Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Today's Security Brief
Friday's vulnerability disclosures are dominated by multiple critical flaws in Veeam Backup & Replication, with four CVEs scoring 9.9 and one at 9.1, presenting significant risk to enterprise backup infrastructure. The day's total includes 10 critical and 100 high-priority CVEs, with critical counts down 58% from the prior day while high-priority volume held steady. CVE-2026-3611 in Honeywell IQ4x building controllers received a maximum CVSS 10.0 score, and CVE-2026-3059 and CVE-2026-3060 affect the SGLang AI framework at 9.8 each. Attack patterns span remote code execution and authentication bypass across enterprise backup, industrial control systems, and AI/ML infrastructure. Eleven CVEs have confirmed active exploitation, including vulnerabilities in Ivanti Endpoint Manager, VMware Aria Operations, and several legacy Apple and Hikvision flaws, while patch availability currently sits at 0%.
Veeam Backup & Replication faces five critical vulnerabilities (CVSS 9.1â9.9), requiring urgent review of all backup infrastructure
10 critical CVEs disclosed, a 58% decrease from the prior day's 24 critical vulnerabilities
100 high-priority CVEs reported, unchanged from the previous day's volume
Honeywell IQ4x building controllers received a maximum-severity CVSS 10.0 rating (CVE-2026-3611), affecting industrial control environments
Patch availability stands at 0% across all disclosed CVEs, limiting remediation to compensating controls and network segmentation
11 actively exploited vulnerabilities include Ivanti EPM, VMware Aria Operations, Qualcomm chipsets, and legacy Apple and Hikvision flaws
Immediate action: Prioritize Veeam Backup & Replication environments for immediate risk assessment given five critical-severity flaws, and isolate Honeywell IQ4x building controllers from untrusted networks pending vendor guidance. With 0% patch availability across Friday's disclosures, implement compensating controls including network segmentation, enhanced monitoring, and access restrictions for all affected systems, particularly Ivanti EPM and VMware Aria Operations instances under active exploitation.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2026-25108
9.5đ
Soliton Systems K.KFileZen
â° Federal Deadline:March 16, 2026(4 days remaining)
FileZen is affected by a high-severity OS command injection vulnerability that allows a threat actor to execute arbitrary commands on the underlying operating system.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-22054
9.5đ Late Disclosure
OmnissaWorkspace One UEM
â° Federal Deadline:March 22, 2026(10 days remaining)
Omnissa Workspace ONE Server-Side Request Forgery - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-1603
9.5
Ivanti Endpoint Manager (EPM)
â° Federal Deadline:March 22, 2026(10 days remaining)
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-22719
9.5đ
BroadcomVMware Aria Operations
â° Federal Deadline:March 23, 2026(11 days remaining)
VMware Aria Operations contains a command injection vulnerability that could allow an attacker to execute arbitrary commands on the affected system.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-21385
9.5đ
QualcommMultiple Chipsets
â° Federal Deadline:March 23, 2026(11 days remaining)
A memory corruption vulnerability exists in memory allocation processes when handling specific alignments, potentially leading to arbitrary code execution or system instability.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-68613
9.5đ
n8nn8n
â° Federal Deadline:March 24, 2026(12 days remaining)
n8n Improper Control of Dynamically-Managed Code Resources Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2017-7921
9.5đ Late Disclosure
HikvisionMultiple Products
â° Federal Deadline:March 25, 2026(13 days remaining)
Hikvision Multiple Products Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-22681
9.5đ Late Disclosure
RockwellMultiple Products
â° Federal Deadline:March 25, 2026(13 days remaining)
Rockwell Multiple Products Insufficient Protected Credentials Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2023-43000
9.5đ Late Disclosure
AppleMultiple Products
â° Federal Deadline:March 25, 2026(13 days remaining)
Apple Multiple products Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-30952
9.5đ Late Disclosure
AppleMultiple Products
â° Federal Deadline:March 25, 2026(13 days remaining)
Apple Multiple Products Integer Overflow or Wraparound Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2023-41974
9.5đ Late Disclosure
AppleiOS and iPadOS
â° Federal Deadline:March 25, 2026(13 days remaining)
Apple iOS and iPadOS Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2026-21671
9.1đ
VeeamBackup
An authenticated user with the Backup Administrator role can perform remote code execution in high availability deployments of Veeam Backup & Replication.
CVSS Base9.1
â
CRSSelect profile
CVE-2026-3611
10đ
HoneywellIQ4x building
Honeywell IQ4x controllers allow unauthenticated remote attackers to create administrative accounts and take full control of building management systems.
CVSS Base10
â
CRSSelect profile
CVE-2026-21666
9.9đ
VeeamBackup & Replication
An authenticated domain user can achieve remote code execution on the Backup Server, leading to full system compromise.
CVSS Base9.9
â
CRSSelect profile
CVE-2026-21667
9.9đ
VeeamBackup & Replication
A vulnerability in the Backup Server allows an authenticated domain user to perform remote code execution, compromising the backup environment.
CVSS Base9.9
â
CRSSelect profile
CVE-2026-21669
9.9đ
VeeamBackup & Replication
An authenticated domain user can execute arbitrary code on the Backup Server, leading to a complete compromise of the backup system.
CVSS Base9.9
â
CRSSelect profile
CVE-2026-21708
9.9đ
VeeamBackup & Replication
A vulnerability allows a user with Backup Viewer privileges to perform remote code execution as the postgres user on the backup system.
CVSS Base9.9
â
CRSSelect profile
CVE-2026-3059
9.8đ
SGLangSGLang
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution via untrusted data deserialization in the ZMQ broker.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-3060
9.8đ
SGLangSGLang
SGLang's encoder parallel disaggregation system allows unauthenticated remote code execution through insecure deserialization in the disaggregation module.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-28792
9.6đ
TinaCMSTinaCMS CLI
TinaCMS CLI is vulnerable to a browser-based drive-by attack that allows remote attackers to read, write, or delete files on developer machines.
CVSS Base9.6
â
CRSSelect profile
CVE-2026-26793
9.8đ
GL-iNetGL-AR300M16
The GL-iNet GL-AR300M16 router contains a command injection vulnerability in the `set_config` function, allowing for arbitrary command execution.
CVSS Base9.8
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2019-25482
8.2đ Late Disclosure
HPHazir Rent
Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25508
8.2đ Late Disclosure
HPHazir Ilan
Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25511
8.2đ Late Disclosure
HPHazir Haber
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25513
8.2đ Late Disclosure
HPHazir Haber
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25516
8.2đ Late Disclosure
HPHazir Haber
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery_id parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25517
8.2đ Late Disclosure
HPHazir Haber
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25518
8.2đ Late Disclosure
HPHazir Haber
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25519
8.2đ Late Disclosure
HPHazir Haber
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25535
8.2đ Late Disclosure
HPDating Site
Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25488
8.2đ Late Disclosure
HPendpoint to
Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25509
8.2đ Late Disclosure
HPwith malicious
XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25521
8.2đ Late Disclosure
HPwith malicious
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gal_id parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25522
8.2đ Late Disclosure
HPwith malicious
XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photo_id parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25523
8.2đ Late Disclosure
HPwith malicious
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25524
8.2đ Late Disclosure
HPwith malicious
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25530
8.2đ Late Disclosure
HPwith malicious
uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the system_page GET parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2026-20040
8.8đ
CiscoIOS XR
A command injection vulnerability in the Cisco IOS XR CLI allows local, authenticated users to execute arbitrary commands with root privileges on the underlying operating system.
CVSS Base8.8
â
CRSSelect profile
CVE-2026-20046
8.8đ
CiscoIOS XR
A privilege escalation vulnerability in Cisco IOS XR Software's task group assignment allows local authenticated attackers to gain full administrative control over the device.
CVSS Base8.8
â
CRSSelect profile
CVE-2019-25539
8.2đ Late Disclosure
HPwith crafted
202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2026-3913
8.8đ
GoogleChrome prior
A heap buffer overflow vulnerability in the WebML component of Google Chrome allows unauthenticated remote attackers to potentially execute arbitrary code via crafted web content.
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3915
8.8đ
GoogleChrome prior
Google Chrome contains a heap buffer overflow in the WebML component, enabling unauthenticated remote attackers to achieve memory corruption or code execution via malicious pages.
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3917
8.8đ
GoogleChrome prior
A use-after-free vulnerability in the Agents component of Google Chrome allows unauthenticated remote attackers to potentially execute arbitrary code via a crafted web page.
