CVE ID : CVE-2026-2836 Published : March 5, 2026, 12:15 a.m. | 1 hour, 28 minutes ago Description : A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default cache…
CVE-2026-2835 – HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing
CVE ID : CVE-2026-2835 Published : March 5, 2026, 12:15 a.m. | 1 hour, 28 minutes ago Description : An HTTP Request Smuggling vulnerability (CWE-444) has been found in Pingora’s parsing of HTTP/1.0 and…
CVE-2026-2833 – HTTP Request Smuggling via Premature Upgrade
CVE ID : CVE-2026-2833 Published : March 4, 2026, 11:20 p.m. | 23 minutes ago Description : An HTTP request smuggling vulnerability (CWE-444) was found in Pingora’s handling of HTTP/1.1 connection upgrades. The…
CVE-2026-29000 – pac4j-jwt JwtAuthenticator Authentication Bypass
CVE ID : CVE-2026-29000 Published : March 4, 2026, 10:16 p.m. | 1 hour, 27 minutes ago Description : pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator…
CVE-2026-27803 – Vaultwarden: Collection Management Operations Allowed Without `manage` Verification for Manager Role
CVE ID : CVE-2026-27803 Published : March 4, 2026, 10:16 p.m. | 1 hour, 27 minutes ago Description : Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior…
CVE-2026-27802 – Vaultwarden: Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager
CVE ID : CVE-2026-27802 Published : March 4, 2026, 10:16 p.m. | 1 hour, 27 minutes ago Description : Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior…
CVE-2026-25750 – LangSmith Studio has URL Parameter Injection Vulnerability that Enables Token Theft via Malicious baseUrl
CVE ID : CVE-2026-25750 Published : March 4, 2026, 10:16 p.m. | 1 hour, 27 minutes ago Description : Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm…
CVE-2026-3266 – OpenText Filr Missing Authorization Vulnerability Allows Authentication Bypass
CVE ID : CVE-2026-3266 Published : March 3, 2026, 11:15 p.m. | 27 minutes ago Description : Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauthenticated users to get…
CVE-2026-28289 – FreeScout Patch Bypass Remote Code Execution Vulnerability
CVE ID : CVE-2026-28289 Published : March 3, 2026, 11:15 p.m. | 27 minutes ago Description : FreeScout is a free help desk and shared inbox built with PHP’s Laravel framework. A patch…
CVE-2026-27971 – Qwik RCE via Unauthenticated Server RPC Deserialization
CVE ID : CVE-2026-27971 Published : March 3, 2026, 11:15 p.m. | 27 minutes ago Description : Qwik is a performance focused javascript framework. qwik Severity: 9.2 | CRITICAL Visit the link for…