https://www.tenable.com/cve/feeds?sort=newest Get the latest CVE updates from Tenable Tue, 17 Mar 2026 11:07:31 GMT https://validator.w3.org/feed/docs/rss2.html Tenable CVEs https://www.tenable.com/themes/custom/tenable/img/favicons/apple-touch-icon.png https://www.tenable.com/cve/feeds?sort=newest Copyright 2026 Tenable, Inc. All rights reserved. https://www.tenable.com/cve/CVE-2026-4265 https://www.tenable.com/cve/CVE-2026-4265 Mon, 16 Mar 2026 12:07:14 GMT Medium Severity

Description

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to validate team-specific upload_file permissions which allows a guest user to post files in channels where they lack upload_file permission via uploading files in a team where they have permission and reusing the file metadata in a POST request to a different team. Mattermost Advisory ID: MMSA-2025-00553

Read more at https://www.tenable.com/cve/CVE-2026-4265

]]> https://www.tenable.com/cve/CVE-2026-25783 https://www.tenable.com/cve/CVE-2026-25783 Mon, 16 Mar 2026 12:04:18 GMT Medium Severity

Description

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586

Read more at https://www.tenable.com/cve/CVE-2026-25783

]]> https://www.tenable.com/cve/CVE-2026-24458 https://www.tenable.com/cve/CVE-2026-24458 Mon, 16 Mar 2026 12:02:23 GMT High Severity

Description

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly handle very long passwords, which allows an attacker to overload the server CPU and memory via executing login attempts with multi-megabyte passwords. Mattermost Advisory ID: MMSA-2026-00587

Read more at https://www.tenable.com/cve/CVE-2026-24458

]]> https://www.tenable.com/cve/CVE-2026-4237 https://www.tenable.com/cve/CVE-2026-4237 Mon, 16 Mar 2026 12:02:10 GMT Medium Severity

Description

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/mod_reports/index.php. Executing a manipulation of the argument Home can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.

Read more at https://www.tenable.com/cve/CVE-2026-4237

]]> https://www.tenable.com/cve/CVE-2026-2462 https://www.tenable.com/cve/CVE-2026-2462 Mon, 16 Mar 2026 12:00:21 GMT Medium Severity

Description

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to restrict plugin installation on CI test instances with default admin credentials which allows an unauthenticated attacker to achieve remote code execution and exfiltrate sensitive configuration data including AWS and SMTP credentials via uploading a malicious plugin after changing the import directory. Mattermost Advisory ID: MMSA-2025-00528

Read more at https://www.tenable.com/cve/CVE-2026-2462

]]> https://www.tenable.com/cve/CVE-2026-2578 https://www.tenable.com/cve/CVE-2026-2578 Mon, 16 Mar 2026 11:58:09 GMT Medium Severity

Description

Mattermost versions 11.3.x <= 11.3.0 fail to preserve the redacted state of burn-on-read posts during deletion which allows channel members to access unrevealed burn-on-read message contents via the WebSocket post deletion event.. Mattermost Advisory ID: MMSA-2026-00579

Read more at https://www.tenable.com/cve/CVE-2026-2578

]]> https://www.tenable.com/cve/CVE-2025-69246 https://www.tenable.com/cve/CVE-2025-69246 Mon, 16 Mar 2026 11:54:50 GMT Medium Severity

Description

Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon requests without triggering lockout, throttling, or step-up challenges. This issue was fixed in version 1.4.6.

Read more at https://www.tenable.com/cve/CVE-2025-69246

]]> https://www.tenable.com/cve/CVE-2025-69245 https://www.tenable.com/cve/CVE-2025-69245 Mon, 16 Mar 2026 11:54:42 GMT Medium Severity

Description

Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacker can craft a malicious URL which, when opened by the authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in 1.4.6.

Read more at https://www.tenable.com/cve/CVE-2025-69245

]]> https://www.tenable.com/cve/CVE-2025-69243 https://www.tenable.com/cve/CVE-2025-69243 Mon, 16 Mar 2026 11:54:32 GMT Medium Severity

Description

Raytha CMS is vulnerable to User Enumeration in password reset functionality. Difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins. This issue was fixed in version 1.5.0.

Read more at https://www.tenable.com/cve/CVE-2025-69243

]]> https://www.tenable.com/cve/CVE-2025-69242 https://www.tenable.com/cve/CVE-2025-69242 Mon, 16 Mar 2026 11:54:19 GMT Medium Severity

Description

Raytha CMS is vulnerable to reflected XSS via the backToListUrl parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in version 1.4.6.

Read more at https://www.tenable.com/cve/CVE-2025-69242

]]> https://www.tenable.com/cve/CVE-2025-69241 https://www.tenable.com/cve/CVE-2025-69241 Mon, 16 Mar 2026 11:53:55 GMT Medium Severity

Description

Raytha CMS is vulnerable to Stored XSS via FirstName and LastName parameters in profile editing functionality. Authenticated attacker can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version 1.4.6.

Read more at https://www.tenable.com/cve/CVE-2025-69241

]]> https://www.tenable.com/cve/CVE-2025-69240 https://www.tenable.com/cve/CVE-2025-69240 Mon, 16 Mar 2026 11:53:41 GMT High Severity

Description

Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or `Host` headers to attacker controlled domain. The attacker (who knows the victim's email address) can force the server to send an email with password reset link pointing to the domain from spoofed header. When victim clicks the link, browser sends request to the attacker’s domain with the token in the path allowing the attacker to capture the token. This allows the attacker to reset victim's password and take over the victim's account. This issue was fixed in version 1.4.6.

Read more at https://www.tenable.com/cve/CVE-2025-69240

]]> https://www.tenable.com/cve/CVE-2025-69239 https://www.tenable.com/cve/CVE-2025-69239 Mon, 16 Mar 2026 11:53:33 GMT Medium Severity

Description

Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request. This issue was fixed in version 1.4.6.

Read more at https://www.tenable.com/cve/CVE-2025-69239

]]> https://www.tenable.com/cve/CVE-2025-69238 https://www.tenable.com/cve/CVE-2025-69238 Mon, 16 Mar 2026 11:53:11 GMT Medium Severity

Description

Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint (e. x. deletion of the data) without enforcing token verification. This issue was fixed in version 1.4.6.

Read more at https://www.tenable.com/cve/CVE-2025-69238

]]> https://www.tenable.com/cve/CVE-2025-69237 https://www.tenable.com/cve/CVE-2025-69237 Mon, 16 Mar 2026 11:53:03 GMT Medium Severity

Description

Raytha CMS is vulnerable to Stored XSS via FieldValues[0].Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version 1.4.6.

Read more at https://www.tenable.com/cve/CVE-2025-69237

]]> https://www.tenable.com/cve/CVE-2025-69236 https://www.tenable.com/cve/CVE-2025-69236 Mon, 16 Mar 2026 11:52:54 GMT Medium Severity

Description

Raytha CMS is vulnerable to Stored XSS via FieldValues[1].Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version 1.4.6.

Read more at https://www.tenable.com/cve/CVE-2025-69236

]]> https://www.tenable.com/cve/CVE-2025-15540 https://www.tenable.com/cve/CVE-2025-15540 Mon, 16 Mar 2026 11:52:33 GMT High Severity

Description

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary operations within the application’s hosting environment. This issue was fixed in version 1.4.6.

Read more at https://www.tenable.com/cve/CVE-2025-15540

]]> https://www.tenable.com/cve/CVE-2026-3476 https://www.tenable.com/cve/CVE-2026-3476 Mon, 16 Mar 2026 11:48:18 GMT High Severity

Description

A Code Injection vulnerability affecting in SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file.

Read more at https://www.tenable.com/cve/CVE-2026-3476

]]> https://www.tenable.com/cve/CVE-2026-26246 https://www.tenable.com/cve/CVE-2026-26246 Mon, 16 Mar 2026 11:33:02 GMT Medium Severity

Description

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost Advisory ID: MMSA-2026-00572

Read more at https://www.tenable.com/cve/CVE-2026-26246

]]> https://www.tenable.com/cve/CVE-2026-4236 https://www.tenable.com/cve/CVE-2026-4236 Mon, 16 Mar 2026 11:32:09 GMT Medium Severity

Description

A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument txtsearch/deptname/name leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

Read more at https://www.tenable.com/cve/CVE-2026-4236

]]> https://www.tenable.com/cve/CVE-2026-2458 https://www.tenable.com/cve/CVE-2026-2458 Mon, 16 Mar 2026 11:27:49 GMT Medium Severity

Description

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly validate team membership when searching channels which allows a removed team member to enumerate all public channels within a private team via the channel search API endpoint.. Mattermost Advisory ID: MMSA-2025-00568

Read more at https://www.tenable.com/cve/CVE-2026-2458

]]> https://www.tenable.com/cve/CVE-2026-2457 https://www.tenable.com/cve/CVE-2026-2457 Mon, 16 Mar 2026 11:20:25 GMT Medium Severity

Description

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to sanitize client-supplied post metadata which allows an authenticated attacker to spoof permalink embeds impersonating other users via crafted PUT requests to the post update API endpoint.. Mattermost Advisory ID: MMSA-2025-00569

Read more at https://www.tenable.com/cve/CVE-2026-2457

]]> https://www.tenable.com/cve/CVE-2026-2461 https://www.tenable.com/cve/CVE-2026-2461 Mon, 16 Mar 2026 11:16:32 GMT Medium Severity

Description

Mattermost Plugins versions <=11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559

Read more at https://www.tenable.com/cve/CVE-2026-2461

]]> https://www.tenable.com/cve/CVE-2026-2463 https://www.tenable.com/cve/CVE-2026-2463 Mon, 16 Mar 2026 11:13:57 GMT Medium Severity

Description

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to filter invite IDs based on user permissions, which allows regular users to bypass access control restrictions and register unauthorized accounts via leaked invite IDs during team creation.. Mattermost Advisory ID: MMSA-2025-00565

Read more at https://www.tenable.com/cve/CVE-2026-2463

]]> https://www.tenable.com/cve/CVE-2026-2476 https://www.tenable.com/cve/CVE-2026-2476 Mon, 16 Mar 2026 11:11:07 GMT High Severity

Description

Mattermost Plugins versions <=2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606

Read more at https://www.tenable.com/cve/CVE-2026-2476

]]> https://www.tenable.com/cve/CVE-2026-2456 https://www.tenable.com/cve/CVE-2026-2456 Mon, 16 Mar 2026 11:06:44 GMT Medium Severity

Description

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 Mattermost fails to limit the size of responses from integration action endpoints, which allows an authenticated attacker to cause server memory exhaustion and denial of service via a malicious integration server that returns an arbitrarily large response when a user clicks an interactive message button.. Mattermost Advisory ID: MMSA-2026-00571

Read more at https://www.tenable.com/cve/CVE-2026-2456

]]> https://www.tenable.com/cve/CVE-2026-4235 https://www.tenable.com/cve/CVE-2026-4235 Mon, 16 Mar 2026 11:02:09 GMT Medium Severity

Description

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument user_email causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.

Read more at https://www.tenable.com/cve/CVE-2026-4235

]]> https://www.tenable.com/cve/CVE-2025-15554 https://www.tenable.com/cve/CVE-2025-15554 Mon, 16 Mar 2026 10:46:09 GMT Medium Severity

Description

Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin passwords.

Read more at https://www.tenable.com/cve/CVE-2025-15554

]]> https://www.tenable.com/cve/CVE-2025-15553 https://www.tenable.com/cve/CVE-2025-15553 Mon, 16 Mar 2026 10:45:04 GMT Medium Severity

Description

Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password.

Read more at https://www.tenable.com/cve/CVE-2025-15553

]]> https://www.tenable.com/cve/CVE-2025-15552 https://www.tenable.com/cve/CVE-2025-15552 Mon, 16 Mar 2026 10:44:02 GMT Medium Severity

Description

Insufficient Session Expiration in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password.

Read more at https://www.tenable.com/cve/CVE-2025-15552

]]> https://www.tenable.com/cve/CVE-2026-4234 https://www.tenable.com/cve/CVE-2026-4234 Mon, 16 Mar 2026 10:32:11 GMT Medium Severity

Description

A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4234

]]> https://www.tenable.com/cve/CVE-2026-3024 https://www.tenable.com/cve/CVE-2026-3024 Mon, 16 Mar 2026 10:13:37 GMT Medium Severity

Description

Stored Cross-Site Scripting (XSS) vulnerability in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/configuracion/agenda/modelo-formulario-evento'. A user with permission to create personalized accounts could exploit this vulnerability simply by creating a malicious survey that would harm the entire veterinary team. At the same time, a user with low privileges could exploit this vulnerability to access unauthorized data and perform actions with elevated privileges.

Read more at https://www.tenable.com/cve/CVE-2026-3024

]]> https://www.tenable.com/cve/CVE-2026-3023 https://www.tenable.com/cve/CVE-2026-3023 Mon, 16 Mar 2026 10:12:53 GMT Medium Severity

Description

Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/pets/print-tags'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting NoSQL commands, allowing them to list both pets and owner names.

Read more at https://www.tenable.com/cve/CVE-2026-3023

]]> https://www.tenable.com/cve/CVE-2026-3022 https://www.tenable.com/cve/CVE-2026-3022 Mon, 16 Mar 2026 10:11:30 GMT High Severity

Description

Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting special NoSQL commands, resulting in the attacker being able to obtain customer reports.

Read more at https://www.tenable.com/cve/CVE-2026-3022

]]> https://www.tenable.com/cve/CVE-2026-3021 https://www.tenable.com/cve/CVE-2026-3021 Mon, 16 Mar 2026 10:11:11 GMT High Severity

Description

Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticated user to alter a GET request to the affected endpoint for the purpose of injecting special NoSQL commands. This would lead to the enumeration of sensitive employee data.

Read more at https://www.tenable.com/cve/CVE-2026-3021

]]> https://www.tenable.com/cve/CVE-2026-3020 https://www.tenable.com/cve/CVE-2026-3020 Mon, 16 Mar 2026 10:09:54 GMT High Severity

Description

Identity based authorization bypass vulnerability (IDOR) that allows an attacker to modify the data of a legitimate user account, such as changing the victim's email address, validating the new email address, and requesting a new password. This could allow them to take complete control of other users' legitimate accounts

Read more at https://www.tenable.com/cve/CVE-2026-3020

]]> https://www.tenable.com/cve/CVE-2026-4233 https://www.tenable.com/cve/CVE-2026-4233 Mon, 16 Mar 2026 10:02:07 GMT Medium Severity

Description

A vulnerability was identified in ThingsGateway 12. This affects an unknown part of the file /api/file/download. The manipulation of the argument fileName leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4233

]]> https://www.tenable.com/cve/CVE-2026-3111 https://www.tenable.com/cve/CVE-2026-3111 Mon, 16 Mar 2026 09:37:48 GMT Medium Severity

Description

Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa specifically at the endpoint '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg' (translated as 80x90 and 40x45). Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the profile photos of all users via a manipulated URL, enabling them to collect user photos en masse. This could lead to these photos being used maliciously to impersonate identities, perform social engineering, link identities across platforms using facial recognition, or even carry out doxxing.

Read more at https://www.tenable.com/cve/CVE-2026-3111

]]> https://www.tenable.com/cve/CVE-2026-3110 https://www.tenable.com/cve/CVE-2026-3110 Mon, 16 Mar 2026 09:36:17 GMT High Severity

Description

Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa specifically at the endpoint '/administracion/admin_usuarios.cgi?filtro_estado=T&wAccion=listado_xlsx&wBuscar=&wFiltrar=&wOrden=alta_usuario&wid_cursoActual=[ID]' where the data of users enrolled in the course is exported. Successful exploitation of this vulnerability could allow an unauthenticated attacker to access user data (e.g., usernames, first and last names, email addresses, and phone numbers) and retrieve the data of all users enrolled in courses by performing a brute-force attack on the course ID via a manipulated URL.

Read more at https://www.tenable.com/cve/CVE-2026-3110

]]> https://www.tenable.com/cve/CVE-2026-4232 https://www.tenable.com/cve/CVE-2026-4232 Mon, 16 Mar 2026 09:32:21 GMT Medium Severity

Description

A vulnerability was determined in Tiandy Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /rest/user/getAuthorityByUserId. Executing a manipulation of the argument userId can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4232

]]> https://www.tenable.com/cve/CVE-2025-11500 https://www.tenable.com/cve/CVE-2025-11500 Mon, 16 Mar 2026 09:26:14 GMT High Severity

Description

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off (which is a default setting), an unauthenticated attacker on the local network can obtain usernames and encoded passwords for interface management portal by inspecting the HTTP response of the server when visiting the login page, which contains a JSON file with these details. Both normal and admin users credentials are exposed. This issue has been fixed in firmware versions: 1.36 (for tcPDU), 1.67 (for LK3.5 - hardware versions: 3.5, 3.6, 3.7 and 3.8), 1.75 (for LK3.9 - hardware version 3.9) and 1.38 (for LK4 - hardware version 4.0).

Read more at https://www.tenable.com/cve/CVE-2025-11500

]]> https://www.tenable.com/cve/CVE-2025-15587 https://www.tenable.com/cve/CVE-2025-15587 Mon, 16 Mar 2026 09:26:00 GMT High Severity

Description

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 (for tcPDU), 1.67 (for LK3.5 - hardware versions: 3.5, 3.6, 3.7 and 3.8), 1.75 (for LK3.9 - hardware version 3.9) and 1.38 (for LK4 - hardware version 4.0).

Read more at https://www.tenable.com/cve/CVE-2025-15587

]]> https://www.tenable.com/cve/CVE-2026-4231 https://www.tenable.com/cve/CVE-2026-4231 Mon, 16 Mar 2026 09:02:08 GMT Medium Severity

Description

A vulnerability was found in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function update_sql/run_sql of the file src/vanna/legacy/flask/__init__.py of the component Endpoint. Performing a manipulation results in server-side request forgery. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4231

]]> https://www.tenable.com/cve/CVE-2026-4230 https://www.tenable.com/cve/CVE-2026-4230 Mon, 16 Mar 2026 08:32:09 GMT Medium Severity

Description

A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function update_sql of the file src/vanna/legacy/flask/__init__.py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4230

]]> https://www.tenable.com/cve/CVE-2026-4229 https://www.tenable.com/cve/CVE-2026-4229 Mon, 16 Mar 2026 08:32:07 GMT Medium Severity

Description

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function remove_training_data of the file src/vanna/legacy/google/bigquery_vector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4229

]]> https://www.tenable.com/cve/CVE-2026-4228 https://www.tenable.com/cve/CVE-2026-4228 Mon, 16 Mar 2026 08:02:10 GMT Medium Severity

Description

A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub_458754 of the file /goform/set_wifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4228

]]> https://www.tenable.com/cve/CVE-2026-4227 https://www.tenable.com/cve/CVE-2026-4227 Mon, 16 Mar 2026 08:02:08 GMT High Severity

Description

A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub_44D844 of the file /goform/get_hidessid_cfg. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4227

]]> https://www.tenable.com/cve/CVE-2026-4226 https://www.tenable.com/cve/CVE-2026-4226 Mon, 16 Mar 2026 07:32:10 GMT High Severity

Description

A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of the file /goform/get_virtual_cfg. Executing a manipulation can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4226

]]> https://www.tenable.com/cve/CVE-2026-4225 https://www.tenable.com/cve/CVE-2026-4225 Mon, 16 Mar 2026 07:32:07 GMT Medium Severity

Description

A security flaw has been discovered in CMS Made Simple up to 2.2.21. Impacted is an unknown function of the file admin/listusers.php of the component User Management Module. Performing a manipulation of the argument Message results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.

Read more at https://www.tenable.com/cve/CVE-2026-4225

]]> https://www.tenable.com/cve/CVE-2026-4255 https://www.tenable.com/cve/CVE-2026-4255 Mon, 16 Mar 2026 07:14:07 GMT High Severity

Description

A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows (64-bit) allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library (DLL) dependencies using the default Windows search order, which includes directories that may be writable by non-privileged users.\n\n\n\nBecause these directories can be modified by unprivileged users, an attacker can place a malicious DLL with the same name as a legitimate dependency in a directory that is searched before trusted system locations. When the application is executed, which is always with administrative privileges, the malicious DLL is loaded instead of the legitimate library.\n\n\n\nThe application does not enforce restrictions on DLL loading locations and does not verify the integrity or digital signature of loaded libraries. As a result, attacker-controlled code may be executed within the security context of the application, allowing arbitrary code execution with elevated privileges.\n\n\n\nSuccessful exploitation requires that an attacker place a crafted malicious DLL in a user-writable directory that is included in the application's DLL search path and then cause the affected application to be executed. Once loaded, the malicious DLL runs with the same privileges as the application.\n\n\n\nThis issue affects \nTR-VISION HOME versions up to and including 2.0.5.

Read more at https://www.tenable.com/cve/CVE-2026-4255

]]> https://www.tenable.com/cve/CVE-2025-6969 https://www.tenable.com/cve/CVE-2025-6969 Mon, 16 Mar 2026 07:10:50 GMT Medium Severity

Description

in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input.

Read more at https://www.tenable.com/cve/CVE-2025-6969

]]> https://www.tenable.com/cve/CVE-2025-26474 https://www.tenable.com/cve/CVE-2025-26474 Mon, 16 Mar 2026 07:10:37 GMT Low Severity

Description

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input. This vulnerability can be exploited only in restricted scenarios.

Read more at https://www.tenable.com/cve/CVE-2025-26474

]]> https://www.tenable.com/cve/CVE-2025-52458 https://www.tenable.com/cve/CVE-2025-52458 Mon, 16 Mar 2026 07:10:08 GMT Medium Severity

Description

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

Read more at https://www.tenable.com/cve/CVE-2025-52458

]]> https://www.tenable.com/cve/CVE-2025-41432 https://www.tenable.com/cve/CVE-2025-41432 Mon, 16 Mar 2026 07:09:53 GMT Medium Severity

Description

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

Read more at https://www.tenable.com/cve/CVE-2025-41432

]]> https://www.tenable.com/cve/CVE-2025-25277 https://www.tenable.com/cve/CVE-2025-25277 Mon, 16 Mar 2026 07:09:27 GMT Medium Severity

Description

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios.

Read more at https://www.tenable.com/cve/CVE-2025-25277

]]> https://www.tenable.com/cve/CVE-2025-12736 https://www.tenable.com/cve/CVE-2025-12736 Mon, 16 Mar 2026 07:09:13 GMT Medium Severity

Description

in OpenHarmony v5.0.3 and prior versions allow a local attacker case sensitive information leak through use of uninitialized resource.

Read more at https://www.tenable.com/cve/CVE-2025-12736

]]> https://www.tenable.com/cve/CVE-2026-0639 https://www.tenable.com/cve/CVE-2026-0639 Mon, 16 Mar 2026 07:08:53 GMT Low Severity

Description

in OpenHarmony v6.0 and prior versions allow a local attacker case DOS through missing release of memory.

Read more at https://www.tenable.com/cve/CVE-2026-0639

]]> https://www.tenable.com/cve/CVE-2026-32778 https://www.tenable.com/cve/CVE-2026-32778 Mon, 16 Mar 2026 07:02:34 GMT Low Severity

Description

libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.

Read more at https://www.tenable.com/cve/CVE-2026-32778

]]> https://www.tenable.com/cve/CVE-2026-4223 https://www.tenable.com/cve/CVE-2026-4223 Mon, 16 Mar 2026 07:02:08 GMT Medium Severity

Description

A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manage_employee.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.

Read more at https://www.tenable.com/cve/CVE-2026-4223

]]> https://www.tenable.com/cve/CVE-2026-32777 https://www.tenable.com/cve/CVE-2026-32777 Mon, 16 Mar 2026 06:58:06 GMT Medium Severity

Description

libexpat before 2.7.5 allows an infinite loop while parsing DTD content.

Read more at https://www.tenable.com/cve/CVE-2026-32777

]]> https://www.tenable.com/cve/CVE-2026-32776 https://www.tenable.com/cve/CVE-2026-32776 Mon, 16 Mar 2026 06:54:20 GMT Medium Severity

Description

libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.

Read more at https://www.tenable.com/cve/CVE-2026-32776

]]> https://www.tenable.com/cve/CVE-2026-25083 https://www.tenable.com/cve/CVE-2026-25083 Mon, 16 Mar 2026 06:47:38 GMT High Severity

Description

GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper the other user's threads/messages.

Read more at https://www.tenable.com/cve/CVE-2026-25083

]]> https://www.tenable.com/cve/CVE-2026-4222 https://www.tenable.com/cve/CVE-2026-4222 Mon, 16 Mar 2026 06:32:22 GMT Medium Severity

Description

A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of the argument path causes path traversal. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4222

]]> https://www.tenable.com/cve/CVE-2026-4221 https://www.tenable.com/cve/CVE-2026-4221 Mon, 16 Mar 2026 06:32:17 GMT Medium Severity

Description

A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4221

]]> https://www.tenable.com/cve/CVE-2026-32775 https://www.tenable.com/cve/CVE-2026-32775 Mon, 16 Mar 2026 06:31:36 GMT High Severity

Description

libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow.

Read more at https://www.tenable.com/cve/CVE-2026-32775

]]> https://www.tenable.com/cve/CVE-2025-71264 https://www.tenable.com/cve/CVE-2025-71264 Mon, 16 Mar 2026 06:13:51 GMT Low Severity

Description

Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash).

