| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-25936 | GLPI Vulnerable to Authenticated SQL Injection | glpi-project | glpi | Medium | 6.5 | 2026-03-17 19:41:32 | Deep Dive |
| CVE-2026-32981 | Ray Dashboard <= 2.8.0 Path Traversal Leading to Local File Disclosure | ray-project | Ray | High | 7.5 | 2026-03-17 19:33:50 | Deep Dive |
| CVE-2026-32778 | libexpat 代码问题漏洞 | libexpat project | libexpat | Low | 2.9 | 2026-03-16 07:02:34 | Deep Dive |
| CVE-2026-32777 | libexpat 安全漏洞 | libexpat project | libexpat | Medium | 4.0 | 2026-03-16 06:58:07 | Deep Dive |
| CVE-2026-32776 | libexpat 代码问题漏洞 | libexpat project | libexpat | Medium | 4.0 | 2026-03-16 06:54:20 | Deep Dive |
| CVE-2026-32775 | Libexif 数字错误漏洞 | libexif project | libexif | High | 7.4 | 2026-03-16 06:31:36 | Deep Dive |
| CVE-2026-4165 | Worksuite HR, CRM and Project Management create cross site scripting | Worksuite | HR, CRM and Project Management | Low | 2.4 | 2026-03-15 05:02:08 | Deep Dive |
| CVE-2019-25485 | R 3.4.4 Windows x64 Buffer Overflow SEH DEP ASLR Bypass | R-Project | R | Medium | 6.2 | 2026-03-11 18:23:22 | Deep Dive |
| CVE-2026-22248 | GLPI affected by Remote Code Execution via malicious upload | glpi-project | glpi | High | 8.0 | 2026-03-11 15:27:05 | Deep Dive |
| CVE-2026-31801 | zot create-only policy allows overwrite attempts of existing latest tag (update permission not required) | project-zot | zot | High | 7.7 | 2026-03-10 20:54:15 | Deep Dive |
| CVE-2026-25960 | SSRF Protection Bypass in vLLM | vllm-project | vllm | High | 7.1 | 2026-03-09 21:01:02 | Deep Dive |
| CVE-2026-2289 | Taskbuilder <= 5.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Block Emails' Field | taskbuilder | Taskbuilder – Project Management & Task Management Tool With Kanban Board | Medium | 4.4 | 2026-03-04 01:21:59 | Deep Dive |
| CVE-2026-25590 | GLPI Inventory Plugin has Reflected XSS in task jobs | glpi-project | glpi-inventory-plugin | Medium | 4.5 | 2026-03-03 22:14:02 | Deep Dive |
| CVE-2025-64736 | libbiosig 安全漏洞 | The Biosig Project | libbiosig | Medium | 6.1 | 2026-03-03 14:32:18 | Deep Dive |
| CVE-2026-22891 | libbiosig 安全漏洞 | The Biosig Project | libbiosig | Critical | 9.8 | 2026-03-03 14:32:17 | Deep Dive |
| CVE-2026-20777 | libbiosig 安全漏洞 | The Biosig Project | libbiosig | High | 8.1 | 2026-03-03 14:32:15 | Deep Dive |
| CVE-2026-27839 | wger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookup | wger-project | wger | Medium | 4.3 | 2026-02-26 22:07:44 | Deep Dive |
| CVE-2026-27838 | wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data | wger-project | wger | Low | 3.1 | 2026-02-26 22:04:58 | Deep Dive |
| CVE-2026-27835 | wger: IDOR in RepetitionsConfig and MaxRepetitionsConfig API leak other users' workout data | wger-project | wger | Medium | 4.3 | 2026-02-26 22:00:24 | Deep Dive |
| CVE-2026-3164 | itsourcecode News Portal Project contactus.php sql injection | itsourcecode | News Portal Project | High | 7.3 | 2026-02-25 06:02:09 | Deep Dive |