CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2025-62319 Boolean-Based SQL Injection in Multiple Unica Components 16.03.2026 9.8
CVE-2017-20223 Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference 16.03.2026 9.3
CVE-2017-20224 Telesquare SKT LTE Router SDT-CS3B1 WebDAV Arbitrary File Upload 16.03.2026 9.3
CVE-2026-4184 D-Link DIR-816 goahead form2Wl5BasicSetup.cgi stack-based overflow 16.03.2026 9.3
CVE-2026-4183 D-Link DIR-816 goahead form2WlanBasicSetup.cgi stack-based overflow 16.03.2026 9.3
CVE-2026-4181 D-Link DIR-816 goahead form2RepeaterStep2.cgi stack-based overflow 16.03.2026 9.3
CVE-2026-4182 D-Link DIR-816 goahead form2Wl5RepeaterStep2.cgi stack-based overflow 16.03.2026 9.3
CVE-2016-20024 ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation 16.03.2026 9.3
CVE-2016-20026 ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote Code Execution 16.03.2026 9.3
CVE-2016-20030 ZKTeco ZKBioSecurity 3.0 User Enumeration via authLoginAction 16.03.2026 9.3
CVE-2026-4170 Topsec TopACM HTTP Request nmc_sync.php os command injection 16.03.2026 9.3
CVE-2026-4164 Wavlink WL-WN578W2 POST Request wireless.cgi GuestWifi command injection 15.03.2026 9.3
CVE-2026-4163 Wavlink WL-WN579A3 POST Request wireless.cgi GuestWifi command injection 14.03.2026 9.3
CVE-2025-15060 claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability 16.03.2026 9.8
CVE-2026-32621 Apollo Federation has prototype pollution via incomplete key sanitization 13.03.2026 9.9
CVE-2026-32626 AnythingLLM has a Streaming Phase XSS to RCE via LLM Response Injection 13.03.2026 9.7
CVE-2026-31886 Dagu has a Path Traversal via `dagRunId` in Inline DAG Execution 13.03.2026 9.1
CVE-2026-31806 FreeRDP has a Heap Buffer Overflow in nsc_process_message() via Unchecked SURFACE_BITS_COMMAND Bitmap Dimensions 15.03.2026 9.3
CVE-2026-32746 15.03.2026 9.8
CVE-2026-26954 SandboxJS has a Sandbox Escape 13.03.2026 10
CVE-2026-3891 Pix for WooCommerce <= 1.5.0 - Unauthenticated Arbitrary File Upload 13.03.2026 9.8
CVE-2026-22193 wpDiscuz before 7.6.47 - SQL Injection in getAllSubscriptions() 13.03.2026 9.2
CVE-2026-32301 Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL 13.03.2026 9.3
CVE-2026-32304 Locutus: RCE via unsanitized input in create_function() 13.03.2026 9.8
CVE-2026-32306 OneUptime ClickHouse SQL Injection via Aggregate Query Parameters 14.03.2026 10
CVE-2026-3611 Honeywell IQ4x BMS Controller Missing authentication for critical function 13.03.2026 10
CVE-2026-32248 Parse Server: Account takeover via operator injection in authentication data identifier 13.03.2026 9.3
CVE-2026-32251 Tolgee has an XXE Injection in Translation Import 13.03.2026 9.3
CVE-2026-32242 Parse Server OAuth2 adapter shares mutable state across providers via singleton instance 12.03.2026 9.1
CVE-2026-32140 Dataease: Redshift JDBC RCE Bypass 13.03.2026 9.3
CVE-2026-32137 DataEase SQL Injection Vulnerability 13.03.2026 9.3
CVE-2026-28252 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge 13.03.2026 9.2
CVE-2026-28792 Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS 13.03.2026 9.7
CVE-2026-21708 13.03.2026 10
CVE-2026-21666 13.03.2026 10
CVE-2026-21667 13.03.2026 10
CVE-2026-21669 13.03.2026 10
CVE-2026-21671 13.03.2026 9.1
CVE-2026-28384 Authenticated RCE via unsanitized compression_algorithm 13.03.2026 9.4
CVE-2026-32136 AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass 12.03.2026 9.8
CVE-2026-27591 Winter: Privilege escalation by authenticated backend users 12.03.2026 10
CVE-2026-32096 Plunk has SSRF via unvalidated AWS SNS SubscriptionConfirmation in POST /webhooks/sns 12.03.2026 9.3
CVE-2026-27478 Unity Catalog has a JWT Issuer Validation Bypass Allows Complete User Impersonation 12.03.2026 9.1
CVE-2026-31976 xygeni-action v5 tag poisoned with C2 backdoor 12.03.2026 9.3
CVE-2026-31957 Himmelblau unset domain configuration can allow any-tenant authentication at first login for remote deployments 12.03.2026 10
CVE-2026-31896 WeGIA has a Time-Based Blind SQL Injection in remover_produto_ocultar.php 12.03.2026 9.8
CVE-2018-25159 Epross AVCON6 OGNL Remote Code Execution via login.action 11.03.2026 9.3
CVE-2019-25468 NetGain EM Plus 10.1.68 Remote Code Execution via script_test.jsp 11.03.2026 9.3
CVE-2019-25471 FileThingie 2.5.7 Arbitrary File Upload via ft2.php 11.03.2026 9.3
CVE-2019-25487 SAPIDO RB-1732 V2.0.43 Remote Command Execution via formSysCmd 11.03.2026 9.3
CVE-2026-31874 Taskosaur Improper Role Assignment via Parameter Manipulation in User Registration 12.03.2026 9.8
CVE-2026-31877 Frappe SQL Injection due to improper field sanitization 12.03.2026 9.3
CVE-2026-31871 Parse Server has a SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL 12.03.2026 9.3
CVE-2026-31856 Parse Server has a SQL injection via `Increment` operation on nested object field in PostgreSQL 12.03.2026 9.3
CVE-2026-31862 Cloud CLI has Command Injection via Multiple Parameters 12.03.2026 9.1
CVE-2026-31840 Parse Server has a SQL injection via dot-notation field name in PostgreSQL 11.03.2026 9.3
CVE-2026-31852 Jellyfin Possible Organization/Secret Compromise from dangerous CI implementation 11.03.2026 10
CVE-2026-27897 Vociferous Unauthenticated Remote Path Traversal (RCE via CSRF) 11.03.2026 10
CVE-2026-28229 Argo Workflows has unauthorized access to Argo Workflows Template 11.03.2026 9.8
CVE-2026-30903 12.03.2026 9.6
CVE-2026-3826 WellChoose|IFTOP - Local File Inclusion 11.03.2026 9.3
CVE-2023-27573 11.03.2026 9
CVE-2026-24448 11.03.2026 9.3
CVE-2026-27842 11.03.2026 9.3
CVE-2026-23813 Authentication Bypass in Web Interface allows Unauthenticated Admin Password Reset 12.03.2026 9.8
CVE-2026-29515 MiCode FileExplorer SwiFTP Server Authentication Bypass 11.03.2026 9.3
CVE-2026-28806 Improper authorization in device bulk actions and device update API allows cross-organization device control 12.03.2026 9.4
CVE-2026-0124 11.03.2026 10
CVE-2026-30965 Parse Server session token exfiltration via `redirectClassNameForKey` query parameter 11.03.2026 9.9
CVE-2026-30966 Parse Server role escalation and CLP bypass via direct `_Join` table write 11.03.2026 10
CVE-2026-29792 Feathersjs has an OAuth Callback Account Takeover 11.03.2026 9.3
CVE-2026-29793 NoSQL Injection via WebSocket id Parameter in MongoDB Adapter 11.03.2026 9.3
CVE-2025-48611 16.03.2026 10
CVE-2026-28495 GetSimple CMS has CSRF to Remote Code Execution via Arbitrary PHP Write in gsconfig.php 10.03.2026 9.7
CVE-2026-27825 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment 10.03.2026 9.1
CVE-2026-28292 simple-git has blockUnsafeOperationsPlugin bypass via case-insensitive protocol.allow config key enables RCE 11.03.2026 9.8
CVE-2026-30960 RSSN has Arbitrary Code Execution via Unvalidated JIT Instruction Generation in C-FFI Interface 10.03.2026 9.4
CVE-2026-30956 OneUptime has authorization bypass via client‑controlled is-multi-tenant-query header 10.03.2026 10
CVE-2026-30957 OneUptime Synthetic Monitor RCE via exposed Playwright browser object 10.03.2026 10
CVE-2025-40943 13.03.2026 9.4
CVE-2026-3843 SQL Injection in Nefteprodukttekhnika BUK TS-G Allows Remote Code Execution 10.03.2026 9.3
CVE-2025-41709 Command injection in power analyzer via Modbus-TCP and Modbus-RTU 10.03.2026 9.8
CVE-2026-0953 Tutor LMS Pro <= 3.9.5 - Authentication Bypass via Social Login 10.03.2026 9.8
CVE-2026-27685 Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration 11.03.2026 9.1
CVE-2026-30921 OneUptime Synthetic Monitor RCE via exposed Playwright browser object 10.03.2026 10
CVE-2026-30887 OneUptime Affected by Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCE 10.03.2026 10
CVE-2026-30862 Critical Stored XSS & Privilege Escalation in Appsmith 10.03.2026 9.1
CVE-2026-30869 SiYuan has a Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage 10.03.2026 9.3
CVE-2025-11158 Hitachi Vantara Pentaho Data Integration & Analytics - Missing Authorization 10.03.2026 9.1
CVE-2026-28431 Misskey lacks proper authorization checks and input validation 10.03.2026 9.2
CVE-2026-30240 Budibase PWA ZIP Upload Path Traversal Allows Reading Arbitrary Server Files Including All Environment Secrets 10.03.2026 9.6
CVE-2026-31816 Budibase Universal Auth Bypass via Webhook Query Param Injection 10.03.2026 9.1

Latest Updates

CVE Title Updated Score
CVE-2025-69783 16.03.2026
CVE-2025-69784 16.03.2026
CVE-2025-57543 16.03.2026
CVE-2025-62319 Boolean-Based SQL Injection in Multiple Unica Components 16.03.2026 9.8
CVE-2026-32583 WordPress Modern Events Calendar plugin <= 7.29.0 - Broken Access Control vulnerability 16.03.2026 5.3
CVE-2026-32587 WordPress WP EasyPay plugin <= 4.2.11 - Broken Access Control vulnerability 16.03.2026 5.4
CVE-2026-4250 Albert Sağlık Hizmetleri ve Ticaret Albert Health Google Cloud Service Account Key service-account.json credentials storage 16.03.2026
CVE-2026-4276 LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries. 16.03.2026
CVE-2025-2274 Stored Cross Site Scripting in Forcepoint Web Security 16.03.2026
CVE-2025-52642 HCL AION is affected by an internal filesystem paths disloser vulnerability 16.03.2026 3.3
CVE-2025-52645 HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. 16.03.2026 1.9
CVE-2025-52646 HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. 16.03.2026 2.2
CVE-2026-21386 Private channel enumeration via /mute slash command 16.03.2026 4.3
CVE-2026-22545 Password Change Bypass via Auth Switch Endpoint 16.03.2026 3.1
CVE-2026-24692 Guest users can bypass read permissions via search API 16.03.2026 4.3
