CVE-2026-32242
(7.4 HIGH)

EPSS: 0.08%

updated 2026-03-13T16:57:55.797000

2 posts

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.11 and 8.6.37, Parse Server's built-in OAuth2 auth adapter exports a singleton instance that is reused directly across all OAuth2 provider configurations. Under concurrent authentication requests for different OAuth2 providers, one provider's token validation may execute usi

CVE-2026-32304
(9.8 CRITICAL)

EPSS: 0.08%

updated 2026-03-13T16:10:32

2 posts

## Summary The `create_function(args, code)` function passes both parameters directly to the `Function` constructor without any sanitization, allowing arbitrary code execution. This is distinct from CVE-2026-29091 (GHSA-fp25-p6mj-qqg6) which was `call_user_func_array` using `eval()` in v2.x. This finding affects `create_function` using `new Function()` in v3.x. ## Root Cause `src/php/funchand/

CVE-2026-32140
(8.8 HIGH)

EPSS: 0.49%

updated 2026-03-13T16:07:30.057000

2 posts

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code execution. The Redshift JDBC driver execution flow reaches a method named getJdbcIniFile. The getJdbcIniFile

CVE-2026-32137
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-13T16:03:02.080000

2 posts

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject malicious SQL statements by constructing malicious table names. This vulnerability is fixed in 2.10.20.

CVE-2026-26793
(9.8 CRITICAL)

EPSS: 0.23%

updated 2026-03-13T16:02:22.993000

1 posts

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set_config function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

CVE-2026-3920
(8.8 HIGH)

EPSS: 0.06%

updated 2026-03-13T15:43:27.333000

1 posts

Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2026-3914
(8.8 HIGH)

EPSS: 0.06%

updated 2026-03-13T15:42:54.950000

2 posts

Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2026-3913
(8.8 HIGH)

EPSS: 0.06%

updated 2026-03-13T15:42:49.310000

4 posts

Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-32141
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-13T15:40:44

1 posts

## Summary flatted's `parse()` function uses a recursive `revive()` phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential `$` indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process. ## Impact Denial of Service (DoS). Any application that passes untrusted input to `flatted.parse

CVE-2026-32248(CVSS UNKNOWN)

EPSS: 0.07%

updated 2026-03-13T13:36:16

2 posts

### Impact An unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user identifier (e.g. anonymous authentication). By sending a crafted login request, the attacker can cause the server to perform a pattern-matching query instead of an exact-match lookup, allowing the attacker to match an existing user an

CVE-2026-32247
(8.1 HIGH)

EPSS: 0.03%

updated 2026-03-13T13:36:06

1 posts

### Summary Graphiti versions before `0.28.2` contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through `SearchFilters.node_labels` were concatenated directly into Cypher label expressions without validation. In MCP deployments, this was exploitable not only through direct untrusted access to the Graph

CVE-2026-32231
(8.2 HIGH)

EPSS: 0.02%

updated 2026-03-13T13:35:56

1 posts

### Summary The generic webhook channel trusts caller-supplied identity fields (`sender`, `chat_id`) from the request body and applies authorization checks to those untrusted values. Because authentication is optional and defaults to disabled (`auth_token: None`), an attacker who can reach `POST /webhook` can spoof an allowlisted sender and choose arbitrary `chat_id` values, enabling high-risk mes

CVE-2025-14513
(7.5 HIGH)

EPSS: 0.02%

updated 2026-03-13T12:34:46.100000

1 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON payloads in the protected branches API.

CVE-2025-13929
(7.5 HIGH)

EPSS: 0.03%

updated 2026-03-13T12:33:51.213000

1 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by issuing specially crafted requests to repository archive endpoints under certain conditions.

CVE-2026-3611
(10.0 CRITICAL)

EPSS: 0.13%

updated 2026-03-12T21:35:01

4 posts

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest (level 100) context, granting read/write privileges to any party able to reach the HTTP interface. Authentication controls are only enforced after a

CVE-2026-3918
(8.8 HIGH)

EPSS: 0.06%

updated 2026-03-12T21:34:46

1 posts

Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2026-3926
(8.8 HIGH)

EPSS: 0.07%

updated 2026-03-12T21:34:46

1 posts

Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

CVE-2025-54820
(8.1 HIGH)

EPSS: 0.04%

updated 2026-03-12T21:17:31.313000

1 posts

A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms.

