CVE ID :CVE-2026-30863 Published : March 7, 2026, 5:15 p.m. | 5 hours, 56 minutes ago Description :Parse Server is an open source backend that can be deployed to any infrastructure that can run…
CVE-2026-30861 – WeKnora: Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation
CVE ID :CVE-2026-30861 Published : March 7, 2026, 5:15 p.m. | 5 hours, 56 minutes ago Description :WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to…
CVE-2026-30860 – WeKnora: Remote Code Execution via SQL Injection Bypass in AI Database Query Tool
CVE ID :CVE-2026-30860 Published : March 7, 2026, 5:15 p.m. | 5 hours, 56 minutes ago Description :WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12,…
CVE-2026-30855 – WeKnora: Broken Access Control in Tenant Management
CVE ID :CVE-2026-30855 Published : March 7, 2026, 5:15 p.m. | 5 hours, 56 minutes ago Description :WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2,…
CVE-2026-30242 – Plane: SSRF via Incomplete IP Validation in Webhook URL Serializer
CVE ID :CVE-2026-30242 Published : March 6, 2026, 10:16 p.m. | 2 hours, 35 minutes ago Description :Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in…
CVE-2026-30230 – Flare: Password‑Protected Thumbnail Bypass
CVE ID :CVE-2026-30230 Published : March 6, 2026, 9:16 p.m. | 3 hours, 34 minutes ago Description :Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2,…
CVE-2026-30229 – Parse Server: Endpoint `/loginAs` allows `readOnlyMasterKey` to gain full read and write access as any user
CVE ID :CVE-2026-30229 Published : March 6, 2026, 9:16 p.m. | 3 hours, 34 minutes ago Description :Parse Server is an open source backend that can be deployed to any infrastructure that can run…
CVE-2026-30223 – OliveTin: JWT Audience Validation Bypass in Local Key and HMAC Modes
CVE ID :CVE-2026-30223 Published : March 6, 2026, 9:16 p.m. | 3 hours, 34 minutes ago Description :OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, when JWT…
CVE-2026-29789 – Vito: Cross-project privilege escalation in workflow site-creation actions allows unauthorized server modification
CVE ID :CVE-2026-29789 Published : March 6, 2026, 9:16 p.m. | 3 hours, 34 minutes ago Description :Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers….
CVE-2026-3612 – Wavlink WL-NU516U1 OTA Online Upgrade adm.cgi sub_405AF4 command injection
CVE ID : CVE-2026-3612 Published : March 6, 2026, 1:15 a.m. | 28 minutes ago Description : A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function sub_405AF4 of the file…