CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2026-34208 SandboxJS: Sandbox integrity escape 06.04.2026 10
CVE-2026-26026 GLPI has a Server-Side Template Injection via Double-Compilation 06.04.2026 9.1
CVE-2019-25687 Pegasus CMS 1.0 Remote Code Execution via extra_fields.php 05.04.2026 9.3
CVE-2016-20052 Snews CMS 1.7 Unrestricted File Upload via snews_files 06.04.2026 9.3
CVE-2018-25254 NICO-FTP 3.0.1.19 Buffer Overflow SEH 06.04.2026 9.3
CVE-2026-35616 06.04.2026 9.1
CVE-2017-20236 ProSoft Technology ICX35-HWC Command Injection via Web Interface 03.04.2026 9.3
CVE-2026-34938 PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code 06.04.2026 10
CVE-2026-34952 PraisonAI: Missing Authentication in WebSocket Gateway 06.04.2026 9.1
CVE-2026-34953 PraisonAI: Authentication Bypass in OAuthManager.validate_token() 03.04.2026 9.1
CVE-2017-20234 GarrettCom Magnum 6K and 10K Authentication Bypass via Hardcoded String 03.04.2026 9.3
CVE-2018-25236 Hirschmann HiOS HiSecOS Authentication Bypass via HTTP Management 06.04.2026 9.3
CVE-2021-4477 Hirschmann HiLCOS OpenBAT BAT450 IPv6 IPsec Firewall Bypass 06.04.2026 9.3
CVE-2026-34612 Kestra: Remote Code Execution via SQL Injection 03.04.2026 10
CVE-2026-34934 PraisonAI: Second-Order SQL Injection in `get_all_user_threads` 06.04.2026 9.8
CVE-2026-34935 PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command() 03.04.2026 9.8
CVE-2018-25237 Hirschmann HiSecOS Buffer Overflow via HTTPS Login 06.04.2026 9.3
CVE-2017-20237 Hirschmann Industrial HiVision Authentication Bypass Remote Code Execution 03.04.2026 9.3
CVE-2026-25197 Gardyn Cloud API Authorization Bypass Through User-Controlled Key 03.04.2026 9.3
CVE-2026-28766 Gardyn Cloud API Missing Authentication for Critical Function 03.04.2026 9.2
CVE-2026-35560 Improper certificate validation in identity provider connection components in Amazon Athena ODBC driver 06.04.2026 9.1
CVE-2026-35561 Insufficient authentication security controls in browser-based authentication components in Amazon Athena ODBC driver 06.04.2026 9.1
CVE-2026-28798 Arbitrary internal service access via /v1/sys/proxy when Cloudflare Tunnel is enabled on ZimaOS 06.04.2026 9.1
CVE-2026-0545 Missing Authentication for Critical Function in mlflow/mlflow 03.04.2026 9.1
CVE-2026-35216 Budibase: Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation Step 03.04.2026 9.1
CVE-2026-31818 Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist 03.04.2026 9.6
CVE-2026-5463 03.04.2026 9.3
CVE-2026-26135 Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability 04.04.2026 9.6
CVE-2026-32211 Azure MCP Server Information Disclosure Vulnerability 04.04.2026 9.1
CVE-2026-32213 Azure AI Foundry Elevation of Privilege Vulnerability 04.04.2026 10
CVE-2026-33105 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability 04.04.2026 10
CVE-2026-33107 Azure Databricks Elevation of Privilege Vulnerability 04.04.2026 10
CVE-2025-15620 HiOS Switch Platform Denial-of-Service via Web Interface 03.04.2026 9.2
CVE-2024-14034 Hirschmann HiEOS Authentication Bypass via HTTP Management Module 03.04.2026 9.3
CVE-2026-34838 Group-Office: Authenticated Remote Code Execution via PHP Insecure Deserialization in `AbstractSettingsCollection` 03.04.2026 10
CVE-2026-35053 OneUptime: Unauthenticated Workflow Execution via ManualAPI 03.04.2026 9.2
CVE-2026-34745 Unauthenticated Path Traversal Arbitrary File Write in /api/uploadChunked/public 02.04.2026 9.1