CVE-2026-2229
(7.5 HIGH)

EPSS: 0.07%

updated 2026-03-12T21:16:25.573000

1 posts

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the server_max_window_bits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. A malicious server can respond with an out-of-range server_max_window_bits value (outside zlib's val

CVE-2026-32062
(7.5 HIGH)

EPSS: 0.09%

updated 2026-03-12T21:08:35.500000

1 posts

OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote attackers can hold idle pre-authenticated sockets open to consume connection resources and degrade service availability for legitimate streams.

CVE-2026-32136
(9.8 CRITICAL)

EPSS: 0.17%

updated 2026-03-12T21:08:22.643000

3 posts

AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext (h2c). Once the upgrade is accepted, the resulting HTTP/2 connection is handled by the inner mux, which has no authentication middleware attached. All sub

CVE-2026-30903
(9.6 CRITICAL)

EPSS: 0.05%

updated 2026-03-12T21:08:22.643000

2 posts

External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.

CVE-2026-20163
(7.2 HIGH)

EPSS: 0.05%

updated 2026-03-12T21:08:22.643000

2 posts

In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability `edit_cmd` could execute arbitrary shell commands using the `unarchive_cmd` parameter for the `/splunkd/__upload/indexing/preview` REST endpoint.

CVE-2026-20040
(8.8 HIGH)

EPSS: 0.03%

updated 2026-03-12T21:08:22.643000

3 posts

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted

CVE-2026-31896
(9.8 CRITICAL)

EPSS: 0.03%

updated 2026-03-12T21:08:22.643000

1 posts

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. The remover_produto_ocultar.php script uses extract($_REQUEST) to populate local variables and then directly concatenates these variables into a SQL query executed via PDO::query. This allows an authenticated (or auth-bypassed) attacker to execute arbi

CVE-2026-32096
(9.3 CRITICAL)

EPSS: 0.04%

updated 2026-03-12T21:08:22.643000

1 posts

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery (SSRF) vulnerability existed in the SNS webhook handler. An unauthenticated attacker could send a crafted request that caused the server to make an arbitrary outbound HTTP GET request to any host accessible from the server. This vulnerability is fixed in 0.7.0.

CVE-2026-31881
(7.7 HIGH)

EPSS: 0.09%

updated 2026-03-12T21:08:22.643000

1 posts

Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset the operator (admin) password when a password-reset request is active, resulting in full account takeover. The endpoint POST /api/auth/reset-password is exposed without authentication/authorization checks. During the 15-minute reset window, any remote user can set a new operator password and log in

CVE-2026-31866
(7.5 HIGH)

EPSS: 0.06%

updated 2026-03-12T21:08:22.643000

1 posts

flagd is a feature flag daemon with a Unix philosophy. Prior to 0.14.2, flagd exposes OFREP (/ofrep/v1/evaluate/...) and gRPC (evaluation.v1, evaluation.v2) endpoints for feature flag evaluation. These endpoints are designed to be publicly accessible by client applications. The evaluation context included in request payloads is read into memory without any size restriction. An attacker can send a

CVE-2026-31839
(8.2 HIGH)

EPSS: 0.01%

updated 2026-03-12T21:08:22.643000

1 posts

Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered confirmation packages to pass integrity checks. This vulnerability is fixed in 3.0.0.

CVE-2026-20116
(6.1 MEDIUM)

EPSS: 0.04%

updated 2026-03-12T21:08:22.643000

1 posts

A vulnerability in the web-based management interface of  Cisco Finesse, Cisco Packaged Contact Center Enterprise (Packaged CCE), Cisco Unified Contact Center Enterprise (Unified CCE), Cisco Unified Contact Center Express (Unified CCX), and Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the inte

CVE-2026-27897
(10.0 CRITICAL)

EPSS: 0.29%

updated 2026-03-12T21:08:22.643000

2 posts

Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the export_file route. The application accepts a JSON payload containing a filename and content. While the developer intended for a native UI dialog to handle the file path, the API does not validate the filename string before it is processed by

CVE-2026-30900
(7.8 HIGH)

EPSS: 0.01%

updated 2026-03-12T21:08:22.643000

1 posts

Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.

