Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 2 March 2026
RSS248 vulnerabilities published on 2 March 2026
Severity:
HPE AutoPass License Server Authentication Can Be Bypassed Remotely
CVE-2026-23600
A remote authentication bypass vulnerability
exists in HPE AutoPass License Server (APLS)....
10.0
ZimaOS 1.5.2-beta3: Unauthorized file creation in sensitive system directories
CVE-2026-28286
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application enforces restri...
9.9
Qwik Allows Unauthenticated Remote Code Execution through Server Deserialization
CVE-2026-27971
GHSA-p9x5-jp3h-96mm
### Summary
qwik <=1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the `server$` RPC mechanism that allows any unauthent...
9.2
AVideo: Unauthenticated SQL Injection Allows Data Theft
CVE-2026-28501
GHSA-pv87-r9qf-x56p
## Impact
An unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components.
The a...
9.8
Simple Food Order System vulnerable to SQL Injection in cancel-order feature
CVE-2026-26713
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/cancel-order.php....
9.8
SQL Injection in Simple Food Order System Admin Panel
CVE-2026-26712
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket-admin.php....
9.8
SQL Injection in Simple Food Order System v1.0 Exposes Customer Data
CVE-2026-26711
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php....
9.8
Simple Food Order System SQL Injection in Order Editing
CVE-2026-26710
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php....
9.8
Out of bounds memory access in multiple locations in Adobe Acrobat
CVE-2026-0006
In multiple locations, there is a possible out of bounds read and write due to a heap buffer overflow. This could lead to remote code execution with n...
9.8
Pharmacy Point of Sale System SQL Injection Vulnerability
CVE-2026-26707
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_supplier.php....
9.8
Pharmacy Point of Sale System SQL Injection Vulnerability
CVE-2026-26706
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_receipt.php....
9.8
Pharmacy Point of Sale System v1.0 Exposes Customer Data
CVE-2026-26705
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_product.php....
9.8
Pharmacy Point of Sale System v1.0: SQL Injection in Category View
CVE-2026-26704
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_category.php....
9.8
Pharmacy Point of Sale System V1.0 Disclosure: Unauthorized User Access
CVE-2026-26708
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_user.php....
9.8
SQL Injection in Personnel Property Equipment System
CVE-2026-26700
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_employee.php....
9.8
Tenda AC15 V15.03.05.18_multi: Command Injection in USB Unload Feature
CVE-2026-24105
An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a c...
9.8
Twenty CRM v1.15.0 and before: Remote Code Execution Risk
CVE-2026-26720
An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts module....
9.8
SQL Injection in Personnel Property Equipment System Admin Panel
CVE-2026-26701
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_tecnical_user.php....
9.8
Tenda W20E Router: Buffer Overflow Risk from User Input
CVE-2026-24112
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo...
9.8
Tenda W20E Firmware Allows Long Data to Cause Buffer Overflow
CVE-2026-24110
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` ...
9.8
Chamilo Learning Management System: Malicious Object Creation
CVE-2025-52998
Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. ...
7.0
SQL Injection in Personnel Property Equipment System can compromise data
CVE-2026-26703
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advance_search.php....
9.8
SQL Injection in Sourcecodester Personnel Property Equipment System
CVE-2026-26702
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitem_reuse.php....
9.8
SQL Injection in Code-projects Simple Student Alumni System
CVE-2026-26696
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_edit.php....
9.8
SQL Injection in Student Alumni System Exposes Personal Data
CVE-2026-26694
code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modal_view.php....
9.8