Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 1 March 2026

RSS

77 vulnerabilities published on 1 March 2026

Severity:
MaxSite CMS Eval Function in Preview Ajax Endpoint Allows Remote Code Injection
CVE-2026-3395
A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/plugins/editor_markitup/preview...
6.9
Android MmsProvider Deletes Files, Crashes Telephony Services
CVE-2025-48609 ASB-A-414388731
In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities du...
9.1
Tenda F453 Router: Remote Code Execution Through DHCP Settings
CVE-2026-3399
A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetS...
7.4
Tenda F453 1.0.0.3: Unsecured Function Allows Remote Attack
CVE-2026-3398
A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. Exe...
7.4
Tenda F453 Router: Remote Attack Can Crash Device
CVE-2026-3380
A vulnerability was found in Tenda F453 1.0.0.3. This issue affects the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argumen...
7.4
Tenda F453 Router Allows Remote Code Execution
CVE-2026-3379
A vulnerability has been found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipul...
7.4
Tenda F453 1.0.0.3 Can Be Hacked Remotely
CVE-2026-3378
A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromqossetting of the file /goform/qossetting. Executing a manipulation of the ...
7.4
Tenda F453 Router: Remote Code Execution through URL Manipulation
CVE-2026-3377
A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Perfor...
7.4
Statamic: Authenticated Users Can Steal or Modify Data
CVE-2026-28426 GHSA-5vrj-wf7v-5wr7
### Impact Stored XSS vulnerability in svg and icon related components allow authenticated users with appropriate permissions to inject malicious Java...
8.7
INSATutorat allows non-admin users to access sensitive data
GHSA-xfx2-prg5-jq3g
### Impact An authorization bypass vulnerability was discovered in the administration pages of the tutoring application. When a standard user (logged...
8.7
In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no ...
CVE-2026-0007 ASB-A-433251166
In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could...
8.6
Android Lockscreen Bypass Possible with Local Privilege Escalation
CVE-2025-48605 ASB-A-395640609
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local e...
8.4
Google Android AppInfoBase Java Code Allows Unauthorized Access
CVE-2026-0021 ASB-A-430047417
In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible cross-user permission bypass due to a confused deputy. This could lea...
8.4
Out-of-bounds write vulnerability in UsageEvents.java
CVE-2025-32313 ASB-A-399155883
In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of p...
8.4
Android App Allows Malicious Apps to Intercept Drag-and-Drop Events
CVE-2025-48574 ASB-A-428700812
In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission chec...
8.4
Google Chrome: Unauthorized media deletion through intent redirect
CVE-2025-48582 ASB-A-369105011
In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could le...
8.4
WordPress Plugin reveals sensitive user information
CVE-2026-0025 ASB-A-433746973
In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local esc...
8.4
Android Lockscreen Can Be Bypassed by Exploiters
CVE-2025-48602 ASB-A-407562568
In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the c...
8.4
Android App Can Delete Files with Read-Only Access
CVE-2025-48619 ASB-A-414387646
In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the ...
8.4
Android PickActivity Vulnerability: Local Privilege Escalation Risk
CVE-2026-0013 ASB-A-447135012
In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to l...
8.4
SQL Injection in [Software Name] Allows Unauthorized Access
CVE-2025-48650 ASB-A-388530367
In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no addit...
8.4
Android Media App Allows Unauthorized File Access
CVE-2025-48579 ASB-A-417195606
In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to...
8.4
Android ParsedPermissionUtils Vulnerability: Bypassing Consent Dialog for Permissions
CVE-2026-0020 ASB-A-453649815
In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way to bypass a consent dialog to obtain permissions due to a permissions b...
8.4
Adobe Flash Player allows local attackers to gain elevated privileges
CVE-2026-0010 ASB-A-379695596
In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of...
8.4
Apache Airflow: Unvalidated Input Allows Local Privilege Escalation
CVE-2026-0034 ASB-A-428701593
In setPackageOrComponentEnabled of ManagedServices.java, there is a possible notification policy desync due to improper input validation. This could l...
8.4
28 Feb 2026 All days 2 Mar 2026