Common Vulnerabilities and Exposures (CVE)

CVE-2026-32137

Mar 12, 2026 17:53:00 UTC

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName...

CVE-2026-21887

Mar 12, 2026 17:52:55 UTC

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client...

CVE-2026-31841

Mar 12, 2026 17:50:15 UTC

Hyperterse is a tool-first MCP framework for building AI-ready backend surfaces from declarative config. Prior to v2.2.0, the search tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also retur...

CVE-2026-32129

Mar 12, 2026 17:47:10 UTC

soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 (PoseidonSponge) accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the s...

CVE-2026-31873

Mar 12, 2026 17:46:46 UTC

Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe (safe.ts) uses String.includes(), which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as d...

CVE-2026-3099

Mar 12, 2026 17:44:43 UTC

A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability al...

CVE-2025-62328

Mar 12, 2026 17:43:19 UTC

HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors.

CVE-2026-32116

Mar 12, 2026 17:40:49 UTC

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file (wormhole receive) from a malicious party could result in overwriting critical local ...

CVE-2026-31890

Mar 12, 2026 17:35:02 UTC

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to 0.50.1, in a situation where the ring-buffer of a gadget is – incidentally or maliciously...

CVE-2026-28256

Mar 12, 2026 17:34:56 UTC

A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.

CVE-2026-28255

Mar 12, 2026 17:33:29 UTC

A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.

CVE-2026-28254

Mar 12, 2026 17:29:56 UTC

A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs.

CVE-2026-21708

Mar 12, 2026 17:28:06 UTC

A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.

CVE-2026-21672

Mar 12, 2026 17:27:39 UTC

A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers.

CVE-2026-28253

Mar 12, 2026 17:27:03 UTC

A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition