CVE ID :CVE-2026-33228 Published : March 20, 2026, 11:16 p.m. | 59 minutes ago Description :flatted is a circular JSON parser. Prior to version 3.4.2, the parse() function in flatted can use attacker-controlled…
CVE-2026-33226 – Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview
CVE ID :CVE-2026-33226 Published : March 20, 2026, 11:16 p.m. | 59 minutes ago Description :Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions from 3.30.6…
CVE-2026-22733 – Authentication Bypass under Actuator CloudFoundry endpoints
CVE ID :CVE-2026-22733 Published : March 19, 2026, 11:29 p.m. | 46 minutes ago Description :Spring Boot applications with Actuator can be vulnerable to an “Authentication Bypass” vulnerability when an application endpoint that…
CVE-2026-32721 – LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal
CVE ID :CVE-2026-32721 Published : March 19, 2026, 11:16 p.m. | 58 minutes ago Description :LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability…
CVE-2026-29103 – SuiteCRM Vulnerable to Remote Code Execution via Module Loader Package Scanner Bypass
CVE ID :CVE-2026-29103 Published : March 19, 2026, 11:16 p.m. | 58 minutes ago Description :SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. A Critical Remote Code Execution (RCE) vulnerability…
CVE-2026-29099 – SuiteCRM has Authenticated Blind SQL Injection in OutboundEmail Legacy Functionality.
CVE ID :CVE-2026-29099 Published : March 19, 2026, 11:16 p.m. | 58 minutes ago Description :SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the…
CVE-2026-29096 – SuiteCRM vulnerable to Authenticated SQL Injection via unsanitized field_function in Report Fields
CVE ID :CVE-2026-29096 Published : March 19, 2026, 11:16 p.m. | 58 minutes ago Description :SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, when…
CVE-2026-32805 – Romeo is vulnerable to Archive Slip due to missing checks in sanitization
CVE ID :CVE-2026-32805 Published : March 18, 2026, 11:17 p.m. | 56 minutes ago Description :Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code…
CVE-2026-32731 – ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction
CVE ID :CVE-2026-32731 Published : March 18, 2026, 11:17 p.m. | 56 minutes ago Description :ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of `@apostrophecms/import-export`, The `extract()` function in `gzip.js`…
CVE-2026-32730 – ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware
CVE ID :CVE-2026-32730 Published : March 18, 2026, 11:17 p.m. | 56 minutes ago Description :ApostropheCMS is an open-source content management framework. Prior to version 4.28.0, the bearer token authentication middleware in `@apostrophecms/express/index.js`…