CVE ID :CVE-2017-20217 Published : March 15, 2026, 6:34 p.m. | 5 hours, 31 minutes ago Description :Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration…
CVE-2016-20034 – Wowza Streaming Engine 4.5.0 Privilege Escalation via user edit
CVE ID :CVE-2016-20034 Published : March 15, 2026, 6:34 p.m. | 5 hours, 31 minutes ago Description :Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges…
CVE-2026-32729 – Runtipi has a TOTP two-factor authentication bypass via unrestricted brute-force on `/api/auth/verify-totp`
CVE ID :CVE-2026-32729 Published : March 13, 2026, 9:41 p.m. | 2 hours, 21 minutes ago Description :Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any…
CVE-2026-3227 – Authenticated Command Injection on TP-Link TL-WR802N, TL-WR841N and TL-WR840N
CVE ID :CVE-2026-3227 Published : March 13, 2026, 9:38 p.m. | 2 hours, 24 minutes ago Description :A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to…
CVE-2026-32616 – Pigeon has a Host Header Injection in email verification flow
CVE ID :CVE-2026-32616 Published : March 13, 2026, 9:12 p.m. | 2 hours, 50 minutes ago Description :Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $_SERVER[‘HTTP_HOST’] without validation to construct…
CVE-2026-32627 – cpp-httplib has a Silent TLS Certificate Verification Bypass on HTTPS Redirect via Proxy
CVE ID :CVE-2026-32627 Published : March 13, 2026, 8:48 p.m. | 3 hours, 14 minutes ago Description :cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client…
CVE-2025-15060 – claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability
CVE ID :CVE-2025-15060 Published : March 13, 2026, 8:43 p.m. | 3 hours, 19 minutes ago Description :claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code…
CVE-2026-32306 – OneUptime ClickHouse SQL Injection via Aggregate Query Parameters
CVE ID :CVE-2026-32306 Published : March 12, 2026, 9:27 p.m. | 1 hour, 48 minutes ago Description :OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API…
CVE-2026-32304 – Locutus: RCE via unsanitized input in create_function()
CVE ID :CVE-2026-32304 Published : March 12, 2026, 9:24 p.m. | 1 hour, 51 minutes ago Description :Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the create_function(args,…
CVE-2026-32302 – OpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy mode
CVE ID :CVE-2026-32302 Published : March 12, 2026, 9:22 p.m. | 1 hour, 53 minutes ago Description :OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when…