Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 2 March 2026

RSS

248 vulnerabilities published on 2 March 2026

Severity:
Weak Configuration in Adobe Acrobat Allows Privilege Escalation
CVE-2026-0008
In multiple locations, there is a possible privilege escalation due to a confused deputy. This could lead to local escalation of privilege with no ad...
8.4
Android Browser Can Access Unauthorized Files
CVE-2025-48636
In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could l...
8.4
Linux Tool Fails to Drop Privileges, Allowing Root Access
CVE-2026-21882 GHSA-2j3p-gqw5-g59j
### Impact **Vulnerability Type:** Local Privilege Escalation (LPE) / Improper Privilege Management / Arbitrary Command Execution. The application a...
8.4
Chamilo Learning Management System: Teacher Can Inject Malicious Code
CVE-2025-52482
Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with...
8.3
NestJS with Fastify can bypass security middleware checks
CVE-2026-2293 GHSA-r4wm-x892-vjmx
### Impact _What kind of vulnerability is it? Who is impacted?_ A NestJS application using `@nestjs/platform-fastify` can allow bypass of any middlew...
8.2
Exiv2 Image Parser Can Read Outside Its Allowed Memory Area
CVE-2026-25884
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, a...
2.7
Exiv2 Image Parser Reads Data Outside Allowed Range
UBUNTU-CVE-2026-25884
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, a...
7.8
thinkgem JeeSite CAS Handler XML Injection
CVE-2026-3404
A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java o...
2.3
TP-Link Deco BE25 allows attackers to read files or crash the system
CVE-2026-0655
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TP-Link Deco BE25 v1.0 (web modules) allows authentica...
6.9
TP-Link Deco BE25: Malicious Input Can Execute System Commands
CVE-2026-0654
Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command. A...
8.5
Unprivileged User Can Write to Unauthorized Memory Areas in Mem_Protect
CVE-2026-0032
In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation ...
7.8
WordPress Plugin Vulnerability: Privilege Escalation through Logic Error
CVE-2026-0026
In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission due to a logic error in the code....
7.8
VBMeta: Local Privilege Escalation via Test Key Modification
CVE-2025-48613
In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. ...
7.8
Epicor ERP Input Validation Bypass Allows Unauthorized Access
BELL-CVE-2026-28421
7.8
Apache HTTP Server Remote Code Execution Vulnerability Affects Linux Systems
BELL-CVE-2026-28417
7.8
OpenEXR's CompositeDeepScanLine integer-overflow leads to heap OOB write
CVE-2026-27622 GHSA-cr4v-6jm6-4963
## Summary Function: `CompositeDeepScanLine::readPixels`, reachable from high-level multipart deep read flows (`MultiPartInputFile` + `DeepScanLineIn...
8.4
WordPress Allows Attackers to Crash Server with Malicious Input
CVE-2025-59603
Memory Corruption when processing invalid user address with nonstandard buffer address....
7.8
Unsecured Data Input in [Software] Allows Data Overrun
CVE-2025-59600
Memory Corruption when adding user-supplied data without checking available buffer space....
7.8
Adobe Acrobat Reader crashes when accessing shared files
CVE-2025-47386
Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs....
7.8
Windows Trusted Execution Environment: Memory Corruption Possible with Insufficient Privileges
CVE-2025-47385
Memory Corruption when accessing trusted execution environment without proper privilege check....
7.8
Windows Driver Vulnerability: Malicious Input Can Crash System
CVE-2025-47381
Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs....
7.8
Adobe Flash Player: Memory Corruption when Multiple Users Access Shared Data
CVE-2025-47379
Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resourc...
7.8
Windows Device Driver Memory Corruption via IOCTL Access
CVE-2025-47377
Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls....
7.8
Windows Kernel Driver Memory Corruption in Concurrent Access
CVE-2025-47376
Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls....
7.8
Windows Driver Crashes with Simultaneous IOCTL Calls
CVE-2025-47375
Memory corruption while handling different IOCTL calls from the user-space simultaneously....
7.8
1 Mar 2026 All days 3 Mar 2026