CVE Vulnerability Database

Complete database of CVE vulnerabilities. Track critical security threats, exploits and patches. Updated daily from NVD NIST.

KEV (262)

CVE-2026-4681

9.3 CRITICAL 9.3

A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This issue affects …

23 Mar 2026

Details

CVE-2026-4612

6.9 MEDIUM 6.9

A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/mod_users/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation of the …

23 Mar 2026 PHP

Details

CVE-2026-4611

8.6 HIGH 8.6

A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead …

23 Mar 2026 Totolink

Details

CVE-2026-33634

9.4 CRITICAL 9.4

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action` …

23 Mar 2026 Litellm

Details

CVE-2026-32913

8.8 HIGH 8.8

OpenClaw before 2026.3.7 contains an improper header validation vulnerability in fetchWithSsrFGuard that forwards custom authorization headers across cross-origin redirects. Attackers can trigger redirects to different origins to intercept sensitive headers …

23 Mar 2026 Openclaw

Details

CVE-2026-32300

8.1 HIGH 8.1

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper …