Common Vulnerabilities and Exposures (CVE)

CVE-2026-3841

Mar 12, 2026 17:25:58 UTC

A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticat...

CVE-2026-28252

Mar 12, 2026 17:24:04 UTC

A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device.

CVE-2026-31860

Mar 12, 2026 17:18:20 UTC

Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe() can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered <head> tags. This is the composable that Nuxt docs recommend for...

CVE-2025-14831

Mar 12, 2026 17:14:57 UTC

A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and...

CVE-2026-22629

Mar 12, 2026 17:13:56 UTC

An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all ...

CVE-2026-20841

Mar 12, 2026 17:03:26 UTC

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.

CVE-2026-26119

Mar 12, 2026 17:03:26 UTC

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

CVE-2026-20846

Mar 12, 2026 17:03:25 UTC

Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.

CVE-2026-21222

Mar 12, 2026 17:03:25 UTC

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

CVE-2026-21228

Mar 12, 2026 17:03:24 UTC

Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.

CVE-2026-21231

Mar 12, 2026 17:03:24 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-21232

Mar 12, 2026 17:03:23 UTC

Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

CVE-2026-21237

Mar 12, 2026 17:03:22 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.

CVE-2026-21238

Mar 12, 2026 17:03:22 UTC

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-21239

Mar 12, 2026 17:03:21 UTC

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.