Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 4 March 2026
RSS240 vulnerabilities published on 4 March 2026
Severity:
Cisco ASA and FTD Software Remote Access VPN Can Be Crashed by Malicious Input
CVE-2026-20105
A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Thr...
7.7
Cisco Firewalls: Unauthenticated User Can Crash the System
CVE-2026-20100
A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Se...
7.7
Cisco ASA and FTD Devices Can Crash from Malformed IKEv2 Traffic
CVE-2026-20049
A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco Secure Firewal...
7.7
Cisco Firewall Software: Remote DoS Attack Possible with Valid VPN Credentials
CVE-2026-20014
A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, remote attacker...
7.7
OpenClaw can read or modify files outside its workspace
GHSA-3jx4-q2m7-r496
### Summary
In certain workspace-restricted configurations, OpenClaw could follow hardlink aliases inside the workspace that reference files outside t...
7.6
Wi-Fi Port Stealing Technique Bypasses Network Isolation
CVE-2026-23809
A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationshi...
7.6
SVGO Can Crash or Stall with Malicious SVG Files
CVE-2026-29074
GHSA-xpqw-6gx7-v673
### Summary
SVGO accepts XML with custom entities, without guards against entity expansion or recursion. This can result in a small XML file (811 byt...
7.5
Traefik: Malicious requests can delete forwarded identity headers
CVE-2026-29054
GHSA-92mv-8f8w-wq52
## Impact
There is a potential vulnerability in Traefik managing the `Connection` header with `X-Forwarded` headers.
When Traefik processes HTTP/1.1...
7.5
cpp-httplib: Large Payload Can Cause CPU/Memory Overload
CVE-2026-28435
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib (httplib.h) does not enforce Server::se...
7.5
Apache Hono Node Server: Unauthorized Access to Protected Static Files
CVE-2026-29087
GHSA-wc8c-qw6v-h7f6
## Summary
When using @hono/node-server's static file serving together with route-based middleware protections (e.g. protecting `/admin/*`), inconsis...
7.5
Apache Hono allows unauthorized access to protected files
CVE-2026-29045
GHSA-q5qw-h33p-qvwr
## Summary
When using `serveStatic` together with route-based middleware protections (e.g. `app.use('/admin/*', ...)`), inconsistent URL decoding all...
7.5
Traefik: Stalled Connections Allow DOS Attacks
CVE-2026-26999
GHSA-xw98-5q62-jx94
## Impact
There is a potential vulnerability in Traefik managing TLS handshake on TCP routers.
When Traefik processes a TLS connection on a TCP rout...
7.5
Malformed Requests Can Crash Multer Server
CVE-2026-3520
GHSA-5528-5vmv-3xc2
Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a De...
8.7
DJI Drone: Remote Attack Can Disable WiFi Connection
CVE-2026-26673
An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to cause a denial of service via the DJI En...
7.5
Bird-LG-Go Traceroute Module Can Crash Due to Malicious Input
CVE-2026-26514
An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without val...
7.5
Dell PowerScale OneFS version 9.13.0.0: Unauthenticated Remote Lockout
CVE-2026-25907
Dell PowerScale OneFS, version 9.13.0.0, contains an overly restrictive account lockout mechanism vulnerability. An unauthenticated attacker with remo...
7.5
Red Hat Yggdrasil Worker Package Manager Updated to Fix Security Risk
RHSA-2026:3699
7.5
Red Hat Linux Kernel Security Update: Unauthorized Access Risk
RHSA-2026:3685
7.5
Red Hat Go Package Manager Macros Vulnerability
RHSA-2026:3669
7.5
Red Hat's Go RPM Macros Package Has Security Flaw
RHSA-2026:3668
7.5
JS Help Desk plugin for WordPress allows malicious access to database
CVE-2023-7337
The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus...
7.5
SEPPmail Secure Email Gateway: PGP Data Exposure
CVE-2026-2747
SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing...
6.9
SEPPmail Email Gateway: Malicious Email Source Spoofing
CVE-2026-27444
SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict wi...
7.8
SEPPmail Secure Email Gateway: Unsanitized S/MIME Header Injection
CVE-2026-27443
SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker t...
8.2
SEPPmail Gateway Exposes Encrypted Email Attachments to Malicious Access
CVE-2026-27442
The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, a...
9.3