CVE-2026-0385 - Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
Published: Fri, 13 Mar 2026 21:55:20 +0000
CVE ID :CVE-2026-0385
Published : March 13, 2026, 9:55 p.m. | 2 hours, 11 minutes ago
Description :None
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32732 - XSS in @leanprover/unicode-input-component
Published: Fri, 13 Mar 2026 21:43:22 +0000
CVE ID :CVE-2026-32732
Published : March 13, 2026, 9:43 p.m. | 2 hours, 23 minutes ago
Description :Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as unescaped HTML. The issue has been resolved in 0.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32729 - Runtipi has a TOTP two-factor authentication bypass via unrestricted brute-force on `/api/auth/verify-totp`
Published: Fri, 13 Mar 2026 21:41:11 +0000
CVE ID :CVE-2026-32729
Published : March 13, 2026, 9:41 p.m. | 2 hours, 25 minutes ago
Description :Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials (via phishing, credential stuffing, or data breach) can brute-force the 6-digit TOTP code to completely bypass two-factor authentication. The TOTP verification session persists for 24 hours (default cache TTL), providing an excessive window during which the full 1,000,000-code keyspace (000000–999999) can be exhausted. At practical request rates (~500 req/s), the attack completes in approximately 33 minutes in the worst case. This vulnerability is fixed in 4.8.1.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32724 - PX4 autopilot has a heap Use-After-Free in MavlinkShell::available() via SERIAL_CONTROL Race Condition
Published: Fri, 13 Mar 2026 21:39:19 +0000
CVE ID :CVE-2026-32724
Published : March 13, 2026, 9:39 p.m. | 2 hours, 27 minutes ago
Description :PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available() function. The issue is caused by a race condition between the MAVLink receiver thread (which handles shell creation/destruction) and the telemetry sender thread (which polls the shell for available output). The issue is remotely triggerable via MAVLink SERIAL_CONTROL messages (ID 126), which can be sent by an external ground station or automated script. This vulnerability is fixed in 1.17.0-rc1.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3227 - Authenticated Command Injection on TP-Link TL-WR802N, TL-WR841N and TL-WR840N
Published: Fri, 13 Mar 2026 21:38:31 +0000
CVE ID :CVE-2026-3227
Published : March 13, 2026, 9:38 p.m. | 2 hours, 28 minutes ago
Description :A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file that results in execution of OS commands with root privileges during port-trigger processing.
Successful exploitation allows an authenticated attacker to execute system commands with root privileges, leading to full device compromise.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32720 - Improper Access Control in github.com/ctfer-io/monitoring
Published: Fri, 13 Mar 2026 21:27:52 +0000
CVE ID :CVE-2026-32720
Published : March 13, 2026, 9:27 p.m. | 2 hours, 38 minutes ago
Description :The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). Prior to 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. This vulnerability is fixed in 0.2.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32719 - AnythingLLM has a Zip Slip Path Traversal and Code Execution via Community Hub Plugin Import
Published: Fri, 13 Mar 2026 21:25:31 +0000
CVE ID :CVE-2026-32719
Published : March 13, 2026, 9:25 p.m. | 2 hours, 41 minutes ago
Description :AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl() function in server/utils/agents/imported.js downloads a ZIP file from a community hub URL and extracts it using AdmZip.extractAllTo() without validating file paths within the archive. This enables a Zip Slip path traversal attack that can lead to arbitrary code execution.
Severity: 4.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32717 - AnythingLLM access control bypass: suspended users can continue using Browser Extension API keys
Published: Fri, 13 Mar 2026 21:23:48 +0000
CVE ID :CVE-2026-32717
Published : March 13, 2026, 9:23 p.m. | 2 hours, 43 minutes ago
Description :AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it does not block them on the browser extension API key path. If a user already has a valid brx-... browser extension API key, that key continues to work after suspension. As a result, a suspended user can still access browser extension endpoints, read reachable workspace metadata, and continue upload or embed operations even though normal authenticated requests are rejected.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32715 - AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences
Published: Fri, 13 Mar 2026 21:22:00 +0000
CVE ID :CVE-2026-32715
Published : March 13, 2026, 9:22 p.m. | 2 hours, 44 minutes ago
Description :AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admin only. Because of this inconsistency, a manager can call the generic endpoints directly to read plaintext SQL database credentials and overwrite admin-only global settings such as the default system prompt and the Community Hub API key.
