cve.li

Recent

CVE-2026-3497CWE-908

Published 2026-03-12 by canonical

CVE-2026-32232CWE-22CWE-62

ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink

Published 2026-03-12 by GitHub_M

CVE-2026-32231CWE-306CWE-345

ZeptoClaw: Generic webhook channel trusts caller-supplied identity fields; allowlist is checked against untrusted payload data

Published 2026-03-12 by GitHub_M

CVE-2026-32142CWE-200

shopware/commercial: `/api/_info/config` route exposes information about licenses

Published 2026-03-12 by GitHub_M

CVE-2025-13913CWE-502

Inductive Automation Ignition Software Deserialization of Untrusted Data

Published 2026-03-12 by icscert

CVE-2026-32230CWE-862

Uptime Kuma is Missing Authorization Checks on Ping Badge Endpoint, Leaks Ping times of monitors without needing to be on a status page

Published 2026-03-12 by GitHub_M

CVE-2026-32100CWE-200

swag/platform-security: `/api/_info/config` route exposes information about licenses and active security fixes

Published 2026-03-12 by GitHub_M

CVE-2026-32141CWE-674

flatted: Unbounded recursion DoS in parse() revive phase

Published 2026-03-12 by GitHub_M

CVE-2026-32140CWE-22

Dataease: Redshift JDBC RCE Bypass

Published 2026-03-12 by GitHub_M

CVE-2025-13462

tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

Published 2026-03-12 by PSF

Load more ↓