CVE ID :CVE-2026-21333 Published : March 10, 2026, 11:16 p.m. | 1 hour, 58 minutes ago Description :Illustrator versions 29.8.4, 30.1 and earlier are affected by an Untrusted Search Path vulnerability that might allow…
CVE-2025-20105 – Intel Reference Platforms UEFI Firmware SMM Module Privilege Escalation Vulnerability
CVE ID :CVE-2025-20105 Published : March 10, 2026, 10:49 p.m. | 25 minutes ago Description :Improper input validation in some UEFI firmware SMM module for the Intel(R) reference platforms may allow an escalation…
CVE-2025-20064 – Intel UEFI FlashUcAcmSmm Privilege Escalation Vulnerability
CVE ID :CVE-2025-20064 Published : March 10, 2026, 10:49 p.m. | 25 minutes ago Description :Improper input validation in the UEFI FlashUcAcmSmm module for some Intel(R) reference platforms may allow an escalation of…
CVE-2026-31837 – Istio JWKS resolver to prevent private key material from being exposed when JWKS fetch fails.
CVE ID :CVE-2026-31837 Published : March 10, 2026, 10:16 p.m. | 58 minutes ago Description :Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a…
CVE-2026-31824 – Sylius has a Promotion Usage Limit Bypass via Race Condition
CVE ID :CVE-2026-31824 Published : March 10, 2026, 10:16 p.m. | 58 minutes ago Description :Sylius is an Open Source eCommerce Framework on Symfony. A Time-of-Check To Time-of-Use (TOCTOU) race condition was discovered…
CVE-2026-31817 – OliveTin has unsafe parsing of UniqueTrackingId can be used to write files
CVE ID :CVE-2026-31817 Published : March 10, 2026, 10:16 p.m. | 58 minutes ago Description :OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature…
CVE-2026-27685 – Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration
CVE ID :CVE-2026-27685 Published : March 10, 2026, 12:18 a.m. | 55 minutes ago Description :SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon…
CVE-2025-11158 – Hitachi Vantara Pentaho Data Integration & Analytics – Missing Authorization
CVE ID :CVE-2025-11158 Published : March 9, 2026, 10:12 p.m. | 1 hour, 1 minute ago Description :Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy…
CVE-2026-3288 – ingress-nginx rewrite-target nginx configuration injection
CVE ID :CVE-2026-3288 Published : March 9, 2026, 9:16 p.m. | 1 hour, 57 minutes ago Description :A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject…
CVE-2026-31816 – Budibase Universal Auth Bypass via Webhook Query Param Injection
CVE ID :CVE-2026-31816 Published : March 9, 2026, 9:16 p.m. | 1 hour, 57 minutes ago Description :Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and…