CVE-2026-1717
(5.5 MEDIUM)

EPSS: 0.02%

updated 2026-03-12T21:08:22.643000

1 posts

An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges.

CVE-2019-25482
(8.2 HIGH)

EPSS: 0.07%

updated 2026-03-12T21:07:53.427000

1 posts

Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to extract sensitive database information.

CVE-2026-32251
(0 None)

EPSS: 0.04%

updated 2026-03-12T21:07:53.427000

2 posts

Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources (.xml) and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files from the server and make server-side requests to internal services. This vulnerability is fixed in 3.

CVE-2026-3970
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-12T21:07:53.427000

1 posts

A flaw has been found in Tenda i3 1.0.0.6(2204). Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget. Executing a manipulation of the argument index can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.

CVE-2026-3978
(8.8 HIGH)

EPSS: 0.04%

updated 2026-03-12T21:07:53.427000

2 posts

A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.

CVE-2026-21668
(8.8 HIGH)

EPSS: 0.04%

updated 2026-03-12T21:07:53.427000

4 posts

A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.

CVE-2026-4008
(8.8 HIGH)

EPSS: 0.09%

updated 2026-03-12T21:07:53.427000

2 posts

A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.

CVE-2026-32138
(8.2 HIGH)

EPSS: 0.06%

updated 2026-03-12T21:07:53.427000

1 posts

NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services without authentication, potentially leading to unauthorized access to application resources and user data.

CVE-2026-32246
(8.5 HIGH)

EPSS: 0.05%

updated 2026-03-12T21:07:53.427000

1 posts

Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC authorization endpoint allows users with a TOTP-pending session (password verified, TOTP not yet completed) to obtain authorization codes. An attacker who knows a user's password but not their TOTP secret can obtain valid OIDC tokens, completely bypassing the second factor. This vulnerability is fixed in 5.0.3.

CVE-2026-28793
(8.4 HIGH)

EPSS: 0.02%

updated 2026-03-12T21:07:53.427000

1 posts

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. When running tinacms dev, the CLI starts a local HTTP server (default port 4001) exposing endpoints such as /media/list/*, /media/u

CVE-2026-28792
(9.6 CRITICAL)

EPSS: 0.27%

updated 2026-03-12T21:07:53.427000

1 posts

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration (Access-Control-Allow-Origin: *) with the path traversal vulnerability (previously reported) to enable a browser-based drive-by attack. A remote attacker can enumerate the filesystem, write arbitrary files, and delete arbitrary files on developer's machines by simply t

CVE-2026-21708
(9.9 CRITICAL)

EPSS: 0.54%

updated 2026-03-12T21:07:53.427000

1 posts

A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.

CVE-2026-3060
(9.8 CRITICAL)

EPSS: 0.55%

updated 2026-03-12T21:07:53.427000

1 posts

SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.

CVE-2026-21667
(9.9 CRITICAL)

EPSS: 0.37%

updated 2026-03-12T21:07:53.427000

1 posts

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

CVE-2026-4041
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-12T21:07:53.427000

1 posts

A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.

CVE-2026-26127
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-12T20:32:34

2 posts

# Microsoft Security Advisory CVE-2026-26127 – .NET Denial of Service Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0 and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists in .NET and

CVE-2026-28356
(7.5 HIGH)

EPSS: 0.54%

updated 2026-03-12T18:32:23

2 posts

## Summary The `parse_options_header()` function in `multipart.py` uses a regular expression with an *ambiguous alternation*, which can cause *exponential backtracking (ReDoS)* when parsing maliciously crafted HTTP or multipart segment headers. This can be abused for **denial of service (DoS)** attacks against web applications using this library to parse request headers or `multipart/form-data` s

CVE-2026-3931
(8.8 HIGH)

EPSS: 0.06%

updated 2026-03-12T18:31:34

1 posts

Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-3936
(8.8 HIGH)

EPSS: 0.06%

updated 2026-03-12T18:31:33

1 posts

Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-21672
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-12T18:30:38

1 posts

A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers.

CVE-2026-4043
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-12T18:30:38

1 posts

A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). The impacted element is the function formwrlSSIDget of the file /goform/wifiSSIDget. Such manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

CVE-2026-21666
(10.0 CRITICAL)

EPSS: 0.37%

updated 2026-03-12T18:30:30

1 posts

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

CVE-2026-3059
(9.8 CRITICAL)

EPSS: 0.54%

updated 2026-03-12T17:38:59

1 posts

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.

CVE-2026-3923
(8.8 HIGH)

EPSS: 0.06%

updated 2026-03-12T15:31:28

2 posts

Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2026-3922
(8.8 HIGH)

EPSS: 0.07%

updated 2026-03-12T15:31:28

1 posts

Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2026-3921
(8.8 HIGH)

EPSS: 0.07%

updated 2026-03-12T15:31:28

1 posts

Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2026-3919
(8.8 HIGH)

EPSS: 0.02%

updated 2026-03-12T15:31:27

1 posts

Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2026-4042
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-12T15:30:32

1 posts

A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. This manipulation of the argument index causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.

CVE-2026-21670
(7.7 HIGH)

EPSS: 0.03%

updated 2026-03-12T15:30:31

3 posts

A vulnerability allowing a low-privileged user to extract saved SSH credentials.

CVE-2026-21671
(9.1 CRITICAL)

EPSS: 0.21%

updated 2026-03-12T15:30:26

4 posts

A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.

CVE-2026-21669
(10.0 CRITICAL)

EPSS: 0.21%

updated 2026-03-12T15:30:26

1 posts

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

CVE-2026-3924
(7.5 HIGH)

EPSS: 0.07%

updated 2026-03-12T15:30:25

2 posts

use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2026-3917
(8.8 HIGH)

EPSS: 0.07%

updated 2026-03-12T15:30:25

1 posts

Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2026-30226(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-03-12T14:13:04

1 posts

In devalue v5.6.3, `devalue.parse` and `devalue.unflatten` were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could lead to Denial of Service (DoS) or type confusion.

CVE-2026-1965
(6.5 MEDIUM)

EPSS: 0.05%

updated 2026-03-12T14:11:19.070000

1 posts

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion must first be met. Due to a logical error in the code, a request that was issued by an applicatio

CVE-2026-3805
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-12T14:08:56.790000

2 posts

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.

CVE-2026-27591
(10.0 CRITICAL)

EPSS: 0.06%

updated 2026-03-12T14:07:39

1 posts

## Impact Affected versions of Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their account through specially crafted requests to the backend while logged in. To actively exploit this security issue, an attacker would need access to the Backend with a user account with any level of access. T

CVE-2026-27269
(7.8 HIGH)

EPSS: 0.03%

updated 2026-03-12T13:27:01.557000

1 posts

Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-4007
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-12T09:31:38

1 posts

A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used.

CVE-2026-3973
(8.8 HIGH)

EPSS: 0.09%

updated 2026-03-12T03:31:16

1 posts

A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component POST Parameter Handler. This manipulation of the argument ping1/ping2 causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

CVE-2026-3657
(7.5 HIGH)

EPSS: 0.08%

updated 2026-03-12T03:31:16

1 posts

The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the `stickymenu_contact_lead_form` AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directly as SQL column identifiers in `$wpdb->insert()`. While parameter values are sanitized with `esc_sql()` and `sanitize_text_field()`, the parameter keys a

CVE-2026-3975
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-12T03:31:16

1 posts

A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component POST Parameter Handler. Performing a manipulation of the argument wl_radio results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for att

CVE-2026-3974
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-12T03:31:16

1 posts

A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the component HTTP Handler. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and might be used.

CVE-2026-3971
(8.8 HIGH)

EPSS: 0.09%

updated 2026-03-12T03:31:15

1 posts

A vulnerability has been found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument index/GO leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

CVE-2026-3972
(8.8 HIGH)

EPSS: 0.03%

updated 2026-03-12T03:31:15

1 posts

A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcpara1 results in stack-based buffer overflow. The attack can only be performed from the local network. The exploit has been made public and could be used.

