CVE ID :CVE-2026-32306 Published : March 12, 2026, 9:27 p.m. | 1 hour, 48 minutes ago Description :OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API…
CVE-2026-32304 – Locutus: RCE via unsanitized input in create_function()
CVE ID :CVE-2026-32304 Published : March 12, 2026, 9:24 p.m. | 1 hour, 51 minutes ago Description :Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the create_function(args,…
CVE-2026-32302 – OpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy mode
CVE ID :CVE-2026-32302 Published : March 12, 2026, 9:22 p.m. | 1 hour, 53 minutes ago Description :OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when…
CVE-2026-32301 – Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL
CVE ID :CVE-2026-32301 Published : March 12, 2026, 9:19 p.m. | 1 hour, 56 minutes ago Description :Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vulnerable to Server-Side Request…
CVE-2026-3611 – Honeywell IQ4x BMS Controller Missing authentication for critical function
CVE ID :CVE-2026-3611 Published : March 12, 2026, 9:16 p.m. | 1 hour, 59 minutes ago Description :The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration….
CVE-2026-32136 – AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass
CVE ID :CVE-2026-32136 Published : March 11, 2026, 10:16 p.m. | 59 minutes ago Description :AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker…
CVE-2026-27591 – Winter: Privilege escalation by authenticated backend users
CVE ID :CVE-2026-27591 Published : March 11, 2026, 10:16 p.m. | 59 minutes ago Description :Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Prior to 1.0.477,…
CVE-2026-32127 – SQL Injection Vulnerability in ajax graphs library (OpenEMR)
CVE ID :CVE-2026-32127 Published : March 11, 2026, 9:16 p.m. | 1 hour, 59 minutes ago Description :OpenEMR is a free and open source electronic health records and medical practice management application. Prior to…
CVE-2026-32110 – SiYuan has a Full-Read SSRF via /api/network/forwardProxy
CVE ID :CVE-2026-32110 Published : March 11, 2026, 9:16 p.m. | 1 hour, 59 minutes ago Description :SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to…
CVE-2026-0940 – Lenovo ThinkPad BIOS Initialization Vulnerability
CVE ID :CVE-2026-0940 Published : March 11, 2026, 9:16 p.m. | 1 hour, 59 minutes ago Description :A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a…