Total
337688 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-22867 | 2 Lasuite, Suitenumerique | 2 Docs, Docs | 2026-03-12 | 8.7 High |
| LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacker with document editing privileges can inject a malicious javascript: URL that executes arbitrary code when other users click on the link. This vulnerability is fixed in 4.4.0. | ||||
| CVE-2026-2452 | 1 Pretix | 3 Newsletters, Pretix, Pretix-newsletter | 2026-03-12 | 6.5 Medium |
| Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information about the pretix system through specially crafted placeholder names such as {{event.__init__.__code__.co_filename}}. This way, an attacker with the ability to control email templates (usually every user of the pretix backend) could retrieve sensitive information from the system configuration, including even database passwords or API keys. pretix does include mechanisms to prevent the usage of such malicious placeholders, however due to a mistake in the code, they were not fully effective for this plugin. Out of caution, we recommend that you rotate all passwords and API keys contained in your pretix.cfg https://docs.pretix.eu/self-hosting/config/ file. | ||||
| CVE-2026-25962 | 1 Markusproject | 1 Markus | 2026-03-12 | 6.5 Medium |
| MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, instructors can upload a zip file to provide an assignment configuration; students can upload a zip file for an assignment submission and indicate its contents should be extracted. This issue has been patched in version 2.9.4. | ||||
| CVE-2026-27807 | 1 Markusproject | 1 Markus | 2026-03-12 | 4.9 Medium |
| MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities (e.g., assignment settings). These YAML files are parsed with aliases enabled. This issue has been patched in version 2.9.4. | ||||
| CVE-2026-31841 | 2026-03-12 | 6.5 Medium | ||
| Hyperterse is a tool-first MCP framework for building AI-ready backend surfaces from declarative config. Prior to v2.2.0, the search tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL queries, exposing statements which were supposed to be executed under the hood, and protected from being displayed publicly. This issue has been fixed as of v2.2.0. | ||||
| CVE-2026-29066 | 2026-03-12 | 6.2 Medium | ||
| Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system. This vulnerability is fixed in 2.1.8. | ||||
| CVE-2026-28793 | 2026-03-12 | 8.4 High | ||
| Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. When running tinacms dev, the CLI starts a local HTTP server (default port 4001) exposing endpoints such as /media/list/*, /media/upload/*, and /media/*. These endpoints process user-controlled path segments using decodeURI() and path.join() without validating that the resolved path remains within the configured media directory. This vulnerability is fixed in 2.1.8. | ||||
| CVE-2026-28792 | 2026-03-12 | 9.7 Critical | ||
| Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration (Access-Control-Allow-Origin: *) with the path traversal vulnerability (previously reported) to enable a browser-based drive-by attack. A remote attacker can enumerate the filesystem, write arbitrary files, and delete arbitrary files on developer's machines by simply tricking them into visiting a malicious website while tinacms dev is running. This vulnerability is fixed in 2.1.8. | ||||
| CVE-2026-28791 | 2026-03-12 | 7.4 High | ||
| Tina is a headless content management system. Prior to 2.1.7, a path traversal vulnerability exists in the TinaCMS development server's media upload handler. The code at media.ts joins user-controlled path segments using path.join() without validating that the resulting path stays within the intended media directory. This allows writing files to arbitrary locations on the filesystem. This vulnerability is fixed in 2.1.7. | ||||
| CVE-2026-28356 | 2026-03-12 | 7.5 High | ||
| multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parse_options_header() function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking (ReDoS) when parsing maliciously crafted HTTP or multipart segment headers. This can be abused for denial of service (DoS) attacks against web applications using this library to parse request headers or multipart/form-data streams. The issue is fixed in 1.2.2, 1.3.1 and 1.4.0-dev. | ||||
| CVE-2026-27940 | 2026-03-12 | 7.8 High | ||
| llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread() writes 528+ bytes of attacker-controlled data past the buffer boundary. This is a bypass of a similar bug in the same file - CVE-2025-53630, but the fix overlooked some areas. This vulnerability is fixed in b8146. | ||||
| CVE-2026-25529 | 2026-03-12 | 8.1 High | ||
| Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be injected in to the page which may modify the page in a misleading way or allow for unauthorised javascript to be executed. Fixed in 3.3.5 and higher. | ||||
| CVE-2026-24125 | 2026-03-12 | 6.3 Medium | ||
| Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths (relativePath, newRelativePath) via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using path.join() without validating that the resolved path remains within the collection root directory. Because path.join() does not prevent directory traversal, paths containing ../ sequences can escape the intended directory boundary. This vulnerability is fixed in 2.1.2. | ||||
| CVE-2026-21887 | 2026-03-12 | 7.7 High | ||
| OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration (allowAbsoluteUrls: true). This allows attackers to craft requests to arbitrary endpoints, including internal services, because Axios will accept and process absolute URLs. This results in a semi-blind SSRF, as responses may not be fully visible but can still impact internal systems. This vulnerability is fixed in 6.8.16. | ||||
| CVE-2026-21708 | 2026-03-12 | 10 Critical | ||
| A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user. | ||||
| CVE-2026-21672 | 2026-03-12 | 8.8 High | ||
| A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers. | ||||
| CVE-2026-20166 | 1 Splunk | 2 Splunk Cloud Platform, Splunk Enterprise | 2026-03-12 | 5.4 Medium |
| In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve the Observability Cloud API access token through the Discover Splunk Observability Cloud app due to improper access control. This vulnerability does not affect Splunk Enterprise versions below 9.4.9 and 9.3.10 because the Discover Splunk Observability Cloud app does not come with Splunk Enterprise. | ||||
| CVE-2026-20165 | 1 Splunk | 2 Splunk Cloud Platform, Splunk Enterprise | 2026-03-12 | 6.3 Medium |
| In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspecting the job's search log due to improper access control in the MongoClient logging channel. | ||||
| CVE-2026-20164 | 1 Splunk | 2 Splunk Cloud Platform, Splunk Enterprise | 2026-03-12 | 6.5 Medium |
| In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold the "admin" or "power" Splunk roles could access the `/splunkd/__raw/servicesNS/-/-/configs/conf-passwords` REST API endpoint, which exposes the hashed or plaintext password values that are stored in the passwords.conf configuration file due to improper access control. This vulnerability could allow for the unauthorized disclosure of sensitive credentials. | ||||
| CVE-2026-20162 | 1 Splunk | 2 Splunk Cloud Platform, Splunk Enterprise | 2026-03-12 | 6.3 Medium |
| In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the "admin" or "power" Splunk roles could craft a malicious payload when creating a View (Settings - User Interface - Views) at the `/manager/launcher/data/ui/views/_new` endpoint leading to a Stored Cross-Site Scripting (XSS) through a path traversal vulnerability. This could result in execution of unauthorized JavaScript code in the browser of a user. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will. | ||||