Read more at https://www.tenable.com/cve/CVE-2025-71264

]]> https://www.tenable.com/cve/CVE-2026-4220 https://www.tenable.com/cve/CVE-2026-4220 Mon, 16 Mar 2026 06:02:23 GMT Medium Severity

Description

A vulnerability has been found in Technologies Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /SetWebpagePic.jsp. The manipulation of the argument targetPath/Suffix leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4220

]]> https://www.tenable.com/cve/CVE-2026-4219 https://www.tenable.com/cve/CVE-2026-4219 Mon, 16 Mar 2026 06:02:08 GMT Medium Severity

Description

A flaw has been found in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affected by this vulnerability is an unknown functionality of the file com/index/event/BuildConfig.java of the component ae.index.apgcs. Executing a manipulation of the argument ACCESS_KEY/HASH_KEY can lead to hard-coded credentials. The attack is restricted to local execution. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4219

]]> https://www.tenable.com/cve/CVE-2026-4218 https://www.tenable.com/cve/CVE-2026-4218 Mon, 16 Mar 2026 05:32:07 GMT Low Severity

Description

A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a manipulation of the argument AUTH_KEY results in information disclosure. The attack is only possible with local access. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4218

]]> https://www.tenable.com/cve/CVE-2026-31386 https://www.tenable.com/cve/CVE-2026-31386 Mon, 16 Mar 2026 05:21:13 GMT High Severity

Description

OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.

Read more at https://www.tenable.com/cve/CVE-2026-31386

]]> https://www.tenable.com/cve/CVE-2026-4217 https://www.tenable.com/cve/CVE-2026-4217 Mon, 16 Mar 2026 05:02:10 GMT Low Severity

Description

A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument accessKey/secretAccessKey/securityToken leads to unprotected storage of credentials. The attack can only be performed from a local environment. The attack requires a high level of complexity. The exploitability is said to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4217

]]> https://www.tenable.com/cve/CVE-2026-4216 https://www.tenable.com/cve/CVE-2026-4216 Mon, 16 Mar 2026 05:02:08 GMT Medium Severity

Description

A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. The vendor explains: "The function referenced in the report currently exists in our deployed system. It is related to a developer mode used during the configuration process for Bluetooth pairing between the blood glucose meter and the SmartLog application. This function is intended for configuration purposes related to device integration and testing. (...) [I]n a future application update, we plan to review measures to either remove the developer mode function or restrict access to it."

Read more at https://www.tenable.com/cve/CVE-2026-4216

]]> https://www.tenable.com/cve/CVE-2026-21005 https://www.tenable.com/cve/CVE-2026-21005 Mon, 16 Mar 2026 04:35:37 GMT High Severity

Description

Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege.

Read more at https://www.tenable.com/cve/CVE-2026-21005

]]> https://www.tenable.com/cve/CVE-2026-21004 https://www.tenable.com/cve/CVE-2026-21004 Mon, 16 Mar 2026 04:35:36 GMT Medium Severity

Description

Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of service.

Read more at https://www.tenable.com/cve/CVE-2026-21004

]]> https://www.tenable.com/cve/CVE-2026-4215 https://www.tenable.com/cve/CVE-2026-4215 Mon, 16 Mar 2026 04:32:12 GMT Medium Severity

Description

A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java of the component SMTP Host Handler. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4215

]]> https://www.tenable.com/cve/CVE-2026-21002 https://www.tenable.com/cve/CVE-2026-21002 Mon, 16 Mar 2026 04:32:11 GMT Medium Severity

Description

Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application.

Read more at https://www.tenable.com/cve/CVE-2026-21002

]]> https://www.tenable.com/cve/CVE-2026-4214 https://www.tenable.com/cve/CVE-2026-4214 Mon, 16 Mar 2026 04:32:10 GMT High Severity

Description

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function UPnP_AV_Server_Path_Setting of the file /cgi-bin/app_mgr.cgi. Executing a manipulation can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.

Read more at https://www.tenable.com/cve/CVE-2026-4214

]]> https://www.tenable.com/cve/CVE-2026-21001 https://www.tenable.com/cve/CVE-2026-21001 Mon, 16 Mar 2026 04:32:09 GMT Medium Severity

Description

Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.

Read more at https://www.tenable.com/cve/CVE-2026-21001

]]> https://www.tenable.com/cve/CVE-2026-21000 https://www.tenable.com/cve/CVE-2026-21000 Mon, 16 Mar 2026 04:32:08 GMT High Severity

Description

Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.

Read more at https://www.tenable.com/cve/CVE-2026-21000

]]> https://www.tenable.com/cve/CVE-2026-20999 https://www.tenable.com/cve/CVE-2026-20999 Mon, 16 Mar 2026 04:32:07 GMT High Severity

Description

Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions.

Read more at https://www.tenable.com/cve/CVE-2026-20999

]]> https://www.tenable.com/cve/CVE-2026-20998 https://www.tenable.com/cve/CVE-2026-20998 Mon, 16 Mar 2026 04:32:06 GMT High Severity

Description

Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication.

Read more at https://www.tenable.com/cve/CVE-2026-20998

]]> https://www.tenable.com/cve/CVE-2026-20997 https://www.tenable.com/cve/CVE-2026-20997 Mon, 16 Mar 2026 04:32:05 GMT Medium Severity

Description

Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication.

Read more at https://www.tenable.com/cve/CVE-2026-20997

]]> https://www.tenable.com/cve/CVE-2026-20996 https://www.tenable.com/cve/CVE-2026-20996 Mon, 16 Mar 2026 04:32:03 GMT High Severity

Description

Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication.

Read more at https://www.tenable.com/cve/CVE-2026-20996

]]> https://www.tenable.com/cve/CVE-2026-20995 https://www.tenable.com/cve/CVE-2026-20995 Mon, 16 Mar 2026 04:32:02 GMT Medium Severity

Description

Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration.

Read more at https://www.tenable.com/cve/CVE-2026-20995

]]> https://www.tenable.com/cve/CVE-2026-20994 https://www.tenable.com/cve/CVE-2026-20994 Mon, 16 Mar 2026 04:32:01 GMT High Severity

Description

URL redirection in Samsung Account prior to version 15.5.01.1 allows remote attackers to potentially get access token.

Read more at https://www.tenable.com/cve/CVE-2026-20994

]]> https://www.tenable.com/cve/CVE-2026-20993 https://www.tenable.com/cve/CVE-2026-20993 Mon, 16 Mar 2026 04:32:00 GMT Medium Severity

Description

Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information.

Read more at https://www.tenable.com/cve/CVE-2026-20993

]]> https://www.tenable.com/cve/CVE-2026-20992 https://www.tenable.com/cve/CVE-2026-20992 Mon, 16 Mar 2026 04:31:59 GMT Medium Severity

Description

Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application.

Read more at https://www.tenable.com/cve/CVE-2026-20992

]]> https://www.tenable.com/cve/CVE-2026-20991 https://www.tenable.com/cve/CVE-2026-20991 Mon, 16 Mar 2026 04:31:57 GMT Medium Severity

Description

Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents.

Read more at https://www.tenable.com/cve/CVE-2026-20991

]]> https://www.tenable.com/cve/CVE-2026-20990 https://www.tenable.com/cve/CVE-2026-20990 Mon, 16 Mar 2026 04:31:56 GMT High Severity

Description

Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege.

Read more at https://www.tenable.com/cve/CVE-2026-20990

]]> https://www.tenable.com/cve/CVE-2026-20989 https://www.tenable.com/cve/CVE-2026-20989 Mon, 16 Mar 2026 04:31:55 GMT Medium Severity

Description

Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font.

Read more at https://www.tenable.com/cve/CVE-2026-20989

]]> https://www.tenable.com/cve/CVE-2026-20988 https://www.tenable.com/cve/CVE-2026-20988 Mon, 16 Mar 2026 04:31:53 GMT Medium Severity

Description

Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability.

Read more at https://www.tenable.com/cve/CVE-2026-20988

]]> https://www.tenable.com/cve/CVE-2026-4213 https://www.tenable.com/cve/CVE-2026-4213 Mon, 16 Mar 2026 04:02:09 GMT High Severity

Description

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This vulnerability affects the function cgi_myfavorite_del_user/cgi_myfavorite_verify of the file /cgi-bin/gui_mgr.cgi. Performing a manipulation results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.

Read more at https://www.tenable.com/cve/CVE-2026-4213

]]> https://www.tenable.com/cve/CVE-2026-4212 https://www.tenable.com/cve/CVE-2026-4212 Mon, 16 Mar 2026 03:32:14 GMT High Severity

Description

A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects the function Downloads_Schedule_Info of the file /cgi-bin/download_mgr.cgi. Such manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

Read more at https://www.tenable.com/cve/CVE-2026-4212

]]> https://www.tenable.com/cve/CVE-2026-4211 https://www.tenable.com/cve/CVE-2026-4211 Mon, 16 Mar 2026 03:32:10 GMT High Severity

Description

A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this issue is the function Local_Backup_Info of the file /cgi-bin/local_backup_mgr.cgi. This manipulation of the argument f_idx causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.

Read more at https://www.tenable.com/cve/CVE-2026-4211

]]> https://www.tenable.com/cve/CVE-2026-4210 https://www.tenable.com/cve/CVE-2026-4210 Mon, 16 Mar 2026 03:02:16 GMT Medium Severity

Description

A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function cgi_tm_set_share of the file /cgi-bin/time_machine.cgi. The manipulation of the argument Name results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Read more at https://www.tenable.com/cve/CVE-2026-4210

]]> https://www.tenable.com/cve/CVE-2026-4209 https://www.tenable.com/cve/CVE-2026-4209 Mon, 16 Mar 2026 02:32:13 GMT Medium Severity

Description

A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function cgi_create_import_users/cgi_user_batch_create/cgi_user_set_quota/cgi_user_del/cgi_user_modify/cgi_group_set_quota/cgi_group_modify/cgi_group_add/cgi_user_add/cgi_get_modify_group_info/cgi_chg_admin_pw of the file /cgi-bin/account_mgr.cgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

Read more at https://www.tenable.com/cve/CVE-2026-4209

]]> https://www.tenable.com/cve/CVE-2026-4207 https://www.tenable.com/cve/CVE-2026-4207 Mon, 16 Mar 2026 02:32:08 GMT Medium Severity

Description

A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This impacts the function cgi_device/cgi_sms_test/cgi_firmware_upload/cgi_ntp_time of the file /cgi-bin/system_mgr.cgi. Executing a manipulation can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

Read more at https://www.tenable.com/cve/CVE-2026-4207

]]> https://www.tenable.com/cve/CVE-2026-4206 https://www.tenable.com/cve/CVE-2026-4206 Mon, 16 Mar 2026 02:02:10 GMT Medium Severity

Description

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects the function FMT_rebuild_diskmgr/FMT_create_diskmgr/ScanDisk_run_e2fsck of the file /cgi-bin/dsk_mgr.cgi. Performing a manipulation results in command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

Read more at https://www.tenable.com/cve/CVE-2026-4206

]]> https://www.tenable.com/cve/CVE-2026-4205 https://www.tenable.com/cve/CVE-2026-4205 Mon, 16 Mar 2026 01:32:09 GMT Medium Severity

Description

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi_refresh_db/FTP_Server_BlockIP_Add/FTP_Server_BlockIP_Del of the file /cgi-bin/app_mgr.cgi. Such manipulation leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

Read more at https://www.tenable.com/cve/CVE-2026-4205

]]> https://www.tenable.com/cve/CVE-2026-4204 https://www.tenable.com/cve/CVE-2026-4204 Mon, 16 Mar 2026 01:02:15 GMT Medium Severity

Description

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function cgi_myfavorite_add/cgi_myfavorite_set/cgi_myfavorite_del/cgi_myfavorite_set_sort_info/cgi_myfavorite_remove_apkg/cgi_myfavorite_compare_apkg/cgi_mycloud_auto_downlaod of the file /cgi-bin/gui_mgr.cgi. This manipulation of the argument f_user causes command injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Read more at https://www.tenable.com/cve/CVE-2026-4204

]]> https://www.tenable.com/cve/CVE-2026-4203 https://www.tenable.com/cve/CVE-2026-4203 Mon, 16 Mar 2026 01:02:10 GMT Medium Severity

Description

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function cgi_portforwarding_add/cgi_portforwarding_del/cgi_portforwarding_modify/cgi_portforwarding_add_scan/cgi_dhcpd_lease/cgi_ddns/cgi_ip/cgi_dhcpd of the file /cgi-bin/network_mgr.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used.

Read more at https://www.tenable.com/cve/CVE-2026-4203

]]> https://www.tenable.com/cve/CVE-2026-4201 https://www.tenable.com/cve/CVE-2026-4201 Mon, 16 Mar 2026 00:32:43 GMT Medium Severity

Description

A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This vulnerability affects the function Upload of the file business/business-system/src/main/java/com/glowxq/system/admin/controller/SysFileController.java. Executing a manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4201

]]> https://www.tenable.com/cve/CVE-2026-4198 https://www.tenable.com/cve/CVE-2026-4198 Sun, 15 Mar 2026 23:32:19 GMT Medium Severity

Description

A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: f7d992c830c5f2ec5749852e66c0195e3ed7fe30. Applying a patch is the recommended action to fix this issue. The project was informed of the problem early through an issue report but has not responded yet.

Read more at https://www.tenable.com/cve/CVE-2026-4198

]]> https://www.tenable.com/cve/CVE-2026-4197 https://www.tenable.com/cve/CVE-2026-4197 Sun, 15 Mar 2026 23:32:15 GMT Medium Severity

Description

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function RSS_Get_Update_Status/RSS_Update/RSS_Channel_AutoDownlaod/RSS_Add/RSS_Channel_Item_Downlaod/RSS_History_Item_List/RSS_Item_List of the file /cgi-bin/download_mgr.cgi. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made public and could be used.

Read more at https://www.tenable.com/cve/CVE-2026-4197

]]> https://www.tenable.com/cve/CVE-2026-4196 https://www.tenable.com/cve/CVE-2026-4196 Sun, 15 Mar 2026 23:32:11 GMT Medium Severity

Description

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This impacts the function cgi_recovery/cgi_backup_now/cgi_set_schedule/cgi_set_rsync_server of the file /cgi-bin/remote_backup.cgi. The manipulation leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

Read more at https://www.tenable.com/cve/CVE-2026-4196

]]> https://www.tenable.com/cve/CVE-2026-4195 https://www.tenable.com/cve/CVE-2026-4195 Sun, 15 Mar 2026 23:02:19 GMT Medium Severity

Description

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects an unknown function of the file /cgi-bin/wizard_mgr.cgi. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used.

Read more at https://www.tenable.com/cve/CVE-2026-4195

]]> https://www.tenable.com/cve/CVE-2026-4194 https://www.tenable.com/cve/CVE-2026-4194 Sun, 15 Mar 2026 23:02:14 GMT Medium Severity

Description

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi_set_wto of the file /cgi-bin/system_mgr.cgi. Performing a manipulation results in improper access controls. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Read more at https://www.tenable.com/cve/CVE-2026-4194

]]> https://www.tenable.com/cve/CVE-2026-4193 https://www.tenable.com/cve/CVE-2026-4193 Sun, 15 Mar 2026 23:02:10 GMT Medium Severity

Description

A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the function GetDDNSSettings/GetDeviceDomainName/GetDeviceSettings/GetDMZSettings/GetFirewallSettings/GetGuestNetworkSettings/GetLanWanConflictInfo/GetLocalMacAddress/GetNetworkSettings/GetQoSSettings/GetRouterInformationSettings/GetRouterLanSettings/GetWanSettings/SetAccessCtlList/SetAccessCtlSwitch/SetDeviceSettings/SetGuestWLanSettings/SetIPv4FirewallSettings/SetNetworkSettings/SetNetworkTomographySettings/SetNTPServerSettings/SetRouterLanSettings/SetStaticClientInfo/SetStaticRouteSettings/SetWLanRadioSecurity/SetWPSSettings/UpdateClientInfo of the component goahead. Such manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Read more at https://www.tenable.com/cve/CVE-2026-4193

]]> https://www.tenable.com/cve/CVE-2026-4192 https://www.tenable.com/cve/CVE-2026-4192 Sun, 15 Mar 2026 20:32:09 GMT Medium Severity

Description

A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Read more at https://www.tenable.com/cve/CVE-2026-4192

]]> https://www.tenable.com/cve/CVE-2026-4191 https://www.tenable.com/cve/CVE-2026-4191 Sun, 15 Mar 2026 20:02:09 GMT Medium Severity

Description

A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4191

]]> https://www.tenable.com/cve/CVE-2026-4190 https://www.tenable.com/cve/CVE-2026-4190 Sun, 15 Mar 2026 19:32:16 GMT Medium Severity

Description

A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4190

]]> https://www.tenable.com/cve/CVE-2026-4189 https://www.tenable.com/cve/CVE-2026-4189 Sun, 15 Mar 2026 19:32:12 GMT Medium Severity

Description

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4189

]]> https://www.tenable.com/cve/CVE-2026-4188 https://www.tenable.com/cve/CVE-2026-4188 Sun, 15 Mar 2026 19:32:10 GMT High Severity

Description

A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.

Read more at https://www.tenable.com/cve/CVE-2026-4188

]]> https://www.tenable.com/cve/CVE-2026-4187 https://www.tenable.com/cve/CVE-2026-4187 Sun, 15 Mar 2026 19:02:17 GMT Medium Severity

Description

A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Impacted is an unknown function of the file /WebService/UpdateLocalDevInfo.jsp of the component Device Identifier Handler. Such manipulation of the argument username/password leads to missing authentication. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4187

]]> https://www.tenable.com/cve/CVE-2026-4186 https://www.tenable.com/cve/CVE-2026-4186 Sun, 15 Mar 2026 19:02:06 GMT Medium Severity

Description

A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer.

Read more at https://www.tenable.com/cve/CVE-2026-4186

]]> https://www.tenable.com/cve/CVE-2026-4185 https://www.tenable.com/cve/CVE-2026-4185 Sun, 15 Mar 2026 18:32:08 GMT Medium Severity

Description

A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swf_def_bits_jpeg of the file src/scene_manager/swf_parse.c of the component MP4Box. The manipulation of the argument szName results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. The patch is identified as 8961c74f87ae3fe2d3352e622f7730ca96d50cf1. A patch should be applied to remediate this issue.

Read more at https://www.tenable.com/cve/CVE-2026-4185

]]> https://www.tenable.com/cve/CVE-2026-4184 https://www.tenable.com/cve/CVE-2026-4184 Sun, 15 Mar 2026 17:32:09 GMT Critical Severity

Description

A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi of the component goahead. Performing a manipulation of the argument pskValue results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Read more at https://www.tenable.com/cve/CVE-2026-4184

]]> https://www.tenable.com/cve/CVE-2026-4183 https://www.tenable.com/cve/CVE-2026-4183 Sun, 15 Mar 2026 16:32:09 GMT Critical Severity

Description

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Read more at https://www.tenable.com/cve/CVE-2026-4183

]]> https://www.tenable.com/cve/CVE-2026-4182 https://www.tenable.com/cve/CVE-2026-4182 Sun, 15 Mar 2026 16:02:15 GMT Critical Severity

Description

A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the file /goform/form2Wl5RepeaterStep2.cgi of the component goahead. This manipulation of the argument key1/key2/key3/key4/pskValue causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.

Read more at https://www.tenable.com/cve/CVE-2026-4182

]]> https://www.tenable.com/cve/CVE-2026-4181 https://www.tenable.com/cve/CVE-2026-4181 Sun, 15 Mar 2026 16:02:10 GMT Critical Severity

Description

A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.

Read more at https://www.tenable.com/cve/CVE-2026-4181

]]> https://www.tenable.com/cve/CVE-2026-28522 https://www.tenable.com/cve/CVE-2026-28522 Sun, 15 Mar 2026 13:36:52 GMT High Severity

Description

arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets to cause memory exhaustion on the device, triggering a null pointer dereference and resulting in a denial-of-service condition.

Read more at https://www.tenable.com/cve/CVE-2026-28522

]]> https://www.tenable.com/cve/CVE-2026-28519 https://www.tenable.com/cve/CVE-2026-28519 Sun, 15 Mar 2026 13:36:47 GMT High Severity

Description

arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An attacker on the same local area network who controls the LAN DNS server can send malicious DNS responses to overflow the heap buffer, potentially allowing execution of arbitrary code on affected embedded devices.

Read more at https://www.tenable.com/cve/CVE-2026-28519

]]> https://www.tenable.com/cve/CVE-2026-28521 https://www.tenable.com/cve/CVE-2026-28521 Sun, 15 Mar 2026 13:35:46 GMT High Severity

Description

arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vulnerability in the TuyaIoT component. An attacker who hijacks or controls the Tuya cloud service can issue malicious DP event data to victim devices, causing out-of-bounds memory access that may result in information disclosure or a denial-of-service condition.

Read more at https://www.tenable.com/cve/CVE-2026-28521

]]> https://www.tenable.com/cve/CVE-2026-28520 https://www.tenable.com/cve/CVE-2026-28520 Sun, 15 Mar 2026 13:35:42 GMT High Severity

Description

arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the WiFiMulti component. When the victim's smart hardware connects to an attacker-controlled AP hotspot, the attacker can exploit the overflow to execute arbitrary code on the affected embedded device.

Read more at https://www.tenable.com/cve/CVE-2026-28520

]]> https://www.tenable.com/cve/CVE-2026-4180 https://www.tenable.com/cve/CVE-2026-4180 Sun, 15 Mar 2026 13:32:10 GMT Medium Severity

Description

A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impacted element is an unknown function of the file redirect.asp of the component goahead. The manipulation of the argument token_id leads to improper access controls. The attack may be initiated remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

Read more at https://www.tenable.com/cve/CVE-2026-4180

]]> https://www.tenable.com/cve/CVE-2026-4175 https://www.tenable.com/cve/CVE-2026-4175 Sun, 15 Mar 2026 10:32:14 GMT Medium Severity

Description

A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The affected element is an unknown function of the file plugins/webkul/chatter/resources/views/filament/infolists/components/messages/content-text-entry.blade.php of the component Chatter Message Handler. Executing a manipulation of the argument subject/body can lead to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.0-BETA1 is sufficient to fix this issue. This patch is called 2135ee7efff4090e70050b63015ab5e268760ec8. It is suggested to upgrade the affected component.

Read more at https://www.tenable.com/cve/CVE-2026-4175

]]> https://www.tenable.com/cve/CVE-2026-4174 https://www.tenable.com/cve/CVE-2026-4174 Sun, 15 Mar 2026 10:32:10 GMT Medium Severity

Description

A vulnerability has been found in Radare2 5.9.9. This issue affects the function walk_exports_trie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation leads to resource consumption. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The existence of this vulnerability is still disputed at present. Upgrading to version 6.1.2 is capable of addressing this issue. The name of the patch is 4371ae84c99c46b48cb21badbbef06b30757aba0. You should upgrade the affected component. The code maintainer states that, "[he] wont consider this bug a DoS".

Read more at https://www.tenable.com/cve/CVE-2026-4174

]]> https://www.tenable.com/cve/CVE-2025-14287 https://www.tenable.com/cve/CVE-2025-14287 Sun, 15 Mar 2026 09:27:36 GMT High Severity

Description

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the `mlflow/sagemaker/__init__.py` file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, which are then executed using `os.system()`. This allows attackers to execute arbitrary commands by supplying malicious input through the `--container` parameter of the CLI. The issue affects environments where MLflow is used, including development setups, CI/CD pipelines, and cloud deployments.

Read more at https://www.tenable.com/cve/CVE-2025-14287

]]> https://www.tenable.com/cve/CVE-2026-4173 https://www.tenable.com/cve/CVE-2026-4173 Sun, 15 Mar 2026 09:02:08 GMT Medium Severity

Description

A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4173

]]> https://www.tenable.com/cve/CVE-2026-4172 https://www.tenable.com/cve/CVE-2026-4172 Sun, 15 Mar 2026 08:32:08 GMT High Severity

Description

A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /ping_response.cgi of the component HTTP POST Request Handler. The manipulation of the argument ping_ipaddr results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4172

]]> https://www.tenable.com/cve/CVE-2026-4171 https://www.tenable.com/cve/CVE-2026-4171 Sun, 15 Mar 2026 08:02:07 GMT Medium Severity

Description

A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4171

]]> https://www.tenable.com/cve/CVE-2026-4170 https://www.tenable.com/cve/CVE-2026-4170 Sun, 15 Mar 2026 07:02:43 GMT Critical Severity

Description

A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmc_sync.php of the component HTTP Request Handler. Executing a manipulation of the argument template_path can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4170

]]> https://www.tenable.com/cve/CVE-2026-4169 https://www.tenable.com/cve/CVE-2026-4169 Sun, 15 Mar 2026 06:02:09 GMT Medium Severity

Description

A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function F_xml_export_users of the file admin/code/tce_xml_users.php of the component XML Export. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. There are still doubts about whether this vulnerability truly exists. Upgrading to version 16.6.1 is able to address this issue. The patch is named 899b5b2fa09edfe16043f07265e44fe2022b7f12. It is suggested to upgrade the affected component. When the vendor was informed about another security issue, he identified and fixed this flaw during analysis. He doubts the impact of this: "However, this is difficult to justify as security issue. It requires to be administrator to both create and consume the exploit. Administrators can do pretty much anything in the platform, so I don't see the point of this from a security perspective." This is reflected by the CVSS vector.

Read more at https://www.tenable.com/cve/CVE-2026-4169

]]> https://www.tenable.com/cve/CVE-2026-4168 https://www.tenable.com/cve/CVE-2026-4168 Sun, 15 Mar 2026 06:02:07 GMT Medium Severity

Description

A vulnerability was identified in Tecnick TCExam 16.5.0. This impacts an unknown function of the file /admin/code/tce_edit_group.php of the component Group Handler. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used. The presence of this vulnerability remains uncertain at this time. The affected component should be upgraded. The vendor explained: "I was not able to reproduce the same exploit as the TCExam version was already advanced in the meanwhile." Therefore, it can be assumed that this issue got fixed in a later release.

Read more at https://www.tenable.com/cve/CVE-2026-4168

]]> https://www.tenable.com/cve/CVE-2026-4167 https://www.tenable.com/cve/CVE-2026-4167 Sun, 15 Mar 2026 05:32:10 GMT High Severity

Description

A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formReboot. This manipulation of the argument webpage causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-4167

]]> https://www.tenable.com/cve/CVE-2026-4166 https://www.tenable.com/cve/CVE-2026-4166 Sun, 15 Mar 2026 05:32:08 GMT Medium Severity

Description

A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub_404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in cross site scripting. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure.

Read more at https://www.tenable.com/cve/CVE-2026-4166

]]> https://www.tenable.com/cve/CVE-2026-4165 https://www.tenable.com/cve/CVE-2026-4165 Sun, 15 Mar 2026 05:02:07 GMT Medium Severity

Description

A vulnerability has been found in Worksuite HR, CRM and Project Management up to 5.5.25. The affected element is an unknown function of the file /account/orders/create. The manipulation of the argument Client Note leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Read more at https://www.tenable.com/cve/CVE-2026-4165

]]> https://www.tenable.com/cve/CVE-2026-4164 https://www.tenable.com/cve/CVE-2026-4164 Sun, 15 Mar 2026 03:02:10 GMT Critical Severity

Description

A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is possible to launch the attack remotely. The exploit has been published and may be used. It is recommended to upgrade the affected component.

Read more at https://www.tenable.com/cve/CVE-2026-4164

]]> https://www.tenable.com/cve/CVE-2026-2233 https://www.tenable.com/cve/CVE-2026-2233 Sun, 15 Mar 2026 02:19:14 GMT Medium Severity

Description

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the draft_post() function in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to modify arbitrary posts (e.g. unpublish published posts and overwrite the contents) via the 'post_id' parameter.

Read more at https://www.tenable.com/cve/CVE-2026-2233

]]> https://www.tenable.com/cve/CVE-2026-1947 https://www.tenable.com/cve/CVE-2026-1947 Sun, 15 Mar 2026 01:19:06 GMT High Severity

Description

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submit_nex_form() function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to to overwrite arbitrary form entries via the 'nf_set_entry_update_id' parameter.

Read more at https://www.tenable.com/cve/CVE-2026-1947

]]> https://www.tenable.com/cve/CVE-2026-1883 https://www.tenable.com/cve/CVE-2026-1883 Sun, 15 Mar 2026 01:19:05 GMT Medium Severity

Description

The Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the delete_folders() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary folders created by other users.

Read more at https://www.tenable.com/cve/CVE-2026-1883

]]> https://www.tenable.com/cve/CVE-2026-4163 https://www.tenable.com/cve/CVE-2026-4163 Sat, 14 Mar 2026 22:32:10 GMT Critical Severity

Description

A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading the affected component is recommended.

Read more at https://www.tenable.com/cve/CVE-2026-4163

]]> https://www.tenable.com/cve/CVE-2026-4179 https://www.tenable.com/cve/CVE-2026-4179 Sat, 14 Mar 2026 21:51:33 GMT Medium Severity

Description

Issues in stm32 USB device driver (drivers/usb/device/usb_dc_stm32.c) can lead to an infinite while loop.

Read more at https://www.tenable.com/cve/CVE-2026-4179

]]> https://www.tenable.com/cve/CVE-2026-32774 https://www.tenable.com/cve/CVE-2026-32774 Sat, 14 Mar 2026 21:44:07 GMT Medium Severity

Description

Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims' browsers.

Read more at https://www.tenable.com/cve/CVE-2026-32774

]]> https://www.tenable.com/cve/CVE-2026-0849 https://www.tenable.com/cve/CVE-2026-0849 Sat, 14 Mar 2026 21:05:36 GMT Low Severity

Description

Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution.

Read more at https://www.tenable.com/cve/CVE-2026-0849

]]> https://www.tenable.com/cve/CVE-2026-1870 https://www.tenable.com/cve/CVE-2026-1870 Sat, 14 Mar 2026 13:24:42 GMT Medium Severity

Description

The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing validation checks on the 'thim-ekit/archive-course/get-courses' REST endpoint callback function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to disclose private or draft LearnPress course content by supplying post_status in the params_url payload.

Read more at https://www.tenable.com/cve/CVE-2026-1870

]]> https://www.tenable.com/cve/CVE-2025-54920 https://www.tenable.com/cve/CVE-2025-54920 Sat, 14 Mar 2026 09:01:50 GMT High Severity

Description

This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson deserialization of event log data. This allows an attacker with access to the Spark event logs directory to inject malicious JSON payloads that trigger deserialization of arbitrary classes, enabling command execution on the host running the Spark History Server. Details The vulnerability arises because the Spark History Server uses Jackson polymorphic deserialization with @JsonTypeInfo.Id.CLASS on SparkListenerEvent objects, allowing an attacker to specify arbitrary class names in the event JSON. This behavior permits instantiating unintended classes, such as org.apache.hive.jdbc.HiveConnection, which can perform network calls or other malicious actions during deserialization. The attacker can exploit this by injecting crafted JSON content into the Spark event log files, which the History Server then deserializes on startup or when loading event logs. For example, the attacker can force the History Server to open a JDBC connection to a remote attacker-controlled server, demonstrating remote command injection capability. Proof of Concept: 1. Run Spark with event logging enabled, writing to a writable directory (spark-logs). 2. Inject the following JSON at the beginning of an event log file: { "Event": "org.apache.hive.jdbc.HiveConnection", "uri": "jdbc:hive2://:/", "info": { "hive.metastore.uris": "thrift://:" } } 3. Start the Spark History Server with logs pointing to the modified directory. 4. The Spark History Server initiates a JDBC connection to the attacker’s server, confirming the injection. Impact An attacker with write access to Spark event logs can execute arbitrary code on the server running the History Server, potentially compromising the entire system.

Read more at https://www.tenable.com/cve/CVE-2025-54920

]]> https://www.tenable.com/cve/CVE-2026-1948 https://www.tenable.com/cve/CVE-2026-1948 Sat, 14 Mar 2026 03:24:14 GMT Medium Severity

Description

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_license() function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to to deactivate the plugin license.

Read more at https://www.tenable.com/cve/CVE-2026-1948

]]> https://www.tenable.com/cve/CVE-2025-65587 https://www.tenable.com/cve/CVE-2025-65587 Sat, 14 Mar 2026 03:12:15 GMT Severity Not Scored

Description

Version 1.6.1 of the Flash Payments package graphql-upload-minimal is vulnerable to prototype pollution. This vulnerability, located in the processRequest() function, allows an attacker to inject special property names into the operations.variables object and pollute global object prototypes, ultimately impacting the entire Node.js process.

Read more at https://www.tenable.com/cve/CVE-2025-65587

]]> https://www.tenable.com/cve/CVE-2026-0385 https://www.tenable.com/cve/CVE-2026-0385 Fri, 13 Mar 2026 21:55:20 GMT Medium Severity

Description

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

Read more at https://www.tenable.com/cve/CVE-2026-0385

]]> https://www.tenable.com/cve/CVE-2026-32732 https://www.tenable.com/cve/CVE-2026-32732 Fri, 13 Mar 2026 21:43:22 GMT Info Severity

Description

Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as unescaped HTML. The issue has been resolved in 0.2.0.

Read more at https://www.tenable.com/cve/CVE-2026-32732

]]> https://www.tenable.com/cve/CVE-2026-32729 https://www.tenable.com/cve/CVE-2026-32729 Fri, 13 Mar 2026 21:41:11 GMT High Severity

Description

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials (via phishing, credential stuffing, or data breach) can brute-force the 6-digit TOTP code to completely bypass two-factor authentication. The TOTP verification session persists for 24 hours (default cache TTL), providing an excessive window during which the full 1,000,000-code keyspace (000000–999999) can be exhausted. At practical request rates (~500 req/s), the attack completes in approximately 33 minutes in the worst case. This vulnerability is fixed in 4.8.1.

Read more at https://www.tenable.com/cve/CVE-2026-32729

]]> https://www.tenable.com/cve/CVE-2026-32724 https://www.tenable.com/cve/CVE-2026-32724 Fri, 13 Mar 2026 21:39:19 GMT Medium Severity

Description

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available() function. The issue is caused by a race condition between the MAVLink receiver thread (which handles shell creation/destruction) and the telemetry sender thread (which polls the shell for available output). The issue is remotely triggerable via MAVLink SERIAL_CONTROL messages (ID 126), which can be sent by an external ground station or automated script. This vulnerability is fixed in 1.17.0-rc1.

Read more at https://www.tenable.com/cve/CVE-2026-32724

]]> https://www.tenable.com/cve/CVE-2026-3227 https://www.tenable.com/cve/CVE-2026-3227 Fri, 13 Mar 2026 21:38:31 GMT High Severity

Description

A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file that results in execution of OS commands with root privileges during port-trigger processing. Successful exploitation allows an authenticated attacker to execute system commands with root privileges, leading to full device compromise.

Read more at https://www.tenable.com/cve/CVE-2026-3227

]]> https://www.tenable.com/cve/CVE-2026-32720 https://www.tenable.com/cve/CVE-2026-32720 Fri, 13 Mar 2026 21:27:52 GMT High Severity

Description

The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). Prior to 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. This vulnerability is fixed in 0.2.1.

Read more at https://www.tenable.com/cve/CVE-2026-32720

]]> https://www.tenable.com/cve/CVE-2026-32719 https://www.tenable.com/cve/CVE-2026-32719 Fri, 13 Mar 2026 21:25:31 GMT Medium Severity

Description

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl() function in server/utils/agents/imported.js downloads a ZIP file from a community hub URL and extracts it using AdmZip.extractAllTo() without validating file paths within the archive. This enables a Zip Slip path traversal attack that can lead to arbitrary code execution.

Read more at https://www.tenable.com/cve/CVE-2026-32719

]]> https://www.tenable.com/cve/CVE-2026-32717 https://www.tenable.com/cve/CVE-2026-32717 Fri, 13 Mar 2026 21:23:48 GMT Low Severity

Description

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it does not block them on the browser extension API key path. If a user already has a valid brx-... browser extension API key, that key continues to work after suspension. As a result, a suspended user can still access browser extension endpoints, read reachable workspace metadata, and continue upload or embed operations even though normal authenticated requests are rejected.

Read more at https://www.tenable.com/cve/CVE-2026-32717

]]> https://www.tenable.com/cve/CVE-2026-32715 https://www.tenable.com/cve/CVE-2026-32715 Fri, 13 Mar 2026 21:22:00 GMT Low Severity

Description

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admin only. Because of this inconsistency, a manager can call the generic endpoints directly to read plaintext SQL database credentials and overwrite admin-only global settings such as the default system prompt and the Community Hub API key.

Read more at https://www.tenable.com/cve/CVE-2026-32715

]]> https://www.tenable.com/cve/CVE-2026-32713 https://www.tenable.com/cve/CVE-2026-32713 Fri, 13 Mar 2026 21:20:09 GMT Medium Severity

Description

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink FTP session validation uses incorrect boolean logic (&& instead of ||), allowing BurstReadFile and WriteFile operations to proceed with invalid sessions or closed file descriptors. This enables an unauthenticated attacker to put the FTP subsystem into an inconsistent state, trigger operations on invalid file descriptors, and bypass session isolation checks. This vulnerability is fixed in 1.17.0-rc2.

Read more at https://www.tenable.com/cve/CVE-2026-32713

]]> https://www.tenable.com/cve/CVE-2026-32709 https://www.tenable.com/cve/CVE-2026-32709 Fri, 13 Mar 2026 21:19:33 GMT Medium Severity

Description

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem without authentication. On NuttX targets, the FTP root directory is an empty string, meaning attacker-supplied paths are passed directly to filesystem syscalls with no prefix or sanitization for read operations. On POSIX targets (Linux companion computers, SITL), the write-path validation function unconditionally returns true, providing no protection. A TOCTOU race condition in the write validation on NuttX further allows bypassing the only existing guard. This vulnerability is fixed in 1.17.0-rc2.

Read more at https://www.tenable.com/cve/CVE-2026-32709

]]> https://www.tenable.com/cve/CVE-2026-32708 https://www.tenable.com/cve/CVE-2026-32708 Fri, 13 Mar 2026 21:18:53 GMT High Severity

Description

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload length without bounds. A remote Zenoh publisher can send an oversized fragmented message to force an unbounded stack allocation and copy, causing a stack overflow and crash of the Zenoh bridge task. This vulnerability is fixed in 1.17.0-rc2.

Read more at https://www.tenable.com/cve/CVE-2026-32708

]]> https://www.tenable.com/cve/CVE-2026-32707 https://www.tenable.com/cve/CVE-2026-32707 Fri, 13 Mar 2026 21:18:09 GMT Medium Severity

Description

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattu_can contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattu_can is enabled and running, a CAN-injection-capable attacker can trigger a crash (DoS) and memory corruption. This vulnerability is fixed in 1.17.0-rc2.

Read more at https://www.tenable.com/cve/CVE-2026-32707

]]> https://www.tenable.com/cve/CVE-2026-32706 https://www.tenable.com/cve/CVE-2026-32706 Fri, 13 Mar 2026 21:17:02 GMT High Severity

Description

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsf_rc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsf_rc is enabled on a CRSF serial port, an adjacent/raw-serial attacker can trigger memory corruption and crash PX4. This vulnerability is fixed in 1.17.0-rc2.

Read more at https://www.tenable.com/cve/CVE-2026-32706

]]> https://www.tenable.com/cve/CVE-2026-32705 https://www.tenable.com/cve/CVE-2026-32705 Fri, 13 Mar 2026 21:15:55 GMT Medium Severity

Description

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized dev_name_len, causing a stack overflow in the driver and crashing the task (or enabling code execution). This vulnerability is fixed in 1.17.0-rc2.

Read more at https://www.tenable.com/cve/CVE-2026-32705

]]> https://www.tenable.com/cve/CVE-2026-32616 https://www.tenable.com/cve/CVE-2026-32616 Fri, 13 Mar 2026 21:12:40 GMT High Severity

Description

Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $_SERVER['HTTP_HOST'] without validation to construct email verification URLs in the register and resendmail flows. An attacker can manipulate the Host header in the HTTP request, causing the verification link sent to the user's email to point to an attacker-controlled domain. This can lead to account takeover by stealing the email verification token. This vulnerability is fixed in 1.0.201.

Read more at https://www.tenable.com/cve/CVE-2026-32616

]]> https://www.tenable.com/cve/CVE-2026-32704 https://www.tenable.com/cve/CVE-2026-32704 Fri, 13 Mar 2026 21:10:36 GMT Medium Severity

Description

SiYuan is a personal knowledge management system. Prior to 3.6.1, POST /api/template/renderSprig lacks model.CheckAdminRole, allowing any authenticated user to execute arbitrary SQL queries against the SiYuan workspace database and exfiltrate all note content, metadata, and custom attributes. This vulnerability is fixed in 3.6.1.

Read more at https://www.tenable.com/cve/CVE-2026-32704

]]> https://www.tenable.com/cve/CVE-2026-26133 https://www.tenable.com/cve/CVE-2026-26133 Fri, 13 Mar 2026 21:10:13 GMT High Severity

Description

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Read more at https://www.tenable.com/cve/CVE-2026-26133

]]> https://www.tenable.com/cve/CVE-2026-32702 https://www.tenable.com/cve/CVE-2026-32702 Fri, 13 Mar 2026 21:09:00 GMT Medium Severity

Description

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. From 2.7.0 to 2.8.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the application's response time. It appears that the hashing function, which is the most time-consuming part of the process by design, occurs as part of the VerifyPassword function. With the short circuits occurring before the hashing function, a timing differential is introduced that exposes validity to the actor. This vulnerability is fixed in 2.8.1.

Read more at https://www.tenable.com/cve/CVE-2026-32702

]]> https://www.tenable.com/cve/CVE-2026-32635 https://www.tenable.com/cve/CVE-2026-32635 Fri, 13 Mar 2026 20:58:12 GMT High Severity

Description

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, a Cross-Site Scripting (XSS) vulnerability has been identified in the Angular runtime and compiler. It occurs when the application uses a security-sensitive attribute (for example href on an anchor tag) together with Angular's ability to internationalize attributes. Enabling internationalization for the sensitive attribute by adding i18n- name bypasses Angular's built-in sanitization mechanism, which when combined with a data binding to untrusted user-generated data can allow an attacker to inject a malicious script. This vulnerability is fixed in 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20.

Read more at https://www.tenable.com/cve/CVE-2026-32635

]]> https://www.tenable.com/cve/CVE-2026-32630 https://www.tenable.com/cve/CVE-2026-32630 Fri, 13 Mar 2026 20:56:05 GMT Medium Severity

Description

file-type: ZIP Decompression Bomb DoS via [Content_Types].xml entry

Read more at https://www.tenable.com/cve/CVE-2026-32630

]]> https://www.tenable.com/cve/CVE-2026-32621 https://www.tenable.com/cve/CVE-2026-32621 Fri, 13 Mar 2026 20:51:10 GMT Critical Severity

Description

Apollo Federation vulnerable to prototype pollution via incomplete key sanitization

Read more at https://www.tenable.com/cve/CVE-2026-32621

]]> https://www.tenable.com/cve/CVE-2026-32628 https://www.tenable.com/cve/CVE-2026-32628 Fri, 13 Mar 2026 20:50:15 GMT High Severity

Description

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected databases. The getTableSchemaSql() method in all three database connectors (MySQL, PostgreSQL, MSSQL) constructs SQL queries using direct string concatenation of the table_name parameter without sanitization or parameterization.

Read more at https://www.tenable.com/cve/CVE-2026-32628

]]> https://www.tenable.com/cve/CVE-2026-32600 https://www.tenable.com/cve/CVE-2026-32600 Fri, 13 Mar 2026 20:44:21 GMT High Severity

Description

simplesamlphp/xml-security: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

Read more at https://www.tenable.com/cve/CVE-2026-32600

]]> https://www.tenable.com/cve/CVE-2025-15060 https://www.tenable.com/cve/CVE-2025-15060 Fri, 13 Mar 2026 20:43:36 GMT Critical Severity

Description

claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of claude-hovercraft. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the executeClaudeCode method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27785.

Read more at https://www.tenable.com/cve/CVE-2025-15060

]]> https://www.tenable.com/cve/CVE-2026-2491 https://www.tenable.com/cve/CVE-2026-2491 Fri, 13 Mar 2026 20:43:15 GMT Medium Severity

Description

Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web API implementation, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-23993.

Read more at https://www.tenable.com/cve/CVE-2026-2491

]]> https://www.tenable.com/cve/CVE-2026-2493 https://www.tenable.com/cve/CVE-2026-2493 Fri, 13 Mar 2026 20:42:38 GMT High Severity

Description

IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling of the ticket parameter provided to the collaboration endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-25440.

Read more at https://www.tenable.com/cve/CVE-2026-2493

]]> https://www.tenable.com/cve/CVE-2026-3839 https://www.tenable.com/cve/CVE-2026-3839 Fri, 13 Mar 2026 20:38:05 GMT High Severity

Description

Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Unraid. Authentication is not required to exploit this vulnerability. The specific flaw exists within the auth-request.php file. The issue results from the lack of proper validation of a user-supplied path prior to using it in authentications. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28912.

Read more at https://www.tenable.com/cve/CVE-2026-3839

]]> https://www.tenable.com/cve/CVE-2026-3838 https://www.tenable.com/cve/CVE-2026-3838 Fri, 13 Mar 2026 20:37:53 GMT High Severity

Description

Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within the update.php file. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-28951.

Read more at https://www.tenable.com/cve/CVE-2026-3838

]]> https://www.tenable.com/cve/CVE-2026-3562 https://www.tenable.com/cve/CVE-2026-3562 Fri, 13 Mar 2026 20:37:09 GMT Medium Severity

Description

Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ed25519_sign_open function. The issue results from improper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28480.

Read more at https://www.tenable.com/cve/CVE-2026-3562

]]> https://www.tenable.com/cve/CVE-2026-3561 https://www.tenable.com/cve/CVE-2026-3561 Fri, 13 Mar 2026 20:37:05 GMT High Severity

Description

Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of PUT requests to the characteristics endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28479.

Read more at https://www.tenable.com/cve/CVE-2026-3561

]]> https://www.tenable.com/cve/CVE-2026-3560 https://www.tenable.com/cve/CVE-2026-3560 Fri, 13 Mar 2026 20:37:01 GMT High Severity

Description

Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hk_hap_pair_storage_put function of the HomeKit implementation, which listens on TCP port 8080 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28469.

Read more at https://www.tenable.com/cve/CVE-2026-3560

]]> https://www.tenable.com/cve/CVE-2026-3559 https://www.tenable.com/cve/CVE-2026-3559 Fri, 13 Mar 2026 20:36:57 GMT High Severity

Description

Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the SRP authentication mechanism in the HomeKit Accessory Protocol service, which listens on TCP port 8080 by default. The issue results from the use of a static nonce value. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28451.

Read more at https://www.tenable.com/cve/CVE-2026-3559

]]> https://www.tenable.com/cve/CVE-2026-3558 https://www.tenable.com/cve/CVE-2026-3558 Fri, 13 Mar 2026 20:36:52 GMT High Severity

Description

Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the HomeKit Accessory Protocol service, which listens on TCP port 8080 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28374.

Read more at https://www.tenable.com/cve/CVE-2026-3558

]]> https://www.tenable.com/cve/CVE-2026-3557 https://www.tenable.com/cve/CVE-2026-3557 Fri, 13 Mar 2026 20:36:48 GMT High Severity

Description

Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the hap_pair_verify_handler function of the hk_hap service, which listens on TCP port 8080 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-28337.

Read more at https://www.tenable.com/cve/CVE-2026-3557

]]> https://www.tenable.com/cve/CVE-2026-3556 https://www.tenable.com/cve/CVE-2026-3556 Fri, 13 Mar 2026 20:36:44 GMT High Severity

Description

Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hk_hap_pair_storage_put function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the HomeKit service. Was ZDI-CAN-28326.

Read more at https://www.tenable.com/cve/CVE-2026-3556

]]> https://www.tenable.com/cve/CVE-2026-3555 https://www.tenable.com/cve/CVE-2026-3555 Fri, 13 Mar 2026 20:36:40 GMT High Severity

Description

Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. User interaction is required to exploit this vulnerability in that the user must initiate the device pairing process. The specific flaw exists within the handling of custom Zigbee ZCL frames in the Model Info download functionality. The issue results from the lack of proper validation of the size of data prior to copying it to a fixed-size heap buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28276.

Read more at https://www.tenable.com/cve/CVE-2026-3555

]]> https://www.tenable.com/cve/CVE-2026-32626 https://www.tenable.com/cve/CVE-2026-32626 Fri, 13 Mar 2026 20:14:30 GMT Critical Severity

Description

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, AnythingLLM Desktop contains a Streaming Phase XSS vulnerability in the chat rendering pipeline that escalates to Remote Code Execution on the host OS due to insecure Electron configuration. This works with default settings and requires no user interaction beyond normal chat usage. The custom markdown-it image renderer in frontend/src/utils/chat/markdown.js interpolates token.content directly into the alt attribute without HTML entity escaping. The PromptReply component renders this output via dangerouslySetInnerHTML without DOMPurify sanitization — unlike HistoricalMessage which correctly applies DOMPurify.sanitize().

Read more at https://www.tenable.com/cve/CVE-2026-32626

]]> https://www.tenable.com/cve/CVE-2026-32614 https://www.tenable.com/cve/CVE-2026-32614 Fri, 13 Mar 2026 20:14:05 GMT Critical Severity

Description

Go ShangMi (Commercial Cryptography) Library (GMSM) is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption, the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly reject the point at infinity. In the current implementation, an attacker can construct C1 as the point at infinity, causing the bilinear pairing result to degenerate into the identity element in the GT group. As a result, a critical part of the key derivation input becomes a predictable constant. An attacker who only knows the target user's UID can derive the decryption key material and then forge a ciphertext that passes the integrity check. This vulnerability is fixed in 0.41.1.

Read more at https://www.tenable.com/cve/CVE-2026-32614

]]> https://www.tenable.com/cve/CVE-2026-0977 https://www.tenable.com/cve/CVE-2026-0977 Fri, 13 Mar 2026 20:11:00 GMT Medium Severity

Description

IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls.

Read more at https://www.tenable.com/cve/CVE-2026-0977

]]> https://www.tenable.com/cve/CVE-2026-32617 https://www.tenable.com/cve/CVE-2026-32617 Fri, 13 Mar 2026 20:07:57 GMT High Severity

Description

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, On default installations where no password or API key has been configured, all HTTP endpoints and the agent WebSocket lack authentication, and the server's CORS policy accepts any origin. AnythingLLM Desktop binds to 127.0.0.1 (loopback) by default. Modern browsers (Chrome, Edge, Firefox) implement Private Network Access (PNA). This explicitly blocks public websites from making requests to local IP addresses. Exploitation is only viable from within the same local network (LAN) due to browser-level blocking of public-to-private requests.

Read more at https://www.tenable.com/cve/CVE-2026-32617

]]> https://www.tenable.com/cve/CVE-2026-32594 https://www.tenable.com/cve/CVE-2026-32594 Fri, 13 Mar 2026 20:04:44 GMT Medium Severity

Description

Parse Server's GraphQL WebSocket endpoint bypasses security middleware

Read more at https://www.tenable.com/cve/CVE-2026-32594

]]> https://www.tenable.com/cve/CVE-2026-32313 https://www.tenable.com/cve/CVE-2026-32313 Fri, 13 Mar 2026 20:04:21 GMT High Severity

Description

xmlseclibs: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

Read more at https://www.tenable.com/cve/CVE-2026-32313

]]> https://www.tenable.com/cve/CVE-2026-4111 https://www.tenable.com/cve/CVE-2026-4111 Fri, 13 Mar 2026 19:55:13 GMT High Severity

Description

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.

Read more at https://www.tenable.com/cve/CVE-2026-4111

]]> https://www.tenable.com/cve/CVE-2026-4105 https://www.tenable.com/cve/CVE-2026-4105 Fri, 13 Mar 2026 19:55:13 GMT High Severity

Description

A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.

Read more at https://www.tenable.com/cve/CVE-2026-4105

]]> https://www.tenable.com/cve/CVE-2026-4092 https://www.tenable.com/cve/CVE-2026-4092 Fri, 13 Mar 2026 19:55:13 GMT High Severity

Description

Path Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences.

Read more at https://www.tenable.com/cve/CVE-2026-4092

]]> https://www.tenable.com/cve/CVE-2026-4063 https://www.tenable.com/cve/CVE-2026-4063 Fri, 13 Mar 2026 19:55:13 GMT Medium Severity

Description

The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the add_menu_item() method hooked to admin_menu in all versions up to, and including, 4.5.8. This is due to the method performing wp_insert_post() and update_post_meta() calls to create a sharing configuration without verifying the current user has administrator-level capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger the creation of a published wpzoom-sharing configuration post with default sharing button settings, which causes social sharing buttons to be automatically injected into all post content on the frontend via the the_content filter.

Read more at https://www.tenable.com/cve/CVE-2026-4063

]]> https://www.tenable.com/cve/CVE-2026-3999 https://www.tenable.com/cve/CVE-2026-3999 Fri, 13 Mar 2026 19:55:13 GMT High Severity

Description

A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations.

Read more at https://www.tenable.com/cve/CVE-2026-3999

]]> https://www.tenable.com/cve/CVE-2026-3986 https://www.tenable.com/cve/CVE-2026-3986 Fri, 13 Mar 2026 19:55:12 GMT Medium Severity

Description

The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and including, 5.4.5.0. This is due to insufficient capability checks on the form settings save handler and insufficient input sanitization of the `fcontent` field in `fhtml` field types. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Read more at https://www.tenable.com/cve/CVE-2026-3986

]]> https://www.tenable.com/cve/CVE-2026-3910 https://www.tenable.com/cve/CVE-2026-3910 Fri, 13 Mar 2026 19:55:11 GMT High Severity

Description

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Read more at https://www.tenable.com/cve/CVE-2026-3910

]]> https://www.tenable.com/cve/CVE-2026-3909 https://www.tenable.com/cve/CVE-2026-3909 Fri, 13 Mar 2026 19:55:11 GMT High Severity

Description

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Read more at https://www.tenable.com/cve/CVE-2026-3909

]]> https://www.tenable.com/cve/CVE-2026-3891 https://www.tenable.com/cve/CVE-2026-3891 Fri, 13 Mar 2026 19:55:10 GMT Critical Severity

Description

The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Read more at https://www.tenable.com/cve/CVE-2026-3891

]]> https://www.tenable.com/cve/CVE-2026-3873 https://www.tenable.com/cve/CVE-2026-3873 Fri, 13 Mar 2026 19:55:10 GMT High Severity

Description

Use of Hard-coded Credentials vulnerability in Avantra allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Avantra: before 25.3.0.

Read more at https://www.tenable.com/cve/CVE-2026-3873

]]> https://www.tenable.com/cve/CVE-2026-32746 https://www.tenable.com/cve/CVE-2026-32746 Fri, 13 Mar 2026 19:55:10 GMT Critical Severity

Description

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.

Read more at https://www.tenable.com/cve/CVE-2026-32746

]]> https://www.tenable.com/cve/CVE-2026-3045 https://www.tenable.com/cve/CVE-2026-3045 Fri, 13 Mar 2026 19:55:10 GMT High Severity

Description

The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: (1) a non-user-bound `public_nonce` is exposed to unauthenticated users through the public `/wp-json/ssa/v1/embed-inner` REST endpoint, and (2) the `get_item()` method in `SSA_Settings_Api` relies on `nonce_permissions_check()` for authorization (which accepts the public nonce) but does not call `remove_unauthorized_settings_for_current_user()` to filter restricted fields. This makes it possible for unauthenticated attackers to access admin-only plugin settings including the administrator email, phone number, internal access tokens, notification configurations, and developer settings via the `/wp-json/ssa/v1/settings/{section}` endpoint. The exposure of appointment tokens also allows an attacker to modify or cancel appointments.

Read more at https://www.tenable.com/cve/CVE-2026-3045

]]> https://www.tenable.com/cve/CVE-2026-32745 https://www.tenable.com/cve/CVE-2026-32745 Fri, 13 Mar 2026 19:55:09 GMT Medium Severity

Description

In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings

Read more at https://www.tenable.com/cve/CVE-2026-32745

]]> https://www.tenable.com/cve/CVE-2026-32612 https://www.tenable.com/cve/CVE-2026-32612 Fri, 13 Mar 2026 19:55:09 GMT Medium Severity

Description

Statamic is a Laravel and Git powered content management system (CMS). Prior to 6.6.2, stored XSS in the control panel color mode preference allows authenticated users with control panel access to inject malicious JavaScript that executes when a higher-privileged user impersonates their account. This has been fixed in 6.6.2.

Read more at https://www.tenable.com/cve/CVE-2026-32612

]]> https://www.tenable.com/cve/CVE-2026-32598 https://www.tenable.com/cve/CVE-2026-32598 Fri, 13 Mar 2026 19:55:09 GMT Medium Severity

Description

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs (log aggregation, Docker logs, Kubernetes pod logs) can intercept reset tokens and perform account takeover on any user. This vulnerability is fixed in 10.0.24.

Read more at https://www.tenable.com/cve/CVE-2026-32598

]]> https://www.tenable.com/cve/CVE-2026-32597 https://www.tenable.com/cve/CVE-2026-32597 Fri, 13 Mar 2026 19:55:09 GMT High Severity

Description

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0.

Read more at https://www.tenable.com/cve/CVE-2026-32597

]]> https://www.tenable.com/cve/CVE-2026-32543 https://www.tenable.com/cve/CVE-2026-32543 Fri, 13 Mar 2026 19:55:09 GMT Medium Severity

Description

Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Blocks: from n/a through <= 2.2.0.

Read more at https://www.tenable.com/cve/CVE-2026-32543

]]> https://www.tenable.com/cve/CVE-2026-32487 https://www.tenable.com/cve/CVE-2026-32487 Fri, 13 Mar 2026 19:55:09 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page: from n/a through <= 1.2.7.

Read more at https://www.tenable.com/cve/CVE-2026-32487

]]> https://www.tenable.com/cve/CVE-2026-32486 https://www.tenable.com/cve/CVE-2026-32486 Fri, 13 Mar 2026 19:55:08 GMT Medium Severity

Description

Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a through <= 1.3.9.

Read more at https://www.tenable.com/cve/CVE-2026-32486

]]> https://www.tenable.com/cve/CVE-2026-32462 https://www.tenable.com/cve/CVE-2026-32462 Fri, 13 Mar 2026 19:55:08 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Master Addons for Elementor: from n/a through <= 2.1.3.

Read more at https://www.tenable.com/cve/CVE-2026-32462

]]> https://www.tenable.com/cve/CVE-2026-32461 https://www.tenable.com/cve/CVE-2026-32461 Fri, 13 Mar 2026 19:55:08 GMT Medium Severity

Description

Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple SSL: from n/a through <= 9.5.7.

Read more at https://www.tenable.com/cve/CVE-2026-32461

]]> https://www.tenable.com/cve/CVE-2026-32460 https://www.tenable.com/cve/CVE-2026-32460 Fri, 13 Mar 2026 19:55:08 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through <= 3.5.36.

Read more at https://www.tenable.com/cve/CVE-2026-32460

]]> https://www.tenable.com/cve/CVE-2026-32459 https://www.tenable.com/cve/CVE-2026-32459 Fri, 13 Mar 2026 19:55:08 GMT High Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects UpsellWP: from n/a through <= 2.2.4.

Read more at https://www.tenable.com/cve/CVE-2026-32459

]]> https://www.tenable.com/cve/CVE-2026-32458 https://www.tenable.com/cve/CVE-2026-32458 Fri, 13 Mar 2026 19:55:08 GMT High Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through <= 1.0.8.7.

Read more at https://www.tenable.com/cve/CVE-2026-32458

]]> https://www.tenable.com/cve/CVE-2026-32457 https://www.tenable.com/cve/CVE-2026-32457 Fri, 13 Mar 2026 19:55:07 GMT Medium Severity

Description

Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields (Product Addons) for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Product Fields (Product Addons) for WooCommerce: from n/a through <= 1.6.18.

Read more at https://www.tenable.com/cve/CVE-2026-32457

]]> https://www.tenable.com/cve/CVE-2026-32456 https://www.tenable.com/cve/CVE-2026-32456 Fri, 13 Mar 2026 19:55:07 GMT Medium Severity

Description

Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through <= 1.14.1.

Read more at https://www.tenable.com/cve/CVE-2026-32456

]]> https://www.tenable.com/cve/CVE-2026-32455 https://www.tenable.com/cve/CVE-2026-32455 Fri, 13 Mar 2026 19:55:07 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects MDTF: from n/a through <= 1.3.5.

Read more at https://www.tenable.com/cve/CVE-2026-32455

]]> https://www.tenable.com/cve/CVE-2026-32454 https://www.tenable.com/cve/CVE-2026-32454 Fri, 13 Mar 2026 19:55:07 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a through < 5.15.0.

Read more at https://www.tenable.com/cve/CVE-2026-32454

]]> https://www.tenable.com/cve/CVE-2026-32453 https://www.tenable.com/cve/CVE-2026-32453 Fri, 13 Mar 2026 19:55:06 GMT Medium Severity

Description

Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avada Core: from n/a through < 5.15.0.

Read more at https://www.tenable.com/cve/CVE-2026-32453

]]> https://www.tenable.com/cve/CVE-2026-32452 https://www.tenable.com/cve/CVE-2026-32452 Fri, 13 Mar 2026 19:55:06 GMT Medium Severity

Description

Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0.

Read more at https://www.tenable.com/cve/CVE-2026-32452

]]> https://www.tenable.com/cve/CVE-2026-32451 https://www.tenable.com/cve/CVE-2026-32451 Fri, 13 Mar 2026 19:55:06 GMT Medium Severity

Description

Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0.

Read more at https://www.tenable.com/cve/CVE-2026-32451

]]> https://www.tenable.com/cve/CVE-2026-32450 https://www.tenable.com/cve/CVE-2026-32450 Fri, 13 Mar 2026 19:55:06 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through <= 1.0.7.

Read more at https://www.tenable.com/cve/CVE-2026-32450

]]> https://www.tenable.com/cve/CVE-2026-32449 https://www.tenable.com/cve/CVE-2026-32449 Fri, 13 Mar 2026 19:55:05 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post themify-event-post allows Stored XSS.This issue affects Themify Event Post: from n/a through <= 1.3.4.

Read more at https://www.tenable.com/cve/CVE-2026-32449

]]> https://www.tenable.com/cve/CVE-2026-32448 https://www.tenable.com/cve/CVE-2026-32448 Fri, 13 Mar 2026 19:55:05 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through <= 4.3.3.

Read more at https://www.tenable.com/cve/CVE-2026-32448

]]> https://www.tenable.com/cve/CVE-2026-32447 https://www.tenable.com/cve/CVE-2026-32447 Fri, 13 Mar 2026 19:55:05 GMT Medium Severity

Description

Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.3.2.

Read more at https://www.tenable.com/cve/CVE-2026-32447

]]> https://www.tenable.com/cve/CVE-2026-32446 https://www.tenable.com/cve/CVE-2026-32446 Fri, 13 Mar 2026 19:55:05 GMT Medium Severity

Description

Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through <= 1.9.9.3.

Read more at https://www.tenable.com/cve/CVE-2026-32446

]]> https://www.tenable.com/cve/CVE-2026-32445 https://www.tenable.com/cve/CVE-2026-32445 Fri, 13 Mar 2026 19:55:05 GMT Low Severity

Description

Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.

Read more at https://www.tenable.com/cve/CVE-2026-32445

]]> https://www.tenable.com/cve/CVE-2026-32443 https://www.tenable.com/cve/CVE-2026-32443 Fri, 13 Mar 2026 19:55:04 GMT Medium Severity

Description

Cross-Site Request Forgery (CSRF) vulnerability in Josh Kohlbach Product Feed PRO for WooCommerce woo-product-feed-pro allows Cross Site Request Forgery.This issue affects Product Feed PRO for WooCommerce: from n/a through <= 13.5.2.

Read more at https://www.tenable.com/cve/CVE-2026-32443

]]> https://www.tenable.com/cve/CVE-2026-32442 https://www.tenable.com/cve/CVE-2026-32442 Fri, 13 Mar 2026 19:55:04 GMT Medium Severity

Description

Missing Authorization vulnerability in E2Pdf e2pdf e2pdf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through <= 1.28.15.

Read more at https://www.tenable.com/cve/CVE-2026-32442

]]> https://www.tenable.com/cve/CVE-2026-32440 https://www.tenable.com/cve/CVE-2026-32440 Fri, 13 Mar 2026 19:55:04 GMT Medium Severity

Description

Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Food: from n/a through < 2.7.1.

Read more at https://www.tenable.com/cve/CVE-2026-32440

]]> https://www.tenable.com/cve/CVE-2026-32439 https://www.tenable.com/cve/CVE-2026-32439 Fri, 13 Mar 2026 19:55:04 GMT Medium Severity

Description

Missing Authorization vulnerability in WebGeniusLab BigHearts bighearts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BigHearts: from n/a through <= 3.1.14.

Read more at https://www.tenable.com/cve/CVE-2026-32439

]]> https://www.tenable.com/cve/CVE-2026-32438 https://www.tenable.com/cve/CVE-2026-32438 Fri, 13 Mar 2026 19:55:04 GMT Medium Severity

Description

Missing Authorization vulnerability in vowelweb VW School Education vw-school-education allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW School Education: from n/a through <= 1.4.6.

Read more at https://www.tenable.com/cve/CVE-2026-32438

]]> https://www.tenable.com/cve/CVE-2026-32437 https://www.tenable.com/cve/CVE-2026-32437 Fri, 13 Mar 2026 19:55:03 GMT Medium Severity

Description

Missing Authorization vulnerability in vowelweb VW Portfolio vw-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Portfolio: from n/a through <= 1.3.3.

Read more at https://www.tenable.com/cve/CVE-2026-32437

]]> https://www.tenable.com/cve/CVE-2026-32436 https://www.tenable.com/cve/CVE-2026-32436 Fri, 13 Mar 2026 19:55:03 GMT Medium Severity

Description

Missing Authorization vulnerability in vowelweb VW Photography vw-photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Photography: from n/a through <= 1.3.8.

Read more at https://www.tenable.com/cve/CVE-2026-32436

]]> https://www.tenable.com/cve/CVE-2026-32435 https://www.tenable.com/cve/CVE-2026-32435 Fri, 13 Mar 2026 19:55:03 GMT Medium Severity

Description

Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through <= 1.4.7.

Read more at https://www.tenable.com/cve/CVE-2026-32435

]]> https://www.tenable.com/cve/CVE-2026-32434 https://www.tenable.com/cve/CVE-2026-32434 Fri, 13 Mar 2026 19:55:03 GMT Medium Severity

Description

Missing Authorization vulnerability in vowelweb VW Fitness vw-fitness allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Fitness: from n/a through <= 4.3.4.

Read more at https://www.tenable.com/cve/CVE-2026-32434

]]> https://www.tenable.com/cve/CVE-2026-32433 https://www.tenable.com/cve/CVE-2026-32433 Fri, 13 Mar 2026 19:55:02 GMT High Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Paypal: from n/a through <= 1.3.61.

Read more at https://www.tenable.com/cve/CVE-2026-32433

]]> https://www.tenable.com/cve/CVE-2026-32432 https://www.tenable.com/cve/CVE-2026-32432 Fri, 13 Mar 2026 19:55:02 GMT Medium Severity

Description

Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.42.

Read more at https://www.tenable.com/cve/CVE-2026-32432

]]> https://www.tenable.com/cve/CVE-2026-32431 https://www.tenable.com/cve/CVE-2026-32431 Fri, 13 Mar 2026 19:55:02 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through <= 1.2.10.

Read more at https://www.tenable.com/cve/CVE-2026-32431

]]> https://www.tenable.com/cve/CVE-2026-32430 https://www.tenable.com/cve/CVE-2026-32430 Fri, 13 Mar 2026 19:55:02 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IdeaBox Creations PowerPack Addons for Elementor powerpack-lite-for-elementor allows Stored XSS.This issue affects PowerPack Addons for Elementor: from n/a through <= 2.9.9.

Read more at https://www.tenable.com/cve/CVE-2026-32430

]]> https://www.tenable.com/cve/CVE-2026-32429 https://www.tenable.com/cve/CVE-2026-32429 Fri, 13 Mar 2026 19:55:01 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through <= 1.4.1.

Read more at https://www.tenable.com/cve/CVE-2026-32429

]]> https://www.tenable.com/cve/CVE-2026-32428 https://www.tenable.com/cve/CVE-2026-32428 Fri, 13 Mar 2026 19:55:01 GMT Medium Severity

Description

Missing Authorization vulnerability in Ays Pro Popup Like box ays-facebook-popup-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Like box: from n/a through <= 3.7.7.

Read more at https://www.tenable.com/cve/CVE-2026-32428

]]> https://www.tenable.com/cve/CVE-2026-32427 https://www.tenable.com/cve/CVE-2026-32427 Fri, 13 Mar 2026 19:55:01 GMT Medium Severity

Description

Missing Authorization vulnerability in vowelweb VW Education Lite vw-education-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Education Lite: from n/a through <= 2.2.0.

Read more at https://www.tenable.com/cve/CVE-2026-32427

]]> https://www.tenable.com/cve/CVE-2026-32426 https://www.tenable.com/cve/CVE-2026-32426 Fri, 13 Mar 2026 19:55:00 GMT High Severity

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through < 1.4.7.

Read more at https://www.tenable.com/cve/CVE-2026-32426

]]> https://www.tenable.com/cve/CVE-2026-32425 https://www.tenable.com/cve/CVE-2026-32425 Fri, 13 Mar 2026 19:55:00 GMT Medium Severity

Description

Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Pix For GiveWP: from n/a through <= 2.2.3.

Read more at https://www.tenable.com/cve/CVE-2026-32425

]]> https://www.tenable.com/cve/CVE-2026-32424 https://www.tenable.com/cve/CVE-2026-32424 Fri, 13 Mar 2026 19:55:00 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Stored XSS.This issue affects Sprout Clients: from n/a through <= 3.2.2.

Read more at https://www.tenable.com/cve/CVE-2026-32424

]]> https://www.tenable.com/cve/CVE-2026-32423 https://www.tenable.com/cve/CVE-2026-32423 Fri, 13 Mar 2026 19:55:00 GMT Medium Severity

Description

Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 8.4.0.

Read more at https://www.tenable.com/cve/CVE-2026-32423

]]> https://www.tenable.com/cve/CVE-2026-32422 https://www.tenable.com/cve/CVE-2026-32422 Fri, 13 Mar 2026 19:55:00 GMT High Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13.

Read more at https://www.tenable.com/cve/CVE-2026-32422

]]> https://www.tenable.com/cve/CVE-2026-32421 https://www.tenable.com/cve/CVE-2026-32421 Fri, 13 Mar 2026 19:54:59 GMT Medium Severity

Description

Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a through <= 2.4.1.

Read more at https://www.tenable.com/cve/CVE-2026-32421

]]> https://www.tenable.com/cve/CVE-2026-32420 https://www.tenable.com/cve/CVE-2026-32420 Fri, 13 Mar 2026 19:54:59 GMT Medium Severity

Description

Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garcia GamiPress gamipress allows Cross Site Request Forgery.This issue affects GamiPress: from n/a through <= 7.6.6.

Read more at https://www.tenable.com/cve/CVE-2026-32420

]]> https://www.tenable.com/cve/CVE-2026-32419 https://www.tenable.com/cve/CVE-2026-32419 Fri, 13 Mar 2026 19:54:59 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fernando Briano List category posts list-category-posts allows DOM-Based XSS.This issue affects List category posts: from n/a through <= 0.93.1.

Read more at https://www.tenable.com/cve/CVE-2026-32419

]]> https://www.tenable.com/cve/CVE-2026-32418 https://www.tenable.com/cve/CVE-2026-32418 Fri, 13 Mar 2026 19:54:59 GMT High Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through <= 5.4.4.

Read more at https://www.tenable.com/cve/CVE-2026-32418

]]> https://www.tenable.com/cve/CVE-2026-32417 https://www.tenable.com/cve/CVE-2026-32417 Fri, 13 Mar 2026 19:54:59 GMT Medium Severity

Description

Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through < 1.18.9.

Read more at https://www.tenable.com/cve/CVE-2026-32417

]]> https://www.tenable.com/cve/CVE-2026-32416 https://www.tenable.com/cve/CVE-2026-32416 Fri, 13 Mar 2026 19:54:58 GMT Medium Severity

Description

Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through <= 2.4.0.

Read more at https://www.tenable.com/cve/CVE-2026-32416

]]> https://www.tenable.com/cve/CVE-2026-32415 https://www.tenable.com/cve/CVE-2026-32415 Fri, 13 Mar 2026 19:54:58 GMT High Severity

Description

Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7.

Read more at https://www.tenable.com/cve/CVE-2026-32415

]]> https://www.tenable.com/cve/CVE-2026-32414 https://www.tenable.com/cve/CVE-2026-32414 Fri, 13 Mar 2026 19:54:58 GMT High Severity

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Remote Code Inclusion.This issue affects Advanced Woo Labels: from n/a through <= 2.36.

Read more at https://www.tenable.com/cve/CVE-2026-32414

]]> https://www.tenable.com/cve/CVE-2026-32413 https://www.tenable.com/cve/CVE-2026-32413 Fri, 13 Mar 2026 19:54:58 GMT Medium Severity

Description

Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Permalink Manager Lite: from n/a through < 2.5.3.

Read more at https://www.tenable.com/cve/CVE-2026-32413

]]> https://www.tenable.com/cve/CVE-2026-32412 https://www.tenable.com/cve/CVE-2026-32412 Fri, 13 Mar 2026 19:54:58 GMT Medium Severity

Description

Server-Side Request Forgery (SSRF) vulnerability in Gift Up! Gift Up Gift Cards for WordPress and WooCommerce gift-up allows Server Side Request Forgery.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through <= 3.1.7.

Read more at https://www.tenable.com/cve/CVE-2026-32412

]]> https://www.tenable.com/cve/CVE-2026-32411 https://www.tenable.com/cve/CVE-2026-32411 Fri, 13 Mar 2026 19:54:58 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendly: from n/a through <= 4.4.

Read more at https://www.tenable.com/cve/CVE-2026-32411

]]> https://www.tenable.com/cve/CVE-2026-32410 https://www.tenable.com/cve/CVE-2026-32410 Fri, 13 Mar 2026 19:54:57 GMT Medium Severity

Description

Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WBW Currency Switcher for WooCommerce: from n/a through <= 2.2.5.

Read more at https://www.tenable.com/cve/CVE-2026-32410

]]> https://www.tenable.com/cve/CVE-2026-32409 https://www.tenable.com/cve/CVE-2026-32409 Fri, 13 Mar 2026 19:54:57 GMT Medium Severity

Description

Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Forminator: from n/a through <= 1.50.2.

Read more at https://www.tenable.com/cve/CVE-2026-32409

]]> https://www.tenable.com/cve/CVE-2026-32408 https://www.tenable.com/cve/CVE-2026-32408 Fri, 13 Mar 2026 19:54:57 GMT Medium Severity

Description

Missing Authorization vulnerability in themefusecom Brizy brizy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy: from n/a through <= 2.7.23.

Read more at https://www.tenable.com/cve/CVE-2026-32408

]]> https://www.tenable.com/cve/CVE-2026-32407 https://www.tenable.com/cve/CVE-2026-32407 Fri, 13 Mar 2026 19:54:57 GMT Medium Severity

Description

Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Smart Wishlist for WooCommerce: from n/a through <= 5.0.8.

