CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2026-26830 25.03.2026 9.8
CVE-2025-33244 25.03.2026 9
CVE-2026-33322 MinIO: JWT Algorithm Confusion in OIDC Authentication 25.03.2026 9.2
CVE-2026-33419 MinIO: LDAP login brute-force via user enumeration and missing rate limit 25.03.2026 9.1
CVE-2026-2417 Missing Authentication for Critical Function in Pharos Controls Mosaic Show Controller 24.03.2026 9.3
CVE-2026-33340 LoLLMs WEBUI has unauthenticated Server-Side Request Forgery (SSRF) in /api/proxy endpoint 24.03.2026 9.1
CVE-2026-33309 Langflow has an Arbitrary File Write (RCE) via v2 API 25.03.2026 10
CVE-2026-33475 Langflow GitHub Actions Shell Injection 25.03.2026 9.1
CVE-2019-25628 Download Accelerator Plus DAP 10.0.6.0 SEH Buffer Overflow 24.03.2026 9.3
CVE-2019-25646 Tabs Mail Carrier 2.5.1 Buffer Overflow via MAIL FROM 24.03.2026 9.3
CVE-2026-4755 CWE-20 in MolotovCherry Android-ImageMagick7 24.03.2026 9.8
CVE-2026-4750 Out-of-bounds Read in fabiangreffrath woof 24.03.2026 9.1
CVE-2026-4753 Out-of-bounds Read in slajerek RetroDebugger 24.03.2026 9.1
CVE-2026-4283 WP DSGVO Tools (GDPR) <= 3.1.38 - Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users 24.03.2026 9.1
CVE-2026-4745 Arbitrary Code Execution via Crafted Bytecode in dendibakh/perf-ninja 24.03.2026 10
CVE-2026-4746 Heap Buffer Over-Write Vulenrabilty in timeplus-io/proton 24.03.2026 10
CVE-2026-4734 Heap Buffer Overflow in yoyofr/modizer 24.03.2026 9.4
CVE-2026-4738 GDAL Bundled zlib (inftree9.c) Pointer Offset Optimization Undefined Behavior Allows Heap Corruption or Remote Code Execution 24.03.2026 9.4
CVE-2026-4739 Integer overflow vulnerabilities in InsightSoftwareConsortium/ITK 24.03.2026 9.4
CVE-2026-4744 Notepad3 Bundled Oniguruma compile_string_node() Heap Buffer Overflow via Crafted Regex Pattern Allows Arbitrary Code Execution 24.03.2026 9.3
CVE-2026-33211 Tekton Pipelines git resolver has path traversal that allows reading arbitrary files from the resolver pod 24.03.2026 9.6
CVE-2026-33286 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names 24.03.2026 9.1
CVE-2026-4001 Woocommerce Custom Product Addons Pro <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula 24.03.2026 9.8
CVE-2026-4681 Critical Remote Code Execution vulnerability reported in Windchill 24.03.2026 9.3
CVE-2026-33634 Trivy ecosystem supply chain briefly compromised 25.03.2026 9.4
CVE-2025-60949 Census CSWeb leaked configuration files 25.03.2026 9.3
CVE-2026-3055 Insufficient input validation leading to memory overread 24.03.2026 9.3
CVE-2026-30849 MantisBT SOAP API has an authentication bypass vulnerability on MySQL 24.03.2026 9.3
CVE-2026-0898 An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. 24.03.2026 9
CVE-2026-33716 AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php 24.03.2026 9.4
CVE-2026-33502 AVideo has Unauthenticated SSRF via plugin/Live/test.php 24.03.2026 9.3
CVE-2026-33478 AVideo Multi-Chain Attack: Unauthenticated Remote Code Execution via Clone Key Disclosure, Database Dump, and Command Injection 23.03.2026 10
CVE-2026-33351 AVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification Bypass 23.03.2026 9.1
CVE-2026-33352 AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass) 24.03.2026 9.8
CVE-2025-41008 SQL Injection in Sinturno 23.03.2026 9.3
CVE-2025-41007 SQL Injection in Cuantis 23.03.2026 9.3
CVE-2026-32968 Unauthenticated RCE in com_mb24sysapi 23.03.2026 9.8
CVE-2026-4585 Tiandy Easy7 Integrated Management Platform Configuration ImportSystemConfiguration.jsp os command injection 23.03.2026 9.3
