Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Today's Security Brief
Sunday's vulnerability disclosures include 2 critical and 93 high-priority CVEs, a significant reduction from Saturday's 20 critical findings. Ivanti Endpoint Manager (CVE-2026-1603), Broadcom VMware Aria Operations (CVE-2026-22719), and Google Chrome components (CVE-2026-3910, CVE-2026-3909) are among the most notable new entries with active exploitation confirmed. Legacy vulnerabilities in Apple, Hikvision, and Rockwell products continue to see exploitation activity, underscoring persistent risk from unpatched older flaws. Infor WebCTRL (CVE-2026-24060, CVSS 9.1) presents a critical building automation risk, while Qualcomm chipset vulnerabilities affect a broad mobile device footprint. Patch availability currently stands at 0%, requiring organizations to prioritize compensating controls and monitoring until vendor fixes are released.
Ivanti EPM, VMware Aria Operations, and Google Chrome/Skia under active exploitation with CVSS 9.5 ratings
Critical CVE count dropped to 2, down 90% from Saturday's 20 critical disclosures
93 high-priority vulnerabilities disclosed, a 7% decrease from the prior day
Remote code execution and authentication bypass patterns dominate, affecting n8n, Craft CMS, Laravel Livewire, and Wing FTP Server
0% patch availability across all disclosed CVEs β compensating controls and network segmentation recommended
Immediate action: Prioritize network-level mitigations for Ivanti EPM, VMware Aria Operations, and Google Chrome components given confirmed active exploitation. With 0% patch availability, implement compensating controls including network segmentation, enhanced monitoring, and restricting access to affected services until vendor patches are released.
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
β οΈ CISA KEVURGENT
CVE-2021-22054
9.5π Late Disclosure
OmnissaWorkspace One UEM
β° Federal Deadline:March 22, 2026(1 days remaining)
Omnissa Workspace ONE Server-Side Request Forgery - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-1603
9.5
Ivanti Endpoint Manager (EPM)
β° Federal Deadline:March 22, 2026(1 days remaining)
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-22719
9.5π
BroadcomVMware Aria Operations
β° Federal Deadline:March 23, 2026(2 days remaining)
VMware Aria Operations contains a command injection vulnerability that could allow an attacker to execute arbitrary commands on the affected system.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-21385
9.5π
QualcommMultiple Chipsets
β° Federal Deadline:March 23, 2026(2 days remaining)
A memory corruption vulnerability exists in memory allocation processes when handling specific alignments, potentially leading to arbitrary code execution or system instability.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-68613
9.5π
n8nn8n
β° Federal Deadline:March 24, 2026(3 days remaining)
n8n Improper Control of Dynamically-Managed Code Resources Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2017-7921
9.5π Late Disclosure
HikvisionMultiple Products
β° Federal Deadline:March 25, 2026(4 days remaining)
Hikvision Multiple Products Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2021-22681
9.5π Late Disclosure
RockwellMultiple Products
β° Federal Deadline:March 25, 2026(4 days remaining)
Rockwell Multiple Products Insufficient Protected Credentials Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2023-43000
9.5π Late Disclosure
AppleMultiple Products
β° Federal Deadline:March 25, 2026(4 days remaining)
Apple Multiple products Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2021-30952
9.5π Late Disclosure
AppleMultiple Products
β° Federal Deadline:March 25, 2026(4 days remaining)
Apple Multiple Products Integer Overflow or Wraparound Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2023-41974
9.5π Late Disclosure
AppleiOS and iPadOS
β° Federal Deadline:March 25, 2026(4 days remaining)
Apple iOS and iPadOS Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-3910
9.5π
GoogleChromium V8
β° Federal Deadline:March 26, 2026(5 days remaining)
Google Chrome versions prior to 146 feature an inappropriate implementation in the V8 JavaScript engine that is currently being exploited in the wild to achieve code execution.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-3909
9.5π
GoogleSkia
β° Federal Deadline:March 26, 2026(5 days remaining)
Google Chrome versions prior to 146 contain an out-of-bounds write vulnerability in the Skia graphics engine, which is currently being exploited in the wild.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-47813
9.5
Wing FTP ServerWing FTP Server
β° Federal Deadline:March 29, 2026(8 days remaining)
Wing FTP Server Information Disclosure Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-66376
9.5
SynacorZimbra Collaboration Suite (ZCS)
β° Federal Deadline:March 31, 2026(10 days remaining)
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-32432
9.5
Craft CMSCraft CMS
β° Federal Deadline:April 2, 2026(12 days remaining)
Craft CMS Code Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-54068
9.5
LaravelLivewire
β° Federal Deadline:April 2, 2026(12 days remaining)
Laravel Livewire Code Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-43510
9.5
AppleMultiple Products
β° Federal Deadline:April 2, 2026(12 days remaining)
Apple Multiple Products Improper Locking Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-43520
9.5
AppleMultiple Products
β° Federal Deadline:April 2, 2026(12 days remaining)
Apple Multiple Products Classic Buffer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-31277
9.5
AppleMultiple Products
β° Federal Deadline:April 2, 2026(12 days remaining)
Apple Multiple Products Buffer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
π¨
Critical Vulnerabilities
CVE-2019-25568
9.8ππ Late Disclosure
Memu PlayMemu Play
Memu Play 6.0.7 contains an insecure file permissions flaw allowing low-privilege users to escalate to SYSTEM privileges by overwriting the MemuService.exe binary in the installation directory.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-24060
9.1π
InforWebCTRL / BACnet
Service information in WebCTRL is transmitted unencrypted over BACnet, allowing attackers to sniff, intercept, and modify sensitive PLC update data and file positions.
CVSS Base9.1
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2026-22324
8.1
HPProgram
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Melania allows PHP Local File Inclusion
CVSS Base8.1
β
CRSSelect profile
CVE-2026-32710
8.5
MariaDBserver
MariaDB server is a community developed fork of MySQL server
CVSS Base8.5
β
CRSSelect profile
CVE-2019-25578
8.2π Late Disclosure
HPwith SQL
phpTransformer 2016
CVSS Base8.2
β
CRSSelect profile
CVE-2026-2378
7.4
priorfor Android
ArcSearch for Android versions prior to 1
CVSS Base7.4
β
CRSSelect profile
CVE-2026-3334
8.8
WordPressis vulnerable
The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'or_blogname', 'or_blogdescription', and 'or_admin_email' parameters in all versions up to, and including, 2
CVSS Base8.8
β
CRSSelect profile
CVE-2026-4261
8.8
WordPressis vulnerable
The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1
CVSS Base8.8
β
CRSSelect profile
CVE-2026-4314
8.8
WordPressToolkit
The 'The Ultimate WordPress Toolkit β WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3
CVSS Base8.8
β
CRSSelect profile
CVE-2026-33226
8.7
KubernetesAPIs
Budibase is a low code platform for creating internal tools, workflows, and admin panels
CVSS Base8.7
β
CRSSelect profile
CVE-2026-33180
7.5
InforMultiple Products
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java
CVSS Base7.5
β
CRSSelect profile
CVE-2026-3629
8.1
WordPressis vulnerable
The Import and export users and customers plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1
CVSS Base8.1
β
CRSSelect profile
CVE-2026-1800
7.5
WordPressis vulnerable
The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the βfmcfIdSelectedFntβ parameter in all versions up to, and including, 1
CVSS Base7.5
β
CRSSelect profile
CVE-2026-2468
7.5
WordPressis vulnerable
The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntn_wp_access' cookie in all versions up to, and including, 1
CVSS Base7.5
β
CRSSelect profile
CVE-2026-2941
8.8
WordPressis vulnerable
The Linksy Search and Replace plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'linksy_search_and_replace_item_details' function in all versions up to, and including, 1
CVSS Base8.8
β
CRSSelect profile
CVE-2026-2279
7.2
WordPressis vulnerable
The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sort_by' and 'sort_order' parameters in all versions up to, and including, 1
CVSS Base7.2
β
CRSSelect profile
CVE-2026-1313
8.3
WordPressis vulnerable
The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3
CVSS Base8.3
β
CRSSelect profile
CVE-2025-14037
8.1
WordPressis vulnerable
The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 1
CVSS Base8.1
β
CRSSelect profile
CVE-2026-32317
7.6
transparentMultiple Products
Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud
CVSS Base7.6
β
CRSSelect profile
CVE-2026-32318
7.6
transparentMultiple Products
Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud
CVSS Base7.6
β
CRSSelect profile
CVE-2026-32701
7.5π
Builder.ioQwik
A security vulnerability in the Qwik JavaScript framework poses a high risk to web applications, potentially allowing for unauthorized client-side or server-side interactions.
CVSS Base7.5
β
CRSSelect profile
CVE-2026-33204
7.5
LGMultiple Products
SimpleJWT is a simple JSON web token library written in PHP
CVSS Base7.5
β
CRSSelect profile
CVE-2026-33231
7.5π
F5Natural Language Toolkit (NLTK)
A high-severity security vulnerability has been identified in the Natural Language Toolkit (NLTK) Python library, impacting data processing and research environments.
CVSS Base7.5
β
CRSSelect profile
CVE-2026-4373
7.5
WordPressis vulnerable
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3
CVSS Base7.5
β
CRSSelect profile
CVE-2019-25579
7.5π Late Disclosure
HPMultiple Products
phpTransformer 2016
CVSS Base7.5
β
CRSSelect profile
CVE-2019-25580
8.2π Late Disclosure
HPwith crafted
ownDMS 4
CVSS Base8.2
β
CRSSelect profile
CVE-2026-3368
7.2
WordPressis vulnerable
The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions up to and including 1
CVSS Base7.2
β
CRSSelect profile
CVE-2026-4302
7.2
WordPressis vulnerable
The WowOptin: Next-Gen Popup Maker plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1
CVSS Base7.2
β
CRSSelect profile
CVE-2026-1648
7.2
WordPressis vulnerable
The Performance Monitor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1
CVSS Base7.2
β
CRSSelect profile
CVE-2026-2440
7.2
WordPressis vulnerable
The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2
CVSS Base7.2
β
CRSSelect profile
CVE-2026-3003
7.2
WordPressis vulnerable
The Vagaro Booking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βvagaro_codeβ parameter in all versions up to, and including, 0
CVSS Base7.2
β
CRSSelect profile
CVE-2026-3478
7.2
WordPressis vulnerable
The Content Syndication Toolkit plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1
CVSS Base7.2
β
CRSSelect profile
CVE-2024-32537
7.1π Late Disclosure
joshuae1974Multiple Products
Cross-Site request forgery (CSRF) vulnerability in joshuae1974 Flash Video Player allows Cross Site Request Forgery
CVSS Base7.1
β
CRSSelect profile
CVE-2026-4508
7.3
HPof the
A vulnerability was identified in PbootCMS up to 3
CVSS Base7.3
β
CRSSelect profile
CVE-2026-4540
7.3
HPof the
A vulnerability was detected in projectworlds Online Notes Sharing System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2019-25573
7.1π Late Disclosure
HPwith
Green CMS 2
CVSS Base7.1
β
CRSSelect profile
CVE-2026-33236
8.1
Archand development
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing
CVSS Base8.1
β
CRSSelect profile
CVE-2026-4529
8.8
HPMultiple Products
A vulnerability was identified in D-Link DHP-1320 1
CVSS Base8.8
β
CRSSelect profile
CVE-2026-4486
8.8
D-LinkDIR
A vulnerability was found in D-Link DIR-513 1
CVSS Base8.8
β
CRSSelect profile
CVE-2026-4489
8.8
TendaA18 Pro
A vulnerability was detected in Tenda A18 Pro 02
CVSS Base8.8
β
CRSSelect profile
CVE-2026-4490
8.8
TendaA18 Pro
A flaw has been found in Tenda A18 Pro 02
CVSS Base8.8
β
CRSSelect profile
CVE-2026-4491
8.8
TendaA18 Pro
A vulnerability has been found in Tenda A18 Pro 02
CVSS Base8.8
β
CRSSelect profile
CVE-2026-4492
8.8
TendaA18 Pro
A vulnerability was found in Tenda A18 Pro 02
CVSS Base8.8
β
CRSSelect profile
CVE-2026-4493
8.8
TendaA18 Pro
A vulnerability was determined in Tenda A18 Pro 02
CVSS Base8.8
β
CRSSelect profile
CVE-2026-4534
8.8
TendaFH451
A flaw has been found in Tenda FH451 1
CVSS Base8.8
β
CRSSelect profile
CVE-2026-4535
8.8
TendaFH451
A vulnerability has been found in Tenda FH451 1
CVSS Base8.8
β
CRSSelect profile
CVE-2026-25086
7.7
UnderMultiple Products
Under certain conditions, an attacker could bind to the same port used
by WebCTRL
CVSS Base7.7
β
CRSSelect profile
CVE-2026-33154
7.5π
DynaconfDynaconf
A high-severity vulnerability has been discovered in Dynaconf, a configuration management tool for Python, which could lead to unauthorized configuration changes.
