🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-23674 | High | 7.5 |
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security fea…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-25181 | High | 7.5 |
Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network.
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-26121 | High | 7.5 |
Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a netw…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-26127 | High | 7.5 |
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-26130 | High | 7.5 |
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service ove…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-26308 | High | 7.5 |
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC (Rol…
|
⚡ Exploit ✅ Patch | Mar 10, 2026 |
| CVE-2026-28431 | High | 7.5 |
Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but p…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-28432 | High | 7.5 |
Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerabilit…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-30925 | High | 7.5 |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.0-a…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-30939 | High | 7.5 |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.13 …
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-30941 | High | 7.5 |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.14 …
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-3585 | High | 7.5 |
The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-25167 | High | 7.4 |
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-25569 | High | 7.4 |
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). An out-of-bounds write vulnerability exi…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-25570 | High | 7.4 |
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK does not perform che…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-25573 | High | 7.4 |
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application builds shell co…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-2364 | High | 7.3 |
If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low pr…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-1261 | High | 7.2 |
The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz feature in all versions u…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-2724 | High | 7.2 |
The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form entr…
|
✅ Patch | Mar 10, 2026 |
| CVE-2026-30958 | High | 7.2 |
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal…
|
⚡ Exploit ✅ Patch | Mar 10, 2026 |