CVE-2026-3587 Hidden CLI Function Allows Root Access 24.03.2026 10
CVE-2026-4599 23.03.2026 9.3
CVE-2026-4600 23.03.2026 9.1
CVE-2026-4601 23.03.2026 9.4
CVE-2026-4567 Tenda A15 UploadCfg stack-based overflow 23.03.2026 9.3
CVE-2026-4606 GeoVision ERM Improper Privilege Assignment Leads to SYSTEM-Level Privilege 24.03.2026 10
CVE-2019-25614 Free Float FTP 1.0 STOR Command Remote Buffer Overflow 23.03.2026 9.3
CVE-2019-25568 Memu Play 6.0.7 Privilege Escalation via Insecure File Permissions 23.03.2026 9.3
CVE-2026-24060 Automated Logic WebCTRL Premium Server Cleartext Transmission of Sensitive Information 23.03.2026 9.1
CVE-2026-29796 IGL-Technologies eParking.fi Missing Authentication for Critical Function 23.03.2026 9.3
CVE-2026-25192 CTEK Chargeportal Missing Authentication for Critical Function 23.03.2026 9.3
CVE-2026-33186 gRPC-Go has an authorization bypass via missing leading slash in :path 24.03.2026 9.1
CVE-2026-3584 Kali Forms <= 2.4.9 - Unauthenticated Remote Code Execution via form_process 23.03.2026 9.8
CVE-2026-22898 QVR Pro 25.03.2026 9.3
CVE-2026-22172 OpenClaw < 2026.3.12 - Scope Elevation in WebSocket Shared-Auth Connections 20.03.2026 9.4
CVE-2026-33134 WeGIA has Authenticated Time-Based Blind SQL Injection in `restaurar_produto.php` via `id_produto` parameter 20.03.2026 9.3
CVE-2026-33135 WeGIA has Reflected Cross-Site Scripting (XSS) in `novo_memorandoo.php` via `sccs` parameter 20.03.2026 9.3
CVE-2026-33136 WeGIA has Reflected Cross-Site Scripting (XSS) in `listar_memorandos_ativos.php` via `sccd` parameter 20.03.2026 9.3
CVE-2026-33075 FastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.yml 20.03.2026 9.4
CVE-2026-33057 Mesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-py 25.03.2026 9.8
CVE-2026-33054 Mesop: Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion 20.03.2026 10
CVE-2026-4478 Yi Technology YI Home Camera HTTP Firmware Update ipc signature verification 20.03.2026 9.2
CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint 23.03.2026 9.3
CVE-2026-33024 AVideo-Encoder has Unauthenticated Blind Server-Side Request Forgery via Public Thumbnail Generator 20.03.2026 9.3
CVE-2026-32938 SiYuan has an Arbitrary File Read in its Desktop Publish Service 20.03.2026 9.9
CVE-2026-32940 SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183) 20.03.2026 9.3
CVE-2026-4038 Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call 20.03.2026 9.8
CVE-2026-21992 24.03.2026 9.8
CVE-2026-32890 Anchorr: Stored XSS in User Mapping dropdown allows unprivileged Discord users to exfiltrate all secrets via /api/config 20.03.2026 9.7
CVE-2026-32891 Anchorr Privilege Escalation: Jellyseerr User → Anchorr Admin via Stored XSS 20.03.2026 9.1
CVE-2026-32817 Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion 20.03.2026 9.1
CVE-2026-32767 SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API 20.03.2026 9.8
CVE-2026-32985 Xerte Online Toolkits <= 3.14 Unauthenticated Template Import Arbitrary File Upload Leading to Remote Code Execution 20.03.2026 9.3
CVE-2026-32760 File Browser Self Registration Grants Any User Admin Access When Default Permissions Include Admin 25.03.2026 10
CVE-2026-22732 Under Some Conditions Spring Security HTTP Headers Are not Written 21.03.2026 9.1
CVE-2026-29103 SuiteCRM Vulnerable to Remote Code Execution via Module Loader Package Scanner Bypass 20.03.2026 9.1
CVE-2026-32038 OpenClaw - Sandbox Network Isolation Bypass via docker.network=container Parameter 20.03.2026 9.3
CVE-2026-30872 OpenWrt Project has a Stack-based Buffer Overflow vulnerability via IPv6 reverse DNS lookup 25.03.2026 9.5
