CVE-2026-32104

creationtimestamp| type| source ---|---|--- 2026-03-11 14:50:34+00:00| published-proof-of-concept| https://github.com/withstudiocms/studiocms/security/advisories/GHSA-9v82-xrm4-mp52...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in smb.c, which may reuse already freed memory from a previous SMB connection request. The window of opportunity to exploit this is small, and the region of memory exposed is small and out of the attacker's control...

CVE-2026-2918

The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haconditionupdate AJAX action. This is due to the validatereqeust method using currentusercan'editposts', $templateid instead of...

CVE-2026-31975

creationtimestamp| type| source ---|---|--- 2026-03-11 00:37:25+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-gv8f-wpm2-m5wr...

CVE-2026-32102

creationtimestamp| type| source ---|---|--- 2026-03-10 23:51:09+00:00| published-proof-of-concept| https://github.com/OliveTin/OliveTin/security/advisories/GHSA-228v-wc5r-j8m7...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in Magickpngwriterawprofile in the PNG encoder. An attacker can cause a heap buffer over-write and disrupt application availability or alter program behavior by supplying an image with an extremely large profile...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the ReadMATImage function in mat.c, which mistakenly uses 32-bit arithmetic. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - GitHub Release Credit: ylwango613...

CVE-2026-3818

A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The...

`chrono_anchor` was removed from crates.io due to malicious code

The chronoanchor crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. The malicious crate had 1 version published on 2026-03-04 approximately 6 days before removal and had no evidence of actual downloads. There were no crates...

CVE-2026-3799

A flaw has been found in Tenda i3 1.0.0.62204. This impacts the function formSetCfm of the file /goform/setcfm. This manipulation of the argument funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used...

SUSE CVE-2026-3713

A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function dopnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local...

CVE-2026-3734

A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetchmanagerdetails.php of the component Endpoint. This manipulation of the argument managerid causes improper authorization. The attack can be initiated remotely. The explo...

CVE-2026-3818

A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The...

CVE-2026-3818

A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The...

CVE-2026-3818

CVE-2026-3818 affects Tiandy Easy7 CMS for Windows, version 7.17.0. The vulnerability is in the file /Easy7/apps/WebService/GetDBData.jsp, where manipulating the argument strTBName enables SQL injection. Exploitation may be performed remotely, and public exploit material exists. Multiple connecte...

CVE-2026-31815

creationtimestamp| type| source ---|---|--- 2026-03-09 10:58:20+00:00| published-proof-of-concept| https://github.com/django-commons/django-unicorn/security/advisories/GHSA-ffv6-jj46-x367...

EUVD-2026-10313

A vulnerability was found in Tenda FH1202 1.2.0.14408. This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be us...

EUVD-2026-10305

A flaw has been found in Tenda FH1202 1.2.0.14408. The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been...

EUVD-2026-10304

A flaw has been found in Tenda FH1202 1.2.0.14408. The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been...

CVE-2026-3809

A flaw has been found in Tenda FH1202 1.2.0.14408. The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been...