Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 2 March 2026

RSS

248 vulnerabilities published on 2 March 2026

Severity:
Apple iOS Boot Loader Can Access Encrypted Certificates
CVE-2025-47378
Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain....
7.1
Chamilo: Unauthorized Users Can Be Forced into Friendship
CVE-2025-52469
Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network mo...
7.1
OpenClaw Sandbox Network Isolation Bypass via Docker Container Join
GHSA-ww6v-v748-x7g9
### Summary In `[email protected]`, sandbox network hardening blocks `network=host` but still allows `network=container:<id>`. This can let a sandbo...
6.9
OpenClaw may run out of memory if sent large media files
GHSA-rxxp-482v-7mrh
## Summary OpenClaw did not consistently enforce configured inbound media byte limits before buffering remote media in several channel ingestion paths...
6.9
OpenClaw Allows Execution of Unauthorized Code Through Shell Wrappers
GHSA-gwqp-86q6-w47g
### Summary OpenClaw exec approvals could be bypassed in `allowlist` mode when `allow-always` was granted through unrecognized multiplexer shell wrapp...
6.9
OpenClaw: Node approvals can be used on the wrong node
GHSA-6x2m-hqfw-hvpj
## Summary `exec.approval` requests for `host=node` were not explicitly bound to the target `nodeId`, so an approval intended for one node could be re...
6.9
OpenClaw: Feishu Mention Data Can Cause Message Corruption or Slowdowns
GHSA-c6hr-w26q-c636
## Summary `extensions/feishu/src/bot.ts` constructed `new RegExp()` directly from Feishu mention metadata (`mention.name`, `mention.key`) in `stripB...
6.9
OpenClaw: Unauthorized Senders Can Disrupt Sessions and View Sensitive Data
GHSA-8m9v-xpgf-g99m
### Summary Unauthorized senders could trigger two command paths without sender authorization checks: 1. stop-like natural-language abort triggers 2. ...
6.9
OpenClaw sessions_spawn bypasses sandbox protection in certain setups
GHSA-p7gr-f84w-hqg5
### Summary A sandboxed session could use cross-agent `sessions_spawn` to create a child under an agent configured with `sandbox.mode="off"`, downgrad...
6.9
Zalo Webhook May Cause Server Crash with Certain Query Strings
GHSA-wr6m-jg37-68xh
### Summary Unauthenticated requests to a reachable Zalo webhook endpoint could trigger unbounded in-memory key growth by varying query strings on the...
6.9
Apache OpenClaw: Malicious Node Metadata Can Bypass Security Restrictions
GHSA-392f-ggf5-fp3c
### Summary A paired node could supply Unicode-confusable `platform` or `deviceFamily` metadata that passed metadata pinning but classified differentl...
6.9
OpenClaw Browser Control Unauthenticated Access After Auth Failure
GHSA-vpj2-69hf-rppw
### Summary When browser control started without explicit auth credentials, OpenClaw attempted to bootstrap auth automatically. In affected versions, ...
6.9
AFFiNE: Malicious Redirects Possible in Older Versions
CVE-2026-25477
AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at th...
6.9
Apache HTTP Server: SQL Injection in CheckUnitCodeAndKey.pl
CVE-2025-30062
In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injection....
6.9
OpenClaw: Malicious File Overwrite in Browser Download Paths
GHSA-36h3-7c54-j27r
### Summary Browser trace/download output path handling allowed symlink-root and symlink-parent escapes from the managed temp root. ### Affected Pack...
6.8
ARM SMMU Vulnerability Allows Local Privilege Escalation
CVE-2026-0027
In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege...
6.7
Adobe Reader memory corruption allows local privilege escalation
CVE-2026-20444
In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor...
6.7
Adobe Display Software Can Crash or Allow Malicious Use
CVE-2026-20443
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has alr...
6.7
Windows MAE Missing Bounds Check Allows Privilege Escalation
CVE-2026-20441
In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor h...
6.7
Missing Bounds Check in MAE Allows Local Privilege Escalation
CVE-2026-20440
In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor h...
6.7
Windows WLAN Driver Privilege Escalation Risk
CVE-2026-20436
In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a m...
6.7
Adobe Flash Player Allows Privilege Escalation through Missing Bounds Check
CVE-2026-20428
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious act...
6.7
Adobe Illustrator Privilege Escalation Risk
CVE-2026-20427
In display, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious...
6.7
Adobe Photoshop Out-of-Bounds Write Allows Privilege Escalation
CVE-2026-20426
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious act...
6.7
Adobe Photoshop Out-of-Bounds Write Can Grant System Privileges
CVE-2026-20425
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious act...
6.7
1 Mar 2026 All days 3 Mar 2026