CVE-2026-25099 - Remote Code Execution via Unrestricted File Upload in Bludit
CVE ID :CVE-2026-25099 Published : March 27, 2026, 12:16 p.m. | 16 minutes ago Description :Bluditβs API plugin allows an authenticated attacker with a valid API token to upload files of any type and extension without restriction, which can then be executed, leading to Remote Code Execution. This issue was fixed in...
CVE-2026-32669 - BUFFALO Wi-Fi Router Code Injection Vulnerability
CVE ID :CVE-2026-32669 Published : March 27, 2026, 6:16 a.m. | 6 hours, 15 minutes ago Description :Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products. Severity: 8.8 | HIGH Visit the link for more details, such...
CVE-2026-27650 - Buffalo Wi-Fi Router OS Command Injection Vulnerability
CVE ID :CVE-2026-27650 Published : March 27, 2026, 6:16 a.m. | 6 hours, 15 minutes ago Description :OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products. Severity: 8.8 | HIGH Visit the link for more...
CVE-2026-22742 - Server-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching
CVE ID :CVE-2026-22742 Published : March 27, 2026, 6:16 a.m. | 6 hours, 15 minutes ago Description :Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient...
CVE-2026-22738 - SpEL Injection via Unescaped Filter Key in SimpleVectorStore Leads to Remote Code Execution
CVE ID :CVE-2026-22738 Published : March 27, 2026, 6:16 a.m. | 6 hours, 15 minutes ago Description :In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only...