cve.li

Recent

CVE-2026-33504CWE-89

Ory Hydra has a SQL injection via forged pagination tokens

Published 2026-03-26 by GitHub_M

CVE-2026-33503CWE-89

Ory Kratos has a SQL injection via forged pagination tokens

Published 2026-03-26 by GitHub_M

CVE-2026-33496CWE-1289CWE-305

Ory Oathkeeper has an authentication bypass by cache key confusion

Published 2026-03-26 by GitHub_M

CVE-2026-32857CWE-918

Firecrawl Playwright Service SSRF Protection Bypass via Missing Post-Redirect Validation

Published 2026-03-26 by VulnCheck

CVE-2026-33495CWE-862

Ory Oathkeeper has an authentication bypass by usage of untrusted header

Published 2026-03-26 by GitHub_M

CVE-2026-33494CWE-23

Ory Oathkeeper has a path traversal authorization bypass

Published 2026-03-26 by GitHub_M

CVE-2026-33732CWE-706

srvx is vulnerable to middleware bypass via absolute URI in request line

Published 2026-03-26 by GitHub_M

CVE-2026-33490CWE-706

h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes

Published 2026-03-26 by GitHub_M

CVE-2026-33487CWE-347CWE-682

goxmldsig has validateSignature Loop Variable Capture Signature Bypass

Published 2026-03-26 by GitHub_M

CVE-2026-33486CWE-918

Roadiz has Server-Side Request Forgery (SSRF) in roadiz/documents

Published 2026-03-26 by GitHub_M

Load more ↓