Read more at https://www.tenable.com/cve/CVE-2026-32407

]]> https://www.tenable.com/cve/CVE-2026-32406 https://www.tenable.com/cve/CVE-2026-32406 Fri, 13 Mar 2026 19:54:57 GMT Medium Severity

Description

Missing Authorization vulnerability in WPClever WPC Product Bundles for WooCommerce woo-product-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Product Bundles for WooCommerce: from n/a through <= 8.4.5.

Read more at https://www.tenable.com/cve/CVE-2026-32406

]]> https://www.tenable.com/cve/CVE-2026-32405 https://www.tenable.com/cve/CVE-2026-32405 Fri, 13 Mar 2026 19:54:56 GMT High Severity

Description

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through <= 8.3.9.

Read more at https://www.tenable.com/cve/CVE-2026-32405

]]> https://www.tenable.com/cve/CVE-2026-32404 https://www.tenable.com/cve/CVE-2026-32404 Fri, 13 Mar 2026 19:54:56 GMT Medium Severity

Description

Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor: from n/a through <= 1.0.3.

Read more at https://www.tenable.com/cve/CVE-2026-32404

]]> https://www.tenable.com/cve/CVE-2026-32403 https://www.tenable.com/cve/CVE-2026-32403 Fri, 13 Mar 2026 19:54:56 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through <= 1.194.

Read more at https://www.tenable.com/cve/CVE-2026-32403

]]> https://www.tenable.com/cve/CVE-2026-32402 https://www.tenable.com/cve/CVE-2026-32402 Fri, 13 Mar 2026 19:54:56 GMT Medium Severity

Description

Missing Authorization vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through <= 2.7.1.

Read more at https://www.tenable.com/cve/CVE-2026-32402

]]> https://www.tenable.com/cve/CVE-2026-32401 https://www.tenable.com/cve/CVE-2026-32401 Fri, 13 Mar 2026 19:54:56 GMT Critical Severity

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows PHP Local File Inclusion.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.9.

Read more at https://www.tenable.com/cve/CVE-2026-32401

]]> https://www.tenable.com/cve/CVE-2026-32400 https://www.tenable.com/cve/CVE-2026-32400 Fri, 13 Mar 2026 19:54:55 GMT High Severity

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion.This issue affects Boldman: from n/a through <= 7.7.

Read more at https://www.tenable.com/cve/CVE-2026-32400

]]> https://www.tenable.com/cve/CVE-2026-32399 https://www.tenable.com/cve/CVE-2026-32399 Fri, 13 Mar 2026 19:54:55 GMT High Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from n/a through <= 3.32.

Read more at https://www.tenable.com/cve/CVE-2026-32399

]]> https://www.tenable.com/cve/CVE-2026-32398 https://www.tenable.com/cve/CVE-2026-32398 Fri, 13 Mar 2026 19:54:55 GMT High Severity

Description

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This issue affects TeraWallet – For WooCommerce: from n/a through <= 1.5.15.

Read more at https://www.tenable.com/cve/CVE-2026-32398

]]> https://www.tenable.com/cve/CVE-2026-32397 https://www.tenable.com/cve/CVE-2026-32397 Fri, 13 Mar 2026 19:54:55 GMT Medium Severity

Description

Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter & Grids: from n/a through <= 3.5.1.

Read more at https://www.tenable.com/cve/CVE-2026-32397

]]> https://www.tenable.com/cve/CVE-2026-32396 https://www.tenable.com/cve/CVE-2026-32396 Fri, 13 Mar 2026 19:54:55 GMT High Severity

Description

Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.13.

Read more at https://www.tenable.com/cve/CVE-2026-32396

]]> https://www.tenable.com/cve/CVE-2026-32395 https://www.tenable.com/cve/CVE-2026-32395 Fri, 13 Mar 2026 19:54:55 GMT Medium Severity

Description

Missing Authorization vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Addons For Beaver Builder – Lite: from n/a through <= 1.5.6.

Read more at https://www.tenable.com/cve/CVE-2026-32395

]]> https://www.tenable.com/cve/CVE-2026-32394 https://www.tenable.com/cve/CVE-2026-32394 Fri, 13 Mar 2026 19:54:54 GMT High Severity

Description

Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through <= 2.31.0.

Read more at https://www.tenable.com/cve/CVE-2026-32394

]]> https://www.tenable.com/cve/CVE-2026-32393 https://www.tenable.com/cve/CVE-2026-32393 Fri, 13 Mar 2026 19:54:54 GMT Critical Severity

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.This issue affects Greenly Theme Addons: from n/a through < 8.2.

Read more at https://www.tenable.com/cve/CVE-2026-32393

]]> https://www.tenable.com/cve/CVE-2026-32392 https://www.tenable.com/cve/CVE-2026-32392 Fri, 13 Mar 2026 19:54:54 GMT Critical Severity

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly greenly allows PHP Local File Inclusion.This issue affects Greenly: from n/a through <= 8.1.

Read more at https://www.tenable.com/cve/CVE-2026-32392

]]> https://www.tenable.com/cve/CVE-2026-32391 https://www.tenable.com/cve/CVE-2026-32391 Fri, 13 Mar 2026 19:54:54 GMT Medium Severity

Description

Missing Authorization vulnerability in linethemes SmartFix smartfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SmartFix: from n/a through < 1.2.4.

Read more at https://www.tenable.com/cve/CVE-2026-32391

]]> https://www.tenable.com/cve/CVE-2026-32390 https://www.tenable.com/cve/CVE-2026-32390 Fri, 13 Mar 2026 19:54:54 GMT High Severity

Description

Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nanosoft: from n/a through < 1.3.2.

Read more at https://www.tenable.com/cve/CVE-2026-32390

]]> https://www.tenable.com/cve/CVE-2026-32388 https://www.tenable.com/cve/CVE-2026-32388 Fri, 13 Mar 2026 19:54:54 GMT Medium Severity

Description

Missing Authorization vulnerability in linethemes GLB glb allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GLB: from n/a through <= 1.2.2.

Read more at https://www.tenable.com/cve/CVE-2026-32388

]]> https://www.tenable.com/cve/CVE-2026-32387 https://www.tenable.com/cve/CVE-2026-32387 Fri, 13 Mar 2026 19:54:54 GMT Critical Severity

Description

Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout for PayPal: from n/a through <= 1.0.46.

Read more at https://www.tenable.com/cve/CVE-2026-32387

]]> https://www.tenable.com/cve/CVE-2026-32386 https://www.tenable.com/cve/CVE-2026-32386 Fri, 13 Mar 2026 19:54:53 GMT Medium Severity

Description

Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Extra: from n/a through <= 1.9.13.

Read more at https://www.tenable.com/cve/CVE-2026-32386

]]> https://www.tenable.com/cve/CVE-2026-32385 https://www.tenable.com/cve/CVE-2026-32385 Fri, 13 Mar 2026 19:54:53 GMT High Severity

Description

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6.

Read more at https://www.tenable.com/cve/CVE-2026-32385

]]> https://www.tenable.com/cve/CVE-2026-32384 https://www.tenable.com/cve/CVE-2026-32384 Fri, 13 Mar 2026 19:54:53 GMT Critical Severity

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam WpBookingly service-booking-manager allows PHP Local File Inclusion.This issue affects WpBookingly: from n/a through <= 1.2.9.

Read more at https://www.tenable.com/cve/CVE-2026-32384

]]> https://www.tenable.com/cve/CVE-2026-32383 https://www.tenable.com/cve/CVE-2026-32383 Fri, 13 Mar 2026 19:54:53 GMT High Severity

Description

Missing Authorization vulnerability in raratheme Ridhi ridhi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ridhi: from n/a through <= 1.1.2.

Read more at https://www.tenable.com/cve/CVE-2026-32383

]]> https://www.tenable.com/cve/CVE-2026-32382 https://www.tenable.com/cve/CVE-2026-32382 Fri, 13 Mar 2026 19:54:53 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Digital Download digital-download allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Digital Download: from n/a through <= 1.1.4.

Read more at https://www.tenable.com/cve/CVE-2026-32382

]]> https://www.tenable.com/cve/CVE-2026-32381 https://www.tenable.com/cve/CVE-2026-32381 Fri, 13 Mar 2026 19:54:53 GMT High Severity

Description

Missing Authorization vulnerability in raratheme App Landing Page app-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App Landing Page: from n/a through <= 1.2.2.

Read more at https://www.tenable.com/cve/CVE-2026-32381

]]> https://www.tenable.com/cve/CVE-2026-32380 https://www.tenable.com/cve/CVE-2026-32380 Fri, 13 Mar 2026 19:54:52 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Numinous numinous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Numinous: from n/a through <= 1.3.0.

Read more at https://www.tenable.com/cve/CVE-2026-32380

]]> https://www.tenable.com/cve/CVE-2026-32379 https://www.tenable.com/cve/CVE-2026-32379 Fri, 13 Mar 2026 19:54:52 GMT High Severity

Description

Missing Authorization vulnerability in raratheme Rara Academic rara-academic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Academic: from n/a through <= 1.2.2.

Read more at https://www.tenable.com/cve/CVE-2026-32379

]]> https://www.tenable.com/cve/CVE-2026-32378 https://www.tenable.com/cve/CVE-2026-32378 Fri, 13 Mar 2026 19:54:52 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Book Landing Page book-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Landing Page: from n/a through <= 1.2.7.

Read more at https://www.tenable.com/cve/CVE-2026-32378

]]> https://www.tenable.com/cve/CVE-2026-32377 https://www.tenable.com/cve/CVE-2026-32377 Fri, 13 Mar 2026 19:54:52 GMT High Severity

Description

Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pranayama Yoga: from n/a through <= 1.2.2.

Read more at https://www.tenable.com/cve/CVE-2026-32377

]]> https://www.tenable.com/cve/CVE-2026-32376 https://www.tenable.com/cve/CVE-2026-32376 Fri, 13 Mar 2026 19:54:52 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Kalon kalon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kalon: from n/a through <= 1.2.9.

Read more at https://www.tenable.com/cve/CVE-2026-32376

]]> https://www.tenable.com/cve/CVE-2026-32375 https://www.tenable.com/cve/CVE-2026-32375 Fri, 13 Mar 2026 19:54:52 GMT High Severity

Description

Missing Authorization vulnerability in raratheme Travel Diaries travel-diaries allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Diaries: from n/a through <= 1.2.4.

Read more at https://www.tenable.com/cve/CVE-2026-32375

]]> https://www.tenable.com/cve/CVE-2026-32374 https://www.tenable.com/cve/CVE-2026-32374 Fri, 13 Mar 2026 19:54:51 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme The Minimal the-minimal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Minimal: from n/a through <= 1.2.9.

Read more at https://www.tenable.com/cve/CVE-2026-32374

]]> https://www.tenable.com/cve/CVE-2026-32373 https://www.tenable.com/cve/CVE-2026-32373 Fri, 13 Mar 2026 19:54:51 GMT High Severity

Description

Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Alert Order Notifications: from n/a through <= 3.9.0.

Read more at https://www.tenable.com/cve/CVE-2026-32373

]]> https://www.tenable.com/cve/CVE-2026-32372 https://www.tenable.com/cve/CVE-2026-32372 Fri, 13 Mar 2026 19:54:51 GMT High Severity

Description

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through <= 3.2.4.

Read more at https://www.tenable.com/cve/CVE-2026-32372

]]> https://www.tenable.com/cve/CVE-2026-32371 https://www.tenable.com/cve/CVE-2026-32371 Fri, 13 Mar 2026 19:54:51 GMT High Severity

Description

Missing Authorization vulnerability in raratheme Elegant Pink elegant-pink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elegant Pink: from n/a through <= 1.3.3.

Read more at https://www.tenable.com/cve/CVE-2026-32371

]]> https://www.tenable.com/cve/CVE-2026-32370 https://www.tenable.com/cve/CVE-2026-32370 Fri, 13 Mar 2026 19:54:51 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Influencer: from n/a through <= 1.1.7.

Read more at https://www.tenable.com/cve/CVE-2026-32370

]]> https://www.tenable.com/cve/CVE-2026-32369 https://www.tenable.com/cve/CVE-2026-32369 Fri, 13 Mar 2026 19:54:51 GMT Critical Severity

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Medilink-Core medilink-core allows PHP Local File Inclusion.This issue affects Medilink-Core: from n/a through < 2.0.7.

Read more at https://www.tenable.com/cve/CVE-2026-32369

]]> https://www.tenable.com/cve/CVE-2026-32368 https://www.tenable.com/cve/CVE-2026-32368 Fri, 13 Mar 2026 19:54:51 GMT High Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through <= 1.0.19.

Read more at https://www.tenable.com/cve/CVE-2026-32368

]]> https://www.tenable.com/cve/CVE-2026-32367 https://www.tenable.com/cve/CVE-2026-32367 Fri, 13 Mar 2026 19:54:50 GMT Critical Severity

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in Yannick Lefebvre Modal Dialog modal-dialog allows Remote Code Inclusion.This issue affects Modal Dialog: from n/a through <= 3.5.16.

Read more at https://www.tenable.com/cve/CVE-2026-32367

]]> https://www.tenable.com/cve/CVE-2026-32366 https://www.tenable.com/cve/CVE-2026-32366 Fri, 13 Mar 2026 19:54:50 GMT High Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through <= 3.0.9.

Read more at https://www.tenable.com/cve/CVE-2026-32366

]]> https://www.tenable.com/cve/CVE-2026-32365 https://www.tenable.com/cve/CVE-2026-32365 Fri, 13 Mar 2026 19:54:50 GMT Critical Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Collapsing Archives: from n/a through <= 3.0.7.

Read more at https://www.tenable.com/cve/CVE-2026-32365

]]> https://www.tenable.com/cve/CVE-2026-32364 https://www.tenable.com/cve/CVE-2026-32364 Fri, 13 Mar 2026 19:54:50 GMT Critical Severity

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in redqteam Turbo Manager turbo-manager allows PHP Local File Inclusion.This issue affects Turbo Manager: from n/a through < 4.0.8.

Read more at https://www.tenable.com/cve/CVE-2026-32364

]]> https://www.tenable.com/cve/CVE-2026-32363 https://www.tenable.com/cve/CVE-2026-32363 Fri, 13 Mar 2026 19:54:50 GMT High Severity

Description

Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-info allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLifeCycle: from n/a through <= 3.3.1.

Read more at https://www.tenable.com/cve/CVE-2026-32363

]]> https://www.tenable.com/cve/CVE-2026-32362 https://www.tenable.com/cve/CVE-2026-32362 Fri, 13 Mar 2026 19:54:50 GMT Medium Severity

Description

Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through <= 1.1.3.

Read more at https://www.tenable.com/cve/CVE-2026-32362

]]> https://www.tenable.com/cve/CVE-2026-32361 https://www.tenable.com/cve/CVE-2026-32361 Fri, 13 Mar 2026 19:54:49 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows DOM-Based XSS.This issue affects Editorial Calendar: from n/a through <= 3.9.0.

Read more at https://www.tenable.com/cve/CVE-2026-32361

]]> https://www.tenable.com/cve/CVE-2026-32360 https://www.tenable.com/cve/CVE-2026-32360 Fri, 13 Mar 2026 19:54:49 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richplugins Rich Showcase for Google Reviews widget-google-reviews allows Stored XSS.This issue affects Rich Showcase for Google Reviews: from n/a through <= 6.9.4.3.

Read more at https://www.tenable.com/cve/CVE-2026-32360

]]> https://www.tenable.com/cve/CVE-2026-32359 https://www.tenable.com/cve/CVE-2026-32359 Fri, 13 Mar 2026 19:54:49 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Icon List Block icon-list-block allows Stored XSS.This issue affects Icon List Block: from n/a through <= 1.2.3.

Read more at https://www.tenable.com/cve/CVE-2026-32359

]]> https://www.tenable.com/cve/CVE-2026-32358 https://www.tenable.com/cve/CVE-2026-32358 Fri, 13 Mar 2026 19:54:49 GMT High Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection.This issue affects Booking Calendar: from n/a through <= 10.14.15.

Read more at https://www.tenable.com/cve/CVE-2026-32358

]]> https://www.tenable.com/cve/CVE-2026-32357 https://www.tenable.com/cve/CVE-2026-32357 Fri, 13 Mar 2026 19:54:49 GMT Critical Severity

Description

Server-Side Request Forgery (SSRF) vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple Blog Card: from n/a through <= 2.37.

Read more at https://www.tenable.com/cve/CVE-2026-32357

]]> https://www.tenable.com/cve/CVE-2026-32356 https://www.tenable.com/cve/CVE-2026-32356 Fri, 13 Mar 2026 19:54:47 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery robo-gallery allows DOM-Based XSS.This issue affects Robo Gallery: from n/a through <= 5.1.2.

Read more at https://www.tenable.com/cve/CVE-2026-32356

]]> https://www.tenable.com/cve/CVE-2026-32355 https://www.tenable.com/cve/CVE-2026-32355 Fri, 13 Mar 2026 19:54:47 GMT Critical Severity

Description

Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through < 3.8.4.1.

Read more at https://www.tenable.com/cve/CVE-2026-32355

]]> https://www.tenable.com/cve/CVE-2026-32354 https://www.tenable.com/cve/CVE-2026-32354 Fri, 13 Mar 2026 19:54:47 GMT High Severity

Description

Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through < 5.1.9.

Read more at https://www.tenable.com/cve/CVE-2026-32354

]]> https://www.tenable.com/cve/CVE-2026-32353 https://www.tenable.com/cve/CVE-2026-32353 Fri, 13 Mar 2026 19:54:47 GMT Critical Severity

Description

Server-Side Request Forgery (SSRF) vulnerability in MailerPress Team MailerPress mailerpress allows Server Side Request Forgery.This issue affects MailerPress: from n/a through <= 1.4.2.

Read more at https://www.tenable.com/cve/CVE-2026-32353

]]> https://www.tenable.com/cve/CVE-2026-32352 https://www.tenable.com/cve/CVE-2026-32352 Fri, 13 Mar 2026 19:54:47 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows DOM-Based XSS.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.

Read more at https://www.tenable.com/cve/CVE-2026-32352

]]> https://www.tenable.com/cve/CVE-2026-32351 https://www.tenable.com/cve/CVE-2026-32351 Fri, 13 Mar 2026 19:54:47 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blubrry PowerPress Podcasting powerpress allows Stored XSS.This issue affects PowerPress Podcasting: from n/a through <= 11.15.13.

Read more at https://www.tenable.com/cve/CVE-2026-32351

]]> https://www.tenable.com/cve/CVE-2026-32350 https://www.tenable.com/cve/CVE-2026-32350 Fri, 13 Mar 2026 19:54:46 GMT Medium Severity

Description

Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through <= 1.1.5.

Read more at https://www.tenable.com/cve/CVE-2026-32350

]]> https://www.tenable.com/cve/CVE-2026-32349 https://www.tenable.com/cve/CVE-2026-32349 Fri, 13 Mar 2026 19:54:46 GMT Critical Severity

Description

Server-Side Request Forgery (SSRF) vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer allows Server Side Request Forgery.This issue affects Embed PDF Viewer: from n/a through <= 2.4.7.

Read more at https://www.tenable.com/cve/CVE-2026-32349

]]> https://www.tenable.com/cve/CVE-2026-32348 https://www.tenable.com/cve/CVE-2026-32348 Fri, 13 Mar 2026 19:54:46 GMT Medium Severity

Description

Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through <= 1.3.2.

Read more at https://www.tenable.com/cve/CVE-2026-32348

]]> https://www.tenable.com/cve/CVE-2026-32347 https://www.tenable.com/cve/CVE-2026-32347 Fri, 13 Mar 2026 19:54:46 GMT High Severity

Description

Missing Authorization vulnerability in raratheme Restaurant and Cafe restaurant-and-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant and Cafe: from n/a through <= 1.2.5.

Read more at https://www.tenable.com/cve/CVE-2026-32347

]]> https://www.tenable.com/cve/CVE-2026-32346 https://www.tenable.com/cve/CVE-2026-32346 Fri, 13 Mar 2026 19:54:46 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Travel Agency travel-agency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Agency: from n/a through <= 1.5.5.

Read more at https://www.tenable.com/cve/CVE-2026-32346

]]> https://www.tenable.com/cve/CVE-2026-32345 https://www.tenable.com/cve/CVE-2026-32345 Fri, 13 Mar 2026 19:54:46 GMT High Severity

Description

Missing Authorization vulnerability in raratheme Perfect Portfolio perfect-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Perfect Portfolio: from n/a through <= 1.2.4.

Read more at https://www.tenable.com/cve/CVE-2026-32345

]]> https://www.tenable.com/cve/CVE-2026-32344 https://www.tenable.com/cve/CVE-2026-32344 Fri, 13 Mar 2026 19:54:45 GMT High Severity

Description

Cross-Site Request Forgery (CSRF) vulnerability in desertthemes Corpiva corpiva allows Cross Site Request Forgery.This issue affects Corpiva: from n/a through <= 1.0.96.

Read more at https://www.tenable.com/cve/CVE-2026-32344

]]> https://www.tenable.com/cve/CVE-2026-32343 https://www.tenable.com/cve/CVE-2026-32343 Fri, 13 Mar 2026 19:54:45 GMT High Severity

Description

Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Easy Table of Contents easy-table-of-contents allows Cross Site Request Forgery.This issue affects Easy Table of Contents: from n/a through <= 2.0.80.

Read more at https://www.tenable.com/cve/CVE-2026-32343

]]> https://www.tenable.com/cve/CVE-2026-32342 https://www.tenable.com/cve/CVE-2026-32342 Fri, 13 Mar 2026 19:54:45 GMT High Severity

Description

Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.1.2.

Read more at https://www.tenable.com/cve/CVE-2026-32342

]]> https://www.tenable.com/cve/CVE-2026-32341 https://www.tenable.com/cve/CVE-2026-32341 Fri, 13 Mar 2026 19:54:45 GMT High Severity

Description

Missing Authorization vulnerability in raratheme Benevolent benevolent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Benevolent: from n/a through <= 1.3.9.

Read more at https://www.tenable.com/cve/CVE-2026-32341

]]> https://www.tenable.com/cve/CVE-2026-32340 https://www.tenable.com/cve/CVE-2026-32340 Fri, 13 Mar 2026 19:54:45 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Business One Page business-one-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business One Page: from n/a through <= 1.3.2.

Read more at https://www.tenable.com/cve/CVE-2026-32340

]]> https://www.tenable.com/cve/CVE-2026-32339 https://www.tenable.com/cve/CVE-2026-32339 Fri, 13 Mar 2026 19:54:44 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Bakes And Cakes bakes-and-cakes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bakes And Cakes: from n/a through <= 1.2.9.

Read more at https://www.tenable.com/cve/CVE-2026-32339

]]> https://www.tenable.com/cve/CVE-2026-32338 https://www.tenable.com/cve/CVE-2026-32338 Fri, 13 Mar 2026 19:54:44 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Construction Landing Page construction-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Landing Page: from n/a through <= 1.4.1.

Read more at https://www.tenable.com/cve/CVE-2026-32338

]]> https://www.tenable.com/cve/CVE-2026-32337 https://www.tenable.com/cve/CVE-2026-32337 Fri, 13 Mar 2026 19:54:44 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Preschool and Kindergarten preschool-and-kindergarten allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Preschool and Kindergarten: from n/a through <= 1.2.5.

Read more at https://www.tenable.com/cve/CVE-2026-32337

]]> https://www.tenable.com/cve/CVE-2026-32336 https://www.tenable.com/cve/CVE-2026-32336 Fri, 13 Mar 2026 19:54:44 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Rara Business rara-business allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Business: from n/a through <= 1.3.0.

Read more at https://www.tenable.com/cve/CVE-2026-32336

]]> https://www.tenable.com/cve/CVE-2026-32335 https://www.tenable.com/cve/CVE-2026-32335 Fri, 13 Mar 2026 19:54:44 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through <= 1.2.5.

Read more at https://www.tenable.com/cve/CVE-2026-32335

]]> https://www.tenable.com/cve/CVE-2026-32334 https://www.tenable.com/cve/CVE-2026-32334 Fri, 13 Mar 2026 19:54:43 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobScout: from n/a through <= 1.1.7.

Read more at https://www.tenable.com/cve/CVE-2026-32334

]]> https://www.tenable.com/cve/CVE-2026-32332 https://www.tenable.com/cve/CVE-2026-32332 Fri, 13 Mar 2026 19:54:43 GMT High Severity

Description

Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.9.

Read more at https://www.tenable.com/cve/CVE-2026-32332

]]> https://www.tenable.com/cve/CVE-2026-32331 https://www.tenable.com/cve/CVE-2026-32331 Fri, 13 Mar 2026 19:54:43 GMT Medium Severity

Description

Missing Authorization vulnerability in Israpil Textmetrics webtexttool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Textmetrics: from n/a through <= 3.6.4.

Read more at https://www.tenable.com/cve/CVE-2026-32331

]]> https://www.tenable.com/cve/CVE-2026-32330 https://www.tenable.com/cve/CVE-2026-32330 Fri, 13 Mar 2026 19:54:43 GMT High Severity

Description

Cross-Site Request Forgery (CSRF) vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.37.

Read more at https://www.tenable.com/cve/CVE-2026-32330

]]> https://www.tenable.com/cve/CVE-2026-32329 https://www.tenable.com/cve/CVE-2026-32329 Fri, 13 Mar 2026 19:54:43 GMT Medium Severity

Description

Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through <= 1.9.1.

