CVE Vulnerabilities - 6 March 2026

Linux Kernel Vulnerability in Red Hat Enterprise Linux

RHSA-2026:3873

7.0

Red Hat Kernel Patches: Potential Data Exposure in Linux Kernel

RHSA-2026:3868

7.0

Critical Linux Kernel Patches for Red Hat Systems

RHSA-2026:3867

7.0

Red Hat Enterprise Linux kernel patches contain security fixes

RHSA-2026:3866

7.0

Red Hat Linux Kernel Patches Vulnerable to Remote Execution

RHSA-2026:3865

7.0

Red Hat Linux Kernel Patches Contain Security Fixes for Unauthorized Access

RHSA-2026:3848

7.0

Rocket.Chat: Unauthenticated attackers can access unauthorized user accounts

CVE-2026-30833

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and...

6.9

Windmill API allows unauthorized access to server files

CVE-2026-29059

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticate...

6.9

Critical Fix for Python 3.12 Released to Prevent Data Exposure

RHSA-2026:3900

6.8

Red Hat Python 3.12 Security Update: Potential Code Injection

RHSA-2026:3897

6.8

Ubuntu Linux: Unpatched Sockets Can Cause Local Privilege Escalation

UBUNTU-CVE-2025-13350

Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but backports upstream commit 8594d9b85c07 ("af_unix: Don’t call skb_get() for OOB sk...

6.6

Wekan exposes sensitive user data in versions 8.31.0 through 8.33

CVE-2026-30847

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the notificationUsers publication in Wekan publishes user docu...

9.3

Wekan custom board settings can be altered by unauthorized users

CVE-2026-30843

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 have a critical Insecure Direct Object Reference (IDOR) issue which coul...

9.3

QuickJS JavaScript Interpreter Can Crash with Malicious Input

CVE-2025-69653

A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09-13, fixed in commit 1dbba8a88eaa40d15a8a9b70bb1a0b8fb5...

6.5

Electric Vehicle Charging Station Credentials Exposed on Public Maps

CVE-2026-27777

Charging station authentication identifiers are publicly accessible via web-based mapping platforms....

6.9

Public Access to EV Charging Station Authentication Credentials

CVE-2026-27027

Charging station authentication identifiers are publicly accessible via web-based mapping platforms....

6.9

2-Plan Team 1.0.4 allows attackers to upload and run malicious PHP files

CVE-2018-25162

2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multip...

7.1

NFS Client on Red Hat Systems Can Be Tricked into Sending Credentials

RHSA-2026:3941

6.5

Red Hat NFS Utilities Security Update

RHSA-2026:3940

6.5

Critical Security Fix for Red Hat's NFS Utilities

RHSA-2026:3938

6.5

Red Hat JBoss Web Server 6.2.0 Security Update Needed

RHSA-2026:2740

6.5

Kimai Time-Tracking: Insecure Access to Customer Invoices

CVE-2026-28685 GHSA-v33r-r6h2-8wr7

Kimai is a web-based multi-user time-tracking application. Prior to version 2.51.0, "GET /api/invoices/{id}" only checks the role-based view_invoice p...

6.5

Chartbrew: Users can access other users' charts without permission

CVE-2026-25877

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1,...

6.5

MarkUs allows malicious zip files to bypass size and entry limits

CVE-2026-25962

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without...

6.5

Acronis Cyber Protect: Sensitive Data Leaked by Insufficient Access Controls

CVE-2026-28715

Sensitive information disclosure due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) ...

6.5