Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 1 March 2026
RSS77 vulnerabilities published on 1 March 2026
Severity:
Adobe Flash Player allows local attackers to gain elevated privileges
CVE-2026-0010
ASB-A-379695596
In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of...
8.4
Android Lockscreen Bypass Possible with Local Privilege Escalation
CVE-2025-48605
ASB-A-395640609
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local e...
8.4
Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing
CVE-2026-28416
GHSA-jmh7-g254-2cq9
### Summary
A Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by...
8.2
Kaniko allows unauthorized file writes outside build directory
CVE-2026-28406
GHSA-6rxq-q92g-4rmf
kaniko unpacks build context archives using `filepath.Join(dest, cleanedName)` without enforcing that the final path stays within `dest`. A tar entry ...
8.2
Statamic Control Panel Allows Remote Code Execution
CVE-2026-28425
GHSA-cpv7-q2wx-m8rw
### Impact
An authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code execution in the application c...
8.0
jarikomppa Soloud: Malicious WAV File Can Crash or Steal Data
CVE-2026-3394
A vulnerability was detected in jarikomppa soloud up to 20200207. This affects the function SoLoud::Wav::loadwav of the file src/audiosource/wav/solou...
4.8
jarikomppa Soloud: FLAC File Parsing Error Causes Data Overload
CVE-2026-3393
A security vulnerability has been detected in jarikomppa soloud up to 20200207. The impacted element is the function SoLoud::Wav::loadflac of the file...
4.8
SQL Injection Allows Access to Sensitive Files in Other Apps
CVE-2025-48544
ASB-A-415783046
In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of priv...
7.8
Apache Struts: Malicious User Can Bypass Permission Checks
CVE-2025-48653
ASB-A-435737668
In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to lo...
7.8
Android CompanionDeviceManagerService Privilege Escalation
CVE-2025-48654
ASB-A-442392902
In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic error in the code. This could lead to local escal...
7.8
Java DeviceAdminInfo vulnerability allows local privilege escalation
CVE-2025-48645
ASB-A-443062265
In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalati...
7.8
Apache HTTP Server: Sensitive Files Bypass via Unicode Normalization
CVE-2025-48567
ASB-A-377888957
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode ...
7.8
Android Media App Allows Unauthorized File Writing
CVE-2025-48578
ASB-A-418225717
In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check...
7.8
Windows Privilege Escalation in Multiple Locations
CVE-2025-64783
ASB-A-483074175
In multiple locations, there is a possible way to access unexpected data due to multiple causes. This could lead to local escalation of privilege with...
7.8
Google Workspace: Unprivileged User Can Execute Arbitrary Code
CVE-2025-48646
ASB-A-457742426
In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privil...
7.8
Google Android PackageInstallerService vulnerable to local privilege escalation
CVE-2026-0023
ASB-A-459461121
In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to update its ownership due to a missing permission check...
7.8
Fingerprint Unlock Vulnerability in Android Biometric App
CVE-2026-0017
ASB-A-444673089
In onChange of BiometricService.java, there is a possible way to enable fingerprint unlock due to a logic error in the code. This could lead to local ...
7.7
Gradio on Windows with Python 3.13+: Unauthenticated File Access
CVE-2026-28414
GHSA-39mp-8hj3-5c49
### Summary
Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers ...
7.5
Android Lockscreen Bypass in KeyguardViewMediator Java File
CVE-2025-48577
ASB-A-413380719
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation...
7.4
Google Chrome's GPU Cache Exposed on Local Machines
CVE-2025-48630
ASB-A-455563813
In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could ...
7.4
Android WindowManagerService: Local Privilege Escalation Risk
CVE-2025-48634
ASB-A-406243581
In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalat...
7.3
Wren Compiler Vulnerability Allows Local Data Exposure
CVE-2026-3386
A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function emitOp of the file src/vm/wren_compiler.c. This ma...
4.8
Adobe Acrobat Reader allows unauthorized access to sensitive data
CVE-2025-64784
ASB-A-483074618
In multiple locations, there is a possible way to access unexpected data due to multiple causes. This could lead to local escalation of privilege with...
7.1
Unrestricted Access to Sensitive Data in Multiple Locations of Software
CVE-2025-64893
ASB-A-483075215
In multiple locations, there is a possible way to access unexpected data due to multiple causes. This could lead to local escalation of privilege with...
7.1
Nfc Software May Allow Hackers to Gain Elevated Privileges
CVE-2025-48641
ASB-A-392699284
In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no a...
7.0