Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Today's Security Brief
Tuesday's disclosures reveal 21 critical vulnerabilities, a 425% increase from Monday's 4, with HP AVideo accounting for six of the top critical entries including a CVSS 10.0 flaw (CVE-2026-33478). High-priority disclosures also climbed significantly to 100, up 113% from 47 the prior day, bringing the total to 121 CVEs requiring triage. WordPress plugin vulnerabilities (CVE-2026-4001, CVE-2026-4283) and a Tenda A15 router flaw (CVE-2026-4567) round out the critical tier, while 15 actively exploited vulnerabilities target Apple, Google Chrome, n8n, and Zimbra. No patches are currently available for the newly disclosed critical issues, requiring defenders to prioritize compensating controls and network-level mitigations.
HP AVideo platform has six critical vulnerabilities including a CVSS 10.0 (CVE-2026-33478) enabling full system compromise
Critical CVE count jumped to 21, up 425% from Monday's 4 disclosures
High-priority CVEs rose to 100, a 113% increase over the prior day's 47
Remote code execution and authentication bypass flaws affect WordPress plugins, Tenda routers, and Android ImageMagick libraries
Patch availability stands at 0% for newly disclosed critical vulnerabilities â compensating controls are essential
15 actively exploited vulnerabilities target Apple, Google Chrome V8/Skia, n8n, Zimbra, and Wing FTP Server
Immediate action: Organizations running HP AVideo, WordPress with affected plugins, or Tenda A15 routers should apply network segmentation and restrict access immediately given the absence of patches. Review exposure to the 15 actively exploited vulnerabilities targeting Apple products, Google Chrome, n8n, Zimbra, and Wing FTP Server, and apply any available vendor updates for those KEV entries as a priority.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2025-68613
9.5đ
n8nn8n
â° Federal Deadline:March 24, 2026(1 days remaining)
n8n Improper Control of Dynamically-Managed Code Resources Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2017-7921
9.5đ Late Disclosure
HikvisionMultiple Products
â° Federal Deadline:March 25, 2026(2 days remaining)
Hikvision Multiple Products Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2021-22681
9.5đ Late Disclosure
RockwellMultiple Products
â° Federal Deadline:March 25, 2026(2 days remaining)
Rockwell Multiple Products Insufficient Protected Credentials Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2023-43000
9.5đ Late Disclosure
AppleMultiple Products
â° Federal Deadline:March 25, 2026(2 days remaining)
Apple Multiple products Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2021-30952
9.5đ Late Disclosure
AppleMultiple Products
â° Federal Deadline:March 25, 2026(2 days remaining)
Apple Multiple Products Integer Overflow or Wraparound Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2023-41974
9.5đ Late Disclosure
AppleiOS and iPadOS
â° Federal Deadline:March 25, 2026(2 days remaining)
Apple iOS and iPadOS Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2026-3910
9.5đ
GoogleChromium V8
â° Federal Deadline:March 26, 2026(3 days remaining)
Google Chrome versions prior to 146 feature an inappropriate implementation in the V8 JavaScript engine that is currently being exploited in the wild to achieve code execution.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2026-3909
9.5đ
GoogleSkia
â° Federal Deadline:March 26, 2026(3 days remaining)
Google Chrome versions prior to 146 contain an out-of-bounds write vulnerability in the Skia graphics engine, which is currently being exploited in the wild.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-47813
9.5
Wing FTP ServerWing FTP Server
â° Federal Deadline:March 29, 2026(6 days remaining)
Wing FTP Server Information Disclosure Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-66376
9.5
SynacorZimbra Collaboration Suite (ZCS)
â° Federal Deadline:March 31, 2026(8 days remaining)
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-32432
9.5
Craft CMSCraft CMS
â° Federal Deadline:April 2, 2026(10 days remaining)
Craft CMS Code Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-54068
9.5
LaravelLivewire
â° Federal Deadline:April 2, 2026(10 days remaining)
Laravel Livewire Code Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-43510
9.5
AppleMultiple Products
â° Federal Deadline:April 2, 2026(10 days remaining)
Apple Multiple Products Improper Locking Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-43520
9.5
AppleMultiple Products
â° Federal Deadline:April 2, 2026(10 days remaining)
Apple Multiple Products Classic Buffer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-31277
9.5
AppleMultiple Products
â° Federal Deadline:April 2, 2026(10 days remaining)
Apple Multiple Products Buffer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2026-4001
9.8đ
WordPressis vulnerable
The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to unauthenticated Remote Code Execution (RCE) via the PHP eval() function in custom pricing formulas.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-33478
10đ
HPAVideo
WWBN AVideo contains a vulnerability chain allowing unauthenticated remote code execution via exposed clone secrets, database dumps, and OS command injection.
