4

CVSS3.1

CVE-2026-32777 -

libexpat before 2.7.5 allows an infinite loop while parsing DTD content.

πŸ“… Published: March 16, 2026, 6:58 a.m. πŸ”„ Last Modified: March 16, 2026, 7:13 a.m.

4

CVSS3.1

CVE-2026-32776 -

libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.

πŸ“… Published: March 16, 2026, 6:54 a.m. πŸ”„ Last Modified: March 16, 2026, 7:12 a.m.

8.7

CVSS4.0

CVE-2026-25083 -

GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper the other user's threads/messages.

πŸ“… Published: March 16, 2026, 6:47 a.m. πŸ”„ Last Modified: March 16, 2026, 6:47 a.m.

5.1

CVSS4.0

CVE-2026-4222 - SSCMS download PathUtils.RemoveParentPath path traversal

A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of the argument path causes path traversal. Remote exploitation of the attack is possible. The exploit h…

πŸ“… Published: March 16, 2026, 6:32 a.m. πŸ”„ Last Modified: March 16, 2026, 6:32 a.m.

6.9

CVSS4.0

CVE-2026-4221 - Tiandy Easy7 Integrated Management Platform Endpoint uploadLedImage unrestricted upload

A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit has b…

πŸ“… Published: March 16, 2026, 6:32 a.m. πŸ”„ Last Modified: March 16, 2026, 6:32 a.m.

7.4

CVSS3.1

CVE-2026-32775 -

libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow.

πŸ“… Published: March 16, 2026, 6:31 a.m. πŸ”„ Last Modified: March 16, 2026, 6:31 a.m.

3.7

CVSS3.1

CVE-2025-71264 -

Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash).

πŸ“… Published: March 16, 2026, 6:13 a.m. πŸ”„ Last Modified: March 16, 2026, 6:21 a.m.

6.9

CVSS4.0

CVE-2026-4220 - Technologies Integrated Management Platform SetWebpagePic.jsp unrestricted upload

A vulnerability has been found in Technologies Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /SetWebpagePic.jsp. The manipulation of the argument targetPath/Suffix leads to unrestricted upload. The attack may be initiated remotely. The explo…

πŸ“… Published: March 16, 2026, 6:02 a.m. πŸ”„ Last Modified: March 16, 2026, 6:02 a.m.

4.8

CVSS4.0

CVE-2026-4219 - INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App ae.index.apgcs BuildConfig.java har…

A flaw has been found in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affected by this vulnerability is an unknown functionality of the file com/index/event/BuildConfig.java of the component ae.index.apgcs. Executing a manipulation of the argument ACCESS_K…

πŸ“… Published: March 16, 2026, 6:02 a.m. πŸ”„ Last Modified: March 16, 2026, 6:02 a.m.

2

CVSS4.0

CVE-2026-4218 - myAEDES App aedes.me.beta EngageBayUtils.java information disclosure

A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a manipulation of the argument AUTH_KEY results in information disclosure. The attack is only possible …

πŸ“… Published: March 16, 2026, 5:32 a.m. πŸ”„ Last Modified: March 16, 2026, 5:32 a.m.
Total resulsts: 338114
Page 2 of 33,812
Β« previous page Β» next page
Filters