CVE-2026-3976
(8.8 HIGH)

EPSS: 0.09%

updated 2026-03-12T03:31:15

1 posts

A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

CVE-2026-31976(CVSS UNKNOWN)

EPSS: 0.06%

updated 2026-03-11T22:18:45

1 posts

### Description On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests (#46, #47, #48) injecting obfuscated shell code into `action.yml`. The PRs were blocked by branch protection rules and never merged into the main branch. However, the attacker used the compromised GitHub App credentials to move the mutable `v5` tag to point at the malicious comm

CVE-2025-68623
(8.8 HIGH)

EPSS: 0.01%

updated 2026-03-11T21:32:05

1 posts

In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and DLLs to the %TEMP% folder - writable by standard users. Subsequently, the installer executes the downloa

CVE-2025-70082
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-03-11T21:32:05

1 posts

An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component

CVE-2026-1716
(7.1 HIGH)

EPSS: 0.02%

updated 2026-03-11T21:31:10

1 posts

An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges.

CVE-2026-1715
(7.1 HIGH)

EPSS: 0.02%

updated 2026-03-11T21:31:10

1 posts

An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges.

CVE-2026-26801
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-11T21:12:10

1 posts

Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy() method allowing server operators to define URL access rules. A warning is now logged when pdfmake is used server-side without a p

CVE-2026-31862
(9.1 CRITICAL)

EPSS: 0.04%

updated 2026-03-11T20:45:27

1 posts

### Summary Multiple Git-related API endpoints use execAsync() with string interpolation of user-controlled parameters (file, branch, message, commit), allowing authenticated attackers to execute arbitrary OS commands. ### Details The claudecodeui application provides Git integration through various API endpoints. These endpoints accept user-controlled parameters such as file paths, branch names,

CVE-2026-28229
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-11T20:43:32

2 posts

### Summary Workflow templates endpoints allow any client to retrieve WorkflowTemplates (and ClusterWorkflowTemplates). Any request with a `Authorization: Bearer nothing` token can leak sensitive template content, including embedded Secret manifests. ### Details https://github.com/argoproj/argo-workflows/blob/b519c9054e66b2f0a25eec06709717bd1362f72e/server/workflowtemplate/workflow_template_serv

CVE-2025-68613
(10.0 CRITICAL)

EPSS: 76.93%

updated 2026-03-11T20:39:32

4 posts

### Impact n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary

Nuclei template

31 repos

https://github.com/AbdulRKB/n8n-RCE

https://github.com/JohannesLks/CVE-2025-68613-Python-Exploit

https://github.com/TheStingR/CVE-2025-68613-POC

https://github.com/ahmedshamsddin/n8n-RCE-CVE-2025-68613

https://github.com/Dlanang/homelab-CVE-2025-68613

https://github.com/hackersatyamrastogi/n8n-exploit-CVE-2025-68613-n8n-God-Mode-Ultimate

https://github.com/Victorhugofariasvieir66/relatorio-n8n.md

https://github.com/gagaltotal/n8n-cve-2025-68613

https://github.com/TheInterception/n8n_CVE-2025-68613_exploit_payloads

https://github.com/h3raklez/CVE-2025-68613

https://github.com/shibaaa204/CVE-2025-68613

https://github.com/intbjw/CVE-2025-68613-poc-via-copilot

https://github.com/sahilccras/Blackash-CVE-2025-68613

https://github.com/releaseown/analysis-and-poc-n8n-CVE-2025-68613

https://github.com/Khin-96/n8n-cve-2025-68613-thm

https://github.com/J4ck3LSyN-Gen2/n8n-CVE-2025-68613-TryHackMe

https://github.com/secjoker/CVE-2025-68613

https://github.com/Rishi-kaul/n8n-CVE-2025-68613

https://github.com/rxerium/CVE-2025-68613

https://github.com/Ak-cybe/CVE-2025-68613-n8n-rce-analysis

https://github.com/wioui/n8n-CVE-2025-68613-exploit

https://github.com/GnuTLam/POC-CVE-2025-68613

https://github.com/LingerANR/n8n-CVE-2025-68613

https://github.com/reem-012/poc_CVE-2025-68613

https://github.com/manyaigdtuw/CVE-2025-68613_Scanner

https://github.com/intelligent-ears/CVE-2025-68613

https://github.com/nehkark/CVE-2025-68613

https://github.com/ali-py3/Exploit-CVE-2025-68613

https://github.com/r4j3sh-com/CVE-2025-68613-n8n-lab

https://github.com/mbanyamer/n8n-Authenticated-Expression-Injection-RCE-CVE-2025-68613

https://github.com/cv-sai-kamesh/n8n-CVE-2025-68613

CVE-2026-32059
(8.8 HIGH)

EPSS: 0.06%

updated 2026-03-11T20:38:42

1 posts

### Summary In OpenClaw, `tools.exec.safeBins` validation for `sort` could be bypassed via GNU long-option abbreviations in allowlist mode, allowing approval-free execution paths that should require approval. ### Affected Packages / Versions - Ecosystem: npm - Package: `openclaw` - Latest published version checked: `2026.2.22-2` - Affected range: `<= 2026.2.22-2` - Fixed version: `2026.2.23` ###

CVE-2026-32060
(8.8 HIGH)

EPSS: 0.28%

updated 2026-03-11T20:38:26

1 posts

## Summary In affected versions, when `apply_patch` was enabled and the agent ran without filesystem sandbox containment, crafted paths could cause file writes/deletes outside the configured workspace directory. ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected: `<= 2026.2.13` - Fixed: `>= 2026.2.14` ## Details The non-sandbox path resolution in `apply_patch` did not enfo

CVE-2026-27273
(7.8 HIGH)

EPSS: 0.03%

updated 2026-03-11T20:27:05.240000

1 posts

Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-30966
(10.0 CRITICAL)

EPSS: 0.04%

updated 2026-03-11T19:50:29.950000

1 posts

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.7 and 8.6.20, Parse Server's internal tables, which store Relation field mappings such as role memberships, can be directly accessed via the REST API or GraphQL API by any client using only the application key. No master key is required. An attacker can create, read, update,

CVE-2026-3784
(6.5 MEDIUM)

EPSS: 0.03%

updated 2026-03-11T18:31:35

2 posts

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.

CVE-2025-67298
(8.1 HIGH)

EPSS: 0.05%

updated 2026-03-11T18:31:35

1 posts

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile

CVE-2026-20046
(8.8 HIGH)

EPSS: 0.02%

updated 2026-03-11T18:30:40

3 posts

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker with a low-privileged account could exploit this vulnerability by us

CVE-2026-0230(CVSS UNKNOWN)

EPSS: 0.01%

updated 2026-03-11T18:30:40

1 posts

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection.

CVE-2026-20118
(6.8 MEDIUM)

EPSS: 0.07%

updated 2026-03-11T18:30:40

1 posts

A vulnerability in the handling of an Egress Packet Network Interface (EPNI) Aligner interrupt in Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series with NC57 line cards and Cisco NCS 5700 Routers and Cisco IOS XR Software for Third Party Software could allow an unauthenticated, remote attacker to cause the network processing unit (NPU) and ASIC to stop processing, preven

CVE-2026-20074
(7.4 HIGH)

EPSS: 0.02%

updated 2026-03-11T18:30:40

1 posts

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly. This vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending crafted IS-IS packets to a

CVE-2026-20117
(6.1 MEDIUM)

EPSS: 0.04%

updated 2026-03-11T18:30:40

1 posts

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability exists because the web-based management interface of an affected system does not sufficiently validate user-supplied input. An attacker could exp

CVE-2026-1069
(7.5 HIGH)

EPSS: 0.02%

updated 2026-03-11T18:30:40

1 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances.

CVE-2026-1090
(8.7 HIGH)

EPSS: 0.02%

updated 2026-03-11T18:30:39

1 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the `markdown_placeholders` feature flag was enabled, to inject JavaScript in a browser due to improper sanitization of placeholder content in markdown processing.

CVE-2026-0124
(7.8 HIGH)

EPSS: 0.02%

updated 2026-03-11T18:30:29

1 posts

There is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2026-21289
(7.5 HIGH)

EPSS: 0.10%

updated 2026-03-11T18:21:50.817000

1 posts

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized view access of data. Exploitation of this issue does not require user interaction.

CVE-2026-2631
(9.8 CRITICAL)

EPSS: 0.18%

updated 2026-03-11T15:32:59

2 posts

The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST endpoint that allows any remote user to modify the option `datalogics_token` without verification. This token is subsequently used for authentication in a protected endpoint that allows users to perform arbitrary WordPress `update_option()` operations. Attackers can use this to enable registartion and

CVE-2026-3783
(5.3 MEDIUM)

EPSS: 0.03%

updated 2026-03-11T15:32:59

1 posts

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host

CVE-2025-70027
(7.5 HIGH)

EPSS: 0.03%

updated 2026-03-11T15:31:58

1 posts

An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information

CVE-2026-30902
(7.8 HIGH)

EPSS: 0.01%

updated 2026-03-11T15:31:58

1 posts

Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.

CVE-2026-3496
(7.5 HIGH)

EPSS: 0.06%

updated 2026-03-11T15:31:58

1 posts

The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'check_in_date' parameter in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can

CVE-2026-2626
(8.1 HIGH)

EPSS: 0.03%

updated 2026-03-11T15:31:52

1 posts

The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function, allowing unauthenticated users to modify stored divi-booster WordPress plugin before 5.0.2 options. Furthermore, due to the use of unserialize() on the data, this could be further exploited when combined with a PHP gadget chain to achieve PHP Object Injection

CVE-2026-23814
(8.8 HIGH)

EPSS: 0.12%

updated 2026-03-11T15:31:51

1 posts

A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior.

CVE-2026-23813
(9.8 CRITICAL)

EPSS: 0.05%

updated 2026-03-11T14:16:19.637000

2 posts

A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls. In some cases this could enable resetting the admin password.

CVE-2025-40943
(9.6 CRITICAL)

EPSS: 0.04%

updated 2026-03-11T13:53:47.157000

2 posts

Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering a legitimate user to import a specially crafted trace file

CVE-2026-21262
(8.8 HIGH)

EPSS: 0.08%

updated 2026-03-11T13:53:47.157000

2 posts

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2026-26117
(7.8 HIGH)

EPSS: 0.04%

updated 2026-03-11T13:53:20.707000

4 posts

Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.

CVE-2026-24291
(7.8 HIGH)

EPSS: 0.06%

updated 2026-03-11T13:53:20.707000

1 posts

Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally.

CVE-2026-26118
(8.8 HIGH)

EPSS: 0.06%

updated 2026-03-11T13:53:20.707000

1 posts

Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.

CVE-2026-2413
(7.5 HIGH)

EPSS: 11.89%

updated 2026-03-11T13:52:47.683000

4 posts

The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the `get_global_remediations()` method, where it is directly concatenated into an SQL JOIN clause without proper sanitization for SQL context. While `esc_url_raw()` is ap

Nuclei template

2 repos

https://github.com/reschjonas/CVE-2026-24135

https://github.com/FilipeGaudard/CVE-2026-24134-PoC

CVE-2026-3453
(8.1 HIGH)

EPSS: 0.04%

updated 2026-03-11T13:52:47.683000

1 posts

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the change_plan_sub_id parameter in the process_checkout() function. The ppress_process_checkout AJAX handler accepts a user-controlled subscription ID intended for plan upgrades, loads the subscription record, and can

CVE-2026-3222
(7.5 HIGH)

EPSS: 0.16%

updated 2026-03-11T13:52:47.683000

1 posts

The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'location_id' parameter in all versions up to, and including, 4.9.1. This is due to the plugin's database abstraction layer (`FlipperCode_Model_Base::is_column()`) treating user input wrapped in backticks as column names, bypassing the `esc_sql()` escaping function. Additionally, the `wpgmp_ajax_call` AJAX han

CVE-2026-31844
(8.8 HIGH)

EPSS: 0.04%

updated 2026-03-11T13:52:47.683000

1 posts

An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL queries via crafted requests to this parameter, allowing execution of unintended SQL statements and expo

1 repos

https://github.com/Mothra-1/CVE-2026-31844

CVE-2026-1992
(8.8 HIGH)

EPSS: 0.07%

updated 2026-03-11T13:52:47.683000

1 posts

The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the `store_settings()` method in the `ExactMetrics_Onboarding` class accepting a user-supplied `triggered_by` parameter that is used instead of the current user's ID to check permissions. This makes it possible for authenticated attack

CVE-2026-1993
(8.8 HIGH)

EPSS: 0.04%

updated 2026-03-11T12:31:30

1 posts

The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in versions 7.1.0 through 9.0.2. This is due to the `update_settings()` function accepting arbitrary plugin setting names without a whitelist of allowed settings. This makes it possible for authenticated attackers with the `exactmetrics_save_settings` capability to modify any plugin se

CVE-2026-3826
(9.8 CRITICAL)

EPSS: 0.20%

updated 2026-03-11T09:32:00

2 posts

IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.

CVE-2026-1708
(7.5 HIGH)

EPSS: 0.12%

updated 2026-03-11T09:32:00

1 posts

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and including, 1.6.9.27. This is due to the `db_where_conditions` method in the `TD_DB_Model` class failing to prevent the `append_where_sql` parameter from being passed through JSON request bodies, while only checking for its presence in t

CVE-2025-13067
(8.8 HIGH)

EPSS: 0.10%

updated 2026-03-11T06:31:47

1 posts

The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.7.1049. This is due to insufficient file type validation detecting files named main.php, allowing a file with such a name to bypass sanitization. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the af

CVE-2026-24448
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-03-11T06:31:47

2 posts

Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access.

CVE-2026-29515(CVSS UNKNOWN)

EPSS: 0.07%

updated 2026-03-11T06:31:47

1 posts

MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send arbitrary username and password combinations to the PASS command handler, which unconditionally grants access and allows listing, reading, writing, and deleting files exposed by the FTP server. The MiCo

CVE-2026-27842
(9.8 CRITICAL)

EPSS: 0.10%

updated 2026-03-11T06:31:41

2 posts

Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration.

CVE-2026-21290
(8.7 HIGH)

EPSS: 0.04%

updated 2026-03-11T03:31:39

1 posts

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A su

CVE-2026-21311
(8.0 HIGH)

EPSS: 0.10%

updated 2026-03-11T03:31:39

1 posts

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A s

CVE-2026-21309
(7.5 HIGH)

EPSS: 0.10%

updated 2026-03-11T03:31:39

1 posts

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized view access of data. Exploitation of this issue does not require user interaction.

CVE-2026-21361
(8.1 HIGH)

EPSS: 0.09%

updated 2026-03-11T03:31:39

1 posts

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vvulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A

CVE-2026-21284
(8.1 HIGH)

EPSS: 0.09%

updated 2026-03-11T03:31:38

1 posts

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A s

CVE-2026-27271
(7.8 HIGH)

EPSS: 0.03%

updated 2026-03-11T00:31:38

1 posts

Illustrator versions 29.8.4, 30.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-26738
(7.8 HIGH)

EPSS: 0.05%

updated 2026-03-10T21:33:20

1 posts

Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows a remote attacker to execute arbitrary code via a crafted .sns snapshot file.

CVE-2026-27276
(7.8 HIGH)

EPSS: 0.03%

updated 2026-03-10T21:32:24

1 posts

Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-27275
(7.8 HIGH)

EPSS: 0.03%

updated 2026-03-10T21:32:24

1 posts

Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-27277
(7.8 HIGH)

EPSS: 0.03%

updated 2026-03-10T21:32:17

1 posts

Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-27826
(8.2 HIGH)

EPSS: 0.04%

updated 2026-03-10T18:48:50

1 posts

### Summary An unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL by supplying two custom HTTP headers without an `Authorization` header. No authentication is required. The vulnerability exists in the HTTP middleware and dependency injection layer — not in any MCP tool handler -

1 repos

https://github.com/plutosecurity/MCPwnfluence

CVE-2026-28292
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-03-10T18:38:58

2 posts

### Summary The `blockUnsafeOperationsPlugin` in `simple-git` fails to block git protocol override arguments when the config key is passed in uppercase or mixed case. An attacker who controls arguments passed to git operations can enable the `ext::` protocol by passing `-c PROTOCOL.ALLOW=always`, which executes an arbitrary OS command on the host machine. --- ### Details The `preventProtocolOv

CVE-2026-26128
(7.8 HIGH)

EPSS: 0.04%

updated 2026-03-10T18:31:31

1 posts

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.