cve.li

Recent

CVE-2026-4393CWE-352

Automated Logout - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-030

Published 2026-03-26 by drupal

CVE-2026-4933CWE-863

Unpublished Node Permissions - Critical - Access bypass - SA-CONTRIB-2026-029

Published 2026-03-26 by drupal

CVE-2026-3573CWE-863

AI (Artificial Intelligence) - Moderately critical - Information Disclosure - SA-CONTRIB-2026-028

Published 2026-03-26 by drupal

CVE-2026-0965CWE-73

Libssh: libssh: denial of service via improper configuration file handling

Published 2026-03-26 by redhat

CVE-2026-0967CWE-1333

Libssh: libssh: denial of service via inefficient regular expression processing

Published 2026-03-26 by redhat

CVE-2026-0968CWE-476

Libssh: libssh: denial of service due to malformed sftp message

Published 2026-03-26 by redhat

CVE-2026-0964CWE-22

Libssh: improper sanitation of paths received from scp servers

Published 2026-03-26 by redhat

CVE-2026-0966CWE-124

Libssh: buffer underflow in ssh_get_hexa() on invalid input

Published 2026-03-26 by redhat

CVE-2026-21724

Missing Protected-field Authorization in Provisioning Contact Points API

Published 2026-03-26 by GRAFANA

CVE-2026-33375

Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS

Published 2026-03-26 by GRAFANA

CVE-2026-33644CWE-918

Lychee has SSRF bypass via DNS rebinding — PhotoUrlRule only validates IP addresses, not hostnames resolving to internal IPs

Published 2026-03-26 by GitHub_M

CVE-2026-3532CWE-178

OpenID Connect / OAuth client - Less critical - Access bypass - SA-CONTRIB-2026-027

Published 2026-03-26 by drupal

CVE-2026-3531CWE-288

OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2026-026

Published 2026-03-26 by drupal

CVE-2026-3530CWE-918

OpenID Connect / OAuth client - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-025

Published 2026-03-26 by drupal

CVE-2026-3529CWE-79

Google Analytics GA4 - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-024

Published 2026-03-26 by drupal

CVE-2026-3528CWE-79

Calculation Fields - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-023

Published 2026-03-26 by drupal

CVE-2026-3527CWE-306

AJAX Dashboard - Critical - Access bypass - SA-CONTRIB-2026-022

Published 2026-03-26 by drupal

CVE-2026-3526CWE-863

File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-021

Published 2026-03-26 by drupal

CVE-2026-3525CWE-863

File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-020

Published 2026-03-26 by drupal

CVE-2026-2100CWE-824

P11-kit: p11-kit: null dereference via c_derivekey with specific null parameters

Published 2026-03-26 by redhat

CVE-2026-33537CWE-918

Lychee has SSRF bypass via incomplete IP validation in Photo::fromUrl — loopback and link-local IPs not blocked

Published 2026-03-26 by GitHub_M

CVE-2026-2239CWE-170

Gimp: gimp: application crash (dos) via crafted psd file due to heap-buffer-overflow

Published 2026-03-26 by redhat

CVE-2026-2272CWE-190

Gimp: gimp: memory corruption due to integer overflow in ico file handling

Published 2026-03-26 by redhat

CVE-2026-2271CWE-190

Gimp: gimp: denial of service via crafted psp image file

Published 2026-03-26 by redhat

CVE-2026-33536CWE-787CWE-121

ImageMagick has an Out-of-bounds Write via InterpretImageFilename

Published 2026-03-26 by GitHub_M

CVE-2026-33535CWE-787

ImageMagick has an Out-of-Bounds write of a zero byte in its X11 display interaction

Published 2026-03-26 by GitHub_M

CVE-2026-33532CWE-674

yaml is vulnerable to Stack Overflow via deeply nested YAML collections

Published 2026-03-26 by GitHub_M

CVE-2026-32287

Infinite loop in github.com/antchfx/xpath

Published 2026-03-26 by Go

CVE-2026-32286

Denial of service in github.com/jackc/pgproto3/v2

Published 2026-03-26 by Go

CVE-2026-32285

Denial of service in github.com/buger/jsonparser

Published 2026-03-26 by Go

Load more ↓