Read more at https://www.tenable.com/cve/CVE-2026-32329

]]> https://www.tenable.com/cve/CVE-2026-32328 https://www.tenable.com/cve/CVE-2026-32328 Fri, 13 Mar 2026 19:54:42 GMT Medium Severity

Description

Cross-Site Request Forgery (CSRF) vulnerability in shufflehound Lemmony lemmony allows Cross Site Request Forgery.This issue affects Lemmony: from n/a through < 1.7.1.

Read more at https://www.tenable.com/cve/CVE-2026-32328

]]> https://www.tenable.com/cve/CVE-2026-32322 https://www.tenable.com/cve/CVE-2026-32322 Fri, 13 Mar 2026 19:54:42 GMT Medium Severity

Description

soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr (scalar field) types for BN254 and BLS12-381 in soroban-sdk compared values using their raw U256 representation without first reducing modulo the field modulus r. This caused mathematically equal field elements to compare as not-equal when one or both values were unreduced (i.e., >= r). The vulnerability requires an attacker to supply crafted Fr values through contract inputs, and compare them directly without going through host-side arithmetic operations. Smart contracts that rely on Fr equality checks for security-critical logic could produce incorrect results. The impact depends on how the affected contract uses Fr equality comparisons, but can result in incorrect authorization decisions or validation bypasses in contracts that perform equality checks on user-supplied scalar values. This vulnerability is fixed in 22.0.11, 23.5.3, and 25.3.0.

Read more at https://www.tenable.com/cve/CVE-2026-32322

]]> https://www.tenable.com/cve/CVE-2026-32320 https://www.tenable.com/cve/CVE-2026-32320 Fri, 13 Mar 2026 19:54:42 GMT Medium Severity

Description

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.

Read more at https://www.tenable.com/cve/CVE-2026-32320

]]> https://www.tenable.com/cve/CVE-2026-32319 https://www.tenable.com/cve/CVE-2026-32319 Fri, 13 Mar 2026 19:54:42 GMT High Severity

Description

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.

Read more at https://www.tenable.com/cve/CVE-2026-32319

]]> https://www.tenable.com/cve/CVE-2026-32308 https://www.tenable.com/cve/CVE-2026-32308 Fri, 13 Mar 2026 19:54:42 GMT High Severity

Description

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allows interactive event bindings in Mermaid diagrams, enabling XSS through Mermaid's click directive which can execute arbitrary JavaScript. Any field that renders markdown (incident descriptions, status page announcements, monitor notes) is vulnerable. This vulnerability is fixed in 10.0.23.

Read more at https://www.tenable.com/cve/CVE-2026-32308

]]> https://www.tenable.com/cve/CVE-2026-32306 https://www.tenable.com/cve/CVE-2026-32306 Fri, 13 Mar 2026 19:54:42 GMT Critical Severity

Description

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .append() method (documented as "trusted SQL"). There is no allowlist, no parameterized query binding, and no input validation. An authenticated user can inject arbitrary SQL into ClickHouse, enabling full database read (including telemetry data from all tenants), data modification, and potential remote code execution via ClickHouse table functions. This vulnerability is fixed in 10.0.23.

Read more at https://www.tenable.com/cve/CVE-2026-32306

]]> https://www.tenable.com/cve/CVE-2026-32304 https://www.tenable.com/cve/CVE-2026-32304 Fri, 13 Mar 2026 19:54:41 GMT Critical Severity

Description

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the create_function(args, code) function passes both parameters directly to the Function constructor without any sanitization, allowing arbitrary code execution. This is distinct from CVE-2026-29091 which was call_user_func_array using eval() in v2.x. This finding affects create_function using new Function() in v3.x. This vulnerability is fixed in 3.0.14.

Read more at https://www.tenable.com/cve/CVE-2026-32304

]]> https://www.tenable.com/cve/CVE-2026-32302 https://www.tenable.com/cve/CVE-2026-32302 Fri, 13 Mar 2026 19:54:41 GMT High Severity

Description

OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted reverse proxy, inherit proxy-authenticated identity, and establish a privileged operator session. This vulnerability is fixed in 2026.3.11.

Read more at https://www.tenable.com/cve/CVE-2026-32302

]]> https://www.tenable.com/cve/CVE-2026-32301 https://www.tenable.com/cve/CVE-2026-32301 Fri, 13 Mar 2026 19:54:41 GMT Critical Severity

Description

Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vulnerable to Server-Side Request Forgery (SSRF) when configured with a dynamic JWKS endpoint URL using template variables (e.g. {{tenant}}). An unauthenticated attacker can craft a JWT with a malicious iss or aud claim value that gets interpolated into the JWKS fetch URL before the token signature is verified, causing Centrifugo to make an outbound HTTP request to an attacker-controlled destination. This vulnerability is fixed in 6.7.0.

Read more at https://www.tenable.com/cve/CVE-2026-32301

]]> https://www.tenable.com/cve/CVE-2026-31949 https://www.tenable.com/cve/CVE-2026-31949 Fri, 13 Mar 2026 19:54:39 GMT Medium Severity

Description

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service (DoS) vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malformed requests. The DELETE /api/convos route handler attempts to destructure req.body.arg without validating that it exists. The server crashes due to an unhandled TypeError that bypasses Express error handling middleware and triggers process.exit(1). This vulnerability is fixed in 0.8.3-rc1.

Read more at https://www.tenable.com/cve/CVE-2026-31949

]]> https://www.tenable.com/cve/CVE-2026-31944 https://www.tenable.com/cve/CVE-2026-31944 Fri, 13 Mar 2026 19:54:39 GMT High Severity

Description

LibreChat is a ChatGPT clone with additional features. From 0.8.2 to 0.8.2-rc3, The MCP (Model Context Protocol) OAuth callback endpoint accepts the redirect from the identity provider and stores OAuth tokens for the user who initiated the flow, without verifying that the browser hitting the redirect URL is logged in or that the logged-in user matches the initiator. An attacker can send the authorization URL to a victim; when the victim completes the flow, the victim’s OAuth tokens are stored on the attacker’s LibreChat account, enabling account takeover of the victim’s MCP-linked services (e.g. Atlassian, Outlook). This vulnerability is fixed in 0.8.3-rc1.

Read more at https://www.tenable.com/cve/CVE-2026-31944

]]> https://www.tenable.com/cve/CVE-2026-31922 https://www.tenable.com/cve/CVE-2026-31922 Fri, 13 Mar 2026 19:54:39 GMT High Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through <= 1.0.6.3.

Read more at https://www.tenable.com/cve/CVE-2026-31922

]]> https://www.tenable.com/cve/CVE-2026-31919 https://www.tenable.com/cve/CVE-2026-31919 Fri, 13 Mar 2026 19:54:39 GMT Medium Severity

Description

Missing Authorization vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through <= 4.7.1.

Read more at https://www.tenable.com/cve/CVE-2026-31919

]]> https://www.tenable.com/cve/CVE-2026-31918 https://www.tenable.com/cve/CVE-2026-31918 Fri, 13 Mar 2026 19:54:39 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in immonex immonex Kickstart immonex-kickstart allows Stored XSS.This issue affects immonex Kickstart: from n/a through <= 1.13.0.

Read more at https://www.tenable.com/cve/CVE-2026-31918

]]> https://www.tenable.com/cve/CVE-2026-31917 https://www.tenable.com/cve/CVE-2026-31917 Fri, 13 Mar 2026 19:54:38 GMT High Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through <= 1.16.10.

Read more at https://www.tenable.com/cve/CVE-2026-31917

]]> https://www.tenable.com/cve/CVE-2026-31916 https://www.tenable.com/cve/CVE-2026-31916 Fri, 13 Mar 2026 19:54:38 GMT Medium Severity

Description

Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through <= 14.2.1.

Read more at https://www.tenable.com/cve/CVE-2026-31916

]]> https://www.tenable.com/cve/CVE-2026-31915 https://www.tenable.com/cve/CVE-2026-31915 Fri, 13 Mar 2026 19:54:38 GMT Medium Severity

Description

Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flatsome: from n/a through <= 3.19.6.

Read more at https://www.tenable.com/cve/CVE-2026-31915

]]> https://www.tenable.com/cve/CVE-2026-31899 https://www.tenable.com/cve/CVE-2026-31899 Fri, 13 Mar 2026 19:54:38 GMT High Severity

Description

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input.

Read more at https://www.tenable.com/cve/CVE-2026-31899

]]> https://www.tenable.com/cve/CVE-2026-31897 https://www.tenable.com/cve/CVE-2026-31897 Fri, 13 Mar 2026 19:54:38 GMT Info Severity

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdp_bitmap_decompress_planar when SrcSize is 0. The function dereferences *srcp (which points to pSrcData) without first verifying that SrcSize >= 1. When SrcSize is 0 and pSrcData is non-NULL, this reads one byte past the end of the source buffer. This vulnerability is fixed in 3.24.0.

Read more at https://www.tenable.com/cve/CVE-2026-31897

]]> https://www.tenable.com/cve/CVE-2026-31886 https://www.tenable.com/cve/CVE-2026-31886 Fri, 13 Mar 2026 19:54:37 GMT Critical Severity

Description

Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any format validation. Go's filepath.Join resolves .. segments lexically, so a caller can supply a value such as ".." to redirect the computed directory outside the intended /tmp// path. A deferred cleanup function that calls os.RemoveAll on that directory then runs unconditionally when the HTTP handler returns, deleting whatever directory the traversal resolved to. With dagRunId set to "..", the resolved directory is the system temporary directory (/tmp on Linux). On non-root deployments, os.RemoveAll("/tmp") removes all files in /tmp owned by the dagu process user, disrupting every concurrent dagu run that has live temp files. On root or Docker deployments, the call removes the entire contents of /tmp, causing a system-wide denial of service. This vulnerability is fixed in 2.2.4.

Read more at https://www.tenable.com/cve/CVE-2026-31886

]]> https://www.tenable.com/cve/CVE-2026-31885 https://www.tenable.com/cve/CVE-2026-31885 Fri, 13 Mar 2026 19:54:37 GMT Medium Severity

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and step_index values from input data. This vulnerability is fixed in 3.24.0.

Read more at https://www.tenable.com/cve/CVE-2026-31885

]]> https://www.tenable.com/cve/CVE-2026-31884 https://www.tenable.com/cve/CVE-2026-31884 Fri, 13 Mar 2026 19:54:37 GMT Medium Severity

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % block_size where block_size = context->common.format.nBlockAlign. The nBlockAlign value comes from the Server Audio Formats PDU on the RDPSND channel. The value 0 is not validated anywhere before reaching the decoder. When nBlockAlign = 0, the modulo operation causes a SIGFPE (floating point exception) crash. This vulnerability is fixed in 3.24.0.

Read more at https://www.tenable.com/cve/CVE-2026-31884

]]> https://www.tenable.com/cve/CVE-2026-31883 https://www.tenable.com/cve/CVE-2026-31883 Fri, 13 Mar 2026 19:54:37 GMT Medium Severity

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header sizes from a size_t variable without checking for underflow. When nBlockAlign (received from the server) is set such that size % block_size == 0 triggers the header parsing at a point where size is smaller than the header (4 or 8 bytes), the subtraction wraps size to ~SIZE_MAX. The while (size > 0) loop then continues for an astronomical number of iterations. This vulnerability is fixed in 3.24.0.

Read more at https://www.tenable.com/cve/CVE-2026-31883

]]> https://www.tenable.com/cve/CVE-2026-31882 https://www.tenable.com/cve/CVE-2026-31882 Fri, 13 Mar 2026 19:54:37 GMT High Severity

Description

Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, when Dagu is configured with HTTP Basic authentication (DAGU_AUTH_MODE=basic), all Server-Sent Events (SSE) endpoints are accessible without any credentials. This allows unauthenticated attackers to access real-time DAG execution data, workflow configurations, execution logs, and queue status — bypassing the authentication that protects the REST API. The buildStreamAuthOptions() function builds authentication options for SSE/streaming endpoints. When the auth mode is basic, it returns an auth.Options struct with BasicAuthEnabled: true but AuthRequired defaults to false (Go zero value). The authentication middleware at internal/service/frontend/auth/middleware.go allows unauthenticated requests when AuthRequired is false. This vulnerability is fixed in 2.2.4.

Read more at https://www.tenable.com/cve/CVE-2026-31882

]]> https://www.tenable.com/cve/CVE-2026-31864 https://www.tenable.com/cve/CVE-2026-31864 Fri, 13 Mar 2026 19:54:36 GMT Medium Severity

Description

JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection (SSTI) vulnerability exists in JumpServer's Applet and VirtualApp upload functionality. This vulnerability can only be exploited by users with administrative privileges (Application Applet Management or Virtual Application Management permissions). Attackers can exploit this vulnerability to execute arbitrary code within the JumpServer Core container. The vulnerability arises from unsafe use of Jinja2 template rendering when processing user-uploaded YAML configuration files. When a user uploads an Applet or VirtualApp ZIP package, the manifest.yml file is rendered through Jinja2 without sandbox restrictions, allowing template injection attacks.

Read more at https://www.tenable.com/cve/CVE-2026-31864

]]> https://www.tenable.com/cve/CVE-2026-31814 https://www.tenable.com/cve/CVE-2026-31814 Fri, 13 Mar 2026 19:54:36 GMT High Severity

Description

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. From 0.13.0 to before 0.13.9, a specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This is remotely reachable over a normal network connection and does not require authentication. This vulnerability is fixed in 0.13.9.

Read more at https://www.tenable.com/cve/CVE-2026-31814

]]> https://www.tenable.com/cve/CVE-2026-31806 https://www.tenable.com/cve/CVE-2026-31806 Fri, 13 Mar 2026 19:54:36 GMT Critical Severity

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdi_surface_bits() function processes SURFACE_BITS_COMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height values provided by the server are not properly validated against the actual desktop dimensions. A malicious RDP server can supply crafted bmp.width and bmp.height values that exceed the expected surface size. Because these values are used during bitmap decoding and memory operations without proper bounds checking, this can lead to a heap buffer overflow. Since the attacker can also control the associated pixel data transmitted by the server, the overflow may be exploitable to overwrite adjacent heap memory. This vulnerability is fixed in 3.24.0.

Read more at https://www.tenable.com/cve/CVE-2026-31806

]]> https://www.tenable.com/cve/CVE-2026-31798 https://www.tenable.com/cve/CVE-2026-31798 Fri, 13 Mar 2026 19:54:36 GMT Medium Severity

Description

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts, JumpServer improperly validates certificates in the Custom SMS API Client. When JumpServer sends MFA/OTP codes via Custom SMS API, an attacker can intercept the request and capture the verification code BEFORE it reaches the user's phone. This vulnerability is fixed in v4.10.16-lts.

Read more at https://www.tenable.com/cve/CVE-2026-31798

]]> https://www.tenable.com/cve/CVE-2026-30961 https://www.tenable.com/cve/CVE-2026-30961 Fri, 13 Mar 2026 19:54:35 GMT Medium Severity

Description

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, the chunked upload completion path for file requests does not validate the total file size against the per-request MaxSize limit. An attacker with a public file request link can split an oversized file into chunks each under MaxSize and upload them sequentially, bypassing the size restriction entirely. Files up to the server's global MaxFileSizeMB are accepted regardless of the file request's configured limit. This vulnerability is fixed in 2.2.4.

Read more at https://www.tenable.com/cve/CVE-2026-30961

]]> https://www.tenable.com/cve/CVE-2026-30955 https://www.tenable.com/cve/CVE-2026-30955 Fri, 13 Mar 2026 19:54:35 GMT Medium Severity

Description

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. This vulnerability is fixed in 2.2.4.

Read more at https://www.tenable.com/cve/CVE-2026-30955

]]> https://www.tenable.com/cve/CVE-2026-30943 https://www.tenable.com/cve/CVE-2026-30943 Fri, 13 Mar 2026 19:54:35 GMT Medium Severity

Description

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission (UserPermListOtherUploads) to delete another user's file by abusing the deleteNewFile flag, bypassing the requirement for UserPermDeleteOtherUploads. This vulnerability is fixed in 2.2.4.

Read more at https://www.tenable.com/cve/CVE-2026-30943

]]> https://www.tenable.com/cve/CVE-2026-30915 https://www.tenable.com/cve/CVE-2026-30915 Fri, 13 Mar 2026 19:54:35 GMT Medium Severity

Description

SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using placeholders like %username%, the value replacing the placeholder is not strictly sanitized against relative path components. Consequently, if a user is created with a specially crafted username the resulting path may resolve to a parent directory instead of the intended sub-directory. This issue is fixed in version v2.7.1

Read more at https://www.tenable.com/cve/CVE-2026-30915

]]> https://www.tenable.com/cve/CVE-2026-30914 https://www.tenable.com/cve/CVE-2026-30914 Fri, 13 Mar 2026 19:54:35 GMT Medium Severity

Description

SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths to bypass folder-level permissions or escape the boundaries of a configured Virtual Folder. This vulnerability is fixed in 2.7.1.

Read more at https://www.tenable.com/cve/CVE-2026-30914

]]> https://www.tenable.com/cve/CVE-2026-30853 https://www.tenable.com/cve/CVE-2026-30853 Fri, 13 Mar 2026 19:54:35 GMT Medium Severity

Description

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook (.rb) input plugin (src/calibre/ebooks/rb/reader.py) allows an attacker to write arbitrary files to any path writable by the calibre process when a user opens or converts a crafted .rb file. This is the same bug class fixed in CVE-2026-26065 for the PDB readers, but the fix was never applied to the RB reader. This vulnerability is fixed in 9.5.0.

Read more at https://www.tenable.com/cve/CVE-2026-30853

]]> https://www.tenable.com/cve/CVE-2026-2890 https://www.tenable.com/cve/CVE-2026-2890 Fri, 13 Mar 2026 19:54:34 GMT High Severity

Description

The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler (`handle_one_time_stripe_link_return_url`) marking payment records as complete based solely on the Stripe PaymentIntent status without comparing the intent's charged amount against the expected payment amount, and the `verify_intent()` function validating only client secret ownership without binding intents to specific forms or actions. This makes it possible for unauthenticated attackers to reuse a PaymentIntent from a completed low-value payment to mark a high-value payment as complete, effectively bypassing payment for goods or services.

Read more at https://www.tenable.com/cve/CVE-2026-2890

]]> https://www.tenable.com/cve/CVE-2026-2888 https://www.tenable.com/cve/CVE-2026-2888 Fri, 13 Mar 2026 19:54:34 GMT Medium Severity

Description

The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the `frm_strp_amount` AJAX handler (`update_intent_ajax`) overwriting the global `$_POST` data with attacker-controlled JSON input and then using those values to recalculate payment amounts via field shortcode resolution in `generate_false_entry()`. The handler relies on a nonce that is publicly exposed in the page's JavaScript (`frm_stripe_vars.nonce`), which provides CSRF protection but not authorization. This makes it possible for unauthenticated attackers to manipulate PaymentIntent amounts before payment completion on forms using dynamic pricing with field shortcodes, effectively paying a reduced amount for goods or services.

Read more at https://www.tenable.com/cve/CVE-2026-2888

]]> https://www.tenable.com/cve/CVE-2026-2879 https://www.tenable.com/cve/CVE-2026-2879 Fri, 13 Mar 2026 19:54:34 GMT Medium Severity

Description

The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2. This is due to missing validation on the `id` parameter in the `create()` method of the `GetGenieChat` REST API endpoint. The method accepts a user-controlled post ID and, when a post with that ID exists, calls `wp_update_post()` without verifying that the current user owns the post or that the post is of the expected `getgenie_chat` type. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite arbitrary posts owned by any user — including Administrators — effectively destroying the original content by changing its `post_type` to `getgenie_chat` and reassigning `post_author` to the attacker.

Read more at https://www.tenable.com/cve/CVE-2026-2879

]]> https://www.tenable.com/cve/CVE-2026-2859 https://www.tenable.com/cve/CVE-2026-2859 Fri, 13 Mar 2026 19:54:34 GMT Medium Severity

Description

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deploy_agent endpoint, which could lead to information disclosure.

Read more at https://www.tenable.com/cve/CVE-2026-2859

]]> https://www.tenable.com/cve/CVE-2026-2673 https://www.tenable.com/cve/CVE-2026-2673 Fri, 13 Mar 2026 19:54:34 GMT High Severity

Description

Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. If an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to interpolate the built-in default group list into its own configuration, perhaps adding or removing specific elements, then an implementation defect causes the 'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups were treated as a single sufficiently secure 'tuple', with the server not sending a Hello Retry Request (HRR) even when a group in a more preferred tuple was mutually supported. As a result, the client and server might fail to negotiate a mutually supported post-quantum key agreement group, such as 'X25519MLKEM768', if the client's configuration results in only 'classical' groups (such as 'X25519' being the only ones in the client's initial keyshare prediction). OpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS 1.3 key agreement group on TLS servers. The old syntax had a single 'flat' list of groups, and treated all the supported groups as sufficiently secure. If any of the keyshares predicted by the client were supported by the server the most preferred among these was selected, even if other groups supported by the client, but not included in the list of predicted keyshares would have been more preferred, if included. The new syntax partitions the groups into distinct 'tuples' of roughly equivalent security. Within each tuple the most preferred group included among the client's predicted keyshares is chosen, but if the client supports a group from a more preferred tuple, but did not predict any corresponding keyshares, the server will ask the client to retry the ClientHello (by issuing a Hello Retry Request or HRR) with the most preferred mutually supported group. The above works as expected when the server's configuration uses the built-in default group list, or explicitly defines its own list by directly defining the various desired groups and group 'tuples'. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary. OpenSSL 3.6 and 3.5 are vulnerable to this issue. OpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released. OpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released. OpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.

Read more at https://www.tenable.com/cve/CVE-2026-2673

]]> https://www.tenable.com/cve/CVE-2026-29776 https://www.tenable.com/cve/CVE-2026-29776 Fri, 13 Mar 2026 19:54:33 GMT Low Severity

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, Integer Underflow in update_read_cache_bitmap_order Function of FreeRDP's Core Library This vulnerability is fixed in 3.24.0.

Read more at https://www.tenable.com/cve/CVE-2026-29776

]]> https://www.tenable.com/cve/CVE-2026-29775 https://www.tenable.com/cve/CVE-2026-29775 Fri, 13 Mar 2026 19:54:33 GMT Medium Severity

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmap_cache_put. A malicious server can send a CACHE_BITMAP_ORDER (Rev1) with cacheId equal to maxCells, bypassing the guard and accessing cells[] one element past the allocated array. This vulnerability is fixed in 3.24.0.

Read more at https://www.tenable.com/cve/CVE-2026-29775

]]> https://www.tenable.com/cve/CVE-2026-2257 https://www.tenable.com/cve/CVE-2026-2257 Fri, 13 Mar 2026 19:54:33 GMT Medium Severity

Description

The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2 due to missing validation on a user controlled key in the `action` function. This makes it possible for authenticated attackers, with Author-level access and above, to update post metadata for arbitrary posts. Combined with a lack of input sanitization, this leads to Stored Cross-Site Scripting when a higher-privileged user (such as an Administrator) views the affected post's "Competitor" tab in the GetGenie sidebar.

Read more at https://www.tenable.com/cve/CVE-2026-2257

]]> https://www.tenable.com/cve/CVE-2026-29774 https://www.tenable.com/cve/CVE-2026-29774 Fri, 13 Mar 2026 19:54:32 GMT Medium Severity

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap buffer overflow occurs in the FreeRDP client's AVC420/AVC444 YUV-to-RGB conversion path due to missing horizontal bounds validation of H.264 metablock regionRects coordinates. In yuv.c, the clamp() function (line 347) only validates top/bottom against the surface/YUV height, but never checks left/right against the surface width. When avc420_yuv_to_rgb (line 67) computes destination and source pointers using rect->left, it performs unchecked pointer arithmetic that can reach far beyond the allocated surface buffer. A malicious server sends a WIRE_TO_SURFACE_PDU_1 with AVC420 codec containing a regionRects entry where left greatly exceeds the surface width (e.g., left=60000 on a 128px surface). The H.264 bitstream decodes successfully, then yuv420_process_work_callback calls avc420_yuv_to_rgb which computes pDstPoint = pDstData + rect->top * nDstStep + rect->left * 4, writing 16-byte SSE vectors 1888+ bytes past the allocated heap region. This vulnerability is fixed in 3.24.0.

Read more at https://www.tenable.com/cve/CVE-2026-29774

]]> https://www.tenable.com/cve/CVE-2026-29079 https://www.tenable.com/cve/CVE-2026-29079 Fri, 13 Mar 2026 19:54:32 GMT High Severity

Description

Lexbor is a web browser engine library. Prior to 2.7.0, a type‑confusion vulnerability exists in Lexbor’s HTML fragment parser. When ns = UNDEF, a comment is created using the “unknown element” constructor. The comment’s data are written into the element’s fields via an unsafe cast, corrupting the qualified_name field. That corrupted value is later used as a pointer and dereferenced near the zero page. This vulnerability is fixed in 2.7.0.

Read more at https://www.tenable.com/cve/CVE-2026-29079

]]> https://www.tenable.com/cve/CVE-2026-29078 https://www.tenable.com/cve/CVE-2026-29078 Fri, 13 Mar 2026 19:54:32 GMT High Severity

Description

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx->buffer_used -= size with a stale size = 3 causes an integer underflow that wraps to SIZE_MAX. Afterwards, memcpy is called with a negative length, leading to an out‑of‑bounds read from the stack and an out‑of‑bounds write to the heap. The source data is partially controllable via the contents of the DOM tree. This vulnerability is fixed in 2.7.0.