CVSS Base10
â
CRSSelect profile
CVE-2026-33502
9.3đ
HPAVideo
An unauthenticated Server-Side Request Forgery (SSRF) vulnerability in WWBN AVideo's Live plugin allows attackers to probe internal networks and cloud metadata endpoints.
CVSS Base9.3
â
CRSSelect profile
CVE-2026-33352
9.8đ
HPAVideo
WWBN AVideo is vulnerable to an unauthenticated SQL injection in the getAllCategories() method due to insufficient sanitization of the doNotShowCats parameter.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-4755
9.8đ
MolotovCherry AndroidAndroid-ImageMagick7
A critical improper input validation vulnerability (CWE-20) in MolotovCherry Android-ImageMagick7 can lead to severe system instability or unauthorized code execution.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-33716
9.4đ
HPAVideo
WWBN AVideo contains an authentication bypass in the Live plugin's standalone control endpoint. Attackers can redirect token verification to a malicious server to gain control over live streams.
CVSS Base9.4
â
CRSSelect profile
CVE-2026-33297
9.1đ
HPAVideo (CustomizeUser plugin)
A logic error in AVideo's CustomizeUser plugin causes non-numeric passwords to be stored as "0". This allows any visitor to bypass channel access controls by entering the integer zero.
CVSS Base9.1
â
CRSSelect profile
CVE-2026-33351
9.1đ
HPAVideo (Live plugin)
WWBN AVideo is vulnerable to unauthenticated Server-Side Request Forgery (SSRF) via the `webSiteRootURL` parameter. Attackers can use the server to fetch internal resources.
CVSS Base9.1
â
CRSSelect profile
CVE-2026-4283
9.1đ
WordPressis vulnerable
The WP DSGVO Tools (GDPR) plugin for WordPress allows unauthenticated attackers to permanently destroy non-administrator accounts by bypassing the email confirmation flow via AJAX.
CVSS Base9.1
â
CRSSelect profile
CVE-2026-4567
9.8đ
TendaA15
A stack-based buffer overflow in the Tenda A15 UploadCfg function allows remote attackers to execute arbitrary code via a malicious File argument.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-3587
10đ
LinuxLinux-based OS
An unauthenticated remote attacker can escape a restricted CLI interface in certain Linux-based operating systems to gain root access.
CVSS Base10
â
CRSSelect profile
CVE-2026-32968
9.8đ
SAPcom_mb24sysapi module
An unauthenticated remote attacker can exploit an OS command injection vulnerability in the SAP com_mb24sysapi module, leading to full system compromise and remote code execution.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-4585
9.8đ
TiandyEasy7 Integrated Management Platform
Tiandy Easy7 Integrated Management Platform contains an OS command injection vulnerability in its Configuration Handler, allowing remote attackers to execute commands via the File argument.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-32913
9.3đ
OpenClawOpenClaw
OpenClaw fails to properly validate headers during cross-origin redirects, leading to the leakage of sensitive authorization headers like API keys to untrusted destinations.
CVSS Base9.3
â
CRSSelect profile
CVE-2025-60949
9.1đ
CensusCSWeb
Census CSWeb 8.0.1 exposes the "app/config" directory via HTTP, allowing unauthenticated attackers to download configuration files and obtain sensitive secrets.
CVSS Base9.1
â
CRSSelect profile
CVE-2026-33286
9.1đ
GraphitiGraphiti Framework
Graphiti framework versions prior to 1.10.2 are vulnerable to arbitrary method execution, allowing attackers to invoke destructive operations on underlying models via malicious JSONAPI payloads.
CVSS Base9.1
â
CRSSelect profile
CVE-2026-33211
9.6
Tekton PipelinesMultiple Products
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permission to create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that use the git resolver) can read arbitrary files from the resolver pod's filesystem, including ServiceAccount tokens. The file contents are returned base64-encoded in `resolutionrequest.status.data`. Versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 contain a patch.
CVSS Base9.6
â
CRSSelect profile
CVE-2026-4404
9.4đ
HarborHarbor (GoHarbor)
GoHarbor Harbor version 2.15.0 and below uses hard-coded credentials, allowing unauthenticated attackers to gain administrative access to the web user interface.
CVSS Base9.4
â
CRSSelect profile
CVE-2026-4599
9.1đ
jsrsasignjsrsasign
The jsrsasign library is vulnerable to incomplete comparison checks in cryptographic functions, allowing attackers to bias DSA nonces and recover private keys.
CVSS Base9.1
â
CRSSelect profile
CVE-2026-4750
9.1
fabiangreffrath woofMultiple Products
Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0.
CVSS Base9.1
â
CRSSelect profile
CVE-2026-4753
9.1
slajerek RetroDebuggerMultiple Products
Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72.
CVSS Base9.1
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2026-4673
8.8
GoogleChrome prior
Heap buffer overflow in WebAudio in Google Chrome prior to 146
CVSS Base8.8
â
CRSSelect profile
CVE-2026-4675
8.8
GoogleChrome prior
Heap buffer overflow in WebGL in Google Chrome prior to 146
CVSS Base8.8
â
CRSSelect profile
CVE-2026-4676
8.8
GoogleChrome prior
Use after free in Dawn in Google Chrome prior to 146
CVSS Base8.8
â
CRSSelect profile
CVE-2026-4678
8.8
GoogleChrome prior
Use after free in WebGPU in Google Chrome prior to 146
CVSS Base8.8
â
CRSSelect profile
CVE-2026-4680
8.8
GoogleChrome prior
Use after free in FedCM in Google Chrome prior to 146
CVSS Base8.8
â
CRSSelect profile
CVE-2026-4674
8.8
GoogleChrome prior
Out of bounds read in CSS in Google Chrome prior to 146
CVSS Base8.8
â
CRSSelect profile
CVE-2026-4677
8.8
GoogleChrome prior
Inappropriate implementation in WebAudio in Google Chrome prior to 146
CVSS Base8.8
â
CRSSelect profile
CVE-2026-4679
8.8
GoogleChrome prior
Integer overflow in Fonts in Google Chrome prior to 146
CVSS Base8.8
â
CRSSelect profile
CVE-2026-33292
7.5đ
Oraclecondition where
WWBN AVideo, an open-source video platform, is affected by a high-severity vulnerability that could lead to unauthorized access or data compromise.
CVSS Base7.5
â
CRSSelect profile
CVE-2026-33307
7.5
ApacheHTTPD based
Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS
CVSS Base7.5
â
CRSSelect profile
CVE-2025-10679
7.3đ
GoogleReviews
The ReviewX WordPress plugin is vulnerable to arbitrary method calls, which could allow attackers to execute unauthorized functions within the application.
CVSS Base7.3
â
CRSSelect profile
CVE-2026-4021
8.1
WordPressis vulnerable
The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28
CVSS Base8.1
â
CRSSelect profile
CVE-2026-2580
7.5đ
GoogleMaps
The WP Maps WordPress plugin is vulnerable to time-based SQL Injection via the âorderbyâ parameter, allowing attackers to extract sensitive database information.
CVSS Base7.5
â
CRSSelect profile
CVE-2026-4306
7.5
WordPressis vulnerable
The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2
CVSS Base7.5
â
CRSSelect profile
CVE-2026-4662
7.5
WordPressis vulnerable
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all versions up to, and including, 3
CVSS Base7.5
â
CRSSelect profile
CVE-2026-3533
8.8
WordPressis vulnerable
The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_popup_templates() function as well as insufficient file type validation in the upload_files() function in all versions up to, and including, 4
CVSS Base8.8
â
CRSSelect profile
CVE-2026-33854
8.8
MolotovCherryMultiple Products
Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7
CVSS Base8.8
â
CRSSelect profile
CVE-2026-33507
8.8
HPcode
WWBN AVideo is an open source video platform
CVSS Base8.8
â
CRSSelect profile
CVE-2026-33647
8.8
HPcode
WWBN AVideo is an open source video platform
CVSS Base8.8
â
CRSSelect profile
CVE-2026-33717
8.8
HPfile persistently
WWBN AVideo is an open source video platform
CVSS Base8.8
â
CRSSelect profile
CVE-2026-4756
7.8
MolotovCherryMultiple Products
Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7
CVSS Base7.8
â
CRSSelect profile
CVE-2026-33513
8.6
HPfiles under
WWBN AVideo is an open source video platform
CVSS Base8.6
â
CRSSelect profile
CVE-2026-33282
7.5
EllaMultiple Products
Ella Core is a 5G core designed for private networks
CVSS Base7.5
â
CRSSelect profile
CVE-2026-33856
7.5
MolotovCherryMultiple Products
Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagick7
CVSS Base7.5
â
CRSSelect profile
CVE-2026-33852
7.5
MolotovCherryMultiple Products
Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagick7
CVSS Base7.5
â
CRSSelect profile
CVE-2019-25613
7.5đ Late Disclosure
HPendpoint and
Easy Chat Server 3
CVSS Base7.5
â
CRSSelect profile
CVE-2026-33483
7.5
HPscript with
WWBN AVideo is an open source video platform
CVSS Base7.5
â
CRSSelect profile
CVE-2026-4562
7.3
HPof the
A security flaw has been discovered in MacCMS 2025
CVSS Base7.3
â
CRSSelect profile
CVE-2026-4579
7.3
HPof the
A vulnerability was identified in code-projects Simple Laundry System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-4580
7.3
HPof the
A security flaw has been discovered in code-projects Simple Laundry System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-4581
7.3
HPof the
A weakness has been identified in code-projects Simple Laundry System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-33492
7.3
HPsession
WWBN AVideo is an open source video platform
CVSS Base7.3
â
CRSSelect profile
CVE-2026-4617
7.3
HPof the
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-4623
7.3
HPof the
A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00
CVSS Base7.3
â
CRSSelect profile
CVE-2026-33479
8.8
HPMultiple Products
WWBN AVideo is an open source video platform
CVSS Base8.8
â
CRSSelect profile
CVE-2026-33480
8.6
HPMultiple Products
WWBN AVideo is an open source video platform
CVSS Base8.6
â
CRSSelect profile
CVE-2026-33719
8.6
HPMultiple Products
WWBN AVideo is an open source video platform
CVSS Base8.6
â
CRSSelect profile
CVE-2026-33293
8.1đ
HPAVideo
WWBN AVideo, an open-source video platform, is affected by a high-severity vulnerability. The flaw could permit unauthorized access or administrative bypass.
CVSS Base8.1
â
CRSSelect profile
CVE-2026-33482
8.1
HPMultiple Products
WWBN AVideo is an open source video platform
CVSS Base8.1
â
CRSSelect profile
CVE-2026-33649
8.1
HPMultiple Products
WWBN AVideo is an open source video platform
CVSS Base8.1
â
CRSSelect profile
CVE-2026-33651
8.1
HPMultiple Products
WWBN AVideo is an open source video platform
CVSS Base8.1
â
CRSSelect profile
CVE-2026-33354
7.6
HPMultiple Products
WWBN AVideo is an open source video platform
CVSS Base7.6
â
CRSSelect profile
CVE-2026-33650
7.6
HPMultiple Products
WWBN AVideo is an open source video platform
CVSS Base7.6
â
CRSSelect profile
CVE-2026-33485
7.5
F5Multiple Products
WWBN AVideo is an open source video platform
CVSS Base7.5
â
CRSSelect profile
CVE-2026-33512
7.5
HPMultiple Products
WWBN AVideo is an open source video platform
CVSS Base7.5
â
CRSSelect profile
CVE-2026-33488
7.4
HPMultiple Products
WWBN AVideo is an open source video platform
CVSS Base7.4
â
CRSSelect profile
CVE-2026-4612
7.3
HPMultiple Products
A vulnerability has been found in itsourcecode Free Hotel Reservation System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2019-25607
8.4đđ Late Disclosure
logAxessh 4
A high-severity vulnerability has been identified in Axessh 4. This security flaw could allow for unauthorized remote access or command execution via the SSH service.