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3918
8.8
GoogleChrome prior
Use after free in WebMCP in Google Chrome prior to 146
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3919
8.8
GoogleChrome prior
Use after free in Extensions in Google Chrome prior to 146
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3921
8.8
GoogleChrome prior
Use after free in TextEncoding in Google Chrome prior to 146
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3922
8.8
GoogleChrome prior
Use after free in MediaStream in Google Chrome prior to 146
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3923
8.8
GoogleChrome prior
Use after free in WebMIDI in Google Chrome prior to 146
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3931
8.8
GoogleChrome prior
Heap buffer overflow in Skia in Google Chrome prior to 146
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3936
8.8
GoogleChrome on
Use after free in WebView in Google Chrome on Android prior to 146
CVSS Base8.8
â
CRSSelect profile
CVE-2026-21672
8.8
ReplicationBackup
A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers
CVSS Base8.8
â
CRSSelect profile
CVE-2019-25481
8.2đ Late Disclosure
Archendpoint with
iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25510
8.2đ Late Disclosure
HPHazir Haber
Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25512
8.2đ Late Disclosure
HPHazir Haber
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25514
8.2đ Late Disclosure
HPHazir Haber
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25520
8.2đ Late Disclosure
HPHazir Haber
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25534
8.2đ Late Disclosure
HPCar Dealer
Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2025-68623
8.8
MicrosoftDirectX End
In Microsoft DirectX End-User Runtime Web Installer 9
CVSS Base8.8
â
CRSSelect profile
CVE-2026-31979
8.8
MicrosoftAzure Entra
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3914
8.8
GoogleChrome prior
Integer overflow in WebML in Google Chrome prior to 146
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3920
8.8
GoogleChrome prior
Out of bounds memory access in WebML in Google Chrome prior to 146
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3926
8.8
GoogleChrome prior
Out of bounds read in V8 in Google Chrome prior to 146
CVSS Base8.8
â
CRSSelect profile
CVE-2019-25533
8.2đ Late Disclosure
HPBusiness Directory
Netartmedia PHP Business Directory 4
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25536
8.2đ Late Disclosure
HPReal Estate
Netartmedia PHP Real Estate Agency 4
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25540
8.2đ Late Disclosure
HPMall
Netartmedia PHP Mall 4
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25541
8.2đ Late Disclosure
HPMall
Netartmedia PHP Mall 4
CVSS Base8.2
â
CRSSelect profile
CVE-2026-30900
7.8
ZoomClients for
Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access
CVSS Base7.8
â
CRSSelect profile
CVE-2026-30902
7.8
ZoomClients for
Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access
CVSS Base7.8
â
CRSSelect profile
CVE-2019-25479
8.2đ Late Disclosure
InforMultiple Products
Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25538
8.2đ Late Disclosure
InforMultiple Products
202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2026-1992
8.8
GoogleAnalytics Dashboard
The ExactMetrics â Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8
CVSS Base8.8
â
CRSSelect profile
CVE-2026-1993
8.8
GoogleAnalytics Dashboard
The ExactMetrics â Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in versions 7
CVSS Base8.8
â
CRSSelect profile
CVE-2019-25531
8.2đ Late Disclosure
HPthat allows
Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction
CVSS Base8.2
â
CRSSelect profile
CVE-2026-32260
8.1
UnknownMultiple Products
Deno is a JavaScript, TypeScript, and WebAssembly runtime
CVSS Base8.1
â
CRSSelect profile
CVE-2019-25532
8.2đ Late Disclosure
HPwith crafted
Netartmedia Jobs Portal 6
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25537
8.2đ Late Disclosure
HPwith malicious
Netartmedia Event Portal 2
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25542
8.2đ Late Disclosure
HPwith malicious
Netartmedia Real Estate Portal 5
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25543
8.2đ Late Disclosure
HPwith malicious
Netartmedia Real Estate Portal 5
CVSS Base8.2
â
CRSSelect profile
CVE-2026-22248
8
HPinstantiation
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing
CVSS Base8
â
CRSSelect profile
CVE-2026-31895
8.8
HPMultiple Products
WeGIA is a web manager for charitable institutions
CVSS Base8.8
â
CRSSelect profile
CVE-2026-25529
8.1
SMTPMultiple Products
Postal is an open source SMTP server
CVSS Base8.1
â
CRSSelect profile
CVE-2026-3970
8.8
Tendai3
A flaw has been found in Tenda i3 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3971
8.8
Tendai3
A vulnerability has been found in Tenda i3 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3972
8.8
TendaW3
A vulnerability was found in Tenda W3 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3973
8.8
TendaW3
A vulnerability was determined in Tenda W3 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3974
8.8
TendaW3
A vulnerability was identified in Tenda W3 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3975
8.8
TendaW3
A security flaw has been discovered in Tenda W3 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3976
8.8
TendaW3
A weakness has been identified in Tenda W3 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3978
8.8
D-LinkDIR
A vulnerability was detected in D-Link DIR-513 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-4007
8.8
TendaW3
A vulnerability was detected in Tenda W3 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-4008
8.8
TendaW3
A flaw has been found in Tenda W3 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-4041
8.8
Tendai12
A security flaw has been discovered in Tenda i12 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-4042
8.8
Tendai12
A weakness has been identified in Tenda i12 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-4043
8.8
Tendai12
A security vulnerability has been detected in Tenda i12 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-1090
8.7
versionshas remediated
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10
CVSS Base8.7
â
CRSSelect profile
CVE-2019-25466
8.4đ Late Disclosure
WebMultiple Products
Easy File Sharing Web Server 7
CVSS Base8.4
â
CRSSelect profile
CVE-2026-31889
8.9
ShopwareMultiple Products
Shopware is an open commerce platform
CVSS Base8.9
â
CRSSelect profile
CVE-2026-32059
8.8
OpenClawMultiple Products
OpenClaw version 2026
CVSS Base8.8
â
CRSSelect profile
CVE-2026-32060
8.8
priorMultiple Products
OpenClaw versions prior to 2026
CVSS Base8.8
â
CRSSelect profile
CVE-2025-67034
8.8
UnknownMultiple Products
An issue was discovered in Lantronix EDS5000 2
CVSS Base8.8
â
CRSSelect profile
CVE-2025-67036
8.8
UnknownMultiple Products
An issue was discovered in Lantronix EDS5000 2
CVSS Base8.8
â
CRSSelect profile
CVE-2025-67037
8.8
UnknownMultiple Products
An issue was discovered in Lantronix EDS5000 2
CVSS Base8.8
â
CRSSelect profile
CVE-2026-32127
8.8
ajaxMultiple Products
OpenEMR is a free and open source electronic health records and medical practice management application
CVSS Base8.8
â
CRSSelect profile
CVE-2023-43010
8.8đ Late Disclosure
UnknownMultiple Products
The issue was addressed with improved memory handling
CVSS Base8.8
â
CRSSelect profile
CVE-2026-21668
8.8
UnknownMultiple Products
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository
CVSS Base8.8
â
CRSSelect profile
CVE-2026-32246
8.5
authorizationMultiple Products
Tinyauth is an authentication and authorization server
CVSS Base8.5
â
CRSSelect profile
CVE-2019-25467
8.4đ Late Disclosure
docPrintMultiple Products
Verypdf docPrint Pro 8
CVSS Base8.4
â
CRSSelect profile
CVE-2019-25483
8.4đ Late Disclosure
ComtrendMultiple Products
Comtrend AR-5310 GE31-412SSG-C01_R10
CVSS Base8.4
â
CRSSelect profile
CVE-2026-28793
8.4
UnknownMultiple Products
Tina is a headless content management system
CVSS Base8.4
â
CRSSelect profile
CVE-2026-32110
8.3
UnknownMultiple Products
SiYuan is a personal knowledge management system
CVSS Base8.3
â
CRSSelect profile
CVE-2026-31839
8.2
UnknownMultiple Products
Striae is a firearms examiner's comparison companion
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25486
8.2đ Late Disclosure
InforMultiple Products
Varient 1
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25525
8.2đ Late Disclosure
ArchMultiple Products
Inout EasyRooms Ultimate Edition v1
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25526
8.2đ Late Disclosure
ArchMultiple Products
Inout EasyRooms Ultimate Edition v1
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25527
8.2đ Late Disclosure
ArchMultiple Products
Inout EasyRooms Ultimate Edition v1
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25528
8.2đ Late Disclosure
ArchMultiple Products
Inout EasyRooms Ultimate Edition v1
CVSS Base8.2
â
CRSSelect profile
CVE-2026-32138
8.2
UnknownMultiple Products
NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester
CVSS Base8.2
â
CRSSelect profile
CVE-2026-32231
8.2
UnknownMultiple Products
ZeptoClaw is a personal AI assistant
CVSS Base8.2
â
CRSSelect profile
CVE-2025-67298
8.1
UnknownMultiple Products
An issue in ClasroomIO before v
CVSS Base8.1
â
CRSSelect profile
CVE-2026-32247
8.1
ArchMultiple Products
Graphiti is a framework for building and querying temporal context graphs for AI agents