Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-33156 — DLL Sideloading in ScreenToGif

ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable dire…

| Misconfiguration
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
0.0 NA
CVE-2026-33155 — DeepDiff has Memory Exhaustion DoS through SAFE_TO_IMPORT

DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler _RestrictedUnpickler validates which classes can be lo…

| Memory Corruption
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
0.0 NA
CVE-2026-33154 — dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jin…

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection (SSTI) due to unsafe template evaluation in the @Jinja resolv…

| Injection
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
0.0 NA
CVE-2026-33150 — Use After Free in libfuse

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the io_uring subsystem of libfuse allows a local attacker to…

| Memory Corruption
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
0.0 NA
CVE-2026-33179 — libfuse: NULL Pointer Dereference and Memory Leak in io_uring Queue Initialization

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuse_uring_init_queue allows a local user to cra…

| Memory Corruption
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
6.5 MEDIUM
CVE-2026-4505 — eosphoros-ai DB-GPT FastAPI Endpoint controller.py module_plugin.refresh_plugins unrestri…

A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function module_plugin.refresh_plugins of the file packages/dbgpt-serve/src/dbgpt_serve/agent/hub/controller.…

Remote | Misconfiguration
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
7.5 HIGH
CVE-2026-4504 — eosphoros-ai db-gpt Incomplete Fix editor sql injection

A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. …

Remote | Injection
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
6.5 MEDIUM
CVE-2026-4500 — bagofwords1 bagofwords code_execution.py generate_df injection

A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297. This impacts the function generate_df of the file backend/app/ai/code_execution/code_execution.py. Such manipulation leads to i…

Remote | Injection
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
7.5 HIGH
CVE-2026-4499 — D-Link DIR-820LW SSDP ssdpcgi_main os command injection

A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgi_main of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be laun…

Remote | Injection
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
0.0 NA
CVE-2026-4438 — gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS host…

| Misconfiguration
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
0.0 NA
CVE-2026-4437 — gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from…

| Information Disclosure
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
5.3 MEDIUM
CVE-2026-33140 — PySpector: Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execut…

PySpector is a static analysis security testing (SAST) Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a stored Cross-Site Scripting (…

Remote | Cross-Site Scripting
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
8.3 HIGH
CVE-2026-33139 — PySpector: Plugin Sandbox Bypass leads to Arbitrary Code Execution

PySpector is a static analysis security testing (SAST) Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a security validation bypass in…

| Misconfiguration
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
5.0 MEDIUM
CVE-2026-33126 — Frigate has SSRF vulnerability in /ffprobe endpoint

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to version 0.16.3, the /ffprobe endpoint accepts arbitrary user-controlled URLs without proper val…

Remote | Server-Side Request Forgery
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
0.0 NA
CVE-2025-63260 — SyncFusion Document-Editor Chat-UI XSS Vulnerability

SyncFusion 30.1.37 is vulnerable to Cross Site Scripting (XSS) via the Document-Editor reply to comment field and Chat-UI Chat message.

| Cross-Site Scripting
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
0.0 NA
CVE-2026-33151 — socket.io allows an unbounded number of binary attachments

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait f…

| Denial of Service
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
0.0 NA
CVE-2026-33147 — GMT: Stack-based Buffer Overflow in gmt_remote_dataset_id

GMT is an open source collection of command-line tools for manipulating geographic and Cartesian data sets. In versions from 6.6.0 and prior, a stack-based buffer overflow vulnerability was identifie…

| Memory Corruption
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
0.0 NA
CVE-2026-33144 — GPAC MP4Box Heap Buffer Overflow Write in gf_xml_parse_bit_sequence_bs (NHML BS Parsing)

GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow (write) vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gf_xml_parse_bi…

| Memory Corruption
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
0.0 NA
CVE-2026-33142 — OneUptime: ClickHouse SQL Injection via unvalidated column identifiers in sort, select, a…

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-32306 (ClickHouse SQL injection via aggregate query parameters) added column name v…

| Injection
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
0.0 NA
CVE-2026-33143 — OneUptime: WhatsApp Webhook Missing Signature Verification

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler (/notification/whatsapp/webhook) processes incoming status update even…

| Authentication
Mar 20, 2026 Mar 20, 2026
Mar 20, 2026
Mar 20, 2026
Showing 20 of 5707 Results