CVE-2026-34758 OneUptime: Missing Authentication on Notification Endpoints 03.04.2026 9.1
CVE-2026-34759 OneUptime: Unauthenticated notification API endpoints - financial abuse via phone number purchase, service disruption, and SMTP credential exposure 03.04.2026 9.2
CVE-2026-34717 OpenProject: SQL Injection in Cost Reporting =n Operator via parse_number_string 03.04.2026 9.9
CVE-2026-33950 signalk-server: Privilege Escalation by Admin Role Injection via /enableSecurity 03.04.2026 9.4
CVE-2026-33746 Convoy: JWT Signature Verification Bypass Allows Authentication as Arbitrary Users 02.04.2026 9.8
CVE-2026-32871 FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability 02.04.2026 10
CVE-2026-35002 Agno < 2.3.24 field_type Eval Injection Arbitrary Code Execution 02.04.2026 9.3
CVE-2026-2699 EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC) 03.04.2026 9.8
CVE-2026-2701 RCE vulnerability in Progress ShareFile Storage Zones Controller (SZC) 03.04.2026 9.1
CVE-2026-33615 MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the setinfo Endpoint 02.04.2026 9.1
CVE-2026-34563 CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS 02.04.2026 9.1
CVE-2026-34564 CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS 02.04.2026 9.1
CVE-2026-34565 CI4MS: Menu Management (Posts) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS 02.04.2026 9.1
CVE-2026-34566 CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS 04.04.2026 9.1
CVE-2026-34567 CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS 02.04.2026 9.1
CVE-2026-34568 CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS 02.04.2026 9.1
CVE-2026-34569 CI4MS: Blogs Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS 02.04.2026 10
CVE-2026-34570 CI4MS: Account Deletion Module Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw) 03.04.2026 10
CVE-2026-34571 CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise 02.04.2026 10
CVE-2026-34559 CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS 02.04.2026 9.1
CVE-2026-34560 CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS 02.04.2026 9.1
CVE-2026-34456 Reviactyl: OAuth account takeover via auto-linking 02.04.2026 9.1
CVE-2026-34751 Payload has Unvalidated Input in Password Recovery Endpoints 04.04.2026 9.1
CVE-2026-34159 llama.cpp: Unauthenticated RCE via GRAPH_COMPUTE buffer=0 bypass in llama.cpp RPC backend 02.04.2026 9.8
CVE-2026-20093 Cisco Integrated Management Controller Authentication Bypass Vulnerability 02.04.2026 9.8
CVE-2026-20160 Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability 02.04.2026 9.8
CVE-2026-29014 MetInfo CMS Unauthenticated PHP Code Injection RCE 03.04.2026 9.3
CVE-2026-4370 Improper TLS Client/Server authentication and certificate verification on Database Cluster 01.04.2026 10
CVE-2025-71279 XenForo Passkey Security Bypass 01.04.2026 9.3
CVE-2026-34448 SiYuan: Stored XSS in Attribute View gallery/kanban cover rendering allows arbitrary command execution in the desktop client 03.04.2026 9.1
CVE-2026-34449 SiYuan: Cross-Origin RCE via Permissive CORS Policy and JavaScript Snippet Injection 01.04.2026 9.7
CVE-2026-34406 APTRS: Privilege Escalation via Mass Assignment of is_superuser in User Edit Endpoint 03.04.2026 9.4
CVE-2026-1579 PX4 Autopilot Missing authentication for critical function 31.03.2026 9.3
CVE-2026-3356 Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum Monitor 01.04.2026 9.3
