CVE ID :CVE-2026-32731 Published : March 18, 2026, 11:17 p.m. | 56 minutes ago Description :ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of `@apostrophecms/import-export`, The `extract()` function in `gzip.js`…
CVE-2026-32730 – ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware
CVE ID :CVE-2026-32730 Published : March 18, 2026, 11:17 p.m. | 56 minutes ago Description :ApostropheCMS is an open-source content management framework. Prior to version 4.28.0, the bearer token authentication middleware in `@apostrophecms/express/index.js`…
CVE-2025-15031 – Path Traversal Vulnerability in mlflow/mlflow
CVE ID :CVE-2025-15031 Published : March 18, 2026, 11:17 p.m. | 56 minutes ago Description :A vulnerability in MLflow’s pyfunc extraction process allows for arbitrary file writes due to improper handling of tar…
CVE-2026-33163 – Parse Server leaks protected fields via LiveQuery afterEvent trigger
CVE ID :CVE-2026-33163 Published : March 18, 2026, 10:16 p.m. | 1 hour, 57 minutes ago Description :Parse Server is an open source backend that can be deployed to any infrastructure that can run…
CVE-2026-21994 – Vulnerability in the Oracle Edge Cloud Infrastruct
CVE ID :CVE-2026-21994 Published : March 17, 2026, 11:16 p.m. | 54 minutes ago Description :Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects (component:…
CVE-2026-32841 – Edimax GS-5008PL <= 1.00.54 Global Authentication State Across All Clients
CVE ID :CVE-2026-32841 Published : March 17, 2026, 10:16 p.m. | 1 hour, 55 minutes ago Description :Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to…
CVE-2026-4295 – Arbitrary code execution via crafted project files in Kiro IDE
CVE ID :CVE-2026-4295 Published : March 17, 2026, 8:16 p.m. | 3 hours, 55 minutes ago Description :Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a…
CVE-2026-4064 – PowerShell Universal gRPC Authorization Bypass
CVE ID :CVE-2026-4064 Published : March 17, 2026, 8:16 p.m. | 3 hours, 55 minutes ago Description :Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user…
CVE-2026-32981 – Ray Dashboard <= 2.8.0 Path Traversal Leading to Local File Disclosure
CVE ID :CVE-2026-32981 Published : March 17, 2026, 8:16 p.m. | 3 hours, 55 minutes ago Description :A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to…
CVE-2026-29522 – ZwickRoell Test Data Management < 3.0.8 Path Traversal LFI
CVE ID :CVE-2026-29522 Published : March 16, 2026, 9:16 p.m. | 2 hours, 52 minutes ago Description :ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion (LFI) vulnerability in the /server/node_upgrade_srv.js…