Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 5 March 2026
RSS523 vulnerabilities published on 5 March 2026
Severity:
Evently theme allows unauthorized access to local files
CVE-2026-22394
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Evently evently...
8.1
Cortex Theme: Malicious Files Can Be Loaded from Local PC
CVE-2026-22392
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Cortex cortex a...
8.1
Mikado-Themes Cocco cocco Exposes Local Files via Malicious File Requests
CVE-2026-22389
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Cocco cocco all...
8.1
Mikado-Themes Aviana allows attackers to access local files
CVE-2026-22387
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Aviana aviana a...
8.1
Wolmart Theme: Malicious Files Can Be Included
CVE-2026-22385
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in don-themes Wolmart wolmart al...
8.1
Molla Theme Allows Access to Sensitive Files on Your Server
CVE-2025-69339
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in don-themes Molla molla allows...
8.1
Remons Theme Allows Malicious File Access on Local Server
CVE-2025-69090
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Remons remons allows...
8.1
Berger ThemeREX PHP File Inclusion Vulnerability
CVE-2025-53335
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Berger berger allows...
8.1
AVideo: Unauthenticated Access to Session Data via Memcached Port
CVE-2026-29093
GHSA-xxpw-32hf-q8v9
## Summary
The official `docker-compose.yml` publishes the memcached service on host port 11211 (`0.0.0.0:11211`) with no authentication, while the Do...
8.1
Pingora HTTP Proxy Framework Leaks Data Across Tenants
CVE-2026-2836
GHSA-f93w-pcj3-rggc
RUSTSEC-2026-0035
A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default cache key construction. The issue occurs because the defa...
8.4
OpenClaw: Unsecured File Copy in Sandbox Skill Mirroring
CVE-2026-28457
GHSA-xw4p-pw82-hqr7
OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring (must be enabled) that uses the skill frontmatt...
5.6
OpenClaw: Unauthenticated access to sensitive operations
CVE-2026-28485
OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthor...
7.5
Wincor Nixdorf wnBios64.sys driver: Unsecured data copying leads to system crash or takeover
CVE-2025-70616
A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x801020...
7.8
Avira Internet Security's System Speedup component allows arbitrary code execution
CVE-2026-27749
Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOp...
8.5
UPS Multi-UPS Management Console allows attackers to run malicious code with administrator rights
CVE-2026-26034
UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Incorrect Default Permissions (CWE-276) vulnerability that allows an atta...
8.5
SUID Binaries in International Data Casting SFX2100 Receiver
CVE-2026-29124
Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/...
8.6
IDC SFX2100 SUID Binary Allows Local Privilege Escalation on Linux
CVE-2026-29123
A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux allows a local actor to potentially pref...
8.6
IDC SFX2100 Satellite Receiver Allows Local Privilege Escalation
CVE-2026-29121
International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility installed with the setuid bit set. This configuration gr...
8.3
Apple iOS and iPadOS: Malicious Apps Can Steal Data
CVE-2023-41974
Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges....
7.8
KEV
Apple Products: Malicious Web Content Can Execute Arbitrary Code
CVE-2021-30952
Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web...
7.8
KEV
OpenClaw Sandbox Browser Bridge Allows Local Privilege Escalation
CVE-2026-28468
GHSA-h9g4-589h-68xv
OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.14 contain a vulnerability in the sandbox browser bridge server in which it accepts requests withou...
8.5
OpenClaw versions prior to 2026.2.14: Malicious media inputs can cause memory issues
CVE-2026-29612
GHSA-w2cg-vxx6-5xjg
OpenClaw versions prior to 2026.2.14 decode base64-backed media inputs into buffers before enforcing decoded-size budget limits, allowing attackers to...
6.8
OpenClaw versions before 2026.2.14 expose sensitive local files via BlueBubbles media handling
CVE-2026-29611
GHSA-rwj8-p9vq-25gv
OpenClaw versions prior to 2026.2.14 contain a local file inclusion vulnerability in BlueBubbles extension (must be installed and enabled) media path ...
8.2
OpenClaw versions before 2026.2.14: Large responses can cause system crashes
CVE-2026-29609
GHSA-j27p-hq53-9wgc
OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the fetchWithGuard function that allocates entire response payloads ...
8.7
Google Chat Monitor in OpenClaw has a Webhook Routing Flaw
CVE-2026-28469
GHSA-rq6g-px6m-c248
OpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat monitor component that allows cross-account policy con...
8.2