CVE-2026-2455 SSRF bypass via IPv4-mapped IPv6 literals 16.03.2026 4.3
CVE-2026-4243 La Nacion App app.lanacion.activity BuildConfig.java credentials storage 16.03.2026
CVE-2025-52636 HCL AION is affected by a improper handling of uploads files Size 16.03.2026 1.8
CVE-2025-52643 HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment 16.03.2026 4.7
CVE-2025-52644 HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. 16.03.2026 5.8
CVE-2025-52649 HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature 16.03.2026 1.8
CVE-2026-25369 WordPress Flexmls® IDX plugin <= 3.15.9 - Reflected Cross Site Scripting (XSS) vulnerability 16.03.2026 7.1
CVE-2026-4242 BabyChakra Pregnancy & Parenting App app.babychakra.babychakra Configuration.java credentials storage 16.03.2026
CVE-2026-4240 Open5GS CCA smf_s6b_sta_cb denial of service 16.03.2026
CVE-2026-4241 itsourcecode College Management System time-table.php sql injection 16.03.2026
CVE-2025-10461 Global file reads caused by improper URL checks in webserver 16.03.2026
CVE-2025-10685 HTTP POST with specific higher content length leads into heap corruption 16.03.2026
CVE-2026-25780 Memory Exhaustion via Malformed DOC File Upload 16.03.2026 4.3
CVE-2026-4239 Lagom WHMCS Template Datatables prototype pollution 16.03.2026
CVE-2025-52638 Multiple security vulnerabilities affect HCL AION 16.03.2026 5.6
CVE-2025-52648 16.03.2026 4.8
CVE-2025-52637 Multiple security vulnerabilities affect HCL AION 16.03.2026 4.5
CVE-2026-4238 itsourcecode College Management System courses.php sql injection 16.03.2026
CVE-2026-24458 DoS attack via login attempts with multi-megabyte passwords 16.03.2026 7.5
CVE-2026-25783 Denial of service via malformed User-Agent header in getBrowserVersion 16.03.2026 4.3
CVE-2026-2326 16.03.2026
CVE-2026-2462 Admin RCE via Malicious Plugin Upload on CI Test Instances 16.03.2026 6.6
CVE-2026-2578 Information Disclosure via WebSocket Event When Deleting Unrevealed Burn on Read Posts 16.03.2026 4.3
CVE-2026-4237 itsourcecode Free Hotel Reservation System index.php sql injection 16.03.2026
CVE-2026-4265 Guest user can upload files without permission across teams 16.03.2026 4.3
CVE-2025-15540 Authenticated RCE in Raytha CMS 16.03.2026
CVE-2025-69236 Stored XSS in Raytha CMS 16.03.2026
CVE-2025-69237 Stored XSS in Raytha CMS 16.03.2026
CVE-2025-69238 Cross-Site Request Forgery in Raytha CMS 16.03.2026
CVE-2025-69239 Server-Site Request Forgery in Raytha CMS 16.03.2026
CVE-2025-69240 Header Poisoning in Raytha CMS 16.03.2026
CVE-2025-69241 Stored XSS in Raytha CMS 16.03.2026
CVE-2025-69242 Reflected XSS in Raytha CMS 16.03.2026
CVE-2025-69243 User enumeration in Raytha CMS 16.03.2026
CVE-2025-69245 Reflected XSS in Raytha CMS 16.03.2026
CVE-2025-69246 Lack of bruteforce protection in Raytha CMS 16.03.2026
CVE-2026-3476 Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 16.03.2026 7.8
CVE-2026-26246 Memory Exhaustion via Malformed PSD File Upload 16.03.2026 4.3
CVE-2026-2457 WebSocket Message Spoofing via Permalink Embed Manipulation 16.03.2026 4.3
CVE-2026-2458 Unauthorized channel enumeration in private teams after member removal 16.03.2026 4.3
CVE-2026-2461 Missing authorization check allows unauthorized modification of other users' comments on a board 16.03.2026 4.3
CVE-2026-4236 itsourcecode Online Enrollment System index.php sql injection 16.03.2026
CVE-2026-2456 Denial of Service via Unbounded Memory Allocation in Integration Actions 16.03.2026 5.3
CVE-2026-2463 Unauthorized access to invite ID during team creation 16.03.2026 4.3
CVE-2026-2476 MS Teams plugin sensitive config values not properly masked in support packets 16.03.2026 7.6
CVE-2026-4235 itsourcecode Online Enrollment System login.php sql injection 16.03.2026
CVE-2025-15552 Long Session Lifetime in Truesec LAPSWebUI 16.03.2026
CVE-2025-15553 Insecure Logout Functionality in Truesec LAPSWebUI 16.03.2026
CVE-2025-15554 Admin Passwords Cached by Browsers in Truesec LAPSWebUI 16.03.2026
CVE-2026-4234 SSCMS DDL SitesAddController.Submit.cs sql injection 16.03.2026
CVE-2026-3020 Identity based authorization bypass vulnerability (IDOR) in the Wakyma application web 16.03.2026
CVE-2026-3021 Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web 16.03.2026
CVE-2026-3022 Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web 16.03.2026
CVE-2026-3023 Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web 16.03.2026
CVE-2026-3024 Stored Cross-Site Scripting (XSS) vulnerability in the Wakyma application web 16.03.2026
CVE-2026-4233 ThingsGateway download path traversal 16.03.2026
CVE-2026-3110 Multiple vulnerabilities on the Educativa Campus 16.03.2026
CVE-2026-3111 Multiple vulnerabilities on the Educativa Campus 16.03.2026
CVE-2025-11500 Credentials exposure in tinycontrol devices 16.03.2026
CVE-2025-15587 Credentials exposure in tinycontrol devices 16.03.2026
CVE-2026-4232 Tiandy Integrated Management Platform getAuthorityByUserId sql injection 16.03.2026
CVE-2026-4231 vanna-ai vanna Endpoint __init__.py run_sql server-side request forgery 16.03.2026
CVE-2026-4229 vanna-ai vanna bigquery_vector.py remove_training_data sql injection 16.03.2026
CVE-2026-4230 vanna-ai vanna Endpoint __init__.py update_sql sql injection 16.03.2026
CVE-2026-4227 LB-LINK BL-WR9000 get_hidessid_cfg sub_44D844 buffer overflow 16.03.2026
CVE-2026-4228 LB-LINK BL-WR9000 set_wifi sub_458754 command injection 16.03.2026
CVE-2026-4225 CMS Made Simple User Management listusers.php cross site scripting 16.03.2026
CVE-2026-4226 LB-LINK BL-WR9000 get_virtual_cfg sub_44E8D0 stack-based overflow 16.03.2026
CVE-2025-12736 multimedia_audio_standard has an insecure storage of sensitive information vulnerability 16.03.2026 6.5
CVE-2025-25277 arkcompiler_ets_runtime has a type confusion vulnerability 16.03.2026 6.3
CVE-2025-26474 communication_ipc an improper input validation vulnerability 16.03.2026 3.3
CVE-2025-41432 arkcompiler_ets_runtime has an out-of-bounds write vulnerability 16.03.2026 5.5
CVE-2025-52458 arkcompiler_ets_runtime has an out-of-bounds write vulnerability 16.03.2026 5.5
CVE-2025-6969 ability_ability_runtime an improper input validation vulnerability 16.03.2026 5
CVE-2026-0639 liteos_a has a missing release of memory vulnerability 16.03.2026 3.3
CVE-2026-25083 16.03.2026
CVE-2026-32776 16.03.2026 4
CVE-2026-32777 16.03.2026 4
CVE-2026-32778 16.03.2026 2.9
CVE-2026-4223 itsourcecode Payroll Management System manage_employee.php sql injection 16.03.2026
CVE-2026-4255 DLL Injection Privilege Escalation 16.03.2026
CVE-2025-71264 16.03.2026 3.7
CVE-2026-32775 16.03.2026 7.4
CVE-2026-4219 INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App ae.index.apgcs BuildConfig.java hard-coded credentials 16.03.2026
CVE-2026-4220 Technologies Integrated Management Platform SetWebpagePic.jsp unrestricted upload 16.03.2026
CVE-2026-4221 Tiandy Easy7 Integrated Management Platform Endpoint uploadLedImage unrestricted upload 16.03.2026
CVE-2026-4222 SSCMS download PathUtils.RemoveParentPath path traversal 16.03.2026
CVE-2026-4218 myAEDES App aedes.me.beta EngageBayUtils.java information disclosure 16.03.2026
CVE-2026-31386 16.03.2026
CVE-2026-4216 i-SENS SmartLog App air.SmartLog.android hard-coded credentials 16.03.2026
CVE-2026-4217 XREAL Nebula App ai.nreal.nebula.universal CloudStoragePlugin.java credentials storage 16.03.2026
CVE-2026-20988 16.03.2026
CVE-2026-20989 16.03.2026
CVE-2026-20990 16.03.2026
CVE-2026-20991 16.03.2026
CVE-2026-20992 16.03.2026
CVE-2026-20993 16.03.2026
CVE-2026-20994 16.03.2026
CVE-2026-20995 16.03.2026
CVE-2026-20996 16.03.2026
CVE-2026-20997 16.03.2026
CVE-2026-20998 16.03.2026
CVE-2026-20999 16.03.2026
CVE-2026-21000 16.03.2026
CVE-2026-21001 16.03.2026
CVE-2026-21002 16.03.2026
CVE-2026-21004 16.03.2026
CVE-2026-21005 16.03.2026
CVE-2026-4213 D-Link DNS-1550-04 gui_mgr.cgi cgi_myfavorite_verify stack-based overflow 16.03.2026
CVE-2026-4214 D-Link DNS-1550-04 app_mgr.cgi UPnP_AV_Server_Path_Setting stack-based overflow 16.03.2026
CVE-2026-4215 FlowCI flow-core-x SMTP Host ConfigServiceImpl.java save server-side request forgery 16.03.2026
CVE-2026-4207 D-Link DNS-1550-04 system_mgr.cgi cgi_ntp_time command injection 16.03.2026
CVE-2026-4209 D-Link DNS-1550-04 account_mgr.cgi cgi_chg_admin_pw command injection 16.03.2026
CVE-2026-4210 D-Link DNS-1550-04 time_machine.cgi cgi_tm_set_share command injection 16.03.2026
CVE-2026-4211 D-Link DNS-1550-04 local_backup_mgr.cgi Local_Backup_Info stack-based overflow 16.03.2026
CVE-2026-4212 D-Link DNS-1550-04 download_mgr.cgi Downloads_Schedule_Info stack-based overflow 16.03.2026
CVE-2026-4206 D-Link DNS-1550-04 dsk_mgr.cgi ScanDisk_run_e2fsck command injection 16.03.2026
CVE-2017-20221 Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution 16.03.2026
CVE-2017-20222 Telesquare SKT LTE Router SDT-CS3B1 Unauthenticated Remote Reboot 16.03.2026
CVE-2017-20223 Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference 16.03.2026
CVE-2017-20224 Telesquare SKT LTE Router SDT-CS3B1 WebDAV Arbitrary File Upload 16.03.2026
CVE-2026-4203 D-Link DNS-1550-04 network_mgr.cgi cgi_dhcpd command injection 16.03.2026
CVE-2026-4204 D-Link DNS-1550-04 gui_mgr.cgi cgi_mycloud_auto_downlaod command injection 16.03.2026
CVE-2026-4205 D-Link DNS-1550-04 app_mgr.cgi FTP_Server_BlockIP_Del command injection 16.03.2026
CVE-2026-4201 glowxq glowxq-oj SysFileController.java upload unrestricted upload 16.03.2026
CVE-2026-4199 bazinga012 mcp_code_executor index.ts installDependencies command injection 16.03.2026
