Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 3 March 2026

RSS

280 vulnerabilities published on 3 March 2026

Severity:
PickleScan's pkgutil.resolve_name has a universal blocklist bypass
GHSA-vvpj-8cmc-gx39
## Summary `pkgutil.resolve_name()` is a Python stdlib function that resolves any `"module:attribute"` string to the corresponding Python object at r...
10.0
Rancher Cloud Credentials Can Be Used by Unauthorized Users
GHSA-gqf8-rvrh-g7w6 CVE-2021-25320
A vulnerability was discovered in Rancher 2.2.0 through the aforementioned patched versions, where cloud credentials weren't being properly validated ...
10.0
Rancher exposes sensitive credentials in older versions
GHSA-8w87-58w6-hfv8 CVE-2021-36783
### Impact It was discovered that in Rancher versions up to and including 2.5.12 and 2.6.3 there is a failure to properly sanitize credentials in clu...
10.0
OpenEMR Electronic Health Records App Allows Malicious File Uploads
CVE-2026-24848
OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument() m...
8.7
OpenText Filr: Unauthenticated Users Can Access Sensitive Data
CVE-2026-3266
Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauthenticated users to get XSRF to...
8.3
Unauthorized access to Devolutions Server with Azure AD authentication
CVE-2026-3224
Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated...
9.8
Devolutions Server Error Message Spoofing
CVE-2026-3204
Improper input validation in the error message page in Devolutions Server 2025.3.16 and earlier allows remote attackers to spoof the displayed error ...
9.8
Devolutions Server: Attackers can delete PAM account in bulk
CVE-2026-3130
Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete permission to...
9.8
Devolutions Remote Desktop Manager Passwords Not Always Kept Private
CVE-2026-2590
Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remote Desktop Manager 2025.3...
9.8
OpenEMR: Unauthenticated Access to Sensitive Medical Data
CVE-2026-24898
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disc...
9.8
D-Link DIR-868L DIR-868L: Remote Command Injection Risk via SSDP Service
CVE-2026-3485
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ...
8.9
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51.
CVE-2025-70240
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51....
9.8
D-Link DIR-513 Router Can Be Forced to Crash
CVE-2025-70239
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55....
9.8
D-Link DIR-513 Router Allows Attackers to Crash the Device
CVE-2025-70234
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS....
9.8
D-Link DIR-513 Router WAN Configuration Overflow
CVE-2025-70241
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANType_Wizard5....
9.8
D-Link DIR-513 Router: Uncontrolled Memory Access Through curTime
CVE-2025-70237
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr....
9.8
D-Link DIR-513 Router: Uncontrolled Input can Cause a Crash
CVE-2025-70236
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDomainFilter....
9.8
IBM WebSphere Application Server - Liberty Security Settings May Be Weakened
CVE-2025-14923
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected secur...
9.8
Unauthorized Command Execution in Weintek cMT-3072XH2 easyweb v2.1.53
CVE-2024-55026
An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands...
9.8
Unauthorized access to Weintek easyweb v2.1.53 administrative features
CVE-2024-55024
An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attacke...
9.8
Weintek cMT-3072XH2 easyweb Web Version v2.1.53 Root Access Through DHCP
CVE-2024-55020
A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to ...
9.8
PickleScan Fails to Block Remote Code Execution Attacks
GHSA-g38g-8gr9-h9xp
## Summary picklescan v1.0.3 (latest) does not block at least 7 Python standard library modules that provide direct arbitrary command execution or co...
9.8
PickleScan's profile.run blocklist mismatch allows exec() bypass
GHSA-7wx9-6375-f5wh
## Summary picklescan v1.0.3 blocks `profile.Profile.run` and `profile.Profile.runctx` but does NOT block the module-level `profile.run()` function. ...
9.8
OpenSTAManager affected by unauthenticated privilege escalation via modules/utenti/actions.php
CVE-2026-27012 GHSA-247v-7cw6-q57v
### Summary A privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group ...
9.8
Google Cloud Build with GitHub Integration Allows Malicious Code Execution
CVE-2026-3136
An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute...
8.6
2 Mar 2026 All days 4 Mar 2026