CVE Radar.

You can follow the current trends of security vulnerabilities.

CVE Radar (390)

Detected during the last 30 days

CVE-2006-10003

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer. The bug can be observed when parsing an XML file with very deep element nesting Continue Reading

CRITICAL

CVE-2026-32865

CVSS: 9.8

OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing security questions are not asked during the process. Continue Reading

CRITICAL

CVE-2026-32867

CVSS: 5.4

OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage. Continue Reading

MEDIUM

CVE-2026-23658

CVSS: 8.6

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. Continue Reading

HIGH

CVE-2026-26138

CVSS: 8.6

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network. Continue Reading

HIGH

CVE-2026-27953

CVSS: 7.1

ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "__pk_only__": true into a JSON request body. By injecting "__pk_only__": true into a JSON request body, an unauthenticated attacker can skip all field validation and persist unvalidated data directly to the database. A secondary __excluded__ parameter injection uses the same pattern to selectively nullify arbitrary model fields (e.g., email or role) during construction. This affects ormar's canonical FastAPI integration pattern recommended in its official documentation, enabling privilege escalation, data integrity violations, and business logic bypass in any application using ormar.Model directly as a request body parameter. This issue has been fixed in version 0.23.1. Continue Reading

HIGH

CVE-2026-32169

CVSS: 10

Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network. Continue Reading

CRITICAL

CVE-2026-32191

CVSS: 9.8

Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network. Continue Reading

CRITICAL

CVE-2026-32749

CVSS: 7.6

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an admin to write files to arbitrary locations outside the temp directory - including system paths that enable RCE. This can lead to aata destruction by overwriting workspace or application files, and for Docker containers running as root (common default), this grants full container compromise. This issue has been fixed in version 3.6.1. Continue Reading

HIGH

CVE-2026-3549

CVSS: 9.8

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving. Continue Reading

CRITICAL

Description

News

Affected

References

Attack Vector:

Attack Complexity (AC):

Privileges Required (PR):

User Interaction (UI):

Scope (S):

Availability Impact (A):

Confidentiality Impact (C):

Integrity Impact (I):

Exploitability:

Impact:

Vector String:

Get Free 100 Credits Monthly

Try first, decide later! Get started with a free plan. You can cancel at any time.

Start Free Trial

Ponarize offers an online tool that allows you to check whether a URL & IP address categorization and reputation scoring solution is classified in our Databases. Our goal is to offer you this service at the most affordable prices. We are happy to help you and enjoy working tog.

Spam Check IP Lookup Domain Lookup About Pricing Blog

Contact FAQ GDPR Privacy Policy Terms & Conditions

[email protected]