CVSS Base7.5
β
CRSSelect profile
CVE-2019-25576
8.2π Late Disclosure
Wallpaperversion details
Kepler Wallpaper Script 1
CVSS Base8.2
β
CRSSelect profile
CVE-2026-33150
7.8
LinuxFUSE
libfuse is the reference implementation of the Linux FUSE
CVSS Base7.8
β
CRSSelect profile
CVE-2026-27625
8.1π
Stirling-PDFStirling-PDF
Stirling-PDF, a locally hosted web application for PDF operations, is affected by a high-severity vulnerability that could lead to unauthorized data access.
CVSS Base8.1
β
CRSSelect profile
CVE-2026-4499
7.3
D-LinkDIR
A vulnerability was determined in D-Link DIR-820LW 2
CVSS Base7.3
β
CRSSelect profile
CVE-2026-23536
7.5
FeatureMultiple Products
A security issue was discovered in the Feast Feature Server's `/read-document` endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process
CVSS Base7.5
β
CRSSelect profile
CVE-2026-4528
7.3
trueleafMultiple Products
A vulnerability was determined in trueleaf ApiFlow 0
CVSS Base7.3
β
CRSSelect profile
CVE-2026-4487
8.8
UTTMultiple Products
A vulnerability was determined in UTT HiPER 1200GW up to 2
CVSS Base8.8
β
CRSSelect profile
CVE-2026-32989
8.8
IntranetMultiple Products
Precurio Intranet Portal 4
CVSS Base8.8
β
CRSSelect profile
CVE-2026-4488
8.8
UTTMultiple Products
A vulnerability was identified in UTT HiPER 1250GW up to 3
CVSS Base8.8
β
CRSSelect profile
CVE-2026-32042
8.8
OpenClawMultiple Products
OpenClaw versions 2026
CVSS Base8.8
β
CRSSelect profile
CVE-2026-32051
8.8
priorMultiple Products
OpenClaw versions prior to 2026
CVSS Base8.8
β
CRSSelect profile
CVE-2026-33172
8.7
SVGMultiple Products
Statamic is a Laravel and Git powered content management system (CMS)
CVSS Base8.7
β
CRSSelect profile
CVE-2026-0677
7.2
TotalSuiteMultiple Products
Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite allows Object Injection
CVSS Base7.2
β
CRSSelect profile
CVE-2026-33166
8.6
AllureMultiple Products
Allure 2 is the version 2
CVSS Base8.6
β
CRSSelect profile
CVE-2026-33072
8.2
fileMultiple Products
FileRise is a self-hosted web file manager / WebDAV server
CVSS Base8.2
β
CRSSelect profile
CVE-2026-33243
8.2π
BareboxBarebox
A high-severity vulnerability has been identified in the Barebox bootloader, potentially allowing for the compromise of the system boot process.
CVSS Base8.2
β
CRSSelect profile
CVE-2019-25575
8.2π Late Disclosure
SimplePressMultiple Products
SimplePress CMS 1
CVSS Base8.2
β
CRSSelect profile
CVE-2019-25581
8.2π Late Disclosure
doitMultiple Products
i-doit CMDB 1
CVSS Base8.2
β
CRSSelect profile
CVE-2026-31836
8.1
monitorMultiple Products
Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations
CVSS Base8.1
β
CRSSelect profile
CVE-2026-33010
8.1π
MCP (Model Context Protocol)mcp-memory-service
A high-severity vulnerability in the mcp-memory-service, an open-source memory backend for multi-agent systems, could lead to unauthorized memory access or data leakage.
CVSS Base8.1
β
CRSSelect profile
CVE-2026-33142
8.1π
OneUptimeOneUptime
OneUptime, an observability and management solution, is affected by a high-severity vulnerability that could compromise monitoring data and system availability.
CVSS Base8.1
β
CRSSelect profile
CVE-2026-33156
7.8π
ScreenToGifScreenToGif
A high-severity vulnerability in ScreenToGif, a popular screen recording tool, could allow for unauthorized code execution on the user's system.
