Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 4 March 2026
RSS239 vulnerabilities published on 4 March 2026
Severity:
GNU patch through 2: Unpatched Security Flaws Remain
CLEANSTART-2026-NA21773
Multiple security vulnerabilities affect the patch package. GNU patch through 2. See references for individual vulnerability details....
9.8
Redis: Malicious Code Injection via Valkey Package
CLEANSTART-2026-BZ70876
Multiple security vulnerabilities affect the valkey package. Redis is an open source, in-memory database that persists on disk. See references for ind...
9.8
PostgreSQL: Users can access restricted data through optimizer statistics
CLEANSTART-2026-WY43835
Multiple security vulnerabilities affect the postgresql package. PostgreSQL optimizer statistics allow a user to read sampled data within a view that ...
9.8
Google Chrome: Malicious Webpage Can Escape Browser Security
CVE-2026-3545
Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape ...
9.6
Pebble Prism Ultra v2.9.2: Unsecured Bluetooth Connection Allows Interference
CVE-2025-69969
A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism U...
9.6
IDC SFX Series Satellite Receiver stores insecure root password
CVE-2026-29120
The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation (IDC) SFX Series(SFX2100) SuperFlex Satellite Recei...
9.2
IDC SFX2100 Satellite Receiver: Weak User Account Password
CVE-2026-28777
International Datacasting Corporation (IDC)
SFX2100 Satellite Receiver, trivial password for the `user` (usr) account. A remote unauthenticated atta...
9.2
Pac4j-JWT's Encrypted JWT Processing Allows Unauthorized Access
CVE-2026-29000
GHSA-pm7g-w2cf-q238
pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs ...
9.3
Fickling missing RCE-capable modules in UNSAFE_IMPORTS
GHSA-5hwf-rc88-82xm
# Assessment
The modules `uuid`, `_osx_support` and `_aix_support` were added to the blocklist of unsafe imports (https://github.com/trailofbits/fick...
8.9
Fickling Security Bypass: Malicious Payloads Can Still Execute
GHSA-wccx-j62j-r448
# Assessment
The missing pickle entrypoints `pickle.loads`, `_pickle.loads`, and `_pickle.load` were added to the hook https://github.com/trailofbits...
8.9
Google Chrome: Malicious Websites Can Crash or Steal Data
CVE-2026-3544
Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory write via a cr...
8.8
Google Chrome before 145.0.7632.159: Malicious websites can crash your browser
CVE-2026-3543
Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory acce...
8.8
Google Chrome may crash or leak data due to a memory access error
CVE-2026-3542
Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access ...
8.8
Google Chrome: Malicious Website Can Read Sensitive Browser Data
CVE-2026-3541
Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory read via a c...
8.8
Google Chrome allows hackers to crash your browser with malicious web pages
CVE-2026-3540
Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via...
8.8
Google Chrome Extensions can cause memory crashes with malicious plugins
CVE-2026-3539
Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension ...
8.8
Google Chrome: Malicious Webpage Can Crash Browser
CVE-2026-3538
Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a c...
8.8
Google Chrome on Android allows remote attackers to cause unexpected app crashes
CVE-2026-3537
Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remote attacker to potentially exploit heap corruption...
8.8
Google Chrome's Graphics System Can Crash or Be Exploited by Malicious Websites
CVE-2026-3536
Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a ...
8.8
Apache ActiveMQ: Malformed Packets Can Cause Unexpected Behavior
CVE-2025-66168
GHSA-c825-6ph3-4h84
Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When thi...
8.8
IDC SFX Series SuperFlex Satellite Receiver Exposes Admin Credentials
CVE-2026-29119
International Datacasting Corporation (IDC) SFX Series SuperFlex(SFX2100) SatelliteReceiver contains hardcoded and insecure credentials for the `admin...
8.8
IDC SFX Series Web Interface Traceroute Lets Attackers Run Commands
CVE-2026-28774
An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation (IDC) SFX Series ...
9.3
IDC SFX Series SuperFlex Satellite Receiver Web Interface Allows Remote Command Execution
CVE-2026-28773
The web-based Ping diagnostic utility (/IDC_Ping/main.cgi) in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web...
9.3
IDC SFX Series Web Interface Allows Malicious Code Injection
CVE-2026-28770
Improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series Super...
5.3
NLTK versions 3.9.2 and earlier can read unauthorized files
CVE-2026-0847
A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including W...
8.6