Common Vulnerabilities and Exposures (CVE)

CVE-2026-31975

Mar 11, 2026 17:27:06 UTC

Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.25.0, OS Command Injection via WebSocket Shell. Both projectPath and initialCommand in server/index.js are taken direct...

CVE-2026-22248

Mar 11, 2026 17:24:28 UTC

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file an...

CVE-2025-12697

Mar 11, 2026 17:23:04 UTC

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API c...

CVE-2026-29777

Mar 11, 2026 17:22:36 UTC

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter...

CVE-2026-31861

Mar 11, 2026 17:22:10 UTC

Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config endpoint constructs shell commands by interpolating user-supplied gitName and gitEmail v...

CVE-2026-20040

Mar 11, 2026 17:20:21 UTC

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient va...

CVE-2026-20074

Mar 11, 2026 17:20:21 UTC

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly. This ...

CVE-2026-20046

Mar 11, 2026 17:20:21 UTC

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerabilit...

CVE-2026-20116

Mar 11, 2026 17:20:21 UTC

A vulnerability in the web-based management interface of  Cisco Finesse, Cisco Packaged Contact Center Enterprise (Packaged CCE), Cisco Unified Contact Center Enterprise (Unified CCE), Cisco Unified Contact Center Express (Unified CCX)...

CVE-2026-20117

Mar 11, 2026 17:20:21 UTC

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Th...

CVE-2026-20118

Mar 11, 2026 17:20:21 UTC

A vulnerability in the handling of an Egress Packet Network Interface (EPNI) Aligner interrupt in Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series with NC57 line cards and Cisco NCS 5700 Routers and Cisco IOS XR ...

CVE-2026-30868

Mar 11, 2026 17:20:20 UTC

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.4, multiple OPNsense MVC API endpoints perform state‑changing operations but are accessible via HTTP GET requests without CSRF protection. The framework CSRF validatio...

CVE-2026-31813

Mar 11, 2026 17:20:20 UTC

Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple...

CVE-2026-30234

Mar 11, 2026 17:18:50 UTC

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member with BCF import permissions can upload a crafted .bcf archive where the <Snapshot> value in markup.bcf is manipulated to ...

CVE-2026-31862

Mar 11, 2026 17:17:47 UTC

Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAsync() with string interpolation of user-controlled parameters (file,...