CVSS Base8.4
â
CRSSelect profile
CVE-2026-4551
8.8
TendaF453
A vulnerability was found in Tenda F453 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-4552
8.8
TendaF453
A vulnerability was determined in Tenda F453 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-4553
8.8
TendaF453
A vulnerability was identified in Tenda F453 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-4555
8.8
D-LinkDIR
A weakness has been identified in D-Link DIR-513 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-4558
8.8
LinksysMR9600
A flaw has been found in Linksys MR9600 2
CVSS Base8.8
â
CRSSelect profile
CVE-2026-4565
8.8
TendaAC21
A vulnerability was detected in Tenda AC21 16
CVSS Base8.8
â
CRSSelect profile
CVE-2026-22739
8.6
Configdirectories
Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search directories
CVSS Base8.6
â
CRSSelect profile
CVE-2026-32969
7.5
userinfoMultiple Products
An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpointâs authentication method due to improper neutralization of special elements in a SQL SELECT command
CVSS Base7.5
â
CRSSelect profile
CVE-2026-4639
8.8
VitalsMultiple Products
Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges
CVSS Base8.8
â
CRSSelect profile
CVE-2026-33848
8.8
linkingvisionMultiple Products
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms
CVSS Base8.8
â
CRSSelect profile
CVE-2026-33849
8.8
linkingvisionMultiple Products
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms
CVSS Base8.8
â
CRSSelect profile
CVE-2025-41660
8.8
UnknownMultiple Products
A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution
CVSS Base8.8
â
CRSSelect profile
CVE-2026-23554
7.8
IntelEPT paging
The Intel EPT paging code uses an optimization to defer flushing of any cached
EPT state until the p2m lock is dropped, so that multiple modifications done
under the same locked region only issue a single flush
CVSS Base7.8
â
CRSSelect profile
CVE-2026-33847
7.8
linkingvisionMultiple Products
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms
CVSS Base7.8
â
CRSSelect profile
CVE-2026-4613
7.3
Commerceresults in
A vulnerability was found in SourceCodester E-Commerce Site 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-4640
7.5
InforMultiple Products
Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information
CVSS Base7.5
â
CRSSelect profile
CVE-2026-3509
7.5
UnknownMultiple Products
An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denialâofâservice (DoS) condition
CVSS Base7.5
â
CRSSelect profile
CVE-2019-25611
8.4đđ Late Disclosure
parseconfMiniFtp
MiniFtp contains a buffer overflow vulnerability in the `parseconf_load_setting` function. This flaw allows local attackers to execute arbitrary code by providing oversized configuration values.
CVSS Base8.4
â
CRSSelect profile
CVE-2026-4566
8.8đ
BelkinF9K1122
A high-severity flaw has been identified in the Belkin F9K1122 router, which could allow for unauthorized access or device compromise.
