Page 53

CVE-2026-31837 – Istio JWKS resolver to prevent private key material from being exposed when JWKS fetch fails.

Posted on March 11, 2026

CVE ID :CVE-2026-31837 Published : March 10, 2026, 10:16 p.m. | 58 minutes ago Description :Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a…

CVE-2026-31824 – Sylius has a Promotion Usage Limit Bypass via Race Condition

Posted on March 11, 2026

CVE ID :CVE-2026-31824 Published : March 10, 2026, 10:16 p.m. | 58 minutes ago Description :Sylius is an Open Source eCommerce Framework on Symfony. A Time-of-Check To Time-of-Use (TOCTOU) race condition was discovered…

CVE-2026-31817 – OliveTin has unsafe parsing of UniqueTrackingId can be used to write files

Posted on March 11, 2026

CVE ID :CVE-2026-31817 Published : March 10, 2026, 10:16 p.m. | 58 minutes ago Description :OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature…

CVE-2026-27685 – Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration

Posted on March 10, 2026

CVE ID :CVE-2026-27685 Published : March 10, 2026, 12:18 a.m. | 55 minutes ago Description :SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon…

CVE-2025-11158 – Hitachi Vantara Pentaho Data Integration & Analytics – Missing Authorization

Posted on March 10, 2026

CVE ID :CVE-2025-11158 Published : March 9, 2026, 10:12 p.m. | 1 hour, 1 minute ago Description :Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy…

CVE-2026-3288 – ingress-nginx rewrite-target nginx configuration injection

Posted on March 10, 2026

CVE ID :CVE-2026-3288 Published : March 9, 2026, 9:16 p.m. | 1 hour, 57 minutes ago Description :A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject…

CVE-2026-31816 – Budibase Universal Auth Bypass via Webhook Query Param Injection

Posted on March 10, 2026

CVE ID :CVE-2026-31816 Published : March 9, 2026, 9:16 p.m. | 1 hour, 57 minutes ago Description :Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and…

CVE-2026-30240 – Budibase PWA ZIP Upload Path Traversal Allows Reading Arbitrary Server Files Including All Environment Secrets

Posted on March 10, 2026

CVE ID :CVE-2026-30240 Published : March 9, 2026, 9:16 p.m. | 1 hour, 57 minutes ago Description :Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and…

CVE-2026-25737 – Budibase Arbitrary File Upload Leading to Multiple Critical Vulnerabilities (SSRF, Stored XSS)

Posted on March 10, 2026

CVE ID :CVE-2026-25737 Published : March 9, 2026, 9:16 p.m. | 1 hour, 58 minutes ago Description :Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and…

CVE-2026-3769 – Tenda F453 WrlclientSet stack-based overflow

Posted on March 9, 2026

CVE ID :CVE-2026-3769 Published : March 8, 2026, 9:15 p.m. | 1 hour, 57 minutes ago Description :A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function WrlclientSet of…