CVE-2026-4200 glowxq glowxq-oj ProblemCaseController.java uploadTestcaseZipUrl server-side request forgery 16.03.2026
CVE-2026-4196 D-Link DNS-1550-04 remote_backup.cgi cgi_set_rsync_server command injection 16.03.2026
CVE-2026-4197 D-Link DNS-1550-04 download_mgr.cgi RSS_Item_List command injection 16.03.2026
CVE-2026-4198 hypermodel-labs mcp-server-auto-commit index.ts getGitChanges command injection 15.03.2026
CVE-2026-4193 D-Link DIR-823G goahead UpdateClientInfo access control 16.03.2026
CVE-2026-4194 D-Link DNS-1550-04 system_mgr.cgi cgi_set_wto access control 16.03.2026
CVE-2026-4195 D-Link DNS-1550-04 wizard_mgr.cgi command injection 16.03.2026
CVE-2026-4192 AvinashBole quip-mcp-server index.ts setupToolHandlers command injection 15.03.2026
CVE-2026-4191 JawherKl node-api-postgres Profile Picture index.js path.extname unrestricted upload 15.03.2026
CVE-2026-4188 D-Link DIR-619L boa formSchedule stack-based overflow 16.03.2026
CVE-2026-4189 phpipam Section edit-result.php sql injection 15.03.2026
CVE-2026-4190 JawherKl node-api-postgres user.js User.getAll sql injection 15.03.2026
CVE-2026-4186 UEditor JSONP Callback controller.php cross site scripting 15.03.2026
CVE-2026-4187 Tiandy Easy7 Integrated Management Platform Device Identifier UpdateLocalDevInfo.jsp missing authentication 15.03.2026
CVE-2015-20117 RealtyScript 4.0.2 Cross-Site Request Forgery Unauthorized User Creation 16.03.2026
CVE-2015-20118 RealtyScript 4.0.2 Stored Cross-Site Scripting via location_name Parameter 16.03.2026
CVE-2015-20119 RealtyScript 4.0.2 Stored Cross-Site Scripting via text Parameter in pages.php 16.03.2026
CVE-2015-20120 RealtyScript 4.0.2 Multiple Time-based Blind SQL Injection 16.03.2026
CVE-2015-20121 RealtyScript 4.0.2 SQL Injection via u_id and agent Parameters 16.03.2026
CVE-2016-20033 Wowza Streaming Engine 4.5.0 Local Privilege Escalation via nssm_x64.exe 16.03.2026
CVE-2016-20034 Wowza Streaming Engine 4.5.0 Privilege Escalation via user edit 16.03.2026
CVE-2016-20035 Wowza Streaming Engine 4.5.0 CSRF via user edit endpoint 16.03.2026
CVE-2016-20036 Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities 16.03.2026
CVE-2017-20217 Serviio PRO 1.8 REST API Information Disclosure 16.03.2026
CVE-2017-20218 Serviio PRO 1.8 Local Privilege Escalation via Unquoted Path 16.03.2026
CVE-2017-20219 Serviio PRO 1.8 DOM-based Cross-Site Scripting via mediabrowser 16.03.2026
CVE-2017-20220 Serviio PRO 1.8 Unauthenticated Password Change via REST API 16.03.2026
CVE-2013-20005 Qool CMS 2.0 RC2 Cross-Site Request Forgery via adduser 16.03.2026
CVE-2013-20006 Qool CMS Multiple Persistent Cross-Site Scripting Vulnerabilities 16.03.2026
CVE-2015-20113 RealtyScript 4.0.2 Multiple Cross-Site Request Forgery and Persistent Cross-Site Scripting Vulnerabilities 16.03.2026
CVE-2015-20114 RealtyScript 4.0.2 Cross-Site Scripting via Multiple Parameters 16.03.2026
CVE-2015-20115 RealtyScript 4.0.2 Stored Cross-Site Scripting via File Upload Parameter 16.03.2026
CVE-2015-20116 RealtyScript 4.0.2 Stored Cross-Site Scripting via CSV File Upload Filename 16.03.2026
CVE-2026-4185 GPAC MP4Box swf_parse.c swf_def_bits_jpeg stack-based overflow 15.03.2026