CVEFind.com

[CVE-2026-32817: CRITICAL] Cybersecurity alert: Admidio v5.0.0-5.0.6 has a critical flaw allowing unauthorized deletion of files. Update to v5.0.7 to fix the vulnerability and secure your user management sys...#cve,CVE-2026-32817,#cybersecurity cvefind.com/CVE-2026-32817

[CVE-2026-32767: CRITICAL] SiYuan's versions 3.6.0 & below have a critical authorization bypass flaw in the /api/search/fullTextSearchBlock endpoint, allowing authenticated users to execute unauthorized SQL ...#cve,CVE-2026-32767,#cybersecurity cvefind.com/CVE-2026-32767

[CVE-2026-33289: HIGH] Critical LDAP Injection vulnerability discovered in open-source SuiteCRM versions prior to 7.15.1 and 8.9.3. Attackers can exploit this flaw to bypass authentication or disclose sensit...#cve,CVE-2026-33289,#cybersecurity cvefind.com/CVE-2026-33289

[CVE-2026-33288: HIGH] Critical SQL Injection vulnerability in older SuiteCRM versions (pre-7.15.1, pre-8.9.3) allows for complete privilege escalation. Secure with the latest patches.#cve,CVE-2026-33288,#cybersecurity cvefind.com/CVE-2026-33288

[CVE-2026-32756: HIGH] Critical security flaw in Admidio user management solution! Versions 5.0.6 and below vulnerable to unrestricted file upload issue allowing remote code execution. Update to version 5.0....#cve,CVE-2026-32756,#cybersecurity cvefind.com/CVE-2026-32756

[CVE-2026-32760: CRITICAL] File Browser, a file managing interface, had a cyber security vulnerability allowing unauthenticated users to register as full administrators in versions 2.61.2 and below. Update t...#cve,CVE-2026-32760,#cybersecurity cvefind.com/CVE-2026-32760

[CVE-2026-32985: CRITICAL] Unauthenticated file upload vulnerability in Xerte Online Toolkits (versions 3.14 and earlier) allows attackers to achieve remote code execution. #CyberSecurity#cve,CVE-2026-32985,#cybersecurity cvefind.com/CVE-2026-32985

[CVE-2026-32721: HIGH] Vulnerability in LuCI interface, found in OpenWrt versions before 24.10.5 and 25.12.0, allows XSS attacks via crafted SSIDs in wireless scan modal, fixed in LuCI 26.072.65753~068150b.#cve,CVE-2026-32721,#cybersecurity cvefind.com/CVE-2026-32721

[CVE-2026-29103: CRITICAL] Critical RCE vulnerability in SuiteCRM 7.15.0 & 8.9.2 allows admins to execute commands. Patch bypass of CVE-2024-49774. Issue partially resolved in 7.14.5. Update to 7.15.1/8.9.3 ...#cve,CVE-2026-29103,#cybersecurity cvefind.com/CVE-2026-29103

[CVE-2026-29099: HIGH] SuiteCRM versions 7.15.1 and 8.9.3 fix a SQL injection vulnerability in the `retrieve()` function of `OutboundEmail.php`. Update now for improved cyber security.#cve,CVE-2026-29099,#cybersecurity cvefind.com/CVE-2026-29099

[CVE-2026-22732: CRITICAL] Vulnerability alert: Spring Security versions 5.7.0 to 5.7.21, 5.8.0 to 5.8.23, 6.3.0 to 6.3.14, 6.4.0 to 6.4.14, 6.5.0 to 6.5.8, 7.0.0 to 7.0.3 may not write specified HTTP respon...#cve,CVE-2026-22732,#cybersecurity cvefind.com/CVE-2026-22732

[CVE-2026-32754: CRITICAL] Attention! FreeScout versions 1.8.208 and below are susceptible to Stored Cross-Site Scripting (XSS) attacks. Ensure your system is updated to version 1.8.209 to fix this vulnerabi...#cve,CVE-2026-32754,#cybersecurity cvefind.com/CVE-2026-32754

[CVE-2026-32194: CRITICAL] Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.#cve,CVE-2026-32194,#cybersecurity cvefind.com/CVE-2026-32194

[CVE-2026-32038: CRITICAL] Cybersecurity alert! OpenClaw has a sandbox network isolation vulnerability letting trusted operators access other container networks. Attackers can bypass controls to reach target...#cve,CVE-2026-32038,#cybersecurity cvefind.com/CVE-2026-32038

[CVE-2026-32013: HIGH] Beware of symlink traversal vulnerability in older OpenClaw versions! Attackers can access files outside the workspace, leading to potential code execution via overwrite attacks.#cve,CVE-2026-32013,#cybersecurity cvefind.com/CVE-2026-32013

[CVE-2026-4342: HIGH] Security flaw found in ingress-nginx allows injection of nginx config, leading to code execution and Secrets exposure. Update to fix vulnerability now to secure your system.#cve,CVE-2026-4342,#cybersecurity cvefind.com/CVE-2026-4342

[CVE-2026-33346: HIGH] Vulnerability alert: OpenEMR <8.0.0.2 XSS flaw in patient portal payment process allows attackers to execute arbitrary JavaScript on staff members' browsers; update to 8.0.0.2 ASAP.#cve,CVE-2026-33346,#cybersecurity cvefind.com/CVE-2026-33346

[CVE-2026-32169: CRITICAL] Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network.#cve,CVE-2026-32169,#cybersecurity cvefind.com/CVE-2026-32169

[CVE-2026-30836: CRITICAL] Online certificate authority Step CA was vulnerable to unauthenticated certificate issuance in versions 0.30.0-rc6 and earlier, fixed in version 0.30.0 for enhanced cybersecurity.#cve,CVE-2026-30836,#cybersecurity cvefind.com/CVE-2026-30836

[CVE-2026-26139: HIGH] Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.#cve,CVE-2026-26139,#cybersecurity cvefind.com/CVE-2026-26139