CVE Vulnerabilities - 24 March 2026

An attacker can potentially execute code on your website by submitting a specially crafted value to a custom pricing field. This could allow them to access or modify sensitive data. Update to the late...

A security issue in Tekton Pipelines git resolver allows an attacker with permission to create tasks or pipelines to read any file on the resolver pod's filesystem, which could lead to sensitive infor...

An attacker can exploit a security weakness in Graphiti's API to run any function on a database, potentially causing harm. This affects any Graphiti application that allows untrusted users to create, ...

A bug in Google Chrome's FedCM feature can be exploited by a malicious website to run unauthorized code on your computer. This could potentially allow hackers to steal sensitive information or take co...

The Jupiter X Core plugin for WordPress has a security issue that lets attackers with a subscriber-level account or higher upload malicious files. This could lead to code being run on the server or ma...

Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations (`form_data()` method and `Extractible` macro) do not enforce payload size limits before reading reque...

Some Spring Cloud users may accidentally access files outside of the intended directory. This can happen when using the Config Server with the native file system backend. To fix this, update to Spring...

The Contest Gallery plugin for WordPress has a security flaw that lets an attacker take control of any admin account without a password. This happens when a user with a special email address can trick...

A bug in a specific software that runs large language models allows an attacker to trick it into using too much memory, potentially letting them run malicious code. This can happen if the software pro...

A specially crafted message to Ella Core can cause it to crash, disrupting services for all connected users. This can happen without any login or authentication. To fix this, the developers have made ...

Older versions of Freeciv game crash if sent fake data over the internet. This can let an attacker shut down public game servers, or crash the game on a player's computer. Upgrade to the latest versio...

Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the salvo-proxy component. The vulnerability allows an unauthenticated ex...

A security weakness in SourceCodester Patients Waiting Area Queue Management System 1.0 allows unauthorized access to patient data. This could happen when a malicious person uses a remote attack, pote...

A security issue exists in SourceCodester Online Catering Reservation 1.0, specifically in the /search.php file. An attacker could manipulate data sent to this file, potentially allowing them to acces...

A security issue in SourceCodester E-Commerce Site 1.0 could allow an attacker to see sensitive information they shouldn't have access to. This is because the software doesn't properly check user inpu...

A security issue was found in a Go library that helps with HTTP communication. If not properly configured, an attacker could send unauthorized requests to a server, potentially triggering unwanted act...

Ella Core is vulnerable to a crash when receiving specially crafted NAS messages. This can cause service disruption for all connected subscribers. To fix, software updates that add a security check fo...

Ella Core may crash if it receives a specially crafted NGAP message with an invalid PDU Session ID. This could cause a service disruption for connected subscribers. To protect against this, update Ell...

The itsourcecode software has a weakness in how it handles input from users. This makes it possible for hackers to inject malicious code into the system, potentially allowing them to access sensitive ...

Dasel's YAML parser can be exploited with an overly large YAML file, causing it to consume all available CPU and memory, freezing or crashing the system. This is due to a flaw in the way the parser ha...

The User Registration & Membership plugin for WordPress has a security flaw that lets attackers with some access levels modify site rules, potentially exposing sensitive content or blocking legitimate...

A bug in the JRuby bcrypt implementation can make password hashes much weaker when using the cost setting of 31, allowing attackers to easily guess passwords. Affected applications should update to th...

A security update is available for WPGraphQL versions prior to 2.10.0. An authenticated user with limited privileges can approve their own comments, bypassing moderation workflows. Update to version 2...

A security flaw in Bolo-Blog 2.6.4 allows hackers to inject malicious code into the system by manipulating article titles. This could let them access sensitive data or take control of your site. Updat...

A security issue in older versions of Google Chrome can allow a hacker to create a malicious website that corrupts data on your computer. This can happen if you visit the website. You should update to...