Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 5 March 2026
RSS521 vulnerabilities published on 5 March 2026
Severity:
SeppMail: Attackers can upload files to any location on the server
CVE-2026-2743
Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfe...
10.0
SUSE Linux Server Firewall Rules Not Enforced Due to Kernel Flaw
CVE-2026-25702
A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via ...
9.8
Good Energy ThemeREX: Untrusted Data Can Cause Malicious Execution
CVE-2026-28105
Deserialization of Untrusted Data vulnerability in ThemeREX Good Energy goodenergy allows Object Injection.This issue affects Good Energy: from n/a th...
9.8
Untrusted Data Deserialization in Pizza House ThemeREX Plugin
CVE-2026-28074
Deserialization of Untrusted Data vulnerability in ThemeREX Pizza House pizzahouse allows Object Injection.This issue affects Pizza House: from n/a th...
9.8
ThemeREX Healer Theme Allows Access to Unapproved Files
CVE-2026-28043
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Healer - Doctor, Cli...
9.8
LMS Elementor Pro Privilege Escalation Risk
CVE-2026-27983
Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS El...
9.8
Dentario ThemeREX Dentario: Untrusted Data Deserialization Risk
CVE-2026-27439
Deserialization of Untrusted Data vulnerability in ThemeREX Dentario dentario allows Object Injection.This issue affects Dentario: from n/a through <=...
9.8
Kingler ThemeREX Plugin: Malicious Data Injection via Deserialization
CVE-2026-27438
Deserialization of Untrusted Data vulnerability in ThemeREX Kingler kingler allows Object Injection.This issue affects Kingler: from n/a through <= 1....
9.8
Tennis Club Plugin Allows Attackers to Inject Malicious Code
CVE-2026-27437
Deserialization of Untrusted Data vulnerability in ThemeREX Tennis Club tennis-sportclub allows Object Injection.This issue affects Tennis Club: from ...
9.8
SeventhQueen Sweet Date allows malicious data injection
CVE-2026-27417
Deserialization of Untrusted Data vulnerability in SeventhQueen Sweet Date sweetdate allows Object Injection.This issue affects Sweet Date: from n/a t...
9.8
WeDesignTech Ultimate Booking Addon: Unsecured Alternate Authentication Route
CVE-2026-27389
Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booki...
9.8
Epson ESC/POS Printer Language Allows Unauthorized Access
CVE-2026-23767
ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not ...
9.8
Mounthood Software Allows Untrusted Data to Execute Code
CVE-2026-22501
Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a thro...
9.8
Jardi <= 1.7.2 Allows Untrusted Data to Execute Code Remotely
CVE-2026-22497
Deserialization of Untrusted Data vulnerability in AncoraThemes Jardi jardi allows Object Injection.This issue affects Jardi: from n/a through <= 1.7....
9.8
AxiomThemes Estate estate: Untrusted Data Can Execute Malicious Code
CVE-2026-22475
Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through <= 1....
9.8
ThemeREX Equestrian Centre equestrian-centre allows Untrusted Data to be Executed
CVE-2026-22474
Deserialization of Untrusted Data vulnerability in ThemeREX Equestrian Centre equestrian-centre allows Object Injection.This issue affects Equestrian ...
9.8
Solaris ThemeREX Solaris Deserialization Vulnerability Exposes Data
CVE-2026-22454
Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through <= 2....
9.8
Pets Club ThemeREX Pets Club allows malicious data injection
CVE-2026-22453
Deserialization of Untrusted Data vulnerability in ThemeREX Pets Club petclub allows Object Injection.This issue affects Pets Club: from n/a through <...
9.8
Untrusted Data Can Be Injected into Handyman via Deserialization
CVE-2026-22451
Deserialization of Untrusted Data vulnerability in AncoraThemes Handyman handyman-services allows Object Injection.This issue affects Handyman: from n...
9.8
ThemeREX Classter: Untrusted Data Can Be Injected
CVE-2025-54001
Deserialization of Untrusted Data vulnerability in ThemeREX Classter classter allows Object Injection.This issue affects Classter: from n/a through <=...
9.8
Compress::Raw::Zlib: Insecure zlib versions may expose sensitive data
CVE-2026-3381
Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib.
Compress::Raw::Zlib includes a copy of the zlib librar...
9.8
UnQLite for Perl versions 0.06 and earlier: Potential Data Corruption
CVE-2026-3257
UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library.
UnQLite for Perl embeds the UnQLite library. Vers...
9.8
Plack::Middleware::Session::Simple generates insecure session IDs for Perl
CVE-2025-40926
Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely.
The default session id generator returns a SHA-1 h...
9.8
Rockwell Studio 5000 Software Allows Unauthorized Access to Controllers
CVE-2021-22681
Multiple Rockwell products contain an insufficient protected credentials vulnerability. Studio 5000 Logix Designer software may allow a key to be disc...
9.8
KEV
Hikvision Products Let Attackers Access Sensitive Data
CVE-2017-7921
Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system an...
9.8
KEV