CVE-2026-30871 OpenWrt Project has Stack-based Buffer Overflow in DNS PTR Query 25.03.2026 9.5
CVE-2026-32754 FreeScout: Stored XSS via Unescaped Email Template Rendering ({!! $thread->body !!}) 20.03.2026 9.3
CVE-2026-32194 Microsoft Bing Images Remote Code Execution Vulnerability 24.03.2026 9.8
CVE-2026-26137 Microsoft 365 Copilot BizChat Elevation of Privilege Vulnerability 24.03.2026 9.9
CVE-2026-32169 Azure Cloud Shell Elevation of Privilege Vulnerability 24.03.2026 10
CVE-2026-32191 Microsoft Bing Images Remote Code Execution Vulnerability 24.03.2026 9.8
CVE-2026-30924 qui CORS Misconfiguration: Arbitrary Origins Trusted 20.03.2026 9
CVE-2026-4428 CRL Distribution Point Scope Check Logic Error in AWS-LC 25.03.2026 9.1
CVE-2026-30836 Step CA: Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18) 25.03.2026 10
CVE-2026-32238 OpenEMR has Remote Code Execution in backup functionality 20.03.2026 9.1
CVE-2026-32865 OPEXUS eComplaint and eCase insecure password reset 19.03.2026 9.2
CVE-2026-22557 19.03.2026 10
CVE-2026-27065 WordPress BuilderPress plugin <= 2.0.1 - Local File Inclusion vulnerability 19.03.2026 9.8
CVE-2026-27067 WordPress Mobile App Editor plugin <= 1.3.1 - Arbitrary File Upload vulnerability 19.03.2026 9.1
CVE-2025-60233 WordPress Zuut theme <= 1.4.2 - PHP Object Injection vulnerability 19.03.2026 9.8
CVE-2025-60237 WordPress Finag theme <= 1.5.0 - PHP Object Injection vulnerability 19.03.2026 9.8
CVE-2026-27413 WordPress Profile Builder Pro plugin <= 3.13.9 - SQL Injection vulnerability 19.03.2026 9.3
CVE-2026-27540 WordPress Woocommerce Wholesale Lead Capture plugin <= 2.0.3.1 - Arbitrary File Upload vulnerability 19.03.2026 9
CVE-2026-27542 WordPress Woocommerce Wholesale Lead Capture plugin <= 2.0.3.1 - Privilege Escalation vulnerability 19.03.2026 9.8
CVE-2026-32731 ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction 19.03.2026 10
CVE-2026-32698 OpenProject has a SQL Injection via Custom Field Name that can be chained to Remote Code Execution 19.03.2026 9.1
CVE-2026-32703 OpenProject's repository files are served with the MIME type allowing them to be used to bypass Content Security Policy 19.03.2026 9.1
CVE-2026-25873 OmniGen2-RL Reward Server Unsafe Deserialization RCE 19.03.2026 9.3

Latest Updates

CVE Title Updated Score
CVE-2026-1917 Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008 25.03.2026
CVE-2026-24750 Kiteworks Secure Data Forms vulnerable to Cross-site Scripting 25.03.2026 7.6
CVE-2026-2348 Quick Edit - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-009 25.03.2026
CVE-2026-2349 UI Icons - Critical - Cross-site Scripting - SA-CONTRIB-2026-010 25.03.2026
CVE-2026-3210 Material Icons - Moderately critical - Access bypass - SA-CONTRIB-2026-011 25.03.2026
CVE-2026-3211 Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-012 25.03.2026
CVE-2026-3212 Tagify - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-013 25.03.2026
CVE-2026-3213 Anti-Spam by CleanTalk - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-014 25.03.2026
CVE-2026-3214 CAPTCHA - Moderately critical - Access bypass - SA-CONTRIB-2026-015 25.03.2026
CVE-2026-3215 Islandora - Moderately critical - Arbitrary file upload, Cross-site scripting - SA-CONTRIB-2026-016 25.03.2026
CVE-2026-3216 Drupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017 25.03.2026
CVE-2026-3217 SAML SSO - Service Provider - Critical - Cross-site scripting - SA-CONTRIB-2026-018 25.03.2026
CVE-2026-3218 Responsive Favicons - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-019 25.03.2026
CVE-2026-26830 25.03.2026 9.8