CVE-2026-34361 HAPI FHIR: Unauthenticated SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft 31.03.2026 9.3
CVE-2026-34243 wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body` 02.04.2026 9.8
CVE-2026-34220 MikroORM is vulnerable to SQL Injection via specially crafted object 02.04.2026 9.3
CVE-2026-0596 Command Injection in mlflow/mlflow 01.04.2026 9.6
CVE-2026-34532 Parse Server: Cloud function validator bypass via prototype chain traversal 31.03.2026 9.1
CVE-2026-34162 FastGPT: Unauthenticated SSRF via httpTools Endpoint Leads to Internal API Key Theft 31.03.2026 10
CVE-2026-34202 Zebra node crash — V5 transaction hash panic (P2P reachable) 31.03.2026 9.2
CVE-2026-34156 NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node 02.04.2026 10
CVE-2026-32916 OpenClaw 2026.3.7 < 2026.3.11 - Authorization Bypass in Plugin Subagent Routes via Synthetic Admin Scopes 31.03.2026 9.2
CVE-2026-32917 OpenClaw < 2026.3.13 - Remote Command Injection via Unsanitized iMessage Attachment Paths in SCP 31.03.2026 9.2
CVE-2026-4317 SQL inyection in Umami Software application 31.03.2026 9.3
CVE-2026-3106 Multiple vulnerabilities in Teampass 31.03.2026 9.3
CVE-2026-3107 Multiple vulnerabilities in Teampass 31.03.2026 9.3
CVE-2026-32714 SciTokens vulnerable to SQL Injection in KeyCache 31.03.2026 9.8
CVE-2026-3300 Everest Forms Pro <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation Field 31.03.2026 9.8
CVE-2026-21861 baserCMS: OS Command Injection Leading to Remote Code Execution (RCE) 31.03.2026 9.1
CVE-2026-30877 baserCMS: OS Command Injection in the baserCMS Update Functionality 02.04.2026 9.1
CVE-2026-30880 baserCMS: OS command injection vulnerability in installer 31.03.2026 9.2
CVE-2026-4257 Contact Form by Supsystic <= 1.7.36 - Unauthenticated Server-Side Template Injection via Prefill Functionality 31.03.2026 9.8
CVE-2026-31946 OpenOLAT: Authentication bypass via forged JWT in OIDC implicit flow 31.03.2026 9.8
CVE-2026-34557 CI4MS: Permissions Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS 31.03.2026 9.1
CVE-2026-34558 CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS 31.03.2026 9.1
CVE-2026-33026 nginx-ui Backup Restore Allows Tampering with Encrypted Backups 31.03.2026 9.4

Latest Updates

CVE Title Updated Score
CVE-2024-14032 Twitch Studio LauncherHelper XPC Missing Authorization to Root File Write 06.04.2026
CVE-2025-47374 Use After Free in Camera Driver 06.04.2026 6.5
CVE-2025-47389 Buffer Copy Without Checking Size of Input in Automotive Platform 06.04.2026 7.8
CVE-2025-47390 Buffer Over-read in Camera 06.04.2026 7.8
CVE-2025-47391 Stack-based Buffer Overflow in Camera Driver 06.04.2026 7.8
CVE-2025-47392 Integer Overflow or Wraparound in GPS 06.04.2026 8.8
CVE-2025-47400 Buffer Over-read in Computer Vision 06.04.2026 7.1
CVE-2026-21367 Buffer Over-read in WLAN Firmware 06.04.2026 7.6
CVE-2026-21371 Buffer Over-read in WinBlast Driver 06.04.2026 7.8
CVE-2026-21372 Heap-Based Buffer Overflow in Power Management IC 06.04.2026 7.8
CVE-2026-21373 Buffer Over-read in Camera 06.04.2026 7.8
CVE-2026-21374 Buffer Over-read in Camera 06.04.2026 7.8
CVE-2026-21375 Buffer Over-read in Camera 06.04.2026 7.8
CVE-2026-21376 Buffer Over-read in Camera 06.04.2026 7.8
CVE-2026-21378 Buffer Over-read in Camera 06.04.2026 7.8
CVE-2026-21380 Use After Free in DSP Service 06.04.2026 7.8
CVE-2026-21381 Buffer Over-read in WLAN Firmware 06.04.2026 7.6
CVE-2026-21382 Buffer Copy Without Checking Size of Input in Power Management IC 06.04.2026 7.8
CVE-2026-31350 06.04.2026
CVE-2026-31352 06.04.2026
CVE-2026-34402 Time Based Blind SQL Injection via Property Value in ChurchCRM 06.04.2026 8.1
CVE-2026-34444 Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr 06.04.2026
CVE-2026-34588 OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write 06.04.2026
CVE-2026-34589 OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write 06.04.2026
CVE-2026-34753 vLLM affected by Server-Side Request Forgery (SSRF) in `download_bytes_from_url ` 06.04.2026 5.4
CVE-2026-34755 vLLM Affected by Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing 06.04.2026 6.5
CVE-2026-34756 vLLM Affected by Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server 06.04.2026 6.5
CVE-2026-5666 code-projects Online FIR System SQL Database Backup File complaints.sql sensitive information 06.04.2026
CVE-2026-31351 06.04.2026
CVE-2026-33405 Pi-hole has a Stored HTML Injection in queries.js 06.04.2026 3.1
CVE-2026-33727 Pi-hole has a Local Privilege Escalation (post-compromise, pihole -> root). 06.04.2026 6.4
CVE-2026-33752 Redirect-based SSRF leading to internal network access in curl_cffi (with TLS impersonation bypass) 06.04.2026 8.6
CVE-2026-34148 Fedify affected by resource exhaustion caused by unbounded redirect following during remote key/document resolution 06.04.2026 7.5
CVE-2026-34208 SandboxJS: Sandbox integrity escape 06.04.2026 10
CVE-2026-34211 SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser 06.04.2026
CVE-2026-34217 SandboxJS has a Sandbox Escape via Prop Object Leak in New Handler 06.04.2026
CVE-2026-34378 OpenEXR has a signed integer overflow in generic_unpack() when parsing EXR files with crafted negative dataWindow.min.x 06.04.2026 6.5
CVE-2026-34379 OpenEXR has a misaligned write in LossyDctDecoder_execute leading to undefined behavior (DWA/DWAB decompression) 06.04.2026 7.1
CVE-2026-34380 OpenEXR has a signed integer overflow (undefined behavior) in undo_pxr24_impl may allow bounds-check bypass in PXR24 decompression 06.04.2026 5.9
CVE-2026-34982 Vim modeline bypass via various options affects Vim < 9.2.0276 06.04.2026 8.2
CVE-2026-5665 code-projects Online FIR System Login checklogin.php sql injection 06.04.2026
CVE-2026-5704 Tar: tar: hidden file injection via crafted archives 06.04.2026
CVE-2026-29047 GLPI has an Authenticated SQL Injection via log exports 06.04.2026 7.2
CVE-2026-31053 06.04.2026
CVE-2026-31058 06.04.2026
CVE-2026-31059 06.04.2026
CVE-2026-31060 06.04.2026
CVE-2026-31061 06.04.2026
CVE-2026-31062 06.04.2026
CVE-2026-31063 06.04.2026
CVE-2026-31065 06.04.2026
CVE-2026-31066 06.04.2026
CVE-2026-31067 06.04.2026
CVE-2026-32602 Homarr has a Race Condition in Invite Token Registration (TOCTOU) 06.04.2026 4.2
CVE-2026-33403 Pi-hole has a Reflected XSS / HTML injection in taillog.js 06.04.2026 6.1
CVE-2026-33404 Pi-hole has a Stored XSS / HTML injection in the Network page/Dashboard 06.04.2026 3.4
CVE-2026-33406 Pi-hole has a Stored HTML attribute injection 06.04.2026 5.4
CVE-2026-33510 DOM-Based XSS in Homarr /auth/login Redirect 06.04.2026 8.8
CVE-2026-33540 Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm 06.04.2026 7.5
CVE-2026-34885 WordPress Media LIbrary Assistant plugin <= 3.34 - SQL Injection vulnerability 06.04.2026 8.5
