CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2026-32925
https://notcve.org/view.php?id=CVE-2026-32925
01 Apr 2026 — Opening a crafted V7 file may lead to arbitrary code execution on the affected product. • https://felib.fujielectric.co.jp/en/M10010/M20060/document_detail/5d9dd71d-9494-41a4-aa5c-8e6b8b21066b?region=en-glb • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2026-3987 – WatchGuard Firebox Arbitrary File Write vis Path Traversal in Fireware Web UI
https://notcve.org/view.php?id=CVE-2026-3987
01 Apr 2026 — A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and including 2026.1.2. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00009 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2026-34545 – OpenEXR: integer overflow lead to OOB in HTJ2K decoder
https://notcve.org/view.php?id=CVE-2026-34545
01 Apr 2026 — In this context, a heap write overflow can lead to remote code execution on systems. • https://github.com/AcademySoftwareFoundation/openexr/commit/3827998f5c041d6a94c6af24bbb363daa669e4b3 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2026-34159 – llama.cpp: Unauthenticated RCE via GRAPH_COMPUTE buffer=0 bypass in llama.cpp RPC backend
https://notcve.org/view.php?id=CVE-2026-34159
01 Apr 2026 — An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPH_COMPUTE messages. Combined with pointer leaks from ALLOC_BUFFER/BUFFER_GET_BASE, this gives full ASLR bypass and remote code execution. • https://github.com/ggml-org/llama.cpp/commit/39bf0d3c6a95803e0f41aaba069ffbee26721042 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 144EXPL: 0CVE-2026-20097 – Cisco Integrated Management Controller Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2026-20097
01 Apr 2026 — A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user.... A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-2265 – Replicator 1.0.5 is vulnerable to Remote Code Execution through Insecure Deserialization
https://notcve.org/view.php?id=CVE-2026-2265
01 Apr 2026 — An unauthenticated remote code execution (RCE) vulnerability exists in applications that use the Replicator node package manager (npm) version 1.0.5 to deserialize untrusted user input and execute the resulting object. • https://github.com/inikulin/replicator •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2026-35093 – Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode plugins
https://notcve.org/view.php?id=CVE-2026-35093
01 Apr 2026 — This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. • https://access.redhat.com/security/cve/CVE-2026-35093 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2026-0522 – Local File Inclusion in the File Upload/Download Process
https://notcve.org/view.php?id=CVE-2026-0522
01 Apr 2026 — A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. ... Due to the application's ASP.NET architecture, this could potentially lead to remote code execution when the "web.config" file is obtained. • https://support.vertigis.com/hc/en-us/articles/31214433137042-Security-Vulnerability-VertiGIS-FM • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2026-29014 – MetInfo CMS Unauthenticated PHP Code Injection RCE
https://notcve.org/view.php?id=CVE-2026-29014
01 Apr 2026 — MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve remote code execution and gain full control over the affected server. • https://www.vulncheck.com/advisories/metinfo-cms-unauthenticated-php-code-injection-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2026-3775 – Foxit PDF Editor/Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2026-3775
01 Apr 2026 — Because these libraries may be resolved and loaded from user‑writable locations, a local attacker can place a malicious library there and have it loaded with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Foxit Reader Update Service. ... An attacker can leverage this ... • https://www.foxit.com/support/security-bulletins.html • CWE-427: Uncontrolled Search Path Element •