Severity: 3.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32713 - PX4 Autopilot MAVLink FTP Session Validation Logic Error Allows Operations on Invalid File Descriptors
Published: Fri, 13 Mar 2026 21:20:09 +0000
CVE ID :CVE-2026-32713
Published : March 13, 2026, 9:20 p.m. | 2 hours, 46 minutes ago
Description :PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink FTP session validation uses incorrect boolean logic (&& instead of ||), allowing BurstReadFile and WriteFile operations to proceed with invalid sessions or closed file descriptors. This enables an unauthenticated attacker to put the FTP subsystem into an inconsistent state, trigger operations on invalid file descriptors, and bypass session isolation checks. This vulnerability is fixed in 1.17.0-rc2.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32709 - PX4 Autopilot MAVLink FTP Unauthenticated Path Traversal (Arbitrary File Read/Write/Delete)
Published: Fri, 13 Mar 2026 21:19:33 +0000
CVE ID :CVE-2026-32709
Published : March 13, 2026, 9:19 p.m. | 2 hours, 47 minutes ago
Description :PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem without authentication. On NuttX targets, the FTP root directory is an empty string, meaning attacker-supplied paths are passed directly to filesystem syscalls with no prefix or sanitization for read operations. On POSIX targets (Linux companion computers, SITL), the write-path validation function unconditionally returns true, providing no protection. A TOCTOU race condition in the write validation on NuttX further allows bypassing the only existing guard. This vulnerability is fixed in 1.17.0-rc2.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32708 - Zenoh uORB Subscriber Allows Arbitrary Stack Allocation (PX4/PX4-Autopilot)
Published: Fri, 13 Mar 2026 21:18:53 +0000
CVE ID :CVE-2026-32708
Published : March 13, 2026, 9:18 p.m. | 2 hours, 47 minutes ago
Description :PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload length without bounds. A remote Zenoh publisher can send an oversized fragmented message to force an unbounded stack allocation and copy, causing a stack overflow and crash of the Zenoh bridge task. This vulnerability is fixed in 1.17.0-rc2.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32707 - PX4 autopilot has a stack buffer overflow in tattu_can due to unbounded memcpy in frame assembly loop
Published: Fri, 13 Mar 2026 21:18:09 +0000
CVE ID :CVE-2026-32707
Published : March 13, 2026, 9:18 p.m. | 2 hours, 48 minutes ago
Description :PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattu_can contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattu_can is enabled and running, a CAN-injection-capable attacker can trigger a crash (DoS) and memory corruption. This vulnerability is fixed in 1.17.0-rc2.
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32706 - PX4 autopilot has a global buffer overflow in crsf_rc via oversized variable-length known packet
Published: Fri, 13 Mar 2026 21:17:02 +0000
CVE ID :CVE-2026-32706
Published : March 13, 2026, 9:17 p.m. | 2 hours, 49 minutes ago
Description :PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsf_rc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsf_rc is enabled on a CRSF serial port, an adjacent/raw-serial attacker can trigger memory corruption and crash PX4. This vulnerability is fixed in 1.17.0-rc2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32705 - PX4 autopilot BST Device Name Length Can Overflow Driver Buffer
Published: Fri, 13 Mar 2026 21:15:55 +0000
CVE ID :CVE-2026-32705
Published : March 13, 2026, 9:15 p.m. | 2 hours, 50 minutes ago
Description :PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized dev_name_len, causing a stack overflow in the driver and crashing the task (or enabling code execution). This vulnerability is fixed in 1.17.0-rc2.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32616 - Pigeon has a Host Header Injection in email verification flow
Published: Fri, 13 Mar 2026 21:12:40 +0000
CVE ID :CVE-2026-32616
Published : March 13, 2026, 9:12 p.m. | 2 hours, 54 minutes ago
Description :Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $_SERVER['HTTP_HOST'] without validation to construct email verification URLs in the register and resendmail flows. An attacker can manipulate the Host header in the HTTP request, causing the verification link sent to the user's email to point to an attacker-controlled domain. This can lead to account takeover by stealing the email verification token. This vulnerability is fixed in 1.0.201.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32704 - SiYuan renderSprig: missing admin check allows any user to read full workspace DB
Published: Fri, 13 Mar 2026 21:10:36 +0000
CVE ID :CVE-2026-32704
Published : March 13, 2026, 9:10 p.m. | 2 hours, 56 minutes ago
Description :SiYuan is a personal knowledge management system. Prior to 3.6.1, POST /api/template/renderSprig lacks model.CheckAdminRole, allowing any authenticated user to execute arbitrary SQL queries against the SiYuan workspace database and exfiltrate all note content, metadata, and custom attributes. This vulnerability is fixed in 3.6.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-26133 - M365 Copilot Information Disclosure Vulnerability
Published: Fri, 13 Mar 2026 21:10:13 +0000
CVE ID :CVE-2026-26133
Published : March 13, 2026, 9:10 p.m. | 2 hours, 56 minutes ago
Description :None
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32702 - Cleanuparr has Username Enumeration via Timing Attack
Published: Fri, 13 Mar 2026 21:09:00 +0000
CVE ID :CVE-2026-32702
Published : March 13, 2026, 9:09 p.m. | 2 hours, 57 minutes ago
Description :Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. From 2.7.0 to 2.8.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the application's response time. It appears that the hashing function, which is the most time-consuming part of the process by design, occurs as part of the VerifyPassword function. With the short circuits occurring before the hashing function, a timing differential is introduced that exposes validity to the actor. This vulnerability is fixed in 2.8.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32640 - (SimpleEval) Objects (including modules) can leak dangerous modules through to direct access inside the sandbox.
