Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 1 March 2026

RSS

77 vulnerabilities published on 1 March 2026

Severity:
Statamic Server-Side Request Forgery via Glide Image Manipulation
CVE-2026-28423 GHSA-cwpp-325q-2cvp
### Impact When Glide image manipulation is used in insecure mode (which is *not* the default), the image proxy can be abused by an unauthenticated u...
6.8
Statamic Exposes User Email Addresses in Control Panel
CVE-2026-28424 GHSA-w878-f8c6-7r63
### Impact User email addresses were included in responses from the user fieldtype’s data endpoint for control panel users who did not have the “view ...
6.5
Indico Event Series Management API Allows Unauthorized Access
CVE-2026-28352 GHSA-rfpp-2hgm-gp5v
### Impact The API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. Th...
6.5
Apache HTTP Server: Resource Exhaustion Denial of Service
CVE-2025-48631 ASB-A-444671303
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote ...
6.5
WordPress ProfilingService Vulnerability: Malicious Input Can Crash Server
CVE-2025-48587 ASB-A-425360073
In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to ...
6.2
Android Contact Name Exposed in Certain Notification Settings
CVE-2026-0012 ASB-A-392614656
In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due due to a logic error in the code. This could lead to ...
6.2
Android AppOpsService can be crashed by invalid input
CVE-2026-0014 ASB-A-443742082
In isPackageNullOrSystem of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to ...
6.2
Apache ServiceMix ProfilingService Java File Denial of Service Risk
CVE-2025-48585 ASB-A-425360742
In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to ...
6.2
AppOpsService Java Code May Crash with Malicious Input
CVE-2026-0015 ASB-A-445917646
In multiple locations of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to loc...
6.2
Gradio: Attacker Can Steal Server's OAuth Token via Mocked Login
CVE-2026-27167 GHSA-h3h8-3v2v-rg7m
## Summary Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components (e.g. `gr.Logi...
5.9
FascinatedBox lily: Local Code Execution after Malicious Input
CVE-2026-3392
A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function eval_tree of the file src/lily_emitter.c. This ma...
4.8
FascinatedBox lily: Local Data Exposure in Clear Storage Function
CVE-2026-3391
A security flaw has been discovered in FascinatedBox lily up to 2.3. Impacted is the function clear_storages of the file src/lily_emitter.c. The manip...
4.8
FascinatedBox lily versions 2.3 and prior: Local data exposure through error reporting
CVE-2026-3390
A vulnerability was identified in FascinatedBox lily up to 2.3. This issue affects the function patch_line_end of the file src/lily_build_error.c of t...
4.8
Squirrel up to 3.2: Local Code Execution through Null Pointer Dereference
CVE-2026-3389
A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstd_rex_newnode in the library sqstdlib/sqstdrex.cpp. ...
4.8
Squirrel up to 3.2 allows uncontrolled recursion
CVE-2026-3388
A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp....
4.8
Wren up to 0.4.0: Null Pointer Error Can Crash the Interpreter
CVE-2026-3387
A vulnerability has been found in wren-lang wren up to 0.4.0. Affected by this issue is the function getByteCountForArguments of the file src/vm/wren_...
4.8
Wren up to 0.4.0 allows local code execution through recursion
CVE-2026-3385
A vulnerability was detected in wren-lang wren up to 0.4.0. Affected is the function resolveLocal of the file src/vm/wren_compiler.c. The manipulation...
4.8
ChaiScript: Local Code Execution via Uncontrolled Recursion
CVE-2026-3384
A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::AST_Node_Impl::eval/chaiscript::eval...
4.8
ChaiScript Divide by Zero Error in Boxed Number Function
CVE-2026-3383
A weakness has been identified in ChaiScript up to 6.1.0. This affects the function chaiscript::Boxed_Number::go of the file include/chaiscript/dispat...
4.8
ChaiScript 6.1.0 allows memory corruption via local exploitation
CVE-2026-3382
A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::Boxed_Number::get_as of the file inclu...
4.8
Apache HTTP Server: Improper Input Validation Causing Local DoS
CVE-2025-48644 ASB-A-449181366
In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service w...
5.5
Information Leak in [Software Name] Allows Access to Local Data
CVE-2025-48642 ASB-A-455777515
In jump_to_payload of payload.rs, there is a possible information disclosure due to a logic error in the code. This could lead to local information di...
5.5
Gradio OAuth logout URL can redirect to malicious sites
CVE-2026-28415 GHSA-pfjf-5gxr-995x
# Summary The _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbit...
4.3
Android Media App Can Reveal Location of Media Files
CVE-2026-0024 ASB-A-326211886
In isRedactionNeededForOpenViaContentResolver of MediaProvider.java, there is a possible way to reveal the location of media due to a missing permissi...
4.0
Hex Client Can Crash Due to Untrusted Data
CVE-2026-21619 GHSA-hx9w-f2w9-9g96
### Impact The Hex client (`hex_core`) deserializes Erlang terms received from the Hex API using `binary_to_term/1` without sufficient restrictions. ...
2.0
28 Feb 2026 All days 2 Mar 2026