Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 2 March 2026

RSS

248 vulnerabilities published on 2 March 2026

Severity:
Mattermost Desktop App: Malicious Server Can Expose User Data
CVE-2026-1628
Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a ma...
4.6
Device ID Leak in Preloader Software
CVE-2026-20435
In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attac...
4.6
MDDP System Crash Risk from Malicious Actor with System Privilege
CVE-2026-20445
In MDDP, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtaine...
4.4
Oracle Display Software Crashes if Attacker Has System Privileges
CVE-2026-20442
In display, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtain...
4.4
Windows imgsys Component Can Crash System with Elevated Privileges
CVE-2026-20439
In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtaine...
4.4
In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not ne...
CVE-2026-20437
In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained t...
4.4
Microsoft Products: Missing Check Allows Unauthorized Access to Data
CVE-2026-20429
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor...
4.4
Windows Display Driver: Unauthorized Access to System Data
CVE-2026-20424
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor...
4.4
CGM CLININET Exposes Users to Client-Side Attacks Through Missing Security Headers
CVE-2025-58406
The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffin...
5.3
Signal Groups Unsecured by DM Pairing Store in OpenClaw 2026.2.25
GHSA-wm8r-w8pf-2v6w
### Summary In OpenClaw `2026.2.25`, Signal group authorization under `groupPolicy=allowlist` could accept sender identities sourced from DM pairing-s...
3.7
Arm C1-Pro: Memory Access Failure in Certain Conditions
CVE-2026-0995
An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memo...
3.6
OpenClaw Control UI Allows Access to Sensitive Files
GHSA-5ghc-98wh-gwwf
### Summary The Control UI static file handler previously validated asset paths lexically and then served files with APIs that follow symbolic links. ...
3.3
YosysHQ yosys: Unpatched Heap Overflow on Local Host
CVE-2026-3407
A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the compo...
4.8
OpenClaw macOS Companion App Security Risk: Malicious Code Execution
GHSA-5f9p-f3w2-fwch
### Summary In the macOS companion app (**currently beta**), a parsing mismatch in exec approvals could let shell-chain payloads pass allowlist checks...
2.3
Malicious code found in Polymarket SDK's dependencies
GHSA-5pmp-jpcf-pwx6
This is part of an ongoing campaign to attempt to typosquat crates in the [`polymarket-client-sdk`](https://crates.io/crates/polymarket-client-sdk) ec...
Web Application in WordPress Allows Unauthenticated File Access
MINI-cx7c-xh4j-mf56
Adobe Photoshop and other PNG image editing software at risk of data theft or crashes
ALSA-2026:3551
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files. Security Fix(e...
Important: Update Mozilla Thunderbird to Fix Multiple Security Risks
ALSA-2026:3515
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * libvpx: Heap buffer overflow in libvpx (CVE-2026-2447) * ...
Mozilla Thunderbird Security Update Fixes Multiple Issues
ALSA-2026:3516
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * libvpx: Heap buffer overflow in libvpx (CVE-2026-2447) * ...
Linux Kernel Update Fixes Multiple Security Risks
ALSA-2026:3488
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: smc: Use __sk_dst_get() and ...
VMware Tools: Unprivileged Users Can Access Encrypted Disk Data
ALSA-2026:3476
The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fix(es): ...
Update Thunderbird to Fix Multiple Security Risks
ALSA-2026:3517
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * libvpx: Heap buffer overflow in libvpx (CVE-2026-2447) * ...
Valkey: Data Tampering and Denial of Service Risks with Lua Scripts
ALSA-2026:3507
Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sort...
1 Mar 2026 All days 3 Mar 2026