Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
OSV-2026-455
  • OSS-Fuzz/vlc
  • code.videolan.org/videolan/vlc.git
 UNKNOWN READ in mkv::matroska_segment_c::TrackInit yesterday
  • Fix available
EEF-CVE-2026-28809
  • Hex/esaml
  • github.com/arekinath/esaml.git
  • github.com/dropbox/esaml.git
  • github.com/handnot2/esaml.git
 XXE in esaml SAML library allows local file read and potential SSRF 3 days ago
  • No fix available
  • Severity - 6.3 (Medium)
OSV-2026-437
  • OSS-Fuzz/grok
  • github.com/grokimagecompression/grok.git
 Heap-use-after-free in tf::Executor::_invoke 3 days ago
  • Fix available
PSF-2026-14
  • github.com/python/cpython
 See record for full details 6 days ago
  • Fix available
PSF-2026-13
  • github.com/python/cpython
 See record for full details 18 Mar
  • Fix available
PSF-2026-12
  • github.com/python/cpython
 See record for full details 16 Mar
  • Fix available
PSF-2026-11
  • github.com/python/cpython
 See record for full details 16 Mar
  • Fix available
CVE-2026-32729
  • github.com/runtipi/runtipi
 Runtipi has a TOTP two-factor authentication bypass via unrestricted brute-force on `/api/auth/verify-totp` 13 Mar
  • Fix available
  • Severity - 8.1 (High)
CVE-2026-32724
  • github.com/px4/px4-autopilot
 PX4 autopilot has a heap Use-After-Free in MavlinkShell::available() via SERIAL_CONTROL Race Condition 13 Mar
  • Fix available
  • Severity - 5.3 (Medium)
CVE-2026-32720
  • github.com/ctfer-io/monitoring
 Improper Access Control in github.com/ctfer-io/monitoring 13 Mar
  • Fix available
  • Severity - 7.1 (High)
CVE-2026-32719
  • github.com/mintplex-labs/anything-llm
 AnythingLLM has a Zip Slip Path Traversal and Code Execution via Community Hub Plugin Import 13 Mar
  • No fix available
  • Severity - 4.2 (Medium)
CVE-2026-32717
  • github.com/mintplex-labs/anything-llm
 AnythingLLM access control bypass: suspended users can continue using Browser Extension API keys 13 Mar
  • No fix available
  • Severity - 2.7 (Low)
CVE-2026-32715
  • github.com/mintplex-labs/anything-llm
 AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences 13 Mar
  • No fix available
  • Severity - 3.8 (Low)
CVE-2026-32713
  • github.com/px4/px4-autopilot
 PX4 Autopilot MAVLink FTP Session Validation Logic Error Allows Operations on Invalid File Descriptors 13 Mar
  • Fix available
  • Severity - 4.3 (Medium)
CVE-2026-32709
  • github.com/px4/px4-autopilot
 PX4 Autopilot MAVLink FTP Unauthenticated Path Traversal (Arbitrary File Read/Write/Delete) 13 Mar
  • Fix available
  • Severity - 5.4 (Medium)
CVE-2026-32708
  • github.com/px4/px4-autopilot
 Zenoh uORB Subscriber Allows Arbitrary Stack Allocation (PX4/PX4-Autopilot) 13 Mar
  • Fix available
  • Severity - 7.8 (High)
Load more...