CVE Vulnerabilities - 4 March 2026

Dell PowerScale OneFS: Local Attackers Can Gain Unauthorized Access

CVE-2026-21423

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect default permissions vulnerability. A h...

6.7

Dell PowerScale OneFS: High Privilege Access Risk, Local Attack Possible

CVE-2026-21422

Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and versions 9.11.0.0 through 9.12.0.1, contains an external control of system or configurat...

6.7

Dell PowerScale OneFS: Unauthorized Access to Sensitive Data

CVE-2026-21421

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerabil...

6.7

SwiftDialog Credentials Exposed on Reinstall or Erase

CVE-2025-70342

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthentica...

6.6

Unauthorized access to files in BlueSpice due to incorrect permissions

CVE-2026-24732

Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice...

6.6

Hono SSE Helper Allows Malicious Data Injection

CVE-2026-29085 GHSA-p6xx-57qc-3wxr

## Summary When using `streamSSE()` in Streaming Helper, the `event`, `id`, and `retry` fields were not validated for carriage return (`\r`) or newli...

6.5

Cloudflare Worker SSRF: Malicious Content Can Be Served Through Your Site

CVE-2026-3125 GHSA-c7mq-gh6q-6q7c

A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in...

7.7

Cisco Secure Firewall FTD Device Can Crash After Malicious Command

CVE-2026-20064

A vulnerability in of Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to cause the device to unexpect...

6.5

Cisco Secure FMC Software Allows Remote SQL Injection Attacks with Valid Credentials

CVE-2026-20001

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affe...

6.5

2N Access Commander: Malformed Requests Cause Server Errors

CVE-2025-59787

2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated reque...

5.3

Linux NFSv3 Clients Can Access Sensitive Directories

CVE-2025-12801

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privil...

6.5

Gutena Forms Plugin on WordPress Allows Unauthorized Data Changes

CVE-2026-1674

The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized ...

6.5

WP-Members Plugin for WordPress Allows Hackers to Access Sensitive Data

CVE-2026-2363

The WP-Members Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'order_by' attribute of the [wpmem_user_membership_posts]...

6.5

IDC SFX Series Web Portal Allows File Traversal Attack

CVE-2026-28769

A path traversal vulnerability exists in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex S...

5.3

CKEditor 5 allows malicious code to run on websites

CVE-2026-28343 GHSA-jrqm-vmqc-gm93

### Impact A Cross-Site Scripting (XSS) vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered b...

6.4

WordPress My Calendar Plugin Allows Attackers to Inject Malicious Code

CVE-2026-2355

The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template` attribute of the `[my_...

6.4

Envira Gallery for WordPress allows attackers to inject malicious scripts

CVE-2026-1236

The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justified_gallery_theme' parameter in all ...

6.4

Malicious input could harm Open OnDemand Files app users

CVE-2026-26002

Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible ...

6.3

Cisco ASA and FTD Software: Malicious OSPF Packets Can Crash Devices

CVE-2026-20023

A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD...

6.1

Cisco Firewalls Can Crash with Malicious OSPF Packets

CVE-2026-20022

A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent atta...

6.1

Cisco Webex: Unauthenticated XSS Attack Possible via Malicious Link

CVE-2026-20149

A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addres...

6.1

Cisco Firewall Software: SAML SSO Vulnerability Exposes Browser Data

CVE-2026-20102

A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Soft...

6.1

Cisco Firewall Software: Attackers can hijack VPN user's browser

CVE-2026-20070

A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat...

6.1

Simple Job Script allows hackers to inject malicious scripts in web browsers

CVE-2019-25502

Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ...

5.1

All-in-One Video Gallery plugin for WordPress allows attackers to inject malicious scripts

CVE-2026-1706

The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and in...

6.1