Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 4 March 2026
RSS239 vulnerabilities published on 4 March 2026
Severity:
Cisco Firewall Devices Can Crash from Malicious Packets
CVE-2026-20103
A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Thr...
8.6
Cisco Secure Firewall reloads unexpectedly due to SAML message exploit
CVE-2026-20101
A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthentica...
8.6
Cisco ASA Software Drops Incoming TCP Connections Under Heavy Traffic
CVE-2026-20082
A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an ...
8.6
Cisco Firewall Software: Unauthenticated DoS via VPN Web Server
CVE-2026-20039
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FT...
8.6
XWiki Blog Application vulnerable to malicious blog post titles
CVE-2025-66024
GHSA-h2xq-h7f9-vh6c
### Impact
The Blog Application is vulnerable to Stored Cross-Site Scripting (XSS) via the Blog Post Title. The vulnerability arises because the post...
8.6
Langchain Helm Charts: URL Injection in LangSmith Studio Allows Unauthorized Access
CVE-2026-25750
Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm version 0.12.71, a URL parameter ...
8.5
Immutable's merge APIs can be exploited for malicious data injection
CVE-2026-29063
GHSA-wf6x-7x77-mvgw
## Impact
_What kind of vulnerability is it? Who is impacted?_
A Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), m...
8.3
Lemmy has unauthenticated SSRF via file_type query parameter injection in image endpoint
GHSA-jvxv-2jjp-jxc3
CVE-2026-29178
## Summary
The `GET /api/v4/image/{filename}` endpoint is vulnerable to unauthenticated SSRF through parameter injection in the `file_type` query par...
8.3
Vaultwarden Collection Management Access for Managers Without Permission
CVE-2026-27803
GHSA-h4hq-rgvh-wh27
## Summary
Testing confirmed that even when a Manager has `manage=false` for a given collection, they can still perform the following management oper...
8.3
Vaultwarden Manager Can Access Unauthorized Collections
CVE-2026-27802
GHSA-r32r-j5jq-3w4m
## Summary
A Manager account (`access_all=false`) was able to escalate privileges by directly invoking the **bulk-access API** against collections th...
8.3
Ashop Shopping Cart Software lets attackers steal database secrets
CVE-2019-25507
Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting...
8.8
NCrypted Jobgator: Attackers can steal database information
CVE-2019-25504
NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code t...
8.8
Simple Job Script: Attackers can access or delete data by sending malicious requests
CVE-2019-25501
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through...
8.8
SQL Injection in Simple Job Script Exposes Employer Data
CVE-2019-25500
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code t...
8.8
Simple Job Script SQL injection: hackers can steal data
CVE-2019-25498
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code t...
8.8
OpenShift Container Platform 4.17.50 Security Update
RHSA-2026:3416
8.2
IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links
CVE-2026-28681
GHSA-22m3-c7vp-49fj
## Impact
An attacker can manipulate the HTTP `Host` header on a password reset or account creation request. The confirmation link in the resulting e...
8.1
Cisco Secure FMC Software: SQL Injection with Valid Credentials
CVE-2026-20002
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL inject...
8.1
Malicious Actor Can Hijack Wireless Network Traffic
CVE-2026-23808
A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled ...
8.1
IDC SFX Series SuperFlex Satellite Receiver contains hardcoded FTP credentials
CVE-2026-28778
International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the `xd`...
7.9
Dell Device Management Agent: Unsecured Local Access Can Lead to Elevated Privileges
CVE-2026-26949
Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Incorrect Authorization vulnerability. A low privileged attacker with local a...
7.8
App-Auto-Patch 3.4.2: Unauthorized File Writing
CVE-2025-70341
Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files....
7.8
Dell PowerScale OneFS: Unprivileged User Can Gain Admin Access
CVE-2026-21425
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect privilege assignment vulnerability. A ...
7.8
CNCSoft-G2 Fails to Safely Open User-Provided Files
CVE-2026-3094
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulner...
7.8
IDC SFX Series Receiver Has Hidden SSH Credentials
CVE-2026-28776
International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the `monitor` account. A remote ...
7.8