CVE Vulnerabilities - 3 March 2026

Libbiosig parsing a specially crafted file can run malicious code

CVE-2026-22891

A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a...

9.8

Renren Security before 5.5.0 allows SQL Injection attacks

CVE-2025-70821

renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component...

9.8

Step-Video-T2V allows remote code execution via malicious API requests

CVE-2025-57622

An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loads(request.get_dat...

9.8

Apache Ranger: Malicious code can run on your system

CVE-2025-59059 GHSA-c87w-642h-m97h

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to...

9.8

Oracle OpenMQ has a default admin account with no password change required

CVE-2026-22886

OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires authentication. However, the product ships with a default administ...

9.8

Apache HTTP Server: Remote Code Execution via File Upload

BELL-CVE-2026-2781

9.8

WordPress User Registration Plugin Creates Admin Accounts Without Permission

CVE-2026-1492

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin...

9.8

Unauthorized Access to Microsoft 365 Accounts in WordPress Plugins

CVE-2026-2628

The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and in...

9.8

OpenTelemetry-Go: Multiple Security Flaws in Argo Workflows

CLEANSTART-2026-BY85815

Multiple security vulnerabilities affect the argo-workflows package. OpenTelemetry-Go is the Go implementation of OpenTelemetry. See references for in...

9.8

Argo Workflows Package: Multiple Security Risks Exposed

CLEANSTART-2026-MW73882

Multiple security vulnerabilities affect the argo-workflows package. filippo. See references for individual vulnerability details....

9.8

Craft CMS allows malicious code execution via Twig functions

CVE-2026-28783 GHSA-5fvc-7894-ghp4

Craft CMS implements a blocklist to prevent potentially dangerous PHP functions from being called via Twig non-Closure arrow functions. In order to b...

6.1

Craft CMS Vulnerable to Authenticated RCE via "craft.app.fs.write()" in Twig Templates

CVE-2026-28697 GHSA-v47q-jxvr-p68x

## Summary An authenticated administrator can achieve Remote Code Execution (RCE) by injecting a Server-Side Template Injection (SSTI) payload into T...

9.4

Zdir Pro 4.x Allows Malicious Files to be Written Outside Intended Directory

CVE-2025-66945

A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extrac...

9.1

Froxlor has Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection

CVE-2026-26279 GHSA-33mp-8p67-xj7c

## Summary A typo in Froxlor's input validation code (`==` instead of `=`) completely disables email format checking for all settings fields declared...

9.1

Rancher Privilege Escalation: Downstream Cluster Access

GHSA-6x34-89p7-95wg CVE-2022-31247

### Impact An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where a flaw with authorization logic allows privilege es...

9.1

OpenClaw fails to secure image loading in sandboxed mode

GHSA-9f72-qcpw-2hxc

### Summary In sandboxed runs, native prompt image auto-load did not honor `tools.fs.workspaceOnly=true`. This optional hardening setting is **not en...

8.9

Labkotec LID-3300IP Ice Detector Software Allows Unauthorized Access

CVE-2026-1775

The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters...

8.8

OpenClaw tools.exec module allows attackers to bypass denied commands

GHSA-3c6h-g97w-fg78

OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option abbreviatio...

8.7

OpenClaw allows unauthorized execution of certain commands

CVE-2026-28363 GHSA-7977-c43c-xpwj GHSA-3c6h-g97w-fg78

### Summary In OpenClaw, `tools.exec.safeBins` validation for `sort` could be bypassed via GNU long-option abbreviations in allowlist mode, allowing a...

8.8

IBM DataStage on Cloud Pak for Data allows unapproved commands to run with normal user access

CVE-2025-13688

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on...

8.8

IBM DataStage on Cloud Pak for Data allows unauthorized command execution

CVE-2025-13687

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on...

8.8

IBM DataStage on Cloud Pak for Data allows malicious users to run system commands

CVE-2025-13686

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on...

8.8

NocoDB SQL Injection via Date Formula

CVE-2026-28399 GHSA-45rp-9p97-h852

### Summary An authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. ### Details The third argument...

8.6

Brocade ASCG 3.4.0: Unauthorized Access to BSL and ASCG Configuration

CVE-2026-0869

Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support Link(BSL) and strea...

8.3

Weintek cMT-3072XH2 easyweb v2.1.53: Unapproved Command Injection

CVE-2024-55022

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name paramete...

8.8