CVE-2026-34897 WordPress Media LIbrary Assistant plugin <= 3.34 - Cross Site Scripting (XSS) vulnerability 06.04.2026 6.5
CVE-2026-25932 GLPI has Stored XSS in Supplier 'Website' field 06.04.2026 7.2
CVE-2026-26026 GLPI has a Server-Side Template Injection via Double-Compilation 06.04.2026 9.1
CVE-2026-26027 GLPI has an Unauthenticated Stored XSS via inventory 06.04.2026 7.5
CVE-2026-26263 GLPI has an Unauthenticated SQL Injection via Search engine 06.04.2026 8.1
CVE-2026-31150 06.04.2026
CVE-2026-31151 06.04.2026
CVE-2026-31153 06.04.2026
CVE-2026-5661 Free5GC NGSetupRequest denial of service 06.04.2026
CVE-2026-5663 OFFIS DCMTK storescp storescp.cc executeOnEndOfStudy os command injection 06.04.2026
CVE-2026-5664 06.04.2026
CVE-2026-30078 06.04.2026
CVE-2026-5660 itsourcecode Construction Management System Parameter borrowed_equip.php sql injection 06.04.2026
CVE-2026-5659 pytries datrie trie File datrie.pyx Trie.__setstate__ deserialization 06.04.2026
CVE-2026-3524 Authorization Bypass in Mattermost Legal Hold Plugin Due to Missing Return After Permission Check 06.04.2026 8.3
CVE-2026-5650 code-projects Online Application System for Admission oas.sql sensitive information 06.04.2026
CVE-2026-5649 code-projects Online Application System for Admission Endpoint admsnform.php sql injection 06.04.2026
CVE-2026-5647 code-projects Online Shoe Store Add Product admin_feature.php cross site scripting 06.04.2026
CVE-2026-5648 code-projects Simple Laundry System Parameter userfinishregister.php sql injection 06.04.2026
CVE-2026-5645 projectworlds Car Rental System Parameter pay.php sql injection 06.04.2026
CVE-2026-5646 code-projects Easy Blog Site login.php sql injection 06.04.2026
CVE-2026-5643 Cyber-III Student-Management-System Admin Add Endpoint notice.php cross site scripting 06.04.2026
CVE-2026-5644 Cyber-III Student-Management-System batch-notice.php cross site scripting 06.04.2026
CVE-2026-5641 PHPGurukul Online Shopping Portal Project Parameter update-image1.php sql injection 06.04.2026
CVE-2026-5642 Cyber-III Student-Management-System HTTP POST Request update.php improper authorization 06.04.2026
CVE-2026-5673 Libtheora: libtheora: denial of service or information disclosure via malformed avi file processing 06.04.2026
CVE-2026-5639 PHPGurukul Online Shopping Portal Project Parameter update-image3.php sql injection 06.04.2026
CVE-2026-5640 PHPGurukul Online Shopping Portal Project Parameter update-image2.php sql injection 06.04.2026
CVE-2026-37977 Keycloak: org.keycloak.protocol.oidc.grants.ciba: keycloak: information disclosure via cors header injection due to unvalidated jwt azp claim 06.04.2026
CVE-2026-5637 projectworlds Car Rental System Parameter message_admin.php sql injection 06.04.2026
CVE-2026-5638 HerikLyma CPPWebFramework path traversal 06.04.2026
CVE-2026-31405 media: dvb-net: fix OOB access in ULE extension header tables 06.04.2026
CVE-2026-31406 xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() 06.04.2026
CVE-2026-31407 netfilter: conntrack: add missing netlink policy validations 06.04.2026
CVE-2026-31408 Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold 06.04.2026
CVE-2026-31409 ksmbd: unset conn->binding on failed binding request 06.04.2026
CVE-2026-31410 ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION 06.04.2026
CVE-2026-5634 projectworlds Car Rental Project Parameter book_car.php sql injection 06.04.2026
