CVE ID :CVE-2026-34449 Published : March 31, 2026, 10:16 p.m. | 2 hours, 20 minutes ago Description :SiYuan is a personal knowledge management system. Prior to version 3.6.2, a malicious website can achieve Remote…
CVE-2026-34448 – SiYuan: Stored XSS in Attribute View gallery/kanban cover rendering allows arbitrary command execution in the desktop client
CVE ID :CVE-2026-34448 Published : March 31, 2026, 10:16 p.m. | 2 hours, 20 minutes ago Description :SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a…
CVE-2026-5156 – Tenda CH22 Parameter QuickIndex formQuickIndex stack-based overflow
CVE ID :CVE-2026-5156 Published : March 31, 2026, 12:16 a.m. | 20 minutes ago Description :A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of…
CVE-2026-5155 – Tenda CH22 Parameter AdvSetWan fromAdvSetWan stack-based overflow
CVE ID :CVE-2026-5155 Published : March 30, 2026, 11:17 p.m. | 1 hour, 19 minutes ago Description :A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function fromAdvSetWan of the file /goform/AdvSetWan…
CVE-2026-5154 – Tenda CH22 Parameter setcfm fromSetCfm stack-based overflow
CVE ID :CVE-2026-5154 Published : March 30, 2026, 11:17 p.m. | 1 hour, 19 minutes ago Description :A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of…
CVE-2026-5130 – Debugger & Troubleshooter <= 1.3.2 – Unauthenticated Privilege Escalation to Administrator via Cookie Manipulation
CVE ID :CVE-2026-5130 Published : March 30, 2026, 11:17 p.m. | 1 hour, 19 minutes ago Description :The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to…
CVE-2026-4257 – Contact Form by Supsystic <= 1.7.36 – Unauthenticated Server-Side Template Injection via Prefill Functionality
CVE ID :CVE-2026-4257 Published : March 30, 2026, 10:16 p.m. | 2 hours, 20 minutes ago Description :The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection (SSTI) leading to…
CVE-2026-2370 – Improper Handling of Parameters in GitLab
CVE ID :CVE-2026-2370 Published : March 30, 2026, 12:16 a.m. | 20 minutes ago Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3,…
CVE-2026-4946 – NSA Ghidra Auto-Analysis Annotation Command Execution
CVE ID :CVE-2026-4946 Published : March 29, 2026, 8:16 p.m. | 4 hours, 19 minutes ago Description :Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in…
CVE-2026-0562 – Insecure Direct Object Reference (IDOR) in parisneo/lollms
CVE ID :CVE-2026-0562 Published : March 29, 2026, 6:16 p.m. | 6 hours, 19 minutes ago Description :A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or…