CVE ID :CVE-2026-4248 Published : March 27, 2026, 11:17 p.m. | 1 hour, 18 minutes ago Description :The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to,…
CVE-2026-33992 – pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration
CVE ID :CVE-2026-33992 Published : March 27, 2026, 11:17 p.m. | 1 hour, 18 minutes ago Description :pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, PyLoad’s download…
CVE-2026-33991 – WeGIA has SQL Injection in deletar_tag.php
CVE ID :CVE-2026-33991 Published : March 27, 2026, 11:17 p.m. | 1 hour, 18 minutes ago Description :WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sistema/deletar_tag.php` uses `extract($_REQUEST)`…
CVE-2026-33989 – @mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools
CVE ID :CVE-2026-33989 Published : March 27, 2026, 10:16 p.m. | 2 hours, 19 minutes ago Description :Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp`…
CVE-2026-33981 – Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters
CVE ID :CVE-2026-33981 Published : March 27, 2026, 10:16 p.m. | 2 hours, 19 minutes ago Description :changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the `jq:` and…
CVE-2026-4905 – Tenda AC5 POST Request WifiWpsOOB formWifiWpsOOB stack-based overflow
CVE ID :CVE-2026-4905 Published : March 27, 2026, 12:16 a.m. | 18 minutes ago Description :A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of…
CVE-2026-4904 – Tenda AC5 POST Request setcfm formSetCfm stack-based overflow
CVE ID :CVE-2026-4904 Published : March 27, 2026, 12:16 a.m. | 18 minutes ago Description :A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file…
CVE-2026-33945 – Abitrary file write through systemd-creds option
CVE ID :CVE-2026-33945 Published : March 27, 2026, 12:16 a.m. | 18 minutes ago Description :Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to…
CVE-2026-33898 – Local Incus UI web server vulnerable to nuthentication bypass
CVE ID :CVE-2026-33898 Published : March 27, 2026, 12:16 a.m. | 18 minutes ago Description :Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by…
CVE-2026-27893 – vLLM’s hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out
CVE ID :CVE-2026-27893 Published : March 27, 2026, 12:16 a.m. | 19 minutes ago Description :vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior…