jell.ie CVEs
Read at: 2026-03-12T09:34:41+00:00
CVE ID :CVE-2026-4016
Published : March 12, 2026, 8:32 a.m. | 42 minutes ago
Description :A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svgin_process of the file src/filters/load_svg.c of the component SVG Parser. The manipulation leads to out-of-bounds write. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The identifier of the patch is 7618d7206cdeb3c28961dc97ab0ecabaff0c8af2. It is suggested to install a patch to address this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4015
Published : March 12, 2026, 8:32 a.m. | 42 minutes ago
Description :A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. This patch is called d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5. Applying a patch is advised to resolve this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4014
Published : March 12, 2026, 8:16 a.m. | 58 minutes ago
Description :A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0. This impacts an unknown function of the file /curvus2/signup.php of the component Registration. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4013
Published : March 12, 2026, 8:16 a.m. | 58 minutes ago
Description :A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file add_admin.php. Such manipulation leads to improper authorization. The attack may be launched remotely.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4012
Published : March 12, 2026, 8:16 a.m. | 58 minutes ago
Description :A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The impacted element is the function read_ of the file src/fe.c. This manipulation with the input 1 causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4010
Published : March 12, 2026, 8:16 a.m. | 58 minutes ago
Description :A vulnerability was found in ThakeeNathees pocketlang up to cc73ca61b113d48ee130d837a7a8b145e41de5ce. The affected element is the function pkByteBufferAddString. The manipulation of the argument length with the input 4294967290 results in memory corruption. The attack requires a local approach. The exploit has been made public and could be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4009
Published : March 12, 2026, 8:16 a.m. | 58 minutes ago
Description :A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__msadpcm in the library src/audiosource/wav/dr_wav.h of the component WAV File Parser. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. Upgrading to version 20200207 is recommended to address this issue. It is recommended to upgrade the affected component. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4008
Published : March 12, 2026, 7:16 a.m. | 1 hour, 57 minutes ago
Description :A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4007
Published : March 12, 2026, 7:16 a.m. | 1 hour, 57 minutes ago
Description :A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3994
Published : March 12, 2026, 6:16 a.m. | 2 hours, 57 minutes ago
Description :A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X86_64::initialize_sections of the file src/input-files.cc of the component Object File Handler. Performing a manipulation results in heap-based buffer overflow. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3990
Published : March 12, 2026, 6:16 a.m. | 2 hours, 57 minutes ago
Description :A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0. Affected by this issue is some unknown functionality of the file Apps/Sandcastle/standalone.html. The manipulation of the argument c results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The presence of this vulnerability remains uncertain at this time. The vendor was contacted early about this disclosure but did not respond in any way. According to CVE-2023-48094, "the vendor's position is that Apps/Sandcastle/standalone.html is part of the CesiumGS/cesium GitHub repository, but is demo code that is not part of the CesiumJS JavaScript library product."
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3993
Published : March 12, 2026, 6:16 a.m. | 2 hours, 57 minutes ago
Description :A security vulnerability has been detected in itsourcecode Payroll Management System 1.0. This vulnerability affects unknown code of the file /manage_employee_deductions.php. Such manipulation of the argument ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3992
Published : March 12, 2026, 6:16 a.m. | 2 hours, 57 minutes ago
Description :A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3984
Published : March 12, 2026, 6:16 a.m. | 2 hours, 57 minutes ago
Description :A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of the file save_up_athlete.php. This manipulation of the argument a_name causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-2687
Published : March 12, 2026, 6:16 a.m. | 2 hours, 57 minutes ago
Description :The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3983
Published : March 12, 2026, 6:16 a.m. | 2 hours, 57 minutes ago
Description :A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the file save-games.php. The manipulation of the argument game_name results in cross site scripting. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-15473
Published : March 12, 2026, 6:16 a.m. | 2 hours, 57 minutes ago
Description :The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3982
Published : March 12, 2026, 5:16 a.m. | 3 hours, 57 minutes ago
Description :A vulnerability was determined in itsourcecode University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_result.php. Executing a manipulation of the argument vr can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3981
Published : March 12, 2026, 5:16 a.m. | 3 hours, 57 minutes ago
Description :A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor_action.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3980
Published : March 12, 2026, 5:16 a.m. | 3 hours, 58 minutes ago
Description :A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patient_action.php. Such manipulation of the argument patient_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3979
Published : March 12, 2026, 4:16 a.m. | 4 hours, 57 minutes ago
Description :A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation causes use after free. The attack requires local access. The exploit has been published and may be used. Patch name: daab4ad4bae4ef071ed0294618d6244e92def4cd. Applying a patch is the recommended action to fix this issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3978
Published : March 12, 2026, 4:16 a.m. | 4 hours, 57 minutes ago
Description :A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3977
Published : March 12, 2026, 4:16 a.m. | 4 hours, 57 minutes ago
Description :A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. The attack can be initiated remotely. The identifier of the patch is 35dfd6f08f7d517709c77ee73e57367141107e6b. To fix this issue, it is recommended to deploy a patch.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3976
Published : March 12, 2026, 3:15 a.m. | 5 hours, 58 minutes ago
Description :A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3975
Published : March 12, 2026, 3:15 a.m. | 5 hours, 58 minutes ago
Description :A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component POST Parameter Handler. Performing a manipulation of the argument wl_radio results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2026-03-11, 1 days ago. The vendor is given until 2026-07-09 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 6.5
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L severity vulnerability discovered by 'ASMIT DAM' was reported to the affected vendor on: 2026-03-11, 1 days ago. The vendor is given until 2026-07-09 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2026-03-11, 1 days ago. The vendor is given until 2026-07-09 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2026-03-11, 1 days ago. The vendor is given until 2026-07-09 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2026-03-11, 1 days ago. The vendor is given until 2026-07-09 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 6.1
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-03-10, 2 days ago. The vendor is given until 2026-07-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Xavier DANEST' was reported to the affected vendor on: 2026-03-10, 2 days ago. The vendor is given until 2026-07-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-24285.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2026-20634.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-20675.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. Interaction with the GDI library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2026-25181.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must receive a malicious file that is written to the local filesystem. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-20616.
This vulnerability allows local attackers to escalate privileges on affected installations of Array Networks MotionPro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-26364.
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-23668.
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-23668.
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-23668.
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-24285.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-20611.
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-24285.
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-24289.
This vulnerability allows local attackers to escalate privileges on affected installations of Fortinet FortiClient. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-24018.
A CVSS score 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'zerozeroxz' was reported to the affected vendor on: 2026-03-09, 3 days ago. The vendor is given until 2026-07-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
This vulnerability allows remote attackers to bypass authentication on affected installations of Unraid. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3. The following CVEs are assigned: CVE-2026-3839.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-3838.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-3085.
A CVSS score 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Tyler Zars' was reported to the affected vendor on: 2026-03-06, 6 days ago. The vendor is given until 2026-07-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by '0daystolive (Sorcery Ltd)' was reported to the affected vendor on: 2026-03-06, 6 days ago. The vendor is given until 2026-07-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Jeremy Brown' was reported to the affected vendor on: 2026-03-06, 6 days ago. The vendor is given until 2026-07-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-3560.
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2026-3558.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-2920.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-2921.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.0. The following CVEs are assigned: CVE-2026-3561.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are assigned: CVE-2026-3562.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. User interaction is required to exploit this vulnerability in that the user must initiate the device pairing process. The ZDI has assigned a CVSS rating of 8.0. The following CVEs are assigned: CVE-2026-3555.
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2026-3559.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-3086.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-3084.
This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-15558.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-3083.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.0. The following CVEs are assigned: CVE-2026-3557.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-2923.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-3094.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-3081.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-2922.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-3082.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-3556.
A CVSS score 3.8
AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N severity vulnerability discovered by '\xec\x9d\xb4\xeb\x8f\x99\xed\x95\x98 ( Lee Dong Ha of 0xb6 )' was reported to the affected vendor on: 2026-03-05, 7 days ago. The vendor is given until 2026-07-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-03-05, 7 days ago. The vendor is given until 2026-07-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.5
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'wac and Kookhwan Lee' was reported to the affected vendor on: 2026-03-05, 7 days ago. The vendor is given until 2026-07-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of TrendAI Zero Day Initiative' was reported to the affected vendor on: 2026-03-05, 7 days ago. The vendor is given until 2026-07-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-03-05, 7 days ago. The vendor is given until 2026-07-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-03-05, 7 days ago. The vendor is given until 2026-07-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-03-05, 7 days ago. The vendor is given until 2026-07-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ' Amol Dosanjh, Dre Cura (@dre_cura), and Nicholas Zubrisky (@NZubrisky) of TrendAI Research' was reported to the affected vendor on: 2026-03-05, 7 days ago. The vendor is given until 2026-07-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-03-05, 7 days ago. The vendor is given until 2026-07-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 3.3
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-03-05, 7 days ago. The vendor is given until 2026-07-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-03-04, 8 days ago. The vendor is given until 2026-07-02 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Bongeun Koo (@kiddo_pwn)' was reported to the affected vendor on: 2026-03-04, 8 days ago. The vendor is given until 2026-07-02 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Bongeun Koo (@kiddo_pwn)' was reported to the affected vendor on: 2026-03-04, 8 days ago. The vendor is given until 2026-07-02 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-03-04, 8 days ago. The vendor is given until 2026-07-02 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-03-04, 8 days ago. The vendor is given until 2026-07-02 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-03-04, 8 days ago. The vendor is given until 2026-07-02 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Gu YongZeng (@0x0dee)' was reported to the affected vendor on: 2026-03-04, 8 days ago. The vendor is given until 2026-07-02 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-03-04, 8 days ago. The vendor is given until 2026-07-02 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2025-71210.
A CVSS score 7.5
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Zeeshan Shaikh (@bugzzzhunter)' was reported to the affected vendor on: 2026-03-03, 9 days ago. The vendor is given until 2026-07-01 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.3
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Xavier DANEST' was reported to the affected vendor on: 2026-03-03, 9 days ago. The vendor is given until 2026-07-01 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.6
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L severity vulnerability discovered by 'kaijieguigui' was reported to the affected vendor on: 2026-03-03, 9 days ago. The vendor is given until 2026-07-01 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Music Assistant. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-26975.
This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2025-71209.
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3. The following CVEs are assigned: CVE-2026-28400.
This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2025-71208.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.4. The following CVEs are assigned: CVE-2025-71206.
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-71213.
count: 100