Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 5 March 2026

RSS

523 vulnerabilities published on 5 March 2026

Severity:
OpenProject: Unauthenticated users can create project wiki pages
CVE-2026-27723
OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging...
5.3
SiteGuard WP Plugin allows CAPTCHA bypass
CVE-2026-27411
Guessable CAPTCHA vulnerability in jp-secure SiteGuard WP Plugin siteguard allows Functionality Bypass.This issue affects SiteGuard WP Plugin: from n/...
5.3
Inseri Core Software Allows Unauthorized Access Due to Poor Security Settings
CVE-2026-27344
Missing Authorization vulnerability in inseriswiss inseri core inseri-core allows Exploiting Incorrectly Configured Access Control Security Levels.Thi...
5.3
Twenty CRM: Unauthorized Access to Internal Network
CVE-2026-27023
Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request URLs at the request level but di...
5.0
uListing Path Traversal in Stylemix uListing ulisting
CVE-2026-28078
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Stylemix uListing ulisting allows Path Traversal.This ...
4.9
Apocalypse Meow plugin for WordPress allows attackers to steal sensitive data
CVE-2026-3523
The Apocalypse Meow plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 22.1.0. This is...
4.9
Agentgateway: Malicious Input Can Contaminate API Requests
CVE-2026-29791 GHSA-v2x6-wwfw-r2rq
### Summary When converting MCP `tools/call` request to OpenAPI request, input path, query, and header values are not sanitized. ### Details When u...
4.9
Device Security Management Module Unavailability Risk
CVE-2026-28551
Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability....
4.7
Web Server Permissions Can Be Incorrectly Set
CVE-2026-28549
Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability....
4.7
Apache HTTP Server: Unpredictable Behavior in Security Module
CVE-2026-28550
Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability....
4.7
Printer Module Crashes System When Printing
CVE-2026-28545
Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability....
4.7
Adobe Acrobat Prints Incorrect Pages Due to Printing Module Flaw
CVE-2026-28544
Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability....
4.7
MySQL Maintenance Module Can Crash Server
CVE-2026-28543
Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability....
4.7
IDC SFX2100 Satellite Receivers allow DNS tampering and man-in-the-middle attacks
CVE-2026-29125
IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local user, allowing DNS resolver tampering that can redire...
7.1
Octopus Server: API Keys Can Have Longer Lifetime Than Expected
CVE-2026-3236
In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lif...
2.3
WordPress Media Library Assistant Plugin Allows Unauthorized Data Changes
CVE-2026-3072
The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mla_updat...
4.3
NetApp ONTAP S3 NAS Buckets Leak Sensitive Directory Listings
CVE-2026-22052
ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an aut...
5.3
Flowise Password Hashes are Too Easy to Crack
GHSA-x2g5-fvc2-gqvp
### Description The default bcrypt salt rounds is set to 5, which is below the recommended minimum for security. ### Affected Code ``` export functio...
4.1
Stellar XDR's StringM from_str bypasses length limit
CVE-2026-29795 GHSA-x57h-xx53-v53w
### Impact `StringM::from_str` does not validate that the input length is within the declared maximum (`MAX`). Calling `StringM::<N>::from_str(s)` wh...
4.0
OpenClaw versions prior to 2026.2.13: Attackers can steal sensitive tokens
CVE-2026-28475 GHSA-47q7-97xp-m272
OpenClaw versions prior to 2026.2.13 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through tim...
6.3
Jetty Software May Misinterpret URLs
CVE-2025-11143 GHSA-wjpw-4j6x-6rwh
The Jetty URI parser has some key differences compared to other common parsers when evaluating invalid or unusual URIs. Specifically: #### Invalid Sc...
3.7
Ettercap 0.8.4-Garofalo: Data Exposure via Out-of-Bounds Read
CVE-2026-3606
A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segment of the file src/ettercap/ut...
4.8
Bluetooth Service Confidentiality Exposure
CVE-2026-28540
Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality....
3.3
HCL Sametime iOS App Leaks User Hostname Information
CVE-2026-21786
HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs....
3.3
Backstage: Malicious URLs Can Access Unauthorized GitHub, Bitbucket Data
GHSA-95v5-prp4-5gv5 CVE-2026-29185
### Impact A vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in f...
2.7
4 Mar 2026 All days 6 Mar 2026