CVE-2026-3126 25.03.2026
CVE-2026-4363 Incorrect Authorization in GitLab 25.03.2026 3.7
CVE-2025-32991 25.03.2026
CVE-2025-59706 25.03.2026
CVE-2025-59707 25.03.2026
CVE-2026-23514 Kiteworks Core before 9.2.2 is vulnerable to Improper Ownership Management 25.03.2026 8.8
CVE-2026-33268 Nanoleaf Lines unauthenticated firmware file store 25.03.2026
CVE-2024-51346 25.03.2026
CVE-2024-51347 25.03.2026
CVE-2024-51348 25.03.2026
CVE-2026-1519 Excessive NSEC3 iterations cause high CPU load during insecure delegation validation 25.03.2026 7.5
CVE-2026-3104 Memory leak in code preparing DNSSEC proofs of non-existence 25.03.2026 7.5
CVE-2026-3119 Authenticated query containing a TKEY record may cause named to terminate unexpectedly 25.03.2026 6.5
CVE-2026-3591 A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass 25.03.2026 5.4
CVE-2026-4815 SQL Injection vulnerability in Support Board 25.03.2026
CVE-2026-4816 Reflected Cross Site Scripting (XSS) vulnerability in Support Board 25.03.2026
CVE-2025-27260 Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability 25.03.2026
CVE-2025-40841 Ericsson Indoor Connect 8855 - Cross-Site Request Forgery Vulnerability 25.03.2026
CVE-2025-40842 Ericsson Indoor Connect 8855 - Improper Neutralization of Input During Web Page Generation Vulnerability 25.03.2026
CVE-2026-28529 cryptodev-linux <= 1.14 get_userbuf Use After Free LPE 25.03.2026
CVE-2026-4761 Unnecessary permissions on private keys of certificates installed by Network and Security Wizard 25.03.2026
CVE-2026-4760 Potential unauthorized access to files on the Web HMI server host 25.03.2026
CVE-2026-23279 wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() 25.03.2026
CVE-2026-23280 accel/amdxdna: Prevent ubuf size overflow 25.03.2026
CVE-2026-23281 wifi: libertas: fix use-after-free in lbs_free_adapter() 25.03.2026
CVE-2026-23282 smb: client: fix oops due to uninitialised var in smb2_unlink() 25.03.2026
CVE-2026-23283 regulator: fp9931: Fix PM runtime reference leak in fp9931_hwmon_read() 25.03.2026
CVE-2026-23284 net: ethernet: mtk_eth_soc: Reset prog ptr to old_prog in case of error in mtk_xdp_setup() 25.03.2026
CVE-2026-23285 drbd: fix null-pointer dereference on local read error 25.03.2026
CVE-2026-23286 atm: lec: fix null-ptr-deref in lec_arp_clear_vccs 25.03.2026
CVE-2026-23287 irqchip/sifive-plic: Fix frozen interrupt due to affinity setting 25.03.2026
CVE-2026-23288 accel/amdxdna: Fix out-of-bounds memset in command slot handling 25.03.2026
CVE-2026-23289 IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq() 25.03.2026
CVE-2026-23290 net: usb: pegasus: validate USB endpoints 25.03.2026
CVE-2026-23291 nfc: pn533: properly drop the usb interface reference on disconnect 25.03.2026
CVE-2026-23292 scsi: target: Fix recursive locking in __configfs_open_file() 25.03.2026
CVE-2026-23293 net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled 25.03.2026
CVE-2026-23294 bpf: Fix race in devmap on PREEMPT_RT 25.03.2026
CVE-2026-23295 accel/amdxdna: Fix dead lock for suspend and resume 25.03.2026
CVE-2026-23296 scsi: core: Fix refcount leak for tagset_refcnt 25.03.2026
CVE-2026-23297 nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit(). 25.03.2026
CVE-2026-23298 can: ucan: Fix infinite loop from zero-length messages 25.03.2026
CVE-2026-23299 Bluetooth: purge error queues in socket destructors 25.03.2026
CVE-2026-23300 net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop 25.03.2026
CVE-2026-23301 ASoC: SDCA: Add allocation failure check for Entity name 25.03.2026
CVE-2026-23302 net: annotate data-races around sk->sk_{data_ready,write_space} 25.03.2026
