NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2026-27840	ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens i...	2026-02-26	4.3	NETWORK	MEDIUM	NVD
CVE-2026-27837	Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The pr...	2026-02-26	6.3	NETWORK	MEDIUM	NVD
CVE-2026-27831	rldns is an open source DNS server. Version 1.3 has a heap-based out-of-bounds read that leads to denial of service. Version 1.4 contains a patch for ...	2026-02-26	7.5	NETWORK	HIGH	NVD
CVE-2026-27830	c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instance...	2026-02-26	8.9	ADJACENT	HIGH	NVD
CVE-2026-27829	Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing `image.domains` / `image.remotePatterns` r...	2026-02-26	6.5	NETWORK	MEDIUM	NVD
CVE-2026-27976	Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor (`async_tar::Archive::unpack`) c...	2026-02-26	8.8	NETWORK	HIGH	NVD
CVE-2026-27967	Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools (`read_file`, `edit_file`). It allows reading ...	2026-02-26	7.1	LOCAL	HIGH	NVD
CVE-2026-27933	Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to...	2026-02-26	6.8	NETWORK	MEDIUM	NVD
CVE-2026-27821	GPAC is an open-source multimedia framework. In versions up to and including 26.02.0, a stack buffer overflow occurs during NHML file parsing in `src/...	2026-02-26	7.7	NETWORK	HIGH	NVD
CVE-2026-27818	TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prio...	2026-02-26	8.7	NETWORK	HIGH	NVD
CVE-2026-27812	Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to...	2026-02-26	8.0	NETWORK	HIGH	NVD
CVE-2026-27809	psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed i...	2026-02-26	6.8	NETWORK	MEDIUM	NVD
CVE-2026-27808	Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API (/api/v1/message/{ID}/link-check) is vulnerable t...	2026-02-26	5.8	NETWORK	MEDIUM	NVD
CVE-2026-27804	Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.3 and 9.1.1-alpha.4, an ...	2026-02-26	9.3	NETWORK	CRITICAL	NVD
CVE-2026-27800	Zed, a code editor, has a Zip Slip (Path Traversal) vulnerability exists in its extension archive extraction functionality prior to version 0.224.4. T...	2026-02-26	7.4	NETWORK	HIGH	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.