CVE Vulnerabilities - 3 March 2026

VMware vROps Allows Unauthenticated Remote Code Execution

CVE-2026-22719

Broadcom VMware Aria Operations formerly known as vRealize Operations (vROps) contains a command injection vulnerability that allows an unauthenticate...

8.1 KEV

Nokia IMPACT Allows Authenticated Upload of Malicious Files

CVE-2021-35485

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side...

8.0

Rancher UI retains old Azure AD permissions

GHSA-vf6j-6739-78m8 CVE-2023-22648

A bug has been identified in which permission changes in Azure AD are not reflected to users while they are logged in the Rancher UI. This would cause...

8.0

OpenClaw: Untrusted Node Devices Can Gain Access to Commands

GHSA-r65x-2hqr-j5hf

## Summary A paired node device could reconnect with spoofed `platform`/`deviceFamily` metadata and broaden node command policy eligibility because r...

8.0

OpenEXR Image Format Allows Data Corruption and Overflow

UBUNTU-CVE-2026-27622

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In Co...

8.9

OpenClaw: Sandbox media fallback tmp symlink alias bypass allows host file reads outside sandboxRoot

GHSA-xmv6-r34m-62p4

### Summary A sandbox path validation bypass in `openclaw` allows host file reads outside `sandboxRoot` via the media path fallback tmp flow when the ...

7.8

Dell Optimizer: Local Privilege Escalation Risk

CVE-2026-25906

Dell Optimizer, versions prior to 6.3.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged att...

7.8

Dell Command | Intel vPro Out of Band versions prior to 4.7.0: Privilege Escalation Risk

CVE-2026-24502

Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerability. A low privileged attacker w...

7.8

dr_libs: Malicious WAV files can crash or corrupt program

CVE-2026-29022

dr_libs version 0.14.4 and earlier (fixed in commit 8a7258c) contain a heap buffer overflow vulnerability in the drwav__read_smpl_to_metadata_obj() fu...

6.8

IBM Storage Scale: Local User Can Access Resources They Shouldn't

CVE-2025-14604

IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentional...

7.8

Portwell Engineering Toolkits: Memory Access Risk in Local Attacks

CVE-2026-3437

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a ...

9.3

Cohesity TranZman Migration Appliance: Privilege Escalation and Data Theft Risk

CVE-2025-63909

Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers...

7.8

BentoML Allows Malicious Files to Write to Any Folder

CVE-2026-27905 GHSA-m6w7-qv66-g3mf

# Arbitrary File Write via Symlink Path Traversal in Tar Extraction ## Summary The `safe_extract_tarfile()` function validates that each tar member'...

8.6

OpenViking: Malicious ZIP files can write to unintended directories

GHSA-rpqr-j937-6qr9 CVE-2026-28518

OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attack...

8.4

Stabilizer Repository: Untrusted Data Injects Commands on System

CVE-2025-52365

A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system comma...

7.8

xlnt Community: Local Data Corruption Risk from Unpatched Version

CVE-2026-3463

A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/det...

4.8

Qualcomm Chipsets Can Crash with Memory Overlap

CVE-2026-21385

Multiple Qualcomm chipsets contain a memory corruption vulnerability while using alignments for memory allocation. ...

7.8 KEV

OpenClaw allows trojans to masquerade as safe binaries

GHSA-g75x-8qqm-2vxp

## Summary `tools.exec.safeBins` allowlist checks could be bypassed by PATH-hijacked binaries, allowing execution of attacker-controlled trojan binar...

7.7

OpenClaw: Files can be overwritten outside of the sandbox workspace

GHSA-cfvj-7rx7-fc7c

### Summary `stageSandboxMedia` allowed destination symlink traversal during media staging, which could overwrite files outside the sandbox workspace ...

7.7

OpenClaw's web tools may bypass DNS pinning with proxy setup

GHSA-8mvx-p2r9-r375

### Summary `openclaw` web tools strict URL fetch paths could lose DNS pinning when environment proxy variables are configured (`HTTP_PROXY`/`HTTPS_PR...

7.6

Underscore.js can cause a server crash with malicious data

UBUNTU-CVE-2026-27601

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the _.flatten and _.isEqual functions use recursion without a depth limit. Un...

8.3

IBM InfoSphere Information Server exposes sensitive data through XML attacks

CVE-2026-1567

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE) vulnerability in IBM InfoSphere Information Server could allo...

7.5

IBM Aspera faspio Gateway 1.3.6: Sensitive Data Decryption Risk

CVE-2025-14480

IBM Aspera faspio Gateway 1.3.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive informatio...

7.5

Craft CMS has IDOR via GraphQL @parseRefs

CVE-2026-28696 GHSA-7x43-mpfg-r9wj

The GraphQL directive `@parseRefs`, intended to parse internal reference tags (e.g., `{user:1:email}`), can be abused by both authenticated users and ...

8.7

AWS-LC PKCS7 Signature Verification Can Be Bypassed

GHSA-hfpc-8r3f-gw53

### Summary AWS-LC is an open-source, general-purpose cryptographic library. ### Impact Improper signature validation in PKCS7_verify() in AWS-LC all...

7.5