CVE Vulnerabilities - 5 March 2026

OpenClaw's BlueBubbles Plugin Exposes Webhooks to Unauthorized Access

CVE-2026-29613 GHSA-xc7w-v5x6-cc87

OpenClaw versions prior to 2026.2.12 contain a vulnerability in the BlueBubbles (optional plugin) webhook handler in which it authenticates requests b...

8.2

Fonoster: attackers can read sensitive files

CVE-2024-43035 GHSA-9fv2-c7v6-p45w

Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:file or /tts/:file VoiceServer endpoint. This occu...

5.8

WP Booking System Exposes Sensitive Data in Sent Information

CVE-2025-68515

Insertion of Sensitive Information Into Sent Data vulnerability in Roland Murg WP Booking System wp-booking-system allows Retrieve Embedded Sensitive ...

5.8

OpenClaw Installation Can Write Malicious Files Outside Its Folder

CVE-2026-28486 GHSA-v892-hwpg-jwqp

OpenClaw versions 2026.1.16-2 prior to 2026.2.14 contain a path traversal vulnerability in archive extraction during installation commands that allows...

6.8

OpenClaw: Authorized access can read sensitive local files

CVE-2026-28463 GHSA-xvhf-x56f-2hpp

OpenClaw exec-approvals allowlist validation checks pre-expansion argv tokens but execution uses real shell expansion, allowing safe bins like head, t...

8.6

Email Application Fails to Verify Sender Identity

CVE-2026-28548

Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidential...

5.5

Apache Web Server Uninitialized Pointer Access Vulnerability

CVE-2026-28547

Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability....

5.5

Outdated Scanning Module in [Software Name] Can Crash or Freeze

CVE-2026-28546

Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability....

5.5

Apache Kafka Service Permission Bypass Allows Unauthorized Access

CVE-2026-28542

Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability....

5.5

Android Cellular Data Module Has a Permission Issue

CVE-2026-28541

Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of this vulnerability may affect availability....

5.5

Adobe Acrobat Certificate Management Module Data Exposure

CVE-2026-28539

Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confident...

5.5

Adobe Acrobat Reader Certificate Management Path Traversal

CVE-2026-28538

Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability....

5.5

Windows Vulnerability: Double Free in Window Module

CVE-2026-28537

Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability....

5.5

Apache Airflow Resource Scheduling Module Security Risk

CVE-2025-66319

Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity...

5.5

IDC SFX2100 Satellite Receiver: Elevated Privileges via Misconfigured Utility

CVE-2026-29122

International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility installed with the setuid bit set. This configuration g...

8.3

OpenClaw Browser Relay allows unauthorized access to sensitive data

CVE-2026-28458 GHSA-mr32-vwc2-5j6h

OpenClaw version 2026.1.20 prior to 2026.2.1 contains a vulnerability in the Browser Relay (extension must be installed and enabled) /cdp WebSocket en...

7.4

MarkUs: Unsanitized File Content Exposed in Student Submissions

CVE-2026-28405

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.1, the courses/<:course_id>/assignments/<:assi...

5.4

Mercurius: Malicious requests can bypass security checks

GHSA-v66j-6wwf-jc57 CVE-2025-64166

### Summary A Cross-Site Request Forgery (CSRF) vulnerability was identified in Mercurius versions 16. The issue arises from incorrect parsing of the...

5.4

Leantime allows hackers to inject malicious HTML in user profiles

GHSA-qrfh-cc86-vc8c

### Summary Leantime v2.3.27 is vulnerable to Stored HTML Injection. The `firstname` and `lastname` fields in the admin user edit page are rendered wi...

5.4

Koha News function allows arbitrary code execution

CVE-2026-26377

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function....

5.4

Checkmk deletes data when user has insufficient permissions

UBUNTU-CVE-2026-3103

A logic error in the remove_password() function in Checkmk GmbH's Checkmk versions <2.4.0p23, <2.3.0p43, and 2.2.0 (EOL) allows a low-privileged user ...

7.6

OpenClaw with Matrix plugin: Bypassing allowed identities

CVE-2026-28471 GHSA-rmxw-jxxx-4cpc

OpenClaw version 2026.1.14-1 prior to 2026.2.2, with the Matrix plugin installed and enabled, contain a vulnerability in which DM allowlist matching c...

6.3

Fastify Fails to Reject Malformed Content-Type Headers

CVE-2026-3419 GHSA-573f-x89g-hqp9

# Description Fastify incorrectly accepts malformed `Content-Type` headers containing trailing characters after the subtype token, in violation of [R...

5.3

OliveTin allows unauthenticated server crashes by exploiting invalid API calls

GHSA-fwhj-785h-43hh

### Summary An unauthenticated attacker can trigger server-side panics by first creating an execution log entry with a nil binding via `StartActionByG...

5.3

Gogs API: Access Tokens Can Be Exposed in URLs

CVE-2026-26196 GHSA-x9p5-w45c-7ffc

### Summary The Gogs API still accepts tokens in URL parameters such as `token` and `access_token`, which can leak through logs, browser history, and...

6.9