CVE ID :CVE-2026-3912 Published : March 24, 2026, 9:16 p.m. | 3 hours, 18 minutes ago Description :Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of…
CVE-2025-33244 – NVIDIA APEX Deserialization Vulnerability
CVE ID :CVE-2025-33244 Published : March 24, 2026, 9:16 p.m. | 3 hours, 18 minutes ago Description :NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker could cause a deserialization of untrusted…
CVE-2026-33511 – pyload-ng: Authentication Bypass via Host Header Injection in ClickNLoad
CVE ID :CVE-2026-33511 Published : March 24, 2026, 8:16 p.m. | 4 hours, 18 minutes ago Description :pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version…
CVE-2026-33419 – MinIO: LDAP login brute-force via user enumeration and missing rate limit
CVE ID :CVE-2026-33419 Published : March 24, 2026, 8:16 p.m. | 4 hours, 18 minutes ago Description :MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor’s STS (Security Token Service) AssumeRoleWithLDAPIdentity…
CVE-2026-33344 – Dagu has an incomplete fix for CVE-2026-27598: path traversal via %2F-encoded slashes in locateDAG
CVE ID :CVE-2026-33344 Published : March 24, 2026, 8:16 p.m. | 4 hours, 18 minutes ago Description :Dagu is a workflow engine with a built-in Web user interface. From version 2.0.0 to before version…
CVE-2026-4021 – Contest Gallery <= 28.1.5 – Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion
CVE ID :CVE-2026-4021 Published : March 24, 2026, 12:16 a.m. | 17 minutes ago Description :The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in…
CVE-2026-4001 – Woocommerce Custom Product Addons Pro <= 5.4.1 – Unauthenticated Remote Code Execution via Custom Pricing Formula
CVE ID :CVE-2026-4001 Published : March 24, 2026, 12:16 a.m. | 17 minutes ago Description :The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions…
CVE-2026-3533 – JupiterX Core <= 4.14.1 – Authenticated (Subscriber+) Missing Authorization To Limited File Upload via Popup Template Import
CVE ID :CVE-2026-3533 Published : March 24, 2026, 12:16 a.m. | 17 minutes ago Description :The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on…
CVE-2026-33286 – Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names
CVE ID :CVE-2026-33286 Published : March 24, 2026, 12:16 a.m. | 17 minutes ago Description :Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions…
CVE-2026-33241 – Salvo Affected by Denial of Service via Unbounded Memory Allocation in Form Data Parsing
CVE ID :CVE-2026-33241 Published : March 24, 2026, 12:16 a.m. | 17 minutes ago Description :Salvo is a Rust web framework. Prior to version 0.89.3, Salvo’s form data parsing implementations (`form_data()` method and…