Read more at https://www.tenable.com/cve/CVE-2026-29078

]]> https://www.tenable.com/cve/CVE-2026-26954 https://www.tenable.com/cve/CVE-2026-26954 Fri, 13 Mar 2026 19:54:31 GMT Critical Severity

Description

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct {[p]: Function} where p is any constructible property. This vulnerability is fixed in 0.8.34.

Read more at https://www.tenable.com/cve/CVE-2026-26954

]]> https://www.tenable.com/cve/CVE-2026-25823 https://www.tenable.com/cve/CVE-2026-25823 Fri, 13 Mar 2026 19:54:27 GMT Critical Severity

Description

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have a stack buffer overflow that leads to a Denial of Service, which can also be exploited to achieve Unauthenticated Remote Code Execution.

Read more at https://www.tenable.com/cve/CVE-2026-25823

]]> https://www.tenable.com/cve/CVE-2026-25819 https://www.tenable.com/cve/CVE-2026-25819 Fri, 13 Mar 2026 19:54:27 GMT High Severity

Description

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 allows unauthenticated attackers to cause a Denial of Service by using a specially crafted HTTP request that leads to a reboot of the device, provided they have access to the device's GUI.

Read more at https://www.tenable.com/cve/CVE-2026-25819

]]> https://www.tenable.com/cve/CVE-2026-25818 https://www.tenable.com/cve/CVE-2026-25818 Fri, 13 Mar 2026 19:54:27 GMT Critical Severity

Description

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have weak entropy for authentication cookies, allowing an attacker with a stolen session cookie to find the user password by brute-forcing an encryption parameter.

Read more at https://www.tenable.com/cve/CVE-2026-25818

]]> https://www.tenable.com/cve/CVE-2026-25817 https://www.tenable.com/cve/CVE-2026-25817 Fri, 13 Mar 2026 19:54:25 GMT High Severity

Description

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution by attackers with low privilege access on the gateway, provided the attacker has credentials.

Read more at https://www.tenable.com/cve/CVE-2026-25817

]]> https://www.tenable.com/cve/CVE-2026-25076 https://www.tenable.com/cve/CVE-2026-25076 Fri, 13 Mar 2026 19:54:18 GMT High Severity

Description

Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the Anchore Enterprise database.

Read more at https://www.tenable.com/cve/CVE-2026-25076

]]> https://www.tenable.com/cve/CVE-2026-24097 https://www.tenable.com/cve/CVE-2026-24097 Fri, 13 Mar 2026 19:54:16 GMT Medium Severity

Description

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows authenticated users to enumerate existing hosts by observing different HTTP response codes in agent-receiver/register_existing endpoint, which could lead to information disclosure.

Read more at https://www.tenable.com/cve/CVE-2026-24097

]]> https://www.tenable.com/cve/CVE-2026-23943 https://www.tenable.com/cve/CVE-2026-23943 Fri, 13 Mar 2026 19:54:15 GMT Medium Severity

Description

Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication without any size limit, enabling reliable memory exhaustion DoS. Two compression algorithms are affected: * zlib: Activates immediately after key exchange, enabling unauthenticated attacks * zlib@openssh.com: Activates post-authentication, enabling authenticated attacks Each SSH packet can decompress ~255 MB from 256 KB of wire data (1029:1 amplification ratio). Multiple packets can rapidly exhaust available memory, causing OOM kills in memory-constrained environments. This vulnerability is associated with program files lib/ssh/src/ssh_transport.erl and program routines ssh_transport:decompress/2, ssh_transport:handle_packet_part/4. This issue affects OTP from OTP 17.0 until OTP 28.4.1, 27.3.4.9 and 26.2.5.18 corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14.

Read more at https://www.tenable.com/cve/CVE-2026-23943

]]> https://www.tenable.com/cve/CVE-2026-23942 https://www.tenable.com/cve/CVE-2026-23942 Fri, 13 Mar 2026 19:54:15 GMT Medium Severity

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:is_within_root/2. The SFTP server uses string prefix matching via lists:prefix/2 rather than proper path component validation when checking if a path is within the configured root directory. This allows authenticated users to access sibling directories that share a common name prefix with the configured root directory. For example, if root is set to /home/user1, paths like /home/user10 or /home/user1_backup would incorrectly be considered within the root. This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14.

Read more at https://www.tenable.com/cve/CVE-2026-23942

]]> https://www.tenable.com/cve/CVE-2026-23941 https://www.tenable.com/cve/CVE-2026-23941 Fri, 13 Mar 2026 19:54:15 GMT High Severity

Description

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/http_server/httpd_request.erl and program routines httpd_request:parse_headers/7. The server does not reject or normalize duplicate Content-Length headers. The earliest Content-Length in the request is used for body parsing while common reverse proxies (nginx, Apache httpd, Envoy) honor the last Content-Length value. This violates RFC 9112 Section 6.3 and allows front-end/back-end desynchronization, leaving attacker-controlled bytes queued as the start of the next request. This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to inets from 5.10 until 9.6.1, 9.3.2.3 and 9.1.0.5.

Read more at https://www.tenable.com/cve/CVE-2026-23941

]]> https://www.tenable.com/cve/CVE-2026-23940 https://www.tenable.com/cve/CVE-2026-23940 Fri, 13 Mar 2026 19:54:14 GMT High Severity

Description

Uncontrolled Resource Consumption vulnerability in hexpm hexpm/hexpm allows Excessive Allocation. Publishing an oversized package can cause Hex.pm to run out of memory while extracting the uploaded package tarball. This can terminate the affected application instance and result in a denial of service for package publishing and potentially other package-processing functionality. This issue affects hexpm: before 495f01607d3eae4aed7ad09b2f54f31ec7a7df01; hex.pm: before 2026-03-10.

Read more at https://www.tenable.com/cve/CVE-2026-23940

]]> https://www.tenable.com/cve/CVE-2026-22216 https://www.tenable.com/cve/CVE-2026-22216 Fri, 13 Mar 2026 19:54:11 GMT Medium Severity

Description

wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHelperAjax.php. Attackers can exploit LIKE wildcard characters in the subscription query to match multiple email addresses and generate unwanted notification emails to victim accounts.

Read more at https://www.tenable.com/cve/CVE-2026-22216

]]> https://www.tenable.com/cve/CVE-2026-22215 https://www.tenable.com/cve/CVE-2026-22215 Fri, 13 Mar 2026 19:54:11 GMT Medium Severity

Description

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage() function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by exploiting the missing CSRF protection in the follows page handler.

Read more at https://www.tenable.com/cve/CVE-2026-22215

]]> https://www.tenable.com/cve/CVE-2026-22210 https://www.tenable.com/cve/CVE-2026-22210 Fri, 13 Mar 2026 19:54:11 GMT Low Severity

Description

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpload class. Attackers can craft malicious attachment records or filter hooks to inject arbitrary JavaScript into img and anchor tag attributes, executing code in the context of WordPress users viewing comments.

Read more at https://www.tenable.com/cve/CVE-2026-22210

]]> https://www.tenable.com/cve/CVE-2026-22209 https://www.tenable.com/cve/CVE-2026-22209 Fri, 13 Mar 2026 19:54:11 GMT Medium Severity

Description

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags. Attackers with admin access can inject payloads like in the custom CSS setting to execute arbitrary JavaScript in user browsers.

Read more at https://www.tenable.com/cve/CVE-2026-22209

]]> https://www.tenable.com/cve/CVE-2026-22204 https://www.tenable.com/cve/CVE-2026-22204 Fri, 13 Mar 2026 19:54:10 GMT Medium Severity

Description

wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into the comment_author_email cookie. Attackers can craft a malicious cookie value that, when processed through urldecode() and passed to wp_mail() functions, enables header injection to alter email recipients or inject additional headers.

Read more at https://www.tenable.com/cve/CVE-2026-22204

]]> https://www.tenable.com/cve/CVE-2026-22203 https://www.tenable.com/cve/CVE-2026-22203 Fri, 13 Mar 2026 19:54:10 GMT Medium Severity

Description

wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. Attackers can obtain exported files containing plaintext API secrets like fbAppSecret, googleClientSecret, twitterAppSecret, and other social login credentials from support tickets, backups, or version control repositories.

Read more at https://www.tenable.com/cve/CVE-2026-22203

]]> https://www.tenable.com/cve/CVE-2026-22202 https://www.tenable.com/cve/CVE-2026-22202 Fri, 13 Mar 2026 19:54:10 GMT Medium Severity

Description

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments associated with an email address by crafting a malicious GET request with a valid HMAC key. Attackers can embed the deletecomments action URL in image tags or other resources to trigger permanent deletion of comments without user confirmation or POST-based CSRF protection.

Read more at https://www.tenable.com/cve/CVE-2026-22202

]]> https://www.tenable.com/cve/CVE-2026-22201 https://www.tenable.com/cve/CVE-2026-22201 Fri, 13 Mar 2026 19:54:10 GMT Medium Severity

Description

wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP() function that allows attackers to bypass IP-based rate limiting and ban enforcement by trusting untrusted HTTP headers. Attackers can set HTTP_CLIENT_IP or HTTP_X_FORWARDED_FOR headers to spoof their IP address and circumvent security controls.

Read more at https://www.tenable.com/cve/CVE-2026-22201

]]> https://www.tenable.com/cve/CVE-2025-13212 https://www.tenable.com/cve/CVE-2025-13212 Fri, 13 Mar 2026 19:54:10 GMT Medium Severity

Description

IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency.

Read more at https://www.tenable.com/cve/CVE-2025-13212

]]> https://www.tenable.com/cve/CVE-2026-22199 https://www.tenable.com/cve/CVE-2026-22199 Fri, 13 Mar 2026 19:54:09 GMT Medium Severity

Description

wpDiscuz before 7.6.47 contains a vote manipulation vulnerability that allows attackers to manipulate comment votes by obtaining fresh nonces and bypassing rate limiting through client-controlled headers. Attackers can vary User-Agent headers to reset rate limits, request nonces from the unauthenticated wpdGetNonce endpoint, and vote multiple times using IP rotation or reverse proxy header manipulation.

Read more at https://www.tenable.com/cve/CVE-2026-22199

]]> https://www.tenable.com/cve/CVE-2026-22193 https://www.tenable.com/cve/CVE-2026-22193 Fri, 13 Mar 2026 19:54:09 GMT Critical Severity

Description

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation_key, subscription_date, and imported_from parameters to manipulate database queries and extract sensitive information.

Read more at https://www.tenable.com/cve/CVE-2026-22193

]]> https://www.tenable.com/cve/CVE-2026-22192 https://www.tenable.com/cve/CVE-2026-22192 Fri, 13 Mar 2026 19:54:09 GMT Medium Severity

Description

wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by importing a crafted options file with unescaped customCss field values. Attackers can supply a malicious JSON import file containing script payloads in the customCss parameter that execute on every page when rendered through the options handler without proper sanitization.

Read more at https://www.tenable.com/cve/CVE-2026-22192

]]> https://www.tenable.com/cve/CVE-2026-22191 https://www.tenable.com/cve/CVE-2026-22191 Fri, 13 Mar 2026 19:54:09 GMT Medium Severity

Description

wpDiscuz before 7.6.47 contains a shortcode injection vulnerability that allows attackers to execute arbitrary shortcodes by including them in comment content sent via email notifications. Attackers can inject shortcodes like [contact-form-7] or [user_meta] in comments, which are executed server-side when the WpdiscuzHelperEmail class processes notifications through do_shortcode() before wp_mail().

Read more at https://www.tenable.com/cve/CVE-2026-22191

]]> https://www.tenable.com/cve/CVE-2026-22183 https://www.tenable.com/cve/CVE-2026-22183 Fri, 13 Mar 2026 19:54:07 GMT Medium Severity

Description

wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allows authenticated users to inject malicious scripts by submitting comments with unescaped content. Attackers with unfiltered_html capabilities can inject JavaScript directly through comment content rendered in the AJAX response from the getLastInlineComments() function in class.WpdiscuzHelperAjax.php without proper HTML escaping.

Read more at https://www.tenable.com/cve/CVE-2026-22183

]]> https://www.tenable.com/cve/CVE-2026-22182 https://www.tenable.com/cve/CVE-2026-22182 Fri, 13 Mar 2026 19:54:07 GMT High Severity

Description

wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType() function. Attackers can repeatedly call the wpdiscuz-ajax.php endpoint with arbitrary postId and comment_id parameters to flood subscribers with notifications, as the handler lacks nonce verification, authentication checks, and rate limiting.

Read more at https://www.tenable.com/cve/CVE-2026-22182

]]> https://www.tenable.com/cve/CVE-2025-13459 https://www.tenable.com/cve/CVE-2025-13459 Fri, 13 Mar 2026 19:54:05 GMT Low Severity

Description

IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a denial of service due to improper enforcement of behavioral workflow.

Read more at https://www.tenable.com/cve/CVE-2025-13459

]]> https://www.tenable.com/cve/CVE-2025-13460 https://www.tenable.com/cve/CVE-2025-13460 Fri, 13 Mar 2026 19:54:04 GMT Medium Severity

Description

IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable response discrepancy.

Read more at https://www.tenable.com/cve/CVE-2025-13460

]]> https://www.tenable.com/cve/CVE-2026-1704 https://www.tenable.com/cve/CVE-2026-1704 Fri, 13 Mar 2026 19:53:58 GMT Medium Severity

Description

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. This is due to the `get_item_permissions_check` method granting access to users with the `ssa_manage_appointments` capability without validating staff ownership of the requested appointment. This makes it possible for authenticated attackers, with custom-level access and above (users granted the ssa_manage_appointments capability, such as Team Members), to view appointment records belonging to other staff members and access sensitive customer personally identifiable information via the appointment ID parameter.

Read more at https://www.tenable.com/cve/CVE-2026-1704

]]> https://www.tenable.com/cve/CVE-2026-1668 https://www.tenable.com/cve/CVE-2026-1668 Fri, 13 Mar 2026 19:53:58 GMT High Severity

Description

The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.
An unauthenticated attacker with network access to the affected interface may cause memory corruption, service instability, or information disclosure. Successful exploitation may allow remote code execution or denial-of-service.

Read more at https://www.tenable.com/cve/CVE-2026-1668

]]> https://www.tenable.com/cve/CVE-2026-0957 https://www.tenable.com/cve/CVE-2026-0957 Fri, 13 Mar 2026 19:53:57 GMT High Severity

Description

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.

Read more at https://www.tenable.com/cve/CVE-2026-0957

]]> https://www.tenable.com/cve/CVE-2026-0956 https://www.tenable.com/cve/CVE-2026-0956 Fri, 13 Mar 2026 19:53:57 GMT High Severity

Description

There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.

Read more at https://www.tenable.com/cve/CVE-2026-0956

]]> https://www.tenable.com/cve/CVE-2026-0955 https://www.tenable.com/cve/CVE-2026-0955 Fri, 13 Mar 2026 19:53:57 GMT High Severity

Description

There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.

Read more at https://www.tenable.com/cve/CVE-2026-0955

]]> https://www.tenable.com/cve/CVE-2026-0954 https://www.tenable.com/cve/CVE-2026-0954 Fri, 13 Mar 2026 19:53:57 GMT High Severity

Description

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .DSB file. This vulnerability affects all versions of Digilent DASYLab.

Read more at https://www.tenable.com/cve/CVE-2026-0954

]]> https://www.tenable.com/cve/CVE-2026-0835 https://www.tenable.com/cve/CVE-2026-0835 Fri, 13 Mar 2026 19:53:56 GMT Medium Severity

Description

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Read more at https://www.tenable.com/cve/CVE-2026-0835

]]> https://www.tenable.com/cve/CVE-2025-8766 https://www.tenable.com/cve/CVE-2025-8766 Fri, 13 Mar 2026 19:53:56 GMT Medium Severity

Description

A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container

Read more at https://www.tenable.com/cve/CVE-2025-8766

]]> https://www.tenable.com/cve/CVE-2025-71263 https://www.tenable.com/cve/CVE-2025-71263 Fri, 13 Mar 2026 19:53:53 GMT High Severity

Description

In UNIX Fourth Research Edition (v4), the su command is vulnerable to a buffer overflow due to the 'password' variable having a fixed size of 100 bytes. A local user can exploit this to gain root privileges. It is unlikely that UNIX v4 is running anywhere outside of a very small number of lab environments.

Read more at https://www.tenable.com/cve/CVE-2025-71263

]]> https://www.tenable.com/cve/CVE-2025-66249 https://www.tenable.com/cve/CVE-2025-66249 Fri, 13 Mar 2026 19:53:52 GMT Medium Severity

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value "livy.file.local-dir-whitelist" is set to a non-default value, the directory checking can be bypassed. Users are recommended to upgrade to version 0.9.0, which fixes the issue.

Read more at https://www.tenable.com/cve/CVE-2025-66249

]]> https://www.tenable.com/cve/CVE-2025-60012 https://www.tenable.com/cve/CVE-2025-60012 Fri, 13 Mar 2026 19:53:52 GMT Medium Severity

Description

Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later. A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to files they do not have permissions to. For the vulnerability to be exploitable, the user needs to have access to Apache Livy's REST or JDBC interface and be able to send requests with arbitrary Spark configuration values. Users are recommended to upgrade to version 0.9.0 or later, which fixes the issue.

Read more at https://www.tenable.com/cve/CVE-2025-60012

]]> https://www.tenable.com/cve/CVE-2025-57849 https://www.tenable.com/cve/CVE-2025-57849 Fri, 13 Mar 2026 19:53:52 GMT Medium Severity

Description

A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

Read more at https://www.tenable.com/cve/CVE-2025-57849

]]> https://www.tenable.com/cve/CVE-2025-36368 https://www.tenable.com/cve/CVE-2025-36368 Fri, 13 Mar 2026 19:53:50 GMT Medium Severity

Description

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

Read more at https://www.tenable.com/cve/CVE-2025-36368

]]> https://www.tenable.com/cve/CVE-2025-15515 https://www.tenable.com/cve/CVE-2025-15515 Fri, 13 Mar 2026 19:53:50 GMT Medium Severity

Description

The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage

Read more at https://www.tenable.com/cve/CVE-2025-15515

]]> https://www.tenable.com/cve/CVE-2025-14811 https://www.tenable.com/cve/CVE-2025-14811 Fri, 13 Mar 2026 19:53:50 GMT Low Severity

Description

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.

Read more at https://www.tenable.com/cve/CVE-2025-14811

]]> https://www.tenable.com/cve/CVE-2025-14504 https://www.tenable.com/cve/CVE-2025-14504 Fri, 13 Mar 2026 19:53:50 GMT Medium Severity

Description

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Read more at https://www.tenable.com/cve/CVE-2025-14504

]]> https://www.tenable.com/cve/CVE-2025-14483 https://www.tenable.com/cve/CVE-2025-14483 Fri, 13 Mar 2026 19:53:49 GMT Medium Severity

Description

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could disclose sensitive host information to authenticated users in responses that could be used in further attacks against the system.

Read more at https://www.tenable.com/cve/CVE-2025-14483

]]> https://www.tenable.com/cve/CVE-2025-13779 https://www.tenable.com/cve/CVE-2025-13779 Fri, 13 Mar 2026 19:53:49 GMT High Severity

Description

Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.

Read more at https://www.tenable.com/cve/CVE-2025-13779

]]> https://www.tenable.com/cve/CVE-2025-13778 https://www.tenable.com/cve/CVE-2025-13778 Fri, 13 Mar 2026 19:53:49 GMT High Severity

Description

Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.

Read more at https://www.tenable.com/cve/CVE-2025-13778

]]> https://www.tenable.com/cve/CVE-2025-13777 https://www.tenable.com/cve/CVE-2025-13777 Fri, 13 Mar 2026 19:53:49 GMT High Severity

Description

Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.

Read more at https://www.tenable.com/cve/CVE-2025-13777

]]> https://www.tenable.com/cve/CVE-2025-13726 https://www.tenable.com/cve/CVE-2025-13726 Fri, 13 Mar 2026 19:53:48 GMT Medium Severity

Description

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.

Read more at https://www.tenable.com/cve/CVE-2025-13726

]]> https://www.tenable.com/cve/CVE-2025-13723 https://www.tenable.com/cve/CVE-2025-13723 Fri, 13 Mar 2026 19:53:48 GMT Medium Severity

Description

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token

Read more at https://www.tenable.com/cve/CVE-2025-13723

]]> https://www.tenable.com/cve/CVE-2025-13718 https://www.tenable.com/cve/CVE-2025-13718 Fri, 13 Mar 2026 19:53:48 GMT Low Severity

Description

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.

Read more at https://www.tenable.com/cve/CVE-2025-13718

]]> https://www.tenable.com/cve/CVE-2025-13702 https://www.tenable.com/cve/CVE-2025-13702 Fri, 13 Mar 2026 19:53:48 GMT Medium Severity

Description

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Read more at https://www.tenable.com/cve/CVE-2025-13702

]]> https://www.tenable.com/cve/CVE-2025-13337 https://www.tenable.com/cve/CVE-2025-13337 Fri, 13 Mar 2026 19:53:48 GMT Severity Not Scored

Description

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Read more at https://www.tenable.com/cve/CVE-2025-13337

]]> https://www.tenable.com/cve/CVE-2025-12455 https://www.tenable.com/cve/CVE-2025-12455 Fri, 13 Mar 2026 19:53:47 GMT Medium Severity

Description

Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X.

Read more at https://www.tenable.com/cve/CVE-2025-12455

]]> https://www.tenable.com/cve/CVE-2025-12454 https://www.tenable.com/cve/CVE-2025-12454 Fri, 13 Mar 2026 19:53:47 GMT Medium Severity

Description

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X.

Read more at https://www.tenable.com/cve/CVE-2025-12454

]]> https://www.tenable.com/cve/CVE-2025-12453 https://www.tenable.com/cve/CVE-2025-12453 Fri, 13 Mar 2026 19:53:47 GMT Medium Severity

Description

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X, from 25.2.0 through 25.2.X, from 25.3.0 through 25.3.X.

Read more at https://www.tenable.com/cve/CVE-2025-12453

]]> https://www.tenable.com/cve/CVE-2023-40693 https://www.tenable.com/cve/CVE-2023-40693 Fri, 13 Mar 2026 19:53:45 GMT Medium Severity

Description

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, and 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Read more at https://www.tenable.com/cve/CVE-2023-40693

]]> https://www.tenable.com/cve/CVE-2026-3611 https://www.tenable.com/cve/CVE-2026-3611 Thu, 12 Mar 2026 21:16:27 GMT Critical Severity

Description

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest (level 100) context, granting read/write privileges to any party able to reach the HTTP interface. Authentication controls are only enforced after a web user is created via U.htm, which dynamically enables the user module. Because this function is accessible prior to authentication, a remote user can create a new account with administrative read/write permissions enabling the user module and imposing authentication under attacker-controlled credentials. This action can effectively lock legitimate operators out of local and web-based configuration and administration.

Read more at https://www.tenable.com/cve/CVE-2026-3611

]]> https://www.tenable.com/cve/CVE-2026-2581 https://www.tenable.com/cve/CVE-2026-2581 Thu, 12 Mar 2026 21:16:25 GMT Medium Severity

Description

This is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS). In vulnerable Undici versions, when interceptors.deduplicate() is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlled or untrusted upstream endpoint can exploit this with large/chunked responses and concurrent identical requests, causing high memory usage and potential OOM process termination. Impacted users are applications that use Undici’s deduplication interceptor against endpoints that may produce large or long-lived response bodies. PatchesThe issue has been patched by changing deduplication behavior to stream response chunks to downstream handlers as they arrive (instead of full-body accumulation), and by preventing late deduplication when body streaming has already started. Users should upgrade to the first official Undici (and Node.js, where applicable) releases that include this patch.

Read more at https://www.tenable.com/cve/CVE-2026-2581

]]> https://www.tenable.com/cve/CVE-2026-2229 https://www.tenable.com/cve/CVE-2026-2229 Thu, 12 Mar 2026 21:16:25 GMT High Severity

Description

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the server_max_window_bits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. A malicious server can respond with an out-of-range server_max_window_bits value (outside zlib's valid range of 8-15). When the server subsequently sends a compressed frame, the client attempts to create a zlib InflateRaw instance with the invalid windowBits value, causing a synchronous RangeError exception that is not caught, resulting in immediate process termination. The vulnerability exists because: * The isValidClientWindowBits() function only validates that the value contains ASCII digits, not that it falls within the valid range 8-15 * The createInflateRaw() call is not wrapped in a try-catch block * The resulting exception propagates up through the call stack and crashes the Node.js process

Read more at https://www.tenable.com/cve/CVE-2026-2229

]]> https://www.tenable.com/cve/CVE-2026-1528 https://www.tenable.com/cve/CVE-2026-1528 Thu, 12 Mar 2026 21:16:25 GMT High Severity

Description

ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.

