CVE ID :CVE-2026-32729 Published : March 13, 2026, 9:41 p.m. | 2 hours, 21 minutes ago Description :Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any…
CVE-2026-3227 – Authenticated Command Injection on TP-Link TL-WR802N, TL-WR841N and TL-WR840N
CVE ID :CVE-2026-3227 Published : March 13, 2026, 9:38 p.m. | 2 hours, 24 minutes ago Description :A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to…
CVE-2026-32616 – Pigeon has a Host Header Injection in email verification flow
CVE ID :CVE-2026-32616 Published : March 13, 2026, 9:12 p.m. | 2 hours, 50 minutes ago Description :Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $_SERVER[‘HTTP_HOST’] without validation to construct…
CVE-2026-32627 – cpp-httplib has a Silent TLS Certificate Verification Bypass on HTTPS Redirect via Proxy
CVE ID :CVE-2026-32627 Published : March 13, 2026, 8:48 p.m. | 3 hours, 14 minutes ago Description :cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client…
CVE-2025-15060 – claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability
CVE ID :CVE-2025-15060 Published : March 13, 2026, 8:43 p.m. | 3 hours, 19 minutes ago Description :claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code…
CVE-2026-32306 – OneUptime ClickHouse SQL Injection via Aggregate Query Parameters
CVE ID :CVE-2026-32306 Published : March 12, 2026, 9:27 p.m. | 1 hour, 48 minutes ago Description :OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API…
CVE-2026-32304 – Locutus: RCE via unsanitized input in create_function()
CVE ID :CVE-2026-32304 Published : March 12, 2026, 9:24 p.m. | 1 hour, 51 minutes ago Description :Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the create_function(args,…
CVE-2026-32302 – OpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy mode
CVE ID :CVE-2026-32302 Published : March 12, 2026, 9:22 p.m. | 1 hour, 53 minutes ago Description :OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when…
CVE-2026-32301 – Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL
CVE ID :CVE-2026-32301 Published : March 12, 2026, 9:19 p.m. | 1 hour, 56 minutes ago Description :Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vulnerable to Server-Side Request…
CVE-2026-3611 – Honeywell IQ4x BMS Controller Missing authentication for critical function
CVE ID :CVE-2026-3611 Published : March 12, 2026, 9:16 p.m. | 1 hour, 59 minutes ago Description :The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration….