π¨ EUVD-2026-12542
π Score: 8.7/10 (CVSS v3.1)
π¦ Product: sjcl
π
Updated: 2026-03-17
π All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observi...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-12542
π¨ EUVD-2026-12536
π Score: 5.3/10 (CVSS v3.1)
π¦ Product: Agent-Zero
π’ Vendor: frdel, agent0ai
π
Updated: 2026-03-17
π A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The impacted element is the function get_abs_path of the file python/helpers/files.py. The manipulation results in path traversal. The attack can be executed remotely. The ...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-12536
π¨ EUVD-2026-12537
π Score: 5.3/10 (CVSS v3.1)
π¦ Product: Royal Addons for Elementor β Addons and Templates Kit for Elementor
π’ Vendor: wproyal
π
Updated: 2026-03-17
π The Royal Addons for Elementor β Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the get_main_que...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-12537
π¨ EUVD-2026-12538
π Score: 5.3/10 (CVSS v3.1)
π¦ Product: Agent-Zero
π’ Vendor: agent0ai, frdel
π
Updated: 2026-03-17
π A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. This affects the function handle_pdf_document of the file python/helpers/document_query.py. This manipulation causes server-side request forgery. The attack is possible to be carri...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-12538
π¨ EUVD-2026-12534
π Score: 8.3/10 (CVSS v3.1)
π’ Vendor: libucl
π
Updated: 2026-03-17
π A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation fault (SEGV fault) in the `ucl_object_emit` function when...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-12534
π¨ EUVD-2026-12532
π Score: 7.5/10 (CVSS v3.1)
π¦ Product: WowStore β Store Builder & Product Blocks for WooCommerce
π’ Vendor: wpxpo
π
Updated: 2026-03-17
π The WowStore β Store Builder & Product Blocks for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the βsearchβ parameter in all versions up to, and including, 4.4.3 due to insufficient escap...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-12532
FYI: Software Composition Analysis: Protecting Against Log4Shell #shorts: Discover how software composition analysis can help prevent Log4Shell-like attacks. Learn how it could've helped your organization avoid the scramble. #Log4Shell #SoftwareAnalysis #Cybersecurity #Vulnerability https://www.youtube.com/shorts/3g9H_Gitv-8
π¨ CRITICAL: CVE-2026-32267 in Craft CMS (4.x <4.17.6, 5.x <5.9.12) β incorrect auth allows privilege escalation to admin via shared URLs. Upgrade ASAP! Details: https://radar.offseq.com/threat/cve-2026-32267-cwe-863-incorrect-authorization-in--65bf3522 #OffSeq #CraftCMS #CVE202632267 #Vulnerability
π¨ EUVD-2026-12527
π Score: 5.1/10 (CVSS v3.1)
π¦ Product: easegen-admin
π’ Vendor: taoofagi
π
Updated: 2026-03-16
π A vulnerability was identified in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. Impacted is the function recognizeMarkdown of the file yudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yudao/mo...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-12527
π¨ EUVD-2026-12529
π Score: 6.9/10 (CVSS v3.1)
π¦ Product: Easy7 Integrated Management Platform
π’ Vendor: Tiandy
π
Updated: 2026-03-16
π A security flaw has been discovered in Tiandy Easy7 Integrated Management Platform 7.17.0. The affected element is an unknown function of the file /rest/devStatus/queryResources of the component Endpoint. Performing a manipulation...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-12529
π¨ EUVD-2026-12530
π Score: 6.9/10 (CVSS v3.1)
π¦ Product: Easy7 Integrated Management Platform
π’ Vendor: Tiandy
π
Updated: 2026-03-17
π A weakness has been identified in Tiandy Easy7 Integrated Management Platform 7.17.0. The impacted element is an unknown function of the file /rest/devStatus/getDevDetailedInfo of the component Endpoint. Executing a manipulation o...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-12530
π¨ EUVD-2026-12531
π Score: 6.9/10 (CVSS v3.1)
π¦ Product: Easy7 Integrated Management Platform, Easy7 Integrated Management Platform, Easy7 Integrated Management Platform (+15 more)
π’ Vendor: Tiandy
π
Updated: 2026-03-17
π A security vulnerability has been detected in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This affects an unknown function of the...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-12531
π¨ EUVD-2026-12523
π Score: n/a
π¦ Product: YAML::Syck
π’ Vendor: TODDR
π
Updated: 2026-03-16
π YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter.
The heap overflow occurs when class names exceed the initial 512-byte allocation.
The base64 decoder could read p...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-12523
π¨ EUVD-2026-12525
π Score: 5.1/10 (CVSS v3.1)
π¦ Product: easegen-admin
π’ Vendor: taoofagi
π
Updated: 2026-03-16
π A vulnerability was determined in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. This issue affects the function downloadFile of the file - yudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yuda...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-12525
Researchers warn of a data leak risk in AWS Bedrockβs AgentCore Code Interpreter. Attackers could abuse DNS queries to extract sensitive cloud data from AI environments if not properly configured.
Read: https://hackread.com/data-leak-risk-in-aws-bedrock-ai-code-interpreter/
π¨ EUVD-2026-12522
π Score: 5.5/10 (CVSS v3.1)
π¦ Product: Oracle Linux, Oracle Linux, Oracle Linux
π’ Vendor: Oracle Corporation
π
Updated: 2026-03-16
π A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-12522
π¨ EUVD-2026-12518
π Score: 3.8/10 (CVSS v3.1)
π¦ Product: Mattermost, Mattermost
π’ Vendor: Mattermost
π
Updated: 2026-03-16
π Mattermost versions 10.11.x <= 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-12518
π¨ EUVD-2026-12516
π Score: 4.3/10 (CVSS v3.1)
π¦ Product: Mattermost, Mattermost
π’ Vendor: Mattermost
π
Updated: 2026-03-16
π Mattermost versions 10.11.x <= 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-12516
π¨ EUVD-2025-208773
π Score: n/a
π
Updated: 2026-03-16
π A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-208773
π¨ EUVD-2026-12520
π Score: 8.7/10 (CVSS v3.1)
π¦ Product: Test Data Management
π’ Vendor: ZwickRoell GmbH & Co. KG
π
Updated: 2026-03-16
π ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion (LFI) vulnerability in the /server/node_upgrade_srv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-12520
