NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2026-22728	Bitnami Sealed Secrets is vulnerable to a scope-widening attack during the secret rotation (/v1/rotate) flow. The rotation handler derives the sealing...	2026-02-26	4.9	NETWORK	MEDIUM	NVD
CVE-2026-1557	The WP Responsive Images plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0 via the 'src' parameter. This ...	2026-02-26	7.5	NETWORK	HIGH	NVD
CVE-2026-27946	ZITADEL is an open source identity management platform. Prior to versions 4.11.1 and 3.4.7, a vulnerability in Zitadel's self-management capability al...	2026-02-26	8.2	NETWORK	HIGH	NVD
CVE-2026-27945	ZITADEL is an open source identity management platform. Zitadel Action V2 (introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0) is a ...	2026-02-26	2.1	NETWORK	LOW	NVD
CVE-2026-27896	The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard libr...	2026-02-26	7.0	NETWORK	HIGH	NVD
CVE-2026-27888	pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RA...	2026-02-26	7.5	NETWORK	HIGH	NVD
CVE-2026-27884	NetExec is a network execution tool. Prior to version 1.5.1, the module spider_plus improperly creates the output file and folder path when saving fil...	2026-02-26	5.3	NETWORK	MEDIUM	NVD
CVE-2026-27840	ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens i...	2026-02-26	4.3	NETWORK	MEDIUM	NVD
CVE-2026-27837	Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The pr...	2026-02-26	6.3	NETWORK	MEDIUM	NVD
CVE-2026-27831	rldns is an open source DNS server. Version 1.3 has a heap-based out-of-bounds read that leads to denial of service. Version 1.4 contains a patch for ...	2026-02-26	7.5	NETWORK	HIGH	NVD
CVE-2026-27830	c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instance...	2026-02-26	8.9	ADJACENT	HIGH	NVD
CVE-2026-27829	Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing `image.domains` / `image.remotePatterns` r...	2026-02-26	6.5	NETWORK	MEDIUM	NVD
CVE-2026-27976	Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor (`async_tar::Archive::unpack`) c...	2026-02-26	8.8	NETWORK	HIGH	NVD
CVE-2026-27967	Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools (`read_file`, `edit_file`). It allows reading ...	2026-02-26	7.1	LOCAL	HIGH	NVD
CVE-2026-27933	Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to...	2026-02-26	6.8	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.