| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33012 | Micronaut Framework vulnerable to a Denial of Service in HTML error response caching | micronaut-projects | micronaut-core | High | 7.5 | 2026-03-20 04:43:08 | Deep Dive |
| CVE-2026-32697 | SuiteCRM: RecordHandler::getRecord() missing ACLAccess('view') check allows any authenticated user to read any record (IDOR) | SuiteCRM | SuiteCRM-Core | Medium | 6.5 | 2026-03-19 23:13:08 | Deep Dive |
| CVE-2026-29109 | SuiteCRM Authenticated Remote Code Execution via Unsafe Deserialization in SavedSearch Filter Processing | SuiteCRM | SuiteCRM-Core | 中危 | - | 2026-03-19 23:12:12 | Deep Dive |
| CVE-2026-29108 | Authenticated SuiteCRM Users Can Retrieve The Password Hash of Any User | SuiteCRM | SuiteCRM-Core | Medium | 6.5 | 2026-03-19 23:11:00 | Deep Dive |
| CVE-2026-25534 | Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames | io.spinnaker.clouddriver | clouddriver-artifacts | Critical | 9.1 | 2026-03-17 17:27:41 | Deep Dive |
| CVE-2026-4215 | FlowCI flow-core-x SMTP Host ConfigServiceImpl.java save server-side request forgery | FlowCI | flow-core-x | Medium | 6.3 | 2026-03-16 04:32:13 | Deep Dive |
| CVE-2026-32635 | Angular has XSS in i18n attribute bindings | @angular | compiler | 中危 | - | 2026-03-13 20:58:13 | Deep Dive |
| CVE-2026-32453 | WordPress Avada Core plugin < 5.15.0 - Broken Access Control vulnerability | ThemeFusion | Avada Core | 中危 | - | 2026-03-13 11:42:22 | Deep Dive |
| CVE-2026-32454 | WordPress Avada Core plugin < 5.15.0 - Cross Site Scripting (XSS) vulnerability | ThemeFusion | Avada Core | 中危 | - | 2026-03-13 11:42:22 | Deep Dive |
| CVE-2026-32426 | WordPress Medilazar Core plugin < 1.4.7 - Local File Inclusion vulnerability | themelexus | Medilazar Core | 中危 | - | 2026-03-13 11:42:17 | Deep Dive |
| CVE-2026-32369 | WordPress Medilink-Core plugin < 2.0.7 - Local File Inclusion vulnerability | RadiusTheme | Medilink-Core | 中危 | - | 2026-03-13 11:42:06 | Deep Dive |
| CVE-2026-32320 | Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings | ellanetworks | core | Medium | 6.5 | 2026-03-12 21:34:50 | Deep Dive |
| CVE-2026-32319 | Ella Core: Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload | ellanetworks | core | High | 7.5 | 2026-03-12 21:33:32 | Deep Dive |
| CVE-2026-3234 | Mod_proxy_cluster: mod_proxy_cluster: response body corruption via crlf injection | Red Hat | Red Hat Enterprise Linux 10 | Medium | 4.3 | 2026-03-12 10:54:25 | Deep Dive |
| CVE-2026-31889 | Shopware has a potential take over of app credentials | shopware | core | High | 8.9 | 2026-03-11 18:56:23 | Deep Dive |
| CVE-2026-31888 | Shopware has user enumeration via distinct error codes on Store API login endpoint | shopware | core | Medium | 5.3 | 2026-03-11 18:53:03 | Deep Dive |
| CVE-2026-31887 | Shopware unauthenticated data extraction possible through store-api.order endpoint | shopware | core | - | - | 2026-03-11 18:49:46 | Deep Dive |
| CVE-2026-30868 | Cross-Site Request Forgery (CSRF) in opnsense/core | opnsense | core | Medium | 6.3 | 2026-03-11 16:38:13 | Deep Dive |
| CVE-2026-26130 | ASP.NET Core Denial of Service Vulnerability | Microsoft | ASP.NET Core 10.0 | High | 7.5 | 2026-03-10 17:05:22 | Deep Dive |
| CVE-2026-23674 | MapUrlToZone Security Feature Bypass Vulnerability | Microsoft | Windows 10 Version 1607 | High | 7.5 | 2026-03-10 17:05:11 | Deep Dive |