| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4424 | Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing | Red Hat | Red Hat Enterprise Linux 10 | High | 7.5 | 2026-03-19 13:50:27 | Deep Dive |
| CVE-2026-4366 | Keycloak-services: blind server-side request forgery (ssrf) via http redirect handling in keycloak | Red Hat | Red Hat Build of Keycloak | Medium | 5.8 | 2026-03-18 04:03:00 | Deep Dive |
| CVE-2026-21886 | OpenCTI's GraphQL Mutations Allow Deletion of Unrelated Entities | OpenCTI-Platform | opencti | Medium | 6.5 | 2026-03-17 15:26:31 | Deep Dive |
| CVE-2026-4289 | Tiandy Easy7 Integrated Management Platform getRecByTemplateId sql injection | Tiandy | Easy7 Integrated Management Platform | High | 7.3 | 2026-03-17 00:03:11 | Deep Dive |
| CVE-2026-4288 | Tiandy Easy7 Integrated Management Platform Endpoint getDevDetailedInfo sql injection | Tiandy | Easy7 Integrated Management Platform | High | 7.3 | 2026-03-17 00:02:40 | Deep Dive |
| CVE-2026-4287 | Tiandy Easy7 Integrated Management Platform Endpoint queryResources sql injection | Tiandy | Easy7 Integrated Management Platform | High | 7.3 | 2026-03-16 23:33:17 | Deep Dive |
| CVE-2026-4232 | Tiandy Integrated Management Platform getAuthorityByUserId sql injection | Tiandy | Integrated Management Platform | High | 7.3 | 2026-03-16 09:32:21 | Deep Dive |
| CVE-2026-4221 | Tiandy Easy7 Integrated Management Platform Endpoint uploadLedImage unrestricted upload | Tiandy | Easy7 Integrated Management Platform | High | 7.3 | 2026-03-16 06:32:18 | Deep Dive |
| CVE-2026-4220 | Technologies Integrated Management Platform SetWebpagePic.jsp unrestricted upload | Technologies | Integrated Management Platform | High | 7.3 | 2026-03-16 06:02:23 | Deep Dive |
| CVE-2026-4187 | Tiandy Easy7 Integrated Management Platform Device Identifier UpdateLocalDevInfo.jsp missing authentication | Tiandy | Easy7 Integrated Management Platform | Medium | 5.3 | 2026-03-15 19:02:18 | Deep Dive |
| CVE-2026-3441 | Binutils: gnu binutils: information disclosure via specially crafted xcoff object file | Red Hat | Red Hat Enterprise Linux 10 | Medium | 6.1 | 2026-03-15 00:19:08 | Deep Dive |
| CVE-2026-3442 | Binutils: gnu binutils: information disclosure or denial of service via out-of-bounds read in bfd linker | Red Hat | Red Hat Enterprise Linux 10 | Medium | 6.1 | 2026-03-15 00:19:03 | Deep Dive |
| CVE-2026-4111 | Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive | Red Hat | Red Hat Enterprise Linux 10 | High | 7.5 | 2026-03-13 11:45:21 | Deep Dive |
| CVE-2026-32409 | WordPress Forminator plugin <= 1.50.2 - Broken Access Control vulnerability | WPMU DEV - Your All-in-One WordPress Platform | Forminator | 中危 | - | 2026-03-13 11:42:14 | Deep Dive |
| CVE-2026-4105 | Systemd: systemd: privilege escalation via improper access control in registermachine d-bus method | Red Hat | Red Hat Enterprise Linux 10 | Medium | 6.7 | 2026-03-13 08:52:08 | Deep Dive |
| CVE-2026-32251 | Tolgee has an XXE Injection in Translation Import | tolgee | tolgee-platform | - | - | 2026-03-12 19:21:05 | Deep Dive |
| CVE-2026-32100 | swag/platform-security: `/api/_info/config` route exposes information about licenses and active security fixes | swag | platform-security | Medium | 5.3 | 2026-03-12 18:10:59 | Deep Dive |
| CVE-2026-21887 | OpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature | OpenCTI-Platform | opencti | High | 7.7 | 2026-03-12 17:00:44 | Deep Dive |
| CVE-2026-31889 | Shopware has a potential take over of app credentials | shopware | core | High | 8.9 | 2026-03-11 18:56:23 | Deep Dive |
| CVE-2026-31888 | Shopware has user enumeration via distinct error codes on Store API login endpoint | shopware | core | Medium | 5.3 | 2026-03-11 18:53:03 | Deep Dive |