Vulnerabilities

5.3sonatype-2026-001192

Malicious Packages - Tue Mar 17 2026 [Info Stealer]

affected

SeverityMedium

PublishedMar 17, 2026

6.5CVE-2026-32758

github.com/filebrowser/filebrowser/v2 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

affected

SeverityMedium

PublishedMar 17, 2026

5.3sonatype-2026-001191

Malicious Packages - Mon Mar 16 2026 [Info Stealer]

affected

SeverityMedium

PublishedMar 17, 2026

8.7sonatype-2026-001190

Malicious Packages - Mon Mar 16 2026 [Dropper]

affected

SeverityHigh

PublishedMar 17, 2026

8.7sonatype-2026-001189

Malicious Packages - Mon Mar 16 2026 [RCE] [Info Stealer]

affected

SeverityHigh

PublishedMar 17, 2026

3.6CVE-2026-32722

memray - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

affected

SeverityLow

PublishedMar 17, 2026

7.5CVE-2026-32609

Glances - Exposure of Sensitive Information to an Unauthorized Actor

affected

SeverityHigh

PublishedMar 17, 2026

2.7CVE-2026-32638

studiocms - Authorization Bypass Through User-Controlled Key

affected

SeverityLow

PublishedMar 17, 2026

5.9CVE-2026-32632

Glances - Origin Validation Error

affected

SeverityMedium

PublishedMar 17, 2026

8.1CVE-2026-32634

Glances - Origin Validation Error

affected

SeverityHigh

PublishedMar 17, 2026

9.1CVE-2026-32633

Glances - Exposure of Sensitive Information to an Unauthorized Actor

affected

SeverityCritical

PublishedMar 17, 2026

7.0CVE-2026-32608

Glances - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

affected

SeverityHigh

PublishedMar 17, 2026

8.1CVE-2026-32610

Glances - Permissive Cross-domain Security Policy with Untrusted Domains

affected

SeverityHigh

PublishedMar 17, 2026

7.5CVE-2026-29112

converter - Allocation of Resources Without Limits or Throttling

affected

SeverityHigh

PublishedMar 17, 2026

7.7CVE-2026-32606

github.com/lxc/incus-os/incus-osd - Insufficiently Protected Credentials

affected

SeverityHigh

PublishedMar 17, 2026

7.0CVE-2026-32611

Glances - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

affected

SeverityHigh

PublishedMar 17, 2026

9.1CVE-2026-25534

orca-core - Server-Side Request Forgery (SSRF)

affected

SeverityCritical

PublishedMar 17, 2026

8.6CVE-2026-28500

onnx - Insufficient Verification of Data Authenticity

affected

SeverityHigh

PublishedMar 17, 2026

6.3CVE-2025-66249

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value "livy.file.local-dir-whitelist" is set to a non-default value, the directory checking can be bypassed. Users are recommended to upgrade to version 0.9.0, which fixes the issue.

affected

SeverityMedium

PublishedMar 17, 2026

10.0sonatype-2026-001188

NPM Security Holding Packages - Tue Mar 17 2026

affected

SeverityCritical

PublishedMar 17, 2026

8.7sonatype-2026-001187

Malicious Packages - Mon Mar 16 2026 [Dropper]

affected

SeverityHigh

PublishedMar 16, 2026

0.0sonatype-2026-001186

Potentially Unwanted Applications - Mon Mar 16 2026 [PUA]

affected

SeverityNone

PublishedMar 16, 2026

5.3sonatype-2026-001185

Malicious Packages - Mon Mar 16 2026 [Data Corruption]

affected

SeverityMedium

PublishedMar 16, 2026

5.3sonatype-2026-001184

Malicious Packages - Mon Mar 16 2026 [Info Stealer]

affected

SeverityMedium

PublishedMar 16, 2026

5.4CVE-2026-32612

Statamic is a Laravel and Git powered content management system (CMS). Prior to 6.6.2, stored XSS in the control panel color mode preference allows authenticated users with control panel access to inject malicious JavaScript that executes when a higher-privileged user impersonates their account. This has been fixed in 6.6.2.

affected

SeverityMedium

PublishedMar 16, 2026

Find vulnerabilities. Fix fast with AI.