CVSS Base8.8
â
CRSSelect profile
CVE-2026-33648
8.8
UnknownMultiple Products
WWBN AVideo is an open source video platform
CVSS Base8.8
â
CRSSelect profile
CVE-2025-60946
8.8
CensusMultiple Products
Census CSWeb 8
CVSS Base8.8
â
CRSSelect profile
CVE-2025-60947
8.8
CensusMultiple Products
Census CSWeb 8
CVSS Base8.8
â
CRSSelect profile
CVE-2026-32276
8.8
UnknownMultiple Products
Connect-CMS is a content management system
CVSS Base8.8
â
CRSSelect profile
CVE-2026-4601
8.7
jsrsasignMultiple Products
Versions of the package jsrsasign before 11
CVSS Base8.7
â
CRSSelect profile
CVE-2026-32277
8.7
UnknownMultiple Products
Connect-CMS is a content management system
CVSS Base8.7
â
CRSSelect profile
CVE-2019-25603
8.4đ Late Disclosure
TuneCloneMultiple Products
TuneClone 2
CVSS Base8.4
â
CRSSelect profile
CVE-2019-25604
8.4đ Late Disclosure
DVDXPlayerMultiple Products
DVDXPlayer Pro 5
CVSS Base8.4
â
CRSSelect profile
CVE-2019-25608
8.4đ Late Disclosure
IperiusMultiple Products
Iperius Backup 6
CVSS Base8.4
â
CRSSelect profile
CVE-2019-25609
8.4đ Late Disclosure
jetCastMultiple Products
JetAudio jetCast Server 2
CVSS Base8.4
â
CRSSelect profile
CVE-2019-25615
8.4đ Late Disclosure
LavavoMultiple Products
Lavavo CD Ripper 4
CVSS Base8.4
â
CRSSelect profile
CVE-2019-25619
8.4đ Late Disclosure
ShellMultiple Products
FTP Shell Server 6
CVSS Base8.4
â
CRSSelect profile
CVE-2026-32845
8.4
cgltfMultiple Products
cgltf version 1
CVSS Base8.4
â
CRSSelect profile
CVE-2026-32278
8.2
UnknownMultiple Products
Connect-CMS is a content management system
CVSS Base8.2
â
CRSSelect profile
CVE-2026-32300
8.1
InforMultiple Products
Connect-CMS is a content management system
CVSS Base8.1
â
CRSSelect profile
CVE-2019-25612
7.8đ Late Disclosure
AdminMultiple Products
Admin Express 1
CVSS Base7.8
â
CRSSelect profile
CVE-2026-33298
7.8
theMultiple Products
llama
CVSS Base7.8
â
CRSSelect profile
CVE-2026-33850
7.8
WujekFoliarzMultiple Products
Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2
CVSS Base7.8
â
CRSSelect profile
CVE-2026-33851
7.8
joncampbell123Multiple Products
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in joncampbell123 doslib
CVSS Base7.8
â
CRSSelect profile
CVE-2019-25605
7.5đ Late Disclosure
EquityPanditMultiple Products
EquityPandit 1
CVSS Base7.5
â
CRSSelect profile
CVE-2026-4598
7.5
jsrsasignMultiple Products
Versions of the package jsrsasign before 11
CVSS Base7.5
â
CRSSelect profile
CVE-2026-4602
7.5
jsrsasignMultiple Products
Versions of the package jsrsasign before 11
CVSS Base7.5
â
CRSSelect profile
CVE-2026-4645
7.5
GitHubMultiple Products
A flaw was found in the `github
CVSS Base7.5
â
CRSSelect profile
CVE-2026-26828
7.5
UnknownMultiple Products
A NULL pointer dereference in the daap_reply_playlists function (src/httpd_daap
CVSS Base7.5
â
CRSSelect profile
CVE-2026-26829
7.5
UnknownMultiple Products
A NULL pointer dereference in the safe_atou64 function (src/misc
CVSS Base7.5
â
CRSSelect profile
CVE-2026-25075
7.5
strongSwanMultiple Products
strongSwan versions 4
CVSS Base7.5
â
CRSSelect profile
CVE-2026-26209
7.5
UnknownMultiple Products
cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format
CVSS Base7.5
â
CRSSelect profile
CVE-2026-32299
7.5
InforMultiple Products
Connect-CMS is a content management system
CVSS Base7.5
â
CRSSelect profile
CVE-2026-33242
7.5
salvoMultiple Products
Salvo is a Rust web framework
CVSS Base7.5
â
CRSSelect profile
CVE-2026-33250
7.5
InforMultiple Products
Freeciv21 is a free open source, turn-based, empire-building strategy game
CVSS Base7.5
â
CRSSelect profile
CVE-2026-4600
7.4
jsrsasignMultiple Products
Versions of the package jsrsasign before 11
CVSS Base7.4
â
CRSSelect profile
CVE-2026-4594
7.3
UnknownMultiple Products
A vulnerability has been found in erupts erupt up to 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-4615
7.3
CateringMultiple Products
A vulnerability was identified in SourceCodester Online Catering Reservation 1