303 OpenEMR Vulnerable to Stored XSS via Unescaped portal_login_username in Credential Print View 19.03.2026 5.4
CVE-2026-33304 OpenEMR has Authorization Bypass in Dated Reminders Log 19.03.2026 6.5
CVE-2026-33305 OpenEMR has Authorization Bypass in FaxSMS AppDispatch Constructor 19.03.2026 5.4
CVE-2026-33346 OpenEMR has stored XSS in portal_payment.php via Unescaped table_args 19.03.2026 8.7
CVE-2026-3849 Buffer Overflow in HPKE via Oversized ECH Config 19.03.2026
CVE-2026-33299 OpenEMR has Stored XSS in patient encounter Eye Exam form answers 19.03.2026
CVE-2026-33301 OpenEMR has arbitrary image file read via PDF generator 19.03.2026
CVE-2026-33321 OpenEMR has Out-of-Band Server-Side Request Forgery (OOB SSRF) 19.03.2026
CVE-2026-3547 wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation 19.03.2026 7.5
CVE-2026-3549 ECH parsing heap buffer overflow 19.03.2026
CVE-2026-32119 OpenEMR has Stored DOM XSS via SearchHighlight text-node reconstruction on Custom Report page 19.03.2026 4.4
CVE-2026-3580 Compiler-induced timing leak in sp_256_get_entry_256_9 on RISC-V 19.03.2026
CVE-2026-25744 OpenEMR: POST /api/.../vital Accepts Attacker-Supplied id and Overwrites Arbitrary Vitals 19.03.2026 6.5
CVE-2026-25928 OpenEMR Vulnerable to Path Traversal When Zipping DICOM Folders 19.03.2026 6.5
CVE-2026-32238 OpenEMR has Remote Code Execution in backup functionality 19.03.2026 9.1
CVE-2026-3579 Non-constant time multiplication subroutine __muldi3 on RISC-V RV32I 19.03.2026