CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-32811 Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. When using Heimdall in envoy gRPC decision API mode with versions 0.7.0-alpha through 0.17.10, wrong encoding of th... | 8.2 | HIGH | β | 0 |
| CVE-2026-32808 pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives (encry... | 8.1 | HIGH | β | 0 |
| CVE-2026-32711 pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set... | 7.8 | HIGH | β | 0 |
| CVE-2026-32829 lz4_flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized mem... | 7.5 | HIGH | β | 0 |
| CVE-2026-32828 Kargo manages and automates the promotion of software artifacts. In versions 1.4.0 through 1.6.3, 1.7.0-rc.1 through 1.7.8, 1.8.0-rc.1 through 1.8.11, and 1.9.0-rc.1 through 1.9.4, the http and http-d... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-32771 The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). In versions prior to 0.2.2, the sanitizeArchivePat... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-32769 Fullchain is an umbrella project for deploying a ready-to-use CTF platform. In versions prior to 0.1.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a subverted application to... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-32767 SiYuan is a personal knowledge management system. Versions 3.6.0 and below contain an authorization bypass vulnerability in the /api/search/fullTextSearchBlock endpoint. When the method parameter is s... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-33289 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, an LDAP Injection vulnerability exists in the SuiteCRM aut... | 8.8 | HIGH | β | 0 |
| CVE-2026-33288 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, a SQL Injection vulnerability exists in the SuiteCRM authe... | 8.8 | HIGH | β | 0 |
| CVE-2026-32985 Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the template import functionality that allows remote attackers to execute arbitrary co... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-32766 astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping ... | N/A | NONE | β | 0 |
| CVE-2026-32765 Rejected reason: This repository is no longer public. | N/A | NONE | β | 0 |
| CVE-2026-32764 Rejected reason: This repository is no longer public. | N/A | NONE | β | 0 |
| CVE-2026-32763 Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The `visitJSONPathLeg... | 8.2 | HIGH | β | 0 |
| CVE-2026-32761 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.0 and below contain a permission enforcement bypa... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-32760 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, any unauthenticated visitor can r... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-32759 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, the TUS resumable upload handler ... | 8.1 | HIGH | β | 0 |
| CVE-2026-32758 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.2 and below are vulnerable to Path Traversal thro... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-32757 Admidio is an open-source user management solution. In versions 5.0.6 and below, the eCard send handler uses a raw $_POST['ecard_message'] value instead of the HTMLPurifier-sanitized $formValues['ecar... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-32756 Admidio is an open-source user management solution. Versions 5.0.6 and below contain a critical unrestricted file upload vulnerability in the Documents & Files module. Due to a design flaw in how CSRF... | 8.8 | HIGH | β | 0 |
| CVE-2026-32697 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 8.9.3, the `RecordHandler::getRecord()` method retrieves any record by modul... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-29189 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the SuiteCRM REST API V8 has missing ACL (Access Control L... | 8.1 | HIGH | β | 0 |
| CVE-2026-29109 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the Save... | 7.2 | HIGH | β | 0 |
| CVE-2026-29108 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 8.9.3, an authenticated API endpoint allows any user to retrieve detailed in... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-22737 Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations f... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-22735 Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE).Β This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, ... | 2.6 | LOW | β | 0 |
| CVE-2026-22733 Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the Cl... | 8.2 | HIGH | β | 0 |
| CVE-2026-3948 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2026-33408 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators were able to see the first 40 characters of post edits in PMs and private categ... | 2.2 | LOW | β | 0 |
| CVE-2026-33395 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the discourse-graphviz plugin contains a stored cross-site scripting (XSS) vulnerability t... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-32818 Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the forum module in Admidio does not verify whether the current user has permission to delete forum topics or posts... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-32816 Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the delete, activate, and deactivate modes in modules/groups-roles/groups_roles.php perform destructive state chang... | 5.7 | MEDIUM | β | 0 |
| CVE-2026-32755 Admidio is an open-source user management solution. In versions 5.0.6 and below, the save_membership action in modules/profile/profile_function.php saves changes to a member's role membership start an... | 5.7 | MEDIUM | β | 0 |
| CVE-2026-32721 LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered... | 8.6 | HIGH | β | 0 |
| CVE-2026-30874 OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplug_call function allows an attacker to bypass environment variable fil... | 7.8 | HIGH | β | 0 |
| CVE-2026-29107 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, it is possible to create PDF templates with `<img>` tags. ... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-29106 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the value of the return_id request parameter is copied int... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-29105 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an unauthenticated open redirect vulnera... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-29104 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an authenticated arbitrary file upload v... | 2.7 | LOW | β | 0 |
| CVE-2026-29103 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. A Critical Remote Code Execution (RCE) vulnerability exists in SuiteCRM 7.15.0 and 8.9.2, allo... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-29102 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, an Authenticated Remote Code Execution (RCE) vulnerability... | 7.2 | HIGH | β | 0 |
| CVE-2026-29101 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, a Denial-of-Service (DoS) vulnerability exists in SuiteCRM... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-29100 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM 7.15.0 contains a reflected HTML injection vulnerability in the login page that allow... | 7.1 | HIGH | β | 0 |
| CVE-2026-29099 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the `retrieve()` function in `include/OutboundEmail/Outbou... | 8.8 | HIGH | β | 0 |
| CVE-2026-29098 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the `action_exportCustom` function in `modules/ModuleBuild... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-29097 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions prior to 7.15.1 and 8.9.3 contain a Server-Side Request Forgery (SSRF) vulnerability ... | 7.5 | HIGH | β | 0 |
| CVE-2026-29096 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, when creating or editing a report (AOR_Reports module), th... | 8.1 | HIGH | β | 0 |
| CVE-2026-22732 When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written.Β This issue affects Spring SecurityΒ ... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-22731 Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, alread... | 8.2 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.