CVE-2026-23303 smb: client: Don't log plaintext credentials in cifs_set_cifscreds 25.03.2026
CVE-2026-23304 ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() 25.03.2026
CVE-2026-23305 accel/rocket: fix unwinding in error path in rocket_probe 25.03.2026
CVE-2026-23306 scsi: pm8001: Fix use-after-free in pm8001_queue_command() 25.03.2026
CVE-2026-23307 can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message 25.03.2026
CVE-2026-23308 pinctrl: equilibrium: fix warning trace on load 25.03.2026
CVE-2026-23309 tracing: Add NULL pointer check to trigger_data_free() 25.03.2026
CVE-2026-23310 bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded 25.03.2026
CVE-2026-23311 perf/core: Fix invalid wait context in ctx_sched_in() 25.03.2026
CVE-2026-23312 net: usb: kaweth: validate USB endpoints 25.03.2026
CVE-2026-23313 i40e: Fix preempt count leak in napi poll tracepoint 25.03.2026
CVE-2026-23314 regulator: bq257xx: Fix device node reference leak in bq257xx_reg_dt_parse_gpio() 25.03.2026
CVE-2026-23315 wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() 25.03.2026
CVE-2026-23316 net: ipv4: fix ARM64 alignment fault in multipath hash seed 25.03.2026
CVE-2026-23317 drm/vmwgfx: Return the correct value in vmw_translate_ptr functions 25.03.2026
CVE-2026-23318 ALSA: usb-audio: Use correct version for UAC3 header validation 25.03.2026
CVE-2026-23319 bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim 25.03.2026
CVE-2026-23320 usb: gadget: f_ncm: align net_device lifecycle with bind/unbind 25.03.2026
CVE-2026-23321 mptcp: pm: in-kernel: always mark signal+subflow endp as used 25.03.2026
CVE-2026-23322 ipmi: Fix use-after-free and list corruption on sender error 25.03.2026
CVE-2026-23323 hwmon: (macsmc) Fix regressions in Apple Silicon SMC hwmon driver 25.03.2026
CVE-2026-23324 can: usb: etas_es58x: correctly anchor the urb in the read bulk callback 25.03.2026
CVE-2026-23325 wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() 25.03.2026
CVE-2026-23326 xsk: Fix fragment node deletion to prevent buffer leak 25.03.2026
CVE-2026-23327 cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed() 25.03.2026
CVE-2026-23328 accel/amdxdna: Fix NULL pointer dereference of mgmt_chann 25.03.2026
CVE-2026-23329 libie: don't unroll if fwlog isn't supported 25.03.2026
CVE-2026-23330 nfc: nci: complete pending data exchange on device close 25.03.2026
CVE-2026-23331 udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected. 25.03.2026
CVE-2026-23332 cpufreq: intel_pstate: Fix crash during turbo disable 25.03.2026
CVE-2026-23333 netfilter: nft_set_rbtree: validate open interval overlap 25.03.2026
CVE-2026-23334 can: usb: f81604: handle short interrupt urb messages properly 25.03.2026
CVE-2026-23335 RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() 25.03.2026
CVE-2026-23336 wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() 25.03.2026
CVE-2026-23337 pinctrl: pinconf-generic: Fix memory leak in pinconf_generic_parse_dt_config() 25.03.2026
CVE-2026-23338 drm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings 25.03.2026
CVE-2026-23339 nfc: nci: free skb on nci_transceive early error paths 25.03.2026
CVE-2026-23340 net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs 25.03.2026
CVE-2026-23341 accel/amdxdna: Fix crash when destroying a suspended hardware context 25.03.2026
CVE-2026-23342 bpf: Fix race in cpumap on PREEMPT_RT 25.03.2026
CVE-2026-23343 xdp: produce a warning when calculated tailroom is negative 25.03.2026
CVE-2026-23344 crypto: ccp - Fix use-after-free on error path 25.03.2026
CVE-2026-23345 arm64: gcs: Do not set PTE_SHARED on GCS mappings if FEAT_LPA2 is enabled 25.03.2026
CVE-2026-23346 arm64: io: Extract user memory type in ioremap_prot() 25.03.2026
CVE-2026-23347 can: usb: f81604: correctly anchor the urb in the read bulk callback 25.03.2026
CVE-2026-23348 cxl: Fix race of nvdimm_bus object when creating nvdimm objects 25.03.2026
CVE-2026-23349 HID: pidff: Fix condition effect bit clearing 25.03.2026
CVE-2026-23350 drm/xe/queue: Call fini on exec queue creation fail 25.03.2026
CVE-2026-23351 netfilter: nft_set_pipapo: split gc into unlink and reclaim phase 25.03.2026
CVE-2026-23352 x86/efi: defer freeing of boot services memory 25.03.2026
CVE-2026-23353 ice: fix crash in ethtool offline loopback test 25.03.2026
CVE-2026-23354 x86/fred: Correct speculative safety in fred_extint() 25.03.2026
CVE-2026-23355 ata: libata: cancel pending work after clearing deferred_qc 25.03.2026
CVE-2026-23356 drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock() 25.03.2026
CVE-2026-23357 can: mcp251x: fix deadlock in error path of mcp251x_open 25.03.2026
CVE-2026-23358 drm/amdgpu: Fix error handling in slot reset 25.03.2026
CVE-2026-23359 bpf: Fix stack-out-of-bounds write in devmap 25.03.2026
CVE-2026-23360 nvme: fix admin queue leak on controller reset 25.03.2026
CVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry 25.03.2026
CVE-2026-23362 can: bcm: fix locking for bcm_op runtime updates 25.03.2026
CVE-2026-23363 wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() 25.03.2026
CVE-2026-23364 ksmbd: Compare MACs in constant time 25.03.2026
CVE-2026-23365 net: usb: kalmia: validate USB endpoints 25.03.2026
CVE-2026-23366 drm/client: Do not destroy NULL modes 25.03.2026
CVE-2026-23367 wifi: radiotap: reject radiotap with unknown bits 25.03.2026
CVE-2026-23368 net: phy: register phy led_triggers during probe to avoid AB-BA deadlock 25.03.2026
CVE-2026-23369 i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock" 25.03.2026
CVE-2026-23370 platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data 25.03.2026
CVE-2026-23371 sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting 25.03.2026
CVE-2026-23372 nfc: rawsock: cancel tx_work before socket teardown 25.03.2026
CVE-2026-23373 wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config 25.03.2026
CVE-2026-23374 blktrace: fix __this_cpu_read/write in preemptible context 25.03.2026
CVE-2026-23375 mm: thp: deny THP for files on anonymous inodes 25.03.2026
CVE-2026-23376 nvmet-fcloop: Check remoteport port_state before calling done callback 25.03.2026
CVE-2026-23377 ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz 25.03.2026
CVE-2026-23378 net/sched: act_ife: Fix metalist update behavior 25.03.2026
CVE-2026-23379 net/sched: ets: fix divide by zero in the offload path 25.03.2026
CVE-2026-23380 tracing: Fix WARN_ON in tracing_buffers_mmap_close 25.03.2026
CVE-2026-23381 net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled 25.03.2026
CVE-2026-23382 HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them 25.03.2026
CVE-2026-23383 bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing 25.03.2026
CVE-2026-23384 RDMA/ionic: Fix kernel stack leak in ionic_create_cq() 25.03.2026
CVE-2026-23385 netfilter: nf_tables: clone set on flush only 25.03.2026
CVE-2026-23386 gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL 25.03.2026
CVE-2026-23387 pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe() 25.03.2026
CVE-2026-23388 Squashfs: check metadata block offset is within range 25.03.2026
CVE-2026-23389 ice: Fix memory leak in ice_set_ringparam() 25.03.2026