Read more at https://www.tenable.com/cve/CVE-2026-1528

]]> https://www.tenable.com/cve/CVE-2026-1527 https://www.tenable.com/cve/CVE-2026-1527 Thu, 12 Mar 2026 21:16:25 GMT Medium Severity

Description

ImpactWhen an application passes user-controlled input to the upgrade option of client.request(), an attacker can inject CRLF sequences (\r\n) to: * Inject arbitrary HTTP headers * Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services (Redis, Memcached, Elasticsearch) The vulnerability exists because undici writes the upgrade value directly to the socket without validating for invalid header characters: // lib/dispatcher/client-h1.js:1121 if (upgrade) { header += `connection: upgrade\r\nupgrade: ${upgrade}\r\n` }

Read more at https://www.tenable.com/cve/CVE-2026-1527

]]> https://www.tenable.com/cve/CVE-2026-1526 https://www.tenable.com/cve/CVE-2026-1526 Thu, 12 Mar 2026 21:16:23 GMT High Severity

Description

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit on the decompressed data size. A malicious WebSocket server can send a small compressed frame (a "decompression bomb") that expands to an extremely large size in memory, causing the Node.js process to exhaust available memory and crash or become unresponsive. The vulnerability exists in the PerMessageDeflate.decompress() method, which accumulates all decompressed chunks in memory and concatenates them into a single Buffer without checking whether the total size exceeds a safe threshold.

Read more at https://www.tenable.com/cve/CVE-2026-1526

]]> https://www.tenable.com/cve/CVE-2026-32274 https://www.tenable.com/cve/CVE-2026-32274 Thu, 12 Mar 2026 20:16:06 GMT High Severity

Description

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the value of this argument to write cache files to arbitrary file system locations. Fixed in Black 26.3.1.

Read more at https://www.tenable.com/cve/CVE-2026-32274

]]> https://www.tenable.com/cve/CVE-2026-32269 https://www.tenable.com/cve/CVE-2026-32269 Thu, 12 Mar 2026 20:16:06 GMT Medium Severity

Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.13 and 8.6.39, the OAuth2 authentication adapter does not correctly validate app IDs when appidField and appIds are configured. During app ID validation, a malformed value is sent to the token introspection endpoint instead of the user's actual access token. Depending on the introspection endpoint's behavior, this could either cause all OAuth2 logins to fail, or allow authentication from disallowed app contexts if the endpoint returns valid-looking data for the malformed request. Deployments using the OAuth2 adapter with appidField and appIds configured are affected. This vulnerability is fixed in 9.6.0-alpha.13 and 8.6.39.

Read more at https://www.tenable.com/cve/CVE-2026-32269

]]> https://www.tenable.com/cve/CVE-2026-32260 https://www.tenable.com/cve/CVE-2026-32260 Thu, 12 Mar 2026 20:16:06 GMT High Severity

Description

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:child_process polyfill (shell: true mode) that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand (ext/node/polyfills/internal/child_process.ts) has a priority bug: when an argument contains a $VAR pattern, it is wrapped in double quotes (L1290) instead of single quotes. Double quotes in POSIX sh do not suppress backtick command substitution, allowing injected commands to execute. An attacker who controls arguments passed to spawnSync or spawn with shell: true can execute arbitrary OS commands, bypassing Deno's permission system. This vulnerability is fixed in 2.7.2.

Read more at https://www.tenable.com/cve/CVE-2026-32260

]]> https://www.tenable.com/cve/CVE-2026-32259 https://www.tenable.com/cve/CVE-2026-32259 Thu, 12 Mar 2026 20:16:05 GMT Medium Severity

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails in the sixel encoder it would be possible to write past the end of a buffer on the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Read more at https://www.tenable.com/cve/CVE-2026-32259

]]> https://www.tenable.com/cve/CVE-2026-32251 https://www.tenable.com/cve/CVE-2026-32251 Thu, 12 Mar 2026 20:16:05 GMT Critical Severity

Description

Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources (.xml) and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files from the server and make server-side requests to internal services. This vulnerability is fixed in 3.166.3.

Read more at https://www.tenable.com/cve/CVE-2026-32251

]]> https://www.tenable.com/cve/CVE-2026-32249 https://www.tenable.com/cve/CVE-2026-32249 Thu, 12 Mar 2026 20:16:05 GMT Medium Severity

Description

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\u05bb]), incorrectly emits the composing bytes of that character as separate NFA states. This corrupts the NFA postfix stack, resulting in NFA_START_COLL having a NULL out1 pointer. When nfa_max_width() subsequently traverses the compiled NFA to estimate match width for the look-behind assertion, it dereferences state->out1->out without a NULL check, causing a segmentation fault. This vulnerability is fixed in 9.2.0137.

Read more at https://www.tenable.com/cve/CVE-2026-32249

]]> https://www.tenable.com/cve/CVE-2026-32248 https://www.tenable.com/cve/CVE-2026-32248 Thu, 12 Mar 2026 20:16:05 GMT Critical Severity

Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user identifier (e.g. anonymous authentication). By sending a crafted login request, the attacker can cause the server to perform a pattern-matching query instead of an exact-match lookup, allowing the attacker to match an existing user and obtain a valid session token for that user's account. Both MongoDB and PostgreSQL database backends are affected. Any Parse Server deployment that allows anonymous authentication (enabled by default) is vulnerable. This vulnerability is fixed in 9.6.0-alpha.12 and 8.6.38.

Read more at https://www.tenable.com/cve/CVE-2026-32248

]]> https://www.tenable.com/cve/CVE-2026-32240 https://www.tenable.com/cve/CVE-2026-32240 Thu, 12 Mar 2026 20:16:05 GMT Medium Severity

Description

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in 1.4.0.

Read more at https://www.tenable.com/cve/CVE-2026-32240

]]> https://www.tenable.com/cve/CVE-2026-32239 https://www.tenable.com/cve/CVE-2026-32239 Thu, 12 Mar 2026 20:16:05 GMT Medium Severity

Description

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in 1.4.0.

Read more at https://www.tenable.com/cve/CVE-2026-32239

]]> https://www.tenable.com/cve/CVE-2026-1525 https://www.tenable.com/cve/CVE-2026-1525 Thu, 12 Mar 2026 20:16:02 GMT Medium Severity

Description

Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names (e.g., Content-Length and content-length). This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: * Applications using undici.request(), undici.Client, or similar low-level APIs with headers passed as flat arrays * Applications that accept user-controlled header names without case-normalization Potential consequences: * Denial of Service: Strict HTTP parsers (proxies, servers) will reject requests with duplicate Content-Length headers (400 Bad Request) * HTTP Request Smuggling: In deployments where an intermediary and backend interpret duplicate headers inconsistently (e.g., one uses the first value, the other uses the last), this can enable request smuggling attacks leading to ACL bypass, cache poisoning, or credential hijacking

Read more at https://www.tenable.com/cve/CVE-2026-1525

]]> https://www.tenable.com/cve/CVE-2026-3497 https://www.tenable.com/cve/CVE-2026-3497 Thu, 12 Mar 2026 19:16:19 GMT Medium Severity

Description

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.

Read more at https://www.tenable.com/cve/CVE-2026-3497

]]> https://www.tenable.com/cve/CVE-2026-32247 https://www.tenable.com/cve/CVE-2026-32247 Thu, 12 Mar 2026 19:16:19 GMT High Severity

Description

Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.node_labels were concatenated directly into Cypher label expressions without validation. In MCP deployments, this was exploitable not only through direct untrusted access to the Graphiti MCP server, but also through prompt injection against an LLM client that could be induced to call search_nodes with attacker-controlled entity_types values. The MCP server mapped entity_types to SearchFilters.node_labels, which then reached the vulnerable Cypher construction path. Affected backends included Neo4j, FalkorDB, and Neptune. Kuzu was not affected by the label-injection issue because it used parameterized label handling rather than string-interpolated Cypher labels. This issue was mitigated in 0.28.2.

Read more at https://www.tenable.com/cve/CVE-2026-32247

]]> https://www.tenable.com/cve/CVE-2026-32246 https://www.tenable.com/cve/CVE-2026-32246 Thu, 12 Mar 2026 19:16:19 GMT High Severity

Description

Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC authorization endpoint allows users with a TOTP-pending session (password verified, TOTP not yet completed) to obtain authorization codes. An attacker who knows a user's password but not their TOTP secret can obtain valid OIDC tokens, completely bypassing the second factor. This vulnerability is fixed in 5.0.3.

Read more at https://www.tenable.com/cve/CVE-2026-32246

]]> https://www.tenable.com/cve/CVE-2026-32245 https://www.tenable.com/cve/CVE-2026-32245 Thu, 12 Mar 2026 19:16:19 GMT Medium Severity

Description

Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC token endpoint does not verify that the client exchanging an authorization code is the same client the code was issued to. A malicious OIDC client operator can exchange another client's authorization code using their own client credentials, obtaining tokens for users who never authorized their application. This violates RFC 6749 Section 4.1.3. This vulnerability is fixed in 5.0.3.

Read more at https://www.tenable.com/cve/CVE-2026-32245

]]> https://www.tenable.com/cve/CVE-2026-32242 https://www.tenable.com/cve/CVE-2026-32242 Thu, 12 Mar 2026 19:16:19 GMT Critical Severity

Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.11 and 8.6.37, Parse Server's built-in OAuth2 auth adapter exports a singleton instance that is reused directly across all OAuth2 provider configurations. Under concurrent authentication requests for different OAuth2 providers, one provider's token validation may execute using another provider's configuration, potentially allowing a token that should be rejected by one provider to be accepted because it is validated against a different provider's policy. Deployments that configure multiple OAuth2 providers via the oauth2: true flag are affected. This vulnerability is fixed in 9.6.0-alpha.11 and 8.6.37.

Read more at https://www.tenable.com/cve/CVE-2026-32242

]]> https://www.tenable.com/cve/CVE-2026-32237 https://www.tenable.com/cve/CVE-2026-32237 Thu, 12 Mar 2026 19:16:19 GMT Medium Severity

Description

Backstage is an open framework for building developer portals. Prior to 3.1.5, authenticated users with permission to execute scaffolder dry-runs can gain access to server-configured environment secrets through the dry-run API response. Secrets are properly redacted in log output but not in all parts of the response payload. Deployments that have configured scaffolder.defaultEnvironment.secrets are affected. This is patched in @backstage/plugin-scaffolder-backend version 3.1.5.

Read more at https://www.tenable.com/cve/CVE-2026-32237

]]> https://www.tenable.com/cve/CVE-2026-32236 https://www.tenable.com/cve/CVE-2026-32236 Thu, 12 Mar 2026 19:16:18 GMT Info Severity

Description

Backstage is an open framework for building developer portals. Prior to 0.27.1, a Server-Side Request Forgery (SSRF) vulnerability exists in @backstage/plugin-auth-backend when auth.experimentalClientIdMetadataDocuments.enabled is set to true. The CIMD metadata fetch validates the initial client_id hostname against private IP ranges but does not apply the same validation after HTTP redirects. The practical impact is limited. The attacker cannot read the response body from the internal request, cannot control request headers or method, and the feature must be explicitly enabled via an experimental flag that is off by default. Deployments that restrict allowedClientIdPatterns to specific trusted domains are not affected. Patched in @backstage/plugin-auth-backend version 0.27.1.

Read more at https://www.tenable.com/cve/CVE-2026-32236

]]> https://www.tenable.com/cve/CVE-2026-32235 https://www.tenable.com/cve/CVE-2026-32235 Thu, 12 Mar 2026 19:16:17 GMT Medium Severity

Description

Backstage is an open framework for building developer portals. Prior to 0.27.1, the experimental OIDC provider in @backstage/plugin-auth-backend is vulnerable to a redirect URI allowlist bypass. Instances that have enabled experimental Dynamic Client Registration or Client ID Metadata Documents and configured allowedRedirectUriPatterns are affected. A specially crafted redirect URI can pass the allowlist validation while resolving to an attacker-controlled host. If a victim approves the resulting OAuth consent request, their authorization code is sent to the attacker, who can exchange it for a valid access token. This requires victim interaction and that one of the experimental features is explicitly enabled, which is not the default. This vulnerability is fixed in 0.27.1.

Read more at https://www.tenable.com/cve/CVE-2026-32235

]]> https://www.tenable.com/cve/CVE-2026-32232 https://www.tenable.com/cve/CVE-2026-32232 Thu, 12 Mar 2026 19:16:17 GMT Critical Severity

Description

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6.

Read more at https://www.tenable.com/cve/CVE-2026-32232

]]> https://www.tenable.com/cve/CVE-2026-32231 https://www.tenable.com/cve/CVE-2026-32231 Thu, 12 Mar 2026 19:16:17 GMT High Severity

Description

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webhook channel trusts caller-supplied identity fields (sender, chat_id) from the request body and applies authorization checks to those untrusted values. Because authentication is optional and defaults to disabled (auth_token: None), an attacker who can reach POST /webhook can spoof an allowlisted sender and choose arbitrary chat_id values, enabling high-risk message spoofing and potential IDOR-style session/chat routing abuse. This vulnerability is fixed in 0.7.6.

Read more at https://www.tenable.com/cve/CVE-2026-32231

]]> https://www.tenable.com/cve/CVE-2026-32230 https://www.tenable.com/cve/CVE-2026-32230 Thu, 12 Mar 2026 19:16:16 GMT Medium Severity

Description

Uptime Kuma is an open source, self-hosted monitoring tool. From 2.0.0 to 2.1.3 , the GET /api/badge/:id/ping/:duration? endpoint in server/routers/api-router.js does not verify that the requested monitor belongs to a public group. All other badge endpoints check AND public = 1 in their SQL query before returning data. The ping endpoint skips this check entirely, allowing unauthenticated users to extract average ping/response time data for private monitors. This vulnerability is fixed in 2.2.0.

Read more at https://www.tenable.com/cve/CVE-2026-32230

]]> https://www.tenable.com/cve/CVE-2026-32142 https://www.tenable.com/cve/CVE-2026-32142 Thu, 12 Mar 2026 19:16:16 GMT Medium Severity

Description

Shopware is an open commerce platform. /api/_info/config route exposes information about licenses. This vulnerability is fixed in 7.8.1 and 6.10.15.

Read more at https://www.tenable.com/cve/CVE-2026-32142

]]> https://www.tenable.com/cve/CVE-2026-32138 https://www.tenable.com/cve/CVE-2026-32138 Thu, 12 Mar 2026 19:16:16 GMT High Severity

Description

NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services without authentication, potentially leading to unauthorized access to application resources and user data. This vulnerability is fixed in 2.0.0.

Read more at https://www.tenable.com/cve/CVE-2026-32138

]]> https://www.tenable.com/cve/CVE-2026-26793 https://www.tenable.com/cve/CVE-2026-26793 Thu, 12 Mar 2026 19:16:16 GMT Critical Severity

Description

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set_config function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

Read more at https://www.tenable.com/cve/CVE-2026-26793

]]> https://www.tenable.com/cve/CVE-2026-2376 https://www.tenable.com/cve/CVE-2026-2376 Thu, 12 Mar 2026 19:16:16 GMT Medium Severity

Description

A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically follows redirects without verifying the final destination, allowing attackers to route requests to systems they should not have access to.

Read more at https://www.tenable.com/cve/CVE-2026-2376

]]> https://www.tenable.com/cve/CVE-2025-70873 https://www.tenable.com/cve/CVE-2025-70873 Thu, 12 Mar 2026 19:16:15 GMT High Severity

Description

An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.

Read more at https://www.tenable.com/cve/CVE-2025-70873

]]> https://www.tenable.com/cve/CVE-2025-70245 https://www.tenable.com/cve/CVE-2025-70245 Thu, 12 Mar 2026 19:16:15 GMT Critical Severity

Description

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizardSelectMode.

Read more at https://www.tenable.com/cve/CVE-2025-70245

]]> https://www.tenable.com/cve/CVE-2025-66955 https://www.tenable.com/cve/CVE-2025-66955 Thu, 12 Mar 2026 19:16:15 GMT Medium Severity

Description

Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls.

Read more at https://www.tenable.com/cve/CVE-2025-66955

]]> https://www.tenable.com/cve/CVE-2025-61154 https://www.tenable.com/cve/CVE-2025-61154 Thu, 12 Mar 2026 19:16:14 GMT Medium Severity

Description

Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.7571 up to v0.13.3.7835 allows a crafted DWG file to cause a Denial of Service (DoS) via the function decompress_R2004_section at decode.c.

Read more at https://www.tenable.com/cve/CVE-2025-61154

]]> https://www.tenable.com/cve/CVE-2025-13913 https://www.tenable.com/cve/CVE-2025-13913 Thu, 12 Mar 2026 19:16:14 GMT Medium Severity

Description

Inductive Automation Ignition Software is vulnerable to an unauthenticated API endpoint exposure that may allow an attacker to remotely change the "forgot password" recovery email address.

Read more at https://www.tenable.com/cve/CVE-2025-13913

]]> https://www.tenable.com/cve/CVE-2026-3841 https://www.tenable.com/cve/CVE-2026-3841 Thu, 12 Mar 2026 18:16:26 GMT High Severity

Description

A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute arbitrary system commands. Successful exploitation may lead to full device compromise, including potential loss of confidentiality, integrity, and availability.

Read more at https://www.tenable.com/cve/CVE-2026-3841

]]> https://www.tenable.com/cve/CVE-2026-32141 https://www.tenable.com/cve/CVE-2026-32141 Thu, 12 Mar 2026 18:16:25 GMT High Severity

Description

flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process. This vulnerability is fixed in 3.4.0.

Read more at https://www.tenable.com/cve/CVE-2026-32141

]]> https://www.tenable.com/cve/CVE-2026-32140 https://www.tenable.com/cve/CVE-2026-32140 Thu, 12 Mar 2026 18:16:25 GMT Critical Severity

Description

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code execution. The Redshift JDBC driver execution flow reaches a method named getJdbcIniFile. The getJdbcIniFile method implements an aggressive automatic configuration file discovery mechanism. If not explicitly restricted, it searches for a file named rsjdbc.ini. In a JDBC URL context, users can explicitly specify the configuration file via URL parameters, which allows arbitrary files on the server to be loaded as JDBC configuration files. Within the Redshift JDBC driver properties, the parameter IniFile is explicitly supported and used to load an external configuration file. This vulnerability is fixed in 2.10.20.

Read more at https://www.tenable.com/cve/CVE-2026-32140

]]> https://www.tenable.com/cve/CVE-2026-32139 https://www.tenable.com/cve/CVE-2026-32139 Thu, 12 Mar 2026 18:16:25 GMT Medium Severity

Description

Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload interface allows SVG uploads. However, backend validation only checks whether the XML is parseable and whether the root node is svg. It does not sanitize active content such as onload/onerror event handlers or script-capable attributes. As a result, an attacker can upload a malicious SVG and then trigger script execution in a browser by visiting the exposed static resource URL, forming a full stored XSS exploitation chain. This vulnerability is fixed in 2.10.20.

Read more at https://www.tenable.com/cve/CVE-2026-32139

]]> https://www.tenable.com/cve/CVE-2026-32137 https://www.tenable.com/cve/CVE-2026-32137 Thu, 12 Mar 2026 18:16:25 GMT Critical Severity

Description

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject malicious SQL statements by constructing malicious table names. This vulnerability is fixed in 2.10.20.

Read more at https://www.tenable.com/cve/CVE-2026-32137

]]> https://www.tenable.com/cve/CVE-2026-32129 https://www.tenable.com/cve/CVE-2026-32129 Thu, 12 Mar 2026 18:16:25 GMT High Severity

Description

soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 (PoseidonSponge) accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate (inputs.len() < T - 1), unused rate positions are implicitly zero-filled. This allows trivial hash collisions: for any input vector [m1, ..., mk] hashed with a sponge of rate > k, hash([m1, ..., mk]) equals hash([m1, ..., mk, 0]) because both produce identical pre-permutation states. This affects any use of PoseidonSponge or poseidon_hash where the number of inputs is less than T - 1 (e.g., hashing 1 input with T=3). Poseidon2 (Poseidon2Sponge) is not affected.

Read more at https://www.tenable.com/cve/CVE-2026-32129

]]> https://www.tenable.com/cve/CVE-2026-32116 https://www.tenable.com/cve/CVE-2026-32116 Thu, 12 Mar 2026 18:16:24 GMT High Severity

Description

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file (wormhole receive) from a malicious party could result in overwriting critical local files, including ~/.ssh/authorized_keys and .bashrc. This could be used to compromise the receiver's computer. Only the sender of the file (the party who runs wormhole send) can mount the attack. Other parties (including the transit/relay servers) are excluded by the wormhole protocol. This vulnerability is fixed in 0.23.0.

Read more at https://www.tenable.com/cve/CVE-2026-32116

]]> https://www.tenable.com/cve/CVE-2026-32100 https://www.tenable.com/cve/CVE-2026-32100 Thu, 12 Mar 2026 18:16:24 GMT Medium Severity

Description

Shopware is an open commerce platform. /api/_info/config route exposes information about active security fixes. This vulnerability is fixed in 2.0.16, 3.0.12, and 4.0.7.

Read more at https://www.tenable.com/cve/CVE-2026-32100

]]> https://www.tenable.com/cve/CVE-2026-31890 https://www.tenable.com/cve/CVE-2026-31890 Thu, 12 Mar 2026 18:16:24 GMT Medium Severity

Description

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to 0.50.1, in a situation where the ring-buffer of a gadget is – incidentally or maliciously – already full, the gadget will silently drop events. The include/gadget/buffer.h file contains definitions for the Buffer API that gadgets can use to, among the other things, transfer data from eBPF programs to userspace. For hosts running a modern enough Linux kernel (>= 5.8), this transfer mechanism is based on ring-buffers. The size of the ring-buffer for the gadgets is hard-coded to 256KB. When a gadget_reserve_buf fails because of insufficient space, the gadget silently cleans up without producing an alert. The lost count reported by the eBPF operator, when using ring-buffers – the modern choice – is hardcoded to zero. The vulnerability can be used by a malicious event source (e.g. a compromised container) to cause a Denial Of Service, forcing the system to drop events coming from other containers (or the same container). This vulnerability is fixed in 0.50.1.

Read more at https://www.tenable.com/cve/CVE-2026-31890

]]> https://www.tenable.com/cve/CVE-2026-31873 https://www.tenable.com/cve/CVE-2026-31873 Thu, 12 Mar 2026 18:16:24 GMT Info Severity

Description

Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe (safe.ts) uses String.includes(), which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes('data:') returns false. An attacker can inject arbitrary CSS for UI redressing or data exfiltration via CSS attribute selectors with background-image callbacks. This vulnerability is fixed in 2.1.11.

Read more at https://www.tenable.com/cve/CVE-2026-31873

]]> https://www.tenable.com/cve/CVE-2026-31860 https://www.tenable.com/cve/CVE-2026-31860 Thu, 12 Mar 2026 18:16:24 GMT Medium Severity

Description

Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe() can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. The acceptDataAttrs function (safe.ts, line 16-20) allows any property key starting with data- through to the final HTML. It only checks the prefix, not whether the key contains spaces or other characters that break HTML attribute parsing. This vulnerability is fixed in 2.1.11.

Read more at https://www.tenable.com/cve/CVE-2026-31860

]]> https://www.tenable.com/cve/CVE-2026-28256 https://www.tenable.com/cve/CVE-2026-28256 Thu, 12 Mar 2026 18:16:23 GMT Medium Severity

Description

A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.

Read more at https://www.tenable.com/cve/CVE-2026-28256

]]> https://www.tenable.com/cve/CVE-2026-28255 https://www.tenable.com/cve/CVE-2026-28255 Thu, 12 Mar 2026 18:16:23 GMT High Severity

Description

A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.

Read more at https://www.tenable.com/cve/CVE-2026-28255

]]> https://www.tenable.com/cve/CVE-2026-28254 https://www.tenable.com/cve/CVE-2026-28254 Thu, 12 Mar 2026 18:16:23 GMT Medium Severity

Description

A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs.

Read more at https://www.tenable.com/cve/CVE-2026-28254

]]> https://www.tenable.com/cve/CVE-2026-28253 https://www.tenable.com/cve/CVE-2026-28253 Thu, 12 Mar 2026 18:16:23 GMT High Severity

Description

A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition

Read more at https://www.tenable.com/cve/CVE-2026-28253

]]> https://www.tenable.com/cve/CVE-2026-28252 https://www.tenable.com/cve/CVE-2026-28252 Thu, 12 Mar 2026 18:16:23 GMT Critical Severity

Description

A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device.

Read more at https://www.tenable.com/cve/CVE-2026-28252

]]> https://www.tenable.com/cve/CVE-2026-26795 https://www.tenable.com/cve/CVE-2026-26795 Thu, 12 Mar 2026 18:16:23 GMT Critical Severity

Description

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

Read more at https://www.tenable.com/cve/CVE-2026-26795

]]> https://www.tenable.com/cve/CVE-2026-26794 https://www.tenable.com/cve/CVE-2026-26794 Thu, 12 Mar 2026 18:16:22 GMT High Severity

Description

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add_group() function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request.

Read more at https://www.tenable.com/cve/CVE-2026-26794

]]> https://www.tenable.com/cve/CVE-2026-26792 https://www.tenable.com/cve/CVE-2026-26792 Thu, 12 Mar 2026 18:16:22 GMT Critical Severity

Description

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set_upgrade function via the modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type parameters. These vulnerabilities allow attackers to execute arbitrary commands via a crafted input.

Read more at https://www.tenable.com/cve/CVE-2026-26792

]]> https://www.tenable.com/cve/CVE-2026-26791 https://www.tenable.com/cve/CVE-2026-26791 Thu, 12 Mar 2026 18:16:22 GMT Critical Severity

Description

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

Read more at https://www.tenable.com/cve/CVE-2026-26791

]]> https://www.tenable.com/cve/CVE-2025-13462 https://www.tenable.com/cve/CVE-2025-13462 Thu, 12 Mar 2026 18:16:21 GMT Low Severity

Description

The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.

Read more at https://www.tenable.com/cve/CVE-2025-13462

]]>