Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 2 March 2026

RSS

248 vulnerabilities published on 2 March 2026

Severity:
Adobe Flash Player crashes when handling malformed data
CVE-2025-47373
Memory Corruption when accessing buffers with invalid length during TA invocation....
7.8
CGM CLININET Smart Card Authentication Can Be Bypassed by Certificate Number
CVE-2025-30042
The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only t...
9.0
Windows WLAN Driver Allows Unauthorized Access to System
CVE-2026-20423
In wlan STA driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User ...
7.8
TaskFragmentOrganizerController Java Code Has Privilege Escalation Risk
CVE-2025-48635
In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could le...
7.7
Textream for macOS: Unsecured WebSocket Server Allows Remote Control
CVE-2026-28403
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server (`ws://127.0.0.1:<httpPort+1>`) accepts conne...
7.6
OpenClaw and @openclaw/voice-call allow unauthenticated access to resources
GHSA-mfg5-7q5g-f37j
OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept media-stream WebSocket upgrades ...
8.7
AWS-LC: Unauthenticated users can bypass digital signatures in certain emails
CVE-2026-3338
Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 object...
8.7
AWS-LC fails to verify some certificates in multi-signer emails
CVE-2026-3336
Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PK...
8.7
TBTC V2: Malicious Bitcoin Transaction Can Cause Insolvency
GHSA-8986-v76q-8vr2
# Overview P2PKH has 20 bytes just like P2SH. We protect against revealing P2PKH deposits by manually assembling the expected P2SH script in the smar...
7.5
Exiv2 Image Metadata Tool Crashes with Malformed Input
CVE-2026-27596
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, a...
2.7
Exiv2 command-line utility crashes reading certain image files
UBUNTU-CVE-2026-27596
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, a...
7.8
joserfc Library Allows Unauthenticated CPU Overload
CVE-2026-27932 GHSA-w5r5-m38g-f9f9
# Summary A resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service (DoS) via CPU exhaustion. W...
7.5
Contest Gallery plugin for WordPress exposes sensitive data
CVE-2026-3180
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to blind SQL Injection via the ‘cgLost...
7.5
Tenda AC6V2.0 Router WiFi WPS Start Page Stack Overflow
CVE-2025-70252
An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to...
7.5
Textream app crashes when overwhelmed by too many connections
CVE-2026-28412
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server imposes no limit on concurrent connections. C...
7.5
Microsoft Exchange Exposes Samsung Device Data on On-Premises Servers
CVE-2025-58107
In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensitive data from Samsung mobile de...
7.5
CGM CLININET Exposes User Messages and Attachments to Unauthorized Access
CVE-2025-58402
The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in...
7.1
Red Hat Yggdrasil Software Has a Security Flaw That Can Be Exploited
RHSA-2026:3506
7.5
Firefox Security Update: Unpatched Flaw Allows Malicious Code Execution
RHSA-2026:3497
7.5
Firefox Browser Security Update Needed
RHSA-2026:3496
7.5
Firefox Update Fixes Security Risk of Data Exposure
RHSA-2026:3494
7.5
Firefox Security Update for Red Hat Enterprise Linux
RHSA-2026:3495
7.5
Firefox Browser Has a Security Update
RHSA-2026:3493
7.5
Firefox Security Update for Linux Systems
RHSA-2026:3491
7.5
Firefox Web Browser Vulnerability: Data Theft Possible
RHSA-2026:3492
7.5
1 Mar 2026 All days 3 Mar 2026