CVE-2026-5635 PHPGurukul Online Shopping Portal Project Parameter categorywise-products.php sql injection 06.04.2026
CVE-2026-5636 PHPGurukul Online Shopping Portal Project Parameter cancelorder.php sql injection 06.04.2026
CVE-2026-5633 assafelovic gpt-researcher ws Endpoint server-side request forgery 06.04.2026
CVE-2026-5630 assafelovic gpt-researcher Report API app.py cross site scripting 06.04.2026
CVE-2026-5631 assafelovic gpt-researcher ws Endpoint server_utils.py extract_command_data code injection 06.04.2026
CVE-2026-5632 assafelovic gpt-researcher HTTP REST API Endpoint missing authentication 06.04.2026
CVE-2026-5629 Belkin F9K1015 formSetFirewall stack-based overflow 06.04.2026
CVE-2026-5623 hcengineering Huly Platform Import Endpoint index.ts server-side request forgery 06.04.2026
CVE-2026-5624 ProjectSend upload.php cross-site request forgery 06.04.2026
CVE-2026-5625 assafelovic gpt-researcher WebSocket researcher.py cross site scripting 06.04.2026
CVE-2026-5628 Belkin F9K1015 Setting formSetSystemSettings stack-based overflow 06.04.2026
CVE-2026-5619 Braffolk mcp-summarization-functions summarize_command mcp-server.ts os command injection 06.04.2026
CVE-2026-5620 itsourcecode Construction Management System Parameter borrowed_equip_report.php sql injection 06.04.2026
CVE-2026-5621 ChrisChinchilla Vale-MCP HTTP index.ts os command injection 06.04.2026
CVE-2026-5622 hcengineering Huly Platform JWT Token token.ts hard-coded key 06.04.2026
CVE-2026-5614 Belkin F9K1015 formSetPassword stack-based overflow 06.04.2026
CVE-2026-5615 givanz Vvvebjs File Upload Endpoint upload.php cross site scripting 06.04.2026
CVE-2026-5616 JeecgBoot AI Chat JeecgBizToolsProvider.java missing authentication 06.04.2026
CVE-2026-5618 kalcaddle kodbox shareMake/shareCheck server-side request forgery 06.04.2026
CVE-2026-5611 Belkin F9K1015 formCrossBandSwitch stack-based overflow 06.04.2026
CVE-2026-5612 Belkin F9K1015 formWlEncrypt stack-based overflow 06.04.2026
CVE-2026-5613 Belkin F9K1015 formReboot stack-based overflow 06.04.2026
CVE-2026-5609 Tenda i12 Parameter wifiSSIDset formwrlSSIDset stack-based overflow 06.04.2026
CVE-2026-5610 Belkin F9K1015 formWISP5G stack-based overflow 06.04.2026
CVE-2026-5607 imprvhub mcp-browser-agent URL Parameter handlers.ts CallToolRequestSchema server-side request forgery 06.04.2026
CVE-2026-5608 Belkin F9K1122 formWlanSetup stack-based overflow 06.04.2026
CVE-2026-5606 PHPGurukul Online Shopping Portal Project Parameter order-details.php sql injection 06.04.2026
CVE-2026-5605 Tenda CH22 WrlExtraSet formWrlExtraSet stack-based overflow 06.04.2026
CVE-2026-5604 Tenda CH22 Parameter CertLocalPrecreate formCertLocalPrecreate stack-based overflow 05.04.2026
CVE-2026-5603 elgentos magento2-dev-mcp index.ts executeMagerun2Command os command injection 06.04.2026
CVE-2026-5602 Nor2-io heim-mcp new_heim_application tools.ts registerTools os command injection 06.04.2026
CVE-2026-4272 CVE-2026-4272 - Bluetooth Remote Execution of System Commands Vulnerability 06.04.2026 8.1
CVE-2026-5601 Acrel Electrical Prepaid Cloud Platform Backup File bin.rar information disclosure 05.04.2026
CVE-2026-35679 06.04.2026 3.5
CVE-2026-5597 griptape-ai griptape ComputerTool tool.py path traversal 06.04.2026
CVE-2019-25675 eDirectory All Versions SQL Injection Authentication Bypass 05.04.2026
CVE-2018-25256 IP TOOLS 2.50 Local Buffer Overflow Denial of Service 05.04.2026
CVE-2019-25656 R i386 3.5.0 Local Buffer Overflow SEH 05.04.2026
CVE-2019-25657 AnyBurn 4.3 x86 Denial of Service via Image Conversion 06.04.2026
CVE-2019-25658 a-Mac Address Change 5.4 Local Buffer Overflow DoS 05.04.2026
CVE-2019-25659 ASPRunner Professional 6.0.766 Local Buffer Overflow DoS 06.04.2026
CVE-2019-25660 LanHelper 1.74 Denial of Service via Buffer Overflow 05.04.2026
CVE-2019-25661 Remote Process Explorer 1.0.0.16 Local Buffer Overflow DoS 05.04.2026
CVE-2019-25662 ResourceSpace 8.6 SQL Injection via watched_searches.php 05.04.2026
CVE-2019-25663 SuiteCRM 7.10.7 SQL Injection via parentTab Parameter 06.04.2026
CVE-2019-25664 SuiteCRM 7.10.7 SQL Injection via record Parameter 05.04.2026
CVE-2019-25665 River Past Ringtone Converter 2.7.6.1601 Buffer Overflow DoS 06.04.2026
CVE-2019-25666 SpotAuditor 3.6.7 Denial of Service Buffer Overflow 05.04.2026
CVE-2019-25667 TaskInfo 8.2.0.280 Denial of Service Buffer Overflow 05.04.2026
CVE-2019-25668 News Website Script 2.0.5 SQL Injection via index.php 05.04.2026
CVE-2019-25669 qdPM 9.1 SQL Injection via search_by_extrafields Parameter 06.04.2026
CVE-2019-25670 River Past Video Cleaner 7.6.3 Buffer Overflow via SEH 05.04.2026
CVE-2019-25671 VA MAX 8.3.4 Remote Code Execution via changeip.php 06.04.2026
CVE-2019-25672 PilusCart 1.4.1 SQL Injection via send Parameter 05.04.2026
CVE-2019-25673 UniSharp Laravel File Manager v2.0.0-alpha7 Arbitrary File Upload 05.04.2026
CVE-2019-25674 CMSsite 1.0 SQL Injection via post Parameter 05.04.2026
CVE-2019-25676 Ask Expert Script 3.0.5 Cross Site Scripting SQL Injection 06.04.2026
CVE-2019-25677 WinRAR 5.61 Denial of Service via Malformed Language File 05.04.2026
CVE-2019-25678 C4G BLIS 3.4 SQL Injection via users_select.php 06.04.2026
CVE-2019-25679 RealTerm Serial Terminal 2.0.0.70 Buffer Overflow SEH 05.04.2026
CVE-2019-25680 Advance Gift Shop Pro Script 2.0.3 SQL Injection via search 05.04.2026
CVE-2019-25681 Xlight FTP Server 3.9.1 SEH Overwrite Buffer Overflow 05.04.2026
CVE-2019-25682 CMSsite 1.0 Cross-Site Request Forgery via users.php 06.04.2026
CVE-2019-25683 FileZilla 3.40.0 Denial of Service via Local Search 05.04.2026
CVE-2019-25684 OpenDocMan 1.3.4 SQL Injection via where Parameter 06.04.2026
CVE-2019-25685 phpBB Arbitrary File Upload via Phar Deserialization 05.04.2026
CVE-2019-25686 Core FTP 2.0 build 653 PBSZ Unauthenticated Denial of Service 06.04.2026
CVE-2019-25687 Pegasus CMS 1.0 Remote Code Execution via extra_fields.php 05.04.2026
CVE-2019-25688 Kados R10 GreenBee SQL Injection via menu_lev1 Parameter 06.04.2026
CVE-2019-25690 Kados R10 GreenBee SQL Injection via mng_profile_id 06.04.2026
CVE-2019-25692 Kados R10 GreenBee SQL Injection via id_to_modify Parameter 06.04.2026
CVE-2019-25694 Kados R10 GreenBee SQL Injection via user2reset 05.04.2026
CVE-2019-25696 Kados R10 GreenBee SQL Injection via language_tag Parameter 06.04.2026
CVE-2019-25698 Kados R10 GreenBee SQL Injection via id_to_delete Parameter 05.04.2026
CVE-2019-25700 Kados R10 GreenBee SQL Injection via sort_direction Parameter 05.04.2026
CVE-2019-25702 Kados R10 GreenBee SQL Injection via id_project Parameter 05.04.2026
CVE-2019-25704 Kados R10 GreenBee SQL Injection via filter_user_mail 05.04.2026
CVE-2026-5596 griptape-ai griptape SqlTool tool.py sql injection 05.04.2026
CVE-2026-5595 griptape-ai griptape FileManagerTool save_memory_artifacts_to_disk path traversal 06.04.2026