Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 5 March 2026

RSS

523 vulnerabilities published on 5 March 2026

Severity:
Backstage Scaffolder Backend Exposes User Session Tokens
GHSA-8qp7-fhr9-fw53 CVE-2026-29184
### Impact A malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. The at...
2.0
CVE Rejected: This Vulnerability No Longer a Concern
CVE-2026-28484
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
Malicious time-sync package on crates.io steals sensitive files
GHSA-mh23-rw7f-v5pq
The `time-sync` crate attempted to exfiltrate `.env` files to a server that was in turn impersonating the legitimate `timeapi.io` service. This the sa...
Update Needed for libsoup2 to Prevent Web Server Attacks
SUSE-SU-2026:0834-1
This update for libsoup2 fixes the following issues: - CVE-2025-32049: denial of service attack to websocket server (bsc#1240751). - CVE-2026-1467: l...
Apache Libsoup: Malicious Web Requests and Leaked Credentials
SUSE-SU-2026:0833-1
This update for libsoup fixes the following issues: - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests ...
QEMU Security Update Fixes Memory Leaks and Adds New Features
SUSE-SU-2026:0832-1
This update for qemu fixes the following issues: Security issue: - CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto (bsc#1255400). N...
OpenVPN Security Update: Denial of Service Risk Mitigated
SUSE-SU-2026:0831-1
This update for openvpn fixes the following issues: - Updated to version 2.6.10 that fixes: * CVE-2025-13086: improper validation of IP addresses t...
OpenVPN Security Update Fixes Denial of Service Risk
This update for openvpn fixes the following issues: - Updated to version 2.6.10 that fixes: * CVE-2025-13086: improper validation of IP addresses t...
Arbitrary code execution in OCaml readblock() function
This update for ocaml fixes the following issues: - CVE-2026-28364: missing bounds validation in readblock() can lead to arbitrary code execution (bs...
Missing Bounds Validation in OCaml's readblock() Function
SUSE-SU-2026:0830-1
This update for ocaml fixes the following issues: - CVE-2026-28364: missing bounds validation in readblock() can lead to arbitrary code execution (bs...
Gnutls update fixes resource consumption and other issues
This update for gnutls fixes the following issues: Security issue: - CVE-2025-14831: excessive resource consumption when verifying specially crafted...
Gnutls update fixes certificate verification and resource issue
SUSE-SU-2026:0829-1
This update for gnutls fixes the following issues: Security issue: - CVE-2025-14831: excessive resource consumption when verifying specially crafted...
Python Authlib Security Update Prevents Account Takeover
This update for python-Authlib fixes the following issues: - CVE-2025-68158: Fixed 1-click account takeover in applications that use the Authlib libr...
Python Authlib Security Update: Prevents Account Takeovers
SUSE-SU-2026:0828-1
This update for python-Authlib fixes the following issues: - CVE-2025-68158: Fixed 1-click account takeover in applications that use the Authlib libr...
Memory Overflow Risk in glibc-livepatches
SUSE-SU-2026:0827-1
This update for glibc-livepatches fixes the following issues: - CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an int...
Expat XML Parser Security Update: Prevents Data Corruption and Crashes
This update for expat fixes the following issues: - CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144) - CVE-2...
Expat XML Parsing Security Error: Data Exposure
SUSE-SU-2026:0826-1
This update for expat fixes the following issues: - CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144) - CVE-2...
PHP Composer update fixes terminal code injection risk
This update for php-composer2 fixes the following issues: CVE-2025-67746: Fixed ANSI control characters injection in the terminal output of various...
PHP Composer Update Protects Against Malicious Terminal Output
SUSE-SU-2026:0825-1
This update for php-composer2 fixes the following issues: CVE-2025-67746: Fixed ANSI control characters injection in the terminal output of various...
openCryptoki Privilege Escalation and Data Exposure
SUSE-SU-2026:0824-1
This update for openCryptoki fixes the following issues: - CVE-2026-23893: Fixed privilege escalation or data exposure via symlink following (bsc#125...
Zoom Desktop Client: Unauthenticated Code Execution via Specially Crafted File
MINI-hpp3-9ccv-ff4x
CGA-p6mm-848f-wjwh
CGA-p6mm-848f-wjwh
CGA-p6mm-848f-wjwh
Apache HTTP Server Allows Remote Code Execution
ECHO-0638-253e-d3ec
RadiusTheme Metro Software Allows Malicious File Access
CVE-2026-27383
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Metro metro allow...
4 Mar 2026 All days 6 Mar 2026