CVE-2026-23390 tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow 25.03.2026
CVE-2026-23391 netfilter: xt_CT: drop pending enqueued packets on template removal 25.03.2026
CVE-2026-23392 netfilter: nf_tables: release flowtable after rcu grace period on error 25.03.2026
CVE-2026-23393 bridge: cfm: Fix race condition in peer_mep deletion 25.03.2026
CVE-2026-23394 af_unix: Give up GC if MSG_PEEK intervened. 25.03.2026
CVE-2026-23395 Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ 25.03.2026
CVE-2026-31788 xen/privcmd: restrict usage in unprivileged domU 25.03.2026
CVE-2026-3608 Stack overflow in Kea daemons 25.03.2026 7.5
CVE-2026-32326 25.03.2026
CVE-2026-26306 25.03.2026
CVE-2026-2343 PeproDev Ultimate Invoice <= 2.2.5 - Unauthenticated Invoice Archive Download 25.03.2026
CVE-2026-33253 25.03.2026
CVE-2026-1166 Open Redirect Vulnerability in Hitachi Ops Center Administrator 25.03.2026 4.3
CVE-2026-2072 Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer 25.03.2026 8.2
CVE-2026-4766 Easy Image Gallery <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Shortcode Post Meta 25.03.2026 6.4
CVE-2026-4784 code-projects Simple Laundry System Parameter checkcheckout.php sql injection 25.03.2026
CVE-2025-43534 25.03.2026
CVE-2026-20607 25.03.2026
CVE-2026-20622 25.03.2026
CVE-2026-20631 25.03.2026
CVE-2026-20632 25.03.2026
CVE-2026-20633 25.03.2026
CVE-2026-20637 25.03.2026
CVE-2026-20639 25.03.2026
CVE-2026-20651 25.03.2026
CVE-2026-20657 25.03.2026
CVE-2026-20664 25.03.2026
CVE-2026-20665 25.03.2026
CVE-2026-20668 25.03.2026
CVE-2026-20670 25.03.2026
CVE-2026-20684 25.03.2026
CVE-2026-20686 25.03.2026
CVE-2026-20687 25.03.2026
CVE-2026-20688 25.03.2026
CVE-2026-20690 25.03.2026
CVE-2026-20691 25.03.2026
CVE-2026-20692 25.03.2026
CVE-2026-20693 25.03.2026
CVE-2026-20694 25.03.2026
CVE-2026-20695 25.03.2026
CVE-2026-20697 25.03.2026
CVE-2026-20698 25.03.2026
CVE-2026-20699 25.03.2026
CVE-2026-20701 25.03.2026
CVE-2026-28816 25.03.2026
CVE-2026-28817 25.03.2026
CVE-2026-28818 25.03.2026
CVE-2026-28820 25.03.2026
CVE-2026-28821 25.03.2026
CVE-2026-28822 25.03.2026
CVE-2026-28823 25.03.2026
CVE-2026-28824 25.03.2026
CVE-2026-28825 25.03.2026
CVE-2026-28826 25.03.2026
CVE-2026-28827 25.03.2026
CVE-2026-28828 25.03.2026
CVE-2026-28829 25.03.2026
CVE-2026-28831 25.03.2026
CVE-2026-28832 25.03.2026
CVE-2026-28833 25.03.2026
CVE-2026-28834 25.03.2026
CVE-2026-28835 25.03.2026
CVE-2026-28837 25.03.2026
CVE-2026-28838 25.03.2026
CVE-2026-28839 25.03.2026
CVE-2026-28841 25.03.2026
CVE-2026-28842 25.03.2026
CVE-2026-28844 25.03.2026
CVE-2026-28845 25.03.2026
CVE-2026-28852 25.03.2026
CVE-2026-28855 25.03.2026
CVE-2026-28856 25.03.2026
CVE-2026-28857 25.03.2026
CVE-2026-28858 25.03.2026
CVE-2026-28859 25.03.2026
CVE-2026-28861 25.03.2026
CVE-2026-28862 25.03.2026
CVE-2026-28863 25.03.2026
CVE-2026-28864 25.03.2026
CVE-2026-28865 25.03.2026
CVE-2026-28866 25.03.2026
CVE-2026-28867 25.03.2026
CVE-2026-28868 25.03.2026
CVE-2026-28870 25.03.2026
CVE-2026-28871 25.03.2026
CVE-2026-28874 25.03.2026
CVE-2026-28875 25.03.2026
CVE-2026-28876 25.03.2026
CVE-2026-28877 25.03.2026
CVE-2026-28878 25.03.2026
CVE-2026-28879 25.03.2026
CVE-2026-28880 25.03.2026
CVE-2026-28881 25.03.2026
CVE-2026-28882 25.03.2026
CVE-2026-28886 25.03.2026
CVE-2026-28888 25.03.2026
CVE-2026-28889 25.03.2026
CVE-2026-28890 25.03.2026
CVE-2026-28891 25.03.2026
CVE-2026-28892 25.03.2026
CVE-2026-28893 25.03.2026
CVE-2026-28894 25.03.2026
CVE-2026-28895 25.03.2026
CVE-2026-4783 itsourcecode College Management System Parameter add-single-student-results.php sql injection 25.03.2026
