Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 5 March 2026
RSS521 vulnerabilities published on 5 March 2026
Severity:
W3 Total Cache lets unauthorized users access restricted areas
CVE-2026-27384
Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly...
9.0
OpenClaw versions prior to 2026.2.14 allow attackers to execute malicious programs
CVE-2026-29610
GHSA-jqpq-mgvm-f9r6
OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PA...
7.7
Keycloak SAML Authentication Bypass Without Re-authentication
CVE-2026-3047
GHSA-8cr3-vpxx-92cx
A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (...
8.8
Frappe: Sensitive info can be stolen with crafted web requests
CVE-2026-29081
Frappe is a full-stack web application framework. Prior to versions 14.100.1 and 15.100.0, an endpoint was vulnerable to SQL injection through special...
8.8
Aranda Service Desk Web Edition allows attackers to run malicious code on the server
CVE-2025-70995
An issue in Aranda Service Desk Web Edition (ASDK API 8.6) allows authenticated attackers to achieve remote code execution due to improper validation ...
8.8
FreePBX Recording Module Allows Malicious Code Execution
CVE-2026-28287
FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, multiple command injection vul...
8.6
FreePBX Logfiles Module Allows Hackers to Manipulate System Data
CVE-2026-28284
FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several authenticated SQL injection vulne...
8.6
FreePBX Call Data Record Module Allows Malicious SQL Code Execution
CVE-2026-28210
FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr (Call Data Record) is vulnerable to SQL query injection. Th...
8.6
Tata Consultancy Services Cognix Recon Client v3.0 Privilege Escalation Risk
CVE-2026-26416
An authorization bypass vulnerability in Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to escalate privileges across r...
8.8
RustDesk Server allows unauthorized access to critical functions
CVE-2026-30784
Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-...
8.8
RustDesk Client on Multiple Platforms: Privilege Abuse Risk
CVE-2026-30783
A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop,...
8.8
Unauthenticated Plugin Installation Possible in WowOptin Plugin for WordPress
CVE-2026-1720
The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrar...
8.8
PostgreSQL Database Software Has Security Updates Available
RHSA-2026:3730
8.8
WeDesignTech Ultimate Booking Addon: Unauthorized Access to Accounts
CVE-2026-27390
Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booki...
8.8
NextScripts Social Auto Poster May Allow Malicious Data Injection
CVE-2026-27379
Deserialization of Untrusted Data vulnerability in NextScripts NextScripts social-networks-auto-poster-facebook-twitter-g allows Object Injection.This...
8.8
Car Zone WordPress Theme Allows Hackers to Inject Malicious Code
CVE-2026-27338
Deserialization of Untrusted Data vulnerability in AivahThemes Car Zone carzone allows Object Injection.This issue affects Car Zone: from n/a through ...
8.8
PowerPress Podcasting: Untrusted Data Causes Unwanted Code to Run
CVE-2026-23798
Deserialization of Untrusted Data vulnerability in blubrry PowerPress Podcasting powerpress allows Object Injection.This issue affects PowerPress Podc...
8.8
Designthemes Dental Clinic software has a security risk with untrusted data
CVE-2026-22473
Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/...
8.8
Apple Products: Memory Corruption from Malicious Web Content
CVE-2023-43000
Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lea...
8.8
KEV
Gogs: Malicious links can inject code in issue comments
CVE-2026-26022
GHSA-xrcr-gmf5-2r8j
### Summary
A Stored Cross-site Scripting (XSS) vulnerability exists in the comment and issue description functionality. The application's HTML saniti...
8.7
xgrammar: Malicious input can crash the application
CVE-2026-25048
GHSA-7rgv-gqhr-fxg3
### Summary
The multi-level nested syntax caused a segmentation fault (core dump).
### Details
A trigger stack overflow or memory exhaustion was c...
8.7
RustDesk Server Pro Exposes Address Book Passwords in Plain Text
CVE-2026-30796
Cleartext Transmission of Sensitive Information vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux ...
8.7
RustDesk Client leaks sensitive info in plain text
CVE-2026-30795
Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Androi...
8.7
RustDesk Server Pro uses weak encryption, exposing sensitive data
CVE-2026-3598
Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux...
8.7
RustDesk Client Leaks Sensitive Data Due to Weak Encryption
CVE-2026-30791
Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Andro...
8.7