Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 5 March 2026
RSS523 vulnerabilities published on 5 March 2026
Severity:
Out-of-bounds write vulnerability in IMS module affects availability
CVE-2026-28552
Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability....
7.5
Frenify Guff: Incorrect Access Control Exposes Sensitive Data
CVE-2026-28076
Missing Authorization vulnerability in Frenify Guff guff allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gu...
7.5
wpDataTables allows hackers to access your server files
CVE-2026-28039
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpDataTables wpDataTables wpd...
7.5
My Tickets: Leaks Sensitive Data from Sensitive Inputs
CVE-2026-27406
Insertion of Sensitive Information Into Sent Data vulnerability in Joe Dolson My Tickets my-tickets allows Retrieve Embedded Sensitive Data.This issue...
7.5
DesignThemes Booking Manager: Incorrect Access Controls Allow Unauthorized Actions
CVE-2026-27388
Missing Authorization vulnerability in designthemes DesignThemes Booking Manager designthemes-booking-manager allows Exploiting Incorrectly Configured...
7.5
DesignThemes Directory Addon: Unauthorized Access to Admin Panels
CVE-2026-27386
Missing Authorization vulnerability in designthemes DesignThemes Directory Addon designthemes-directory-addon allows Exploiting Incorrectly Configured...
7.5
WooCommerce Order Details Access Control Failure
CVE-2026-27374
Missing Authorization vulnerability in vanquish WooCommerce Order Details woocommerce-order-details allows Exploiting Incorrectly Configured Access Co...
7.5
Chaty Chat Software Exposes Sensitive Data from Embedded Content
CVE-2026-27370
Insertion of Sensitive Information Into Sent Data vulnerability in Premio Chaty chaty allows Retrieve Embedded Sensitive Data.This issue affects Chaty...
7.5
WebCodingPlace Responsive Posts Carousel Pro allows unauthorized access to content
CVE-2026-27361
Missing Authorization vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows Exploiting Incorrectly Config...
7.5
Easy Post Submission: Incorrect Access Control Lets Attackers Post Without Permission
CVE-2026-22479
Missing Authorization vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows Exploiting Incorrectly Configured Access Control Sec...
7.5
ionCube tester plus allows unauthorized access to sensitive files
CVE-2025-69411
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Robert Seyfriedsberger ionCube tester plus ioncube-tes...
7.5
WeDesignTech Ultimate Booking Addon: Unsecured Access to Sensitive Information
CVE-2025-69340
Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Exploiting Incorrec...
7.5
ZeptoClaw Android Shell Bypass Risk on Android Devices
GHSA-hhjv-jq77-cmvx
### Summary
[zeptoclaw](https://github.com/qhkm/zeptoclaw) implements a [blocklist](https://github.com/qhkm/zeptoclaw/blob/fe2ef07cfec5bb46b42cdd65f52...
7.5
Gogs: Malicious Milestone Names Can Steal Data and Take Control of Issues
CVE-2026-26276
GHSA-vgjm-2cpf-4g7c
# Summary
It was confirmed in a test environment that an attacker can store an HTML/JavaScript payload in a repository’s **Milestone name**, and when...
7.3
Gogs: Malicious Tag Names Can Crash Release Deletion
CVE-2026-26194
GHSA-v9vm-r24h-6rqm
### Summary
There is a security issue in Gogs where deleting a release can fail if a user-controlled tag name is passed to Git without the right sepa...
8.8
Directory Pro can let unauthorized users access sensitive data
CVE-2026-27396
Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.T...
7.3
dbt-common's commonprefix() doesn't protect against path traversal
CVE-2026-29790
GHSA-w75w-9qv4-j5xj
### Impact
_What kind of vulnerability is it? Who is impacted?_
A path traversal vulnerability exists in dbt-common's `safe_extract()` function used ...
7.3
SUSE Linux Server Firewall Rules Not Applied Due to Kernel Flaw
UBUNTU-CVE-2026-25702
A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via ...
7.3
OpenClaw Gateway Allows Unintended Code Execution via Configured Hook Module Paths
CVE-2026-28456
GHSA-v6c6-vqqg-w888
OpenClaw versions 2026.1.5 prior to 2026.2.14 contain a vulnerability in the Gateway in which it does not sufficiently constrain configured hook modul...
8.6
Frappe: Unapproved images can harm users through website comments
CVE-2026-28436
Frappe is a full-stack web application framework. Prior to versions 16.11.0 and 15.102.0, an attacker can set a crafted image URL that results in XSS ...
5.3
FreePBX: Unsecured Code Execution via ElevenLabs TTS Engine
CVE-2026-28209
FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerabil...
7.5
Fluent Forms Pro plugin exposes admin pages to malicious scripts
CVE-2026-2365
The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fluentform_step_form_save_data` AJAX action in all ver...
7.2
Frappe: Malicious Document Sharing in Older Versions
CVE-2026-29077
Frappe is a full-stack web application framework. Prior to versions 15.98.0 and 14.100.0, due to a lack of validation when sharing documents, a user c...
7.1
Ubuntu Linux 6.8: Local Privilege Escalation via Garbage Collector
CVE-2025-13350
Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but backports upstream commit 8594d9b85c07 ("af_unix: Don’t call skb_get() for OOB sk...
7.1
Avira Internet Security Software Updater deletes files without checking links
CVE-2026-27748
Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged ...
8.5