CVE-2026-4780 SourceCodester Sales and Inventory System HTTP GET Parameter update_out_standing.php sql injection 25.03.2026
CVE-2026-4781 SourceCodester Sales and Inventory System HTTP GET Parameter update_purchase.php sql injection 25.03.2026
CVE-2026-4778 SourceCodester Sales and Inventory System HTTP GET Parameter update_category.php sql injection 25.03.2026
CVE-2026-4779 SourceCodester Sales and Inventory System HTTP GET Parameter update_customer_details.php sql injection 24.03.2026
CVE-2026-4777 SourceCodester Sales and Inventory System POST Parameter view_supplier.php sql injection 24.03.2026
CVE-2026-33215 NATS is vulnerable to MQTT hijacking via Client ID 25.03.2026 6.5
CVE-2026-3912 TIBCO ActiveMatrix BusinessWorks Injection Vulnerability 25.03.2026
CVE-2025-33215 24.03.2026 6.8
CVE-2025-33216 24.03.2026 6.8
CVE-2025-33238 25.03.2026 7.5
CVE-2025-33242 24.03.2026 5.9
CVE-2025-33244 25.03.2026 9
CVE-2025-33247 25.03.2026 7.8
CVE-2025-33248 25.03.2026 7.8
CVE-2025-33254 25.03.2026 7.5
CVE-2026-24141 25.03.2026 7.8
CVE-2026-24150 25.03.2026 7.8
CVE-2026-24151 25.03.2026 7.8
CVE-2026-24152 25.03.2026 7.8
CVE-2026-24157 25.03.2026 7.8
CVE-2026-24158 25.03.2026 7.5
CVE-2026-24159 25.03.2026 7.8
CVE-2026-3889 Spoofing issue in Thunderbird 24.03.2026
CVE-2026-4371 Out of bounds read in IMAP parsing 24.03.2026
CVE-2026-4433 25.03.2026
CVE-2026-21790 HCL Traveler is susceptible to a weak default HTTP header validation vulnerability 24.03.2026 6.3
CVE-2026-21783 HCL Traveler is affected by sensitive information disclosure 24.03.2026 4.3
CVE-2026-33353 Soft Serve: Authenticated repo import can clone server-local private repositories 25.03.2026
CVE-2026-33412 Vim affected by Command injection via newline in glob() 24.03.2026 5.6
CVE-2026-33331 oRPC: Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify 25.03.2026 8.2
CVE-2026-33332 NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion 24.03.2026
CVE-2026-33344 Dagu has an incomplete fix for CVE-2026-27598: path traversal via %2F-encoded slashes in locateDAG 24.03.2026 8.1
CVE-2026-33345 solidtime vulnerable to IDOR in private projects 25.03.2026 6.5
CVE-2026-33347 league/commonmark has an embed extension allowed_domains bypass 24.03.2026
CVE-2026-33349 fast-xml-parser: Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation 25.03.2026 5.9
CVE-2026-22559 24.03.2026 8.8
CVE-2026-32948 sbt: Source dependency feature (via crafted VCS URL) leads to arbitrary code execution on Windows 25.03.2026
CVE-2026-33314 pyload-ng: Improper Authentication and Origin Validation Error 24.03.2026 6.5
CVE-2026-33322 MinIO: JWT Algorithm Confusion in OIDC Authentication 25.03.2026
CVE-2026-33326 @keystone-6/core: `isFilterable` bypass via `cursor` parameter in findMany 25.03.2026 4.3
CVE-2026-33329 FileRise: Path Traversal in `resumableIdentifier` Leading to Arbitrary File Write, Recursive Directory Deletion, and Limited Existence Oracle 24.03.2026 8.1
CVE-2026-33330 FileRise ONLYOFFICE integration allows read-only users to overwrite files via forged save callback 24.03.2026 7.1
CVE-2026-33419 MinIO: LDAP login brute-force via user enumeration and missing rate limit 25.03.2026
CVE-2026-33509 pyload-ng: SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration 24.03.2026 7.5
CVE-2026-33511 pyload-ng: Authentication Bypass via Host Header Injection in ClickNLoad 25.03.2026
CVE-2026-30932 Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API 25.03.2026
CVE-2026-33769 Astro: Remote allowlist bypass via unanchored matchPathname wildcard 24.03.2026