CVSS Base7.8
β
CRSSelect profile
CVE-2026-32064
7.7
priorMultiple Products
OpenClaw versions prior to 2026
CVSS Base7.7
β
CRSSelect profile
CVE-2026-32303
7.6
HubMultiple Products
Cryptomator encrypts data being stored on cloud infrastructure
CVSS Base7.6
β
CRSSelect profile
CVE-2026-32055
7.6
priorMultiple Products
OpenClaw versions prior to 2026
CVSS Base7.6
β
CRSSelect profile
CVE-2026-33128
7.5π
UnjsH3
A high-severity vulnerability in the H3 minimal HTTP framework could allow for unauthorized interactions with web services built on the framework.
CVSS Base7.5
β
CRSSelect profile
CVE-2026-31903
7.5π
WebSocket API ProviderWebSocket Application Programming Interface
The WebSocket Application Programming Interface fails to implement rate limiting or restrictions on authentication requests, enabling potential brute-force attacks.
CVSS Base7.5
β
CRSSelect profile
CVE-2026-31904
7.5π
WebSocket API ProviderWebSocket Application Programming Interface
The WebSocket Application Programming Interface lacks necessary restrictions on the frequency of authentication requests, facilitating automated credential attacks.
CVSS Base7.5
β
CRSSelect profile
CVE-2026-33203
7.5π
SiYuanSiYuan Knowledge Management System
A security vulnerability has been identified in the SiYuan personal knowledge management system that could allow for unauthorized actions or data access.
CVSS Base7.5
β
CRSSelect profile
CVE-2026-33476
7.5π
SiYuanSiYuan Knowledge Management System
The SiYuan personal knowledge management system contains a security flaw that poses a risk to the confidentiality and integrity of stored information.
CVSS Base7.5
β
CRSSelect profile
CVE-2026-32666
7.5π
Automated LogicWebCTRL
WebCTRL systems using the BACnet protocol are vulnerable to unauthorized access due to a lack of network-layer authentication inherent in the protocol.
CVSS Base7.5
β
CRSSelect profile
CVE-2026-32048
7.5
priorMultiple Products
OpenClaw versions prior to 2026
CVSS Base7.5
β
CRSSelect profile
CVE-2026-32049
7.5
priorMultiple Products
OpenClaw versions prior to 2026
CVSS Base7.5
β
CRSSelect profile
CVE-2026-32056
7.5
priorMultiple Products
OpenClaw versions prior to 2026
CVSS Base7.5
β
CRSSelect profile
CVE-2019-25552
7.5π Late Disclosure
PHOTOMultiple Products
CEWE PHOTO SHOW 6
CVSS Base7.5
β
CRSSelect profile
CVE-2019-25560
7.5π Late Disclosure
VideoMultiple Products
Lyric Video Creator 2
CVSS Base7.5
β
CRSSelect profile
CVE-2026-33131
7.4
NodeRequestUrlMultiple Products
H3 is a minimal H(TTP) framework
CVSS Base7.4
β
CRSSelect profile
CVE-2026-32887
7.4
UnknownMultiple Products
Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications
CVSS Base7.4
β
CRSSelect profile
CVE-2026-33080
7.3
UnknownMultiple Products
Filament is a collection of full-stack components for accelerated Laravel development
CVSS Base7.3
β
CRSSelect profile
CVE-2026-4497
7.3
TotolinkMultiple Products
A vulnerability was determined in Totolink WA300 5
CVSS Base7.3
β
CRSSelect profile
CVE-2026-4504
7.3
UnknownMultiple Products
A flaw has been found in eosphoros-ai db-gpt up to 0
CVSS Base7.3
β
CRSSelect profile
CVE-2026-33147
7.3
UnknownMultiple Products
GMT is an open source collection of command-line tools for manipulating geographic and Cartesian data sets
CVSS Base7.3
β
CRSSelect profile
CVE-2026-27649
7.3
UnknownMultiple Products
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allowsΒ multiple endpoints to connect using the same session identifier
CVSS Base7.3
β
CRSSelect profile
CVE-2026-32663
7.3
UnknownMultiple Products
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier
CVSS Base7.3
β
CRSSelect profile
CVE-2026-4536
7.3
CloudMultiple Products
A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-33133
7.2
webMultiple Products
WeGIA is a web manager for charitable institutions
CVSS Base7.2
β
CRSSelect profile
CVE-2026-33125
7.1
UnknownMultiple Products
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras