Common Vulnerabilities and Exposures (CVE)

CVE-2022-30630

Mar 6, 2026 17:48:19 UTC

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.

CVE-2026-29091

Mar 6, 2026 17:48:10 UTC

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.0, a remote code execution (RCE) flaw was discovered in the locutus project, specifically within the call_user_func_array fun...

CVE-2022-30633

Mar 6, 2026 17:47:19 UTC

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' ...

CVE-2026-1128

Mar 6, 2026 17:47:18 UTC

The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could allow attackers to make a logged in admin remove them via a CSRF attack

CVE-2022-1705

Mar 6, 2026 17:46:56 UTC

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as i...

CVE-2026-2446

Mar 6, 2026 17:46:09 UTC

The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options (such as default_role etc) and create arbitrary ad...

CVE-2026-3589

Mar 6, 2026 17:44:58 UTC

The WooCommerce WordPress plugin from versions 5.4.0 to 10.5.2 does not properly handle batch requests, which could allow unauthenticated users to make a logged in admin call non store/WC REST endpoints, and create arbitrary admin users via...

CVE-2022-30635

Mar 6, 2026 17:44:24 UTC

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.

CVE-2022-35290

Mar 6, 2026 17:41:48 UTC

Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted.

CVE-2026-30833

Mar 6, 2026 17:40:36 UTC

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, a NoSQL injection vulnerability exists in Rocket.Chat's account service used in th...

CVE-2021-40030

Mar 6, 2026 17:40:31 UTC

The My HUAWEI app has a defect in the design. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2026-30831

Mar 6, 2026 17:40:27 UTC

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, authentication vulnerabilities exist in Rocket.Chat's enterprise DDP Streamer serv...

CVE-2022-37005

Mar 6, 2026 17:39:33 UTC

The Settings application has an argument injection vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-37004

Mar 6, 2026 17:37:41 UTC

The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Successful exploitation of this vulnerability may affect the availability.

CVE-2021-40040

Mar 6, 2026 17:36:42 UTC

Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerability may affect confidentiality.