CVE ID :CVE-2026-29099 Published : March 19, 2026, 11:16 p.m. | 58 minutes ago Description :SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the…
CVE-2026-29096 – SuiteCRM vulnerable to Authenticated SQL Injection via unsanitized field_function in Report Fields
CVE ID :CVE-2026-29096 Published : March 19, 2026, 11:16 p.m. | 58 minutes ago Description :SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, when…
CVE-2026-32805 – Romeo is vulnerable to Archive Slip due to missing checks in sanitization
CVE ID :CVE-2026-32805 Published : March 18, 2026, 11:17 p.m. | 56 minutes ago Description :Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code…
CVE-2026-32731 – ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction
CVE ID :CVE-2026-32731 Published : March 18, 2026, 11:17 p.m. | 56 minutes ago Description :ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of `@apostrophecms/import-export`, The `extract()` function in `gzip.js`…
CVE-2026-32730 – ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware
CVE ID :CVE-2026-32730 Published : March 18, 2026, 11:17 p.m. | 56 minutes ago Description :ApostropheCMS is an open-source content management framework. Prior to version 4.28.0, the bearer token authentication middleware in `@apostrophecms/express/index.js`…
CVE-2025-15031 – Path Traversal Vulnerability in mlflow/mlflow
CVE ID :CVE-2025-15031 Published : March 18, 2026, 11:17 p.m. | 56 minutes ago Description :A vulnerability in MLflow’s pyfunc extraction process allows for arbitrary file writes due to improper handling of tar…
CVE-2026-33163 – Parse Server leaks protected fields via LiveQuery afterEvent trigger
CVE ID :CVE-2026-33163 Published : March 18, 2026, 10:16 p.m. | 1 hour, 57 minutes ago Description :Parse Server is an open source backend that can be deployed to any infrastructure that can run…
CVE-2026-21994 – Vulnerability in the Oracle Edge Cloud Infrastruct
CVE ID :CVE-2026-21994 Published : March 17, 2026, 11:16 p.m. | 54 minutes ago Description :Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects (component:…
CVE-2026-32841 – Edimax GS-5008PL <= 1.00.54 Global Authentication State Across All Clients
CVE ID :CVE-2026-32841 Published : March 17, 2026, 10:16 p.m. | 1 hour, 55 minutes ago Description :Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to…
CVE-2026-4295 – Arbitrary code execution via crafted project files in Kiro IDE
CVE ID :CVE-2026-4295 Published : March 17, 2026, 8:16 p.m. | 3 hours, 55 minutes ago Description :Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a…