CERT Vulnerability Notes Database

Published	Public	Updated	ID	Title
2026-02-10	2026-02-10	2026-02-10	VU#458422	CASL Ability contains a prototype pollution vulnerability
2026-02-12	2026-02-12	2026-03-19	VU#504749	PyMuPDF path traversal and arbitrary file write vulnerabilities
2026-03-05	2026-02-18	2026-03-05	VU#772695	A flawed TLS handshake implementation affects Viber Proxy in multiple platforms
2026-03-02	2026-03-02	2026-03-02	VU#431821	MS-Agent does not properly sanitize commands sent to its shell tool, allowing for RCE
2026-03-12	2026-03-12	2026-03-12	VU#665416	SGLang (sglang) is vulnerable to code execution attacks via unsafe pickle deserialization
2026-03-12	2026-03-12	2026-03-12	VU#907705	Graphql-upload-minimal has a prototype pollution vulnerability.
2026-03-16	2026-03-16	2026-03-16	VU#624941	LibreChat RAG API contains a log-injection vulnerability
2026-03-24	2026-03-24	2026-03-24	VU#577436	Hard coded credentials vulnerability in GoHarbor's Harbor
2026-03-24	2026-03-24	2026-03-24	VU#330121	IDrive for Windows contains local privilege escalation vulnerability
2026-03-30	2026-03-26	2026-03-30	VU#221883	CrewAI contains multiple vulnerabilities including SSRF, RCE and local file read
2026-03-30	2026-03-30	2026-03-30	VU#655822	Kyverno is vulnerable to server-side request forgery (SSRF)
2026-04-02	2026-04-02	2026-04-02	VU#951662	MuPDF by Artifex contains integer overflow vulnerability.

Software Engineering Institute