Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 2 March 2026
RSS248 vulnerabilities published on 2 March 2026
Severity:
CGM CLININET application is vulnerable to clickjacking attacks
CVE-2025-58405
The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frame‑b...
5.3
itsourcecode University Management System Cross-Site Scripting
CVE-2026-3412
A vulnerability was detected in itsourcecode University Management System 1.0. This affects an unknown part of the file /att_single_view.php. The mani...
5.3
ExtremeCloud IQ – Site Engine leaks sensitive login credentials
CVE-2026-0689
In ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrato...
6.0
AWS-LC decryption can be slowed down by malicious users
CVE-2026-3337
Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via ...
8.2
OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows
GHSA-hjvp-qhm6-wrh2
### Summary
In approval-enabled `host=node` workflows, `system.run` approvals did not always carry a strict, versioned execution-context binding. In u...
5.5
Apache HTTP Server Remote Code Execution via Malicious URL
BELL-CVE-2026-28418
5.5
NocoDB: Malicious Scripts Can Run in Stored Rich Text Cells
CVE-2026-28359
GHSA-qxwq-q265-hc44
### Summary
An authenticated user with Editor role can inject arbitrary HTML into Rich Text cells by bypassing the TipTap editor and sending raw HTML ...
5.3
NocoDB: Injecting malicious scripts in Formula cells
CVE-2026-28357
GHSA-vx5p-q85x-xm3c
### Summary
A stored XSS vulnerability exists in the Formula virtual cell. Formula results containing `URI::()` patterns are rendered via `v-html` wit...
5.3
Exiv2 crashes with huge image metadata
CVE-2026-27631
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, a...
2.7
Exiv2 crashes when processing certain image metadata
UBUNTU-CVE-2026-27631
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, a...
7.8
Plone's Custom Login Redirect Can Be Hijacked
CVE-2026-28413
GHSA-43gx-6gv6-3jcp
### Impact
A url `/login?came_from=////evil.example` may redirect to an external website after login.
Standard Plone is not affected, but if you have...
5.3
NocoDB Stores Shared View Passwords in Plain Text
CVE-2026-28360
GHSA-mpp2-x7wv-38hv
### Summary
Shared view passwords were stored in plaintext in the database and compared using direct string equality.
### Details
The `password` colu...
2.7
NocoDB Password Reset Endpoint Exposes User Email Existence
CVE-2026-28358
GHSA-387m-j3p9-3php
### Summary
The password forgot endpoint returned different responses for registered and unregistered emails, allowing user enumeration.
### Details
...
2.7
Action Package Scan and Archive Functions Can Cause System Slowdown
GHSA-54p8-x2m9-c593
Several extraction and scanning code paths registered late defers which could leak resources and exhaust system resources.
This report is an aggregat...
5.3
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR ...
DEBIAN-CVE-2026-23865
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bou...
5.3
Freetype Library: OpenType Font Parsing Error
CVE-2026-23865
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bou...
5.3
Freetype Library: OpenType Font Parsing Error
UBUNTU-CVE-2026-23865
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bou...
5.3
Chamilo Learning Management System: Unauthenticated Website Requests Allowed
CVE-2024-50337
Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, w...
5.3
Chamilo Learning Management System: Untrusted Data Deserialization
CVE-2025-50198
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/view...
8.8
Simple Student Alumni System v1.0: Unauthorized Database Access
CVE-2026-26698
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modal_edit.php....
4.9
Simple Student Alumni System SQL Injection in teacherID Parameter
CVE-2026-26697
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=....
4.9
Chamilo learning management system: Malicious scripts can be injected.
CVE-2025-52470
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the session_category_ad...
4.8
Chamilo Learning Management System: Malicious File Upload Risk
CVE-2025-50186
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists due to insufficient saniti...
4.8
PHPGurukul Student Record Management System allows remote code execution
CVE-2026-3403
A vulnerability was detected in PHPGurukul Student Record Management System 1.0. This issue affects some unknown processing of the file /edit-subject....
4.8
PHPGurukul Student Record Management System: Remote Code Injection Risk
CVE-2026-3402
A security vulnerability has been detected in PHPGurukul Student Record Management System up to 1.0. This vulnerability affects unknown code of the fi...
4.8