Published: Fri, 13 Mar 2026 21:03:53 +0000
CVE ID :CVE-2026-32640
Published : March 13, 2026, 9:03 p.m. | 3 hours, 2 minutes ago
Description :SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects (including modules) can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous objects available as attrs. Additionally, dangerous functions or modules could be accessed by passing them as callbacks to other safe functions to call. The latest version 1.0.5 has this issue fixed. This vulnerability is fixed in 1.0.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32772 - Telnet in GNU Inetutils Environmental Variable Disclosure Vulnerability
Published: Fri, 13 Mar 2026 21:01:17 +0000
CVE ID :CVE-2026-32772
Published : March 13, 2026, 9:01 p.m. | 3 hours, 5 minutes ago
Description :telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.
Severity: 3.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32635 - Angular has XSS in i18n attribute bindings
Published: Fri, 13 Mar 2026 20:58:12 +0000
CVE ID :CVE-2026-32635
Published : March 13, 2026, 8:58 p.m. | 3 hours, 8 minutes ago
Description :Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, a Cross-Site Scripting (XSS) vulnerability has been identified in the Angular runtime and compiler. It occurs when the application uses a security-sensitive attribute (for example href on an anchor tag) together with Angular's ability to internationalize attributes. Enabling internationalization for the sensitive attribute by adding i18n-
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32630 - file-type affected by ZIP Decompression Bomb DoS via [Content_Types].xml entry
Published: Fri, 13 Mar 2026 20:54:16 +0000
CVE ID :CVE-2026-32630
Published : March 13, 2026, 8:54 p.m. | 3 hours, 12 minutes ago
Description :file-type detects the file type of a file, stream, or data. From 20.0.0 to 21.3.1, a crafted ZIP file can trigger excessive memory growth during type detection in file-type when using fileTypeFromBuffer(), fileTypeFromBlob(), or fileTypeFromFile(). The ZIP inflate output limit is enforced for stream-based detection, but not for known-size inputs. As a result, a small compressed ZIP can cause file-type to inflate and process a much larger payload while probing ZIP-based formats such as OOXML. This vulnerability is fixed in 21.3.2.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32628 - AnythingLLM has SQL Injection in Built-in SQL Agent Plugin via Unsanitized table_name Parameter
Published: Fri, 13 Mar 2026 20:50:15 +0000
CVE ID :CVE-2026-32628
Published : March 13, 2026, 8:50 p.m. | 3 hours, 16 minutes ago
Description :AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected databases. The getTableSchemaSql() method in all three database connectors (MySQL, PostgreSQL, MSSQL) constructs SQL queries using direct string concatenation of the table_name parameter without sanitization or parameterization.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32627 - cpp-httplib has a Silent TLS Certificate Verification Bypass on HTTPS Redirect via Proxy
Published: Fri, 13 Mar 2026 20:48:14 +0000
CVE ID :CVE-2026-32627
Published : March 13, 2026, 8:48 p.m. | 3 hours, 18 minutes ago
Description :cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and set_follow_location(true), any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new connection. The client will accept any certificate presented by the redirect target — expired, self-signed, or forged — without raising an error or notifying the application. A network attacker in a position to return a redirect response can fully intercept the follow-up HTTPS connection, including any credentials or session tokens in flight. This vulnerability is fixed in 0.37.2.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
