🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-25190 | High | 7.8 |
Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally.
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-25165 | High | 7.8 |
Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally.
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-27689 | High | 7.7 |
Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular us…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-30929 | High | 7.7 |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-1…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-28431 | High | 7.5 |
Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but p…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-3585 | High | 7.5 |
The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-26121 | High | 7.5 |
Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a netw…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-26127 | High | 7.5 |
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-26130 | High | 7.5 |
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service ove…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-28432 | High | 7.5 |
Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerabilit…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-30941 | High | 7.5 |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.14 …
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-30939 | High | 7.5 |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.13 …
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-2339 | High | 7.5 |
Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Li…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-30925 | High | 7.5 |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.0-a…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-23664 | High | 7.5 |
Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacke…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-23661 | High | 7.5 |
Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose inform…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-23674 | High | 7.5 |
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security fea…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-23662 | High | 7.5 |
Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose informati…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-25181 | High | 7.5 |
Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network.
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-26308 | High | 7.5 |
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC (Rol…
|
⚡ Exploit ✅ Patch | Mar 10, 2026 |