NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID Description Published Base Score Attack Vector Severity Actions
CVE-2026-27840 ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens i... 2026-02-26 4.3 NETWORK MEDIUM NVD
CVE-2026-27837 Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The pr... 2026-02-26 6.3 NETWORK MEDIUM NVD
CVE-2026-27831 rldns is an open source DNS server. Version 1.3 has a heap-based out-of-bounds read that leads to denial of service. Version 1.4 contains a patch for ... 2026-02-26 7.5 NETWORK HIGH NVD
CVE-2026-27830 c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instance... 2026-02-26 8.9 ADJACENT HIGH NVD
CVE-2026-27829 Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing `image.domains` / `image.remotePatterns` r... 2026-02-26 6.5 NETWORK MEDIUM NVD
CVE-2026-27976 Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor (`async_tar::Archive::unpack`) c... 2026-02-26 8.8 NETWORK HIGH NVD
CVE-2026-27967 Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools (`read_file`, `edit_file`). It allows reading ... 2026-02-26 7.1 LOCAL HIGH NVD
CVE-2026-27933 Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to... 2026-02-26 6.8 NETWORK MEDIUM NVD
CVE-2026-27821 GPAC is an open-source multimedia framework. In versions up to and including 26.02.0, a stack buffer overflow occurs during NHML file parsing in `src/... 2026-02-26 7.7 NETWORK HIGH NVD
CVE-2026-27818 TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prio... 2026-02-26 8.7 NETWORK HIGH NVD
CVE-2026-27812 Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to... 2026-02-26 8.0 NETWORK HIGH NVD
CVE-2026-27809 psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed i... 2026-02-26 6.8 NETWORK MEDIUM NVD
CVE-2026-27808 Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API (/api/v1/message/{ID}/link-check) is vulnerable t... 2026-02-26 5.8 NETWORK MEDIUM NVD
CVE-2026-27804 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.3 and 9.1.1-alpha.4, an ... 2026-02-26 9.3 NETWORK CRITICAL NVD
CVE-2026-27800 Zed, a code editor, has a Zip Slip (Path Traversal) vulnerability exists in its extension archive extraction functionality prior to version 0.224.4. T... 2026-02-26 7.4 NETWORK HIGH NVD