Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 6 March 2026

RSS

3213 vulnerabilities published on 6 March 2026

Severity:
Malformed Binary File Crashes objdump with Unending Warnings
CVE-2025-69646
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error i...
5.5
Binutils objdump crashes on malformed debug information
CVE-2025-69645
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in ...
5.5
Acronis Cyber Protect 17 Exposes Sensitive Data Due to Browser Misconfiguration
CVE-2026-28725
Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 (L...
5.5
WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection
GHSA-67q9-58vj-32qx CVE-2026-30856
### Summary A vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution...
5.4
OliveTin: Persistent access after logging out
CVE-2026-30224 GHSA-gq2m-77hf-vwgh
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions whe...
5.4
Kestra Execution-File Preview Allows Malicious HTML Injection
CVE-2026-29082
Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown (....
5.4
Gokapi Server: Demoted User Can Still Access Sensitive Features
CVE-2026-29061 GHSA-q658-hfpg-35qc
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a privilege escalation vulnerabi...
5.4
Chartbrew before 4.8.4 allows hackers to steal user accounts
CVE-2026-27605
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4,...
5.4
Chamilo Learning Management System: Malicious Scripts Can Run in Admins' Browsers
CVE-2025-59540
Chamilo is a learning management system. Prior to version 1.11.34, a stored XSS vulnerability exists in Chamilo LMS that allows a staff account to exe...
6.4
MimeKit: CRLF Injection in Mail Addresses Can Harm Emails
CVE-2026-30227 GHSA-g7hc-96xr-gvvx
MimeKit is a C# library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension (MIME), as defined b...
6.9
Vercel Workflow: Easily Guessable Tokens Leave Workflows Open to Attack
GHSA-9r75-g2cr-3h76
`createWebhook()` in Vercel Workflow DevKit accepts a user-specified `token` parameter that serves as the credential for the public webhook endpoint `...
5.3
Vercel Workflow Tokens Can Be Guessable, Allowing Unauthorized Access
GHSA-9r75-g2cr-3h76
`createWebhook()` in Vercel Workflow DevKit accepts a user-specified `token` parameter that serves as the credential for the public webhook endpoint `...
5.3
Cryptomator Leaks Cloud Data Paths in Log Files Before Version 1.19.0
CVE-2026-29110
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.0, in non-debug mode Cryptomator might leak cleartext paths into...
5.3
Navtor NavBox exposes internal server information to attackers
CVE-2026-2752
Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticated attacker can send crafted requests to trigger an...
5.3
Easyndexer 1.0: Attackers can create admin accounts without a password
CVE-2018-25190
Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitti...
6.9
Tina4 Stack 1.0.3: Unauthenticated Admin Account Changes
CVE-2018-25186
Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST...
6.9
Data Center Audit 2.6.2 allows attackers to reset admin passwords without permission
CVE-2018-25177
Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authenticat...
6.9
ABC ERP 0.6.4: Attackers Can Change Admin Credentials Online
CVE-2018-25174
ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged reque...
6.9
pypdf PDFs Can Cause Slow Performance
CVE-2026-28804 GHSA-9m86-7pmv-2852
pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads t...
6.9
BELL-CVE-2026-23865
5.3
BELL-CVE-2026-23865
BELL-CVE-2026-23865
5.3
OpenSift Exposes Sensitive Information to Users
CVE-2026-28675
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, some endpoints r...
5.3
Talishar: Any User Can Access Game Features Without Logging In
CVE-2026-28428
Talishar is a fan-made Flesh and Blood project. Prior to commit a9c218e, an authentication bypass vulnerability in Talishar's game endpoint validation...
5.3
Greenshift Plugin Exposes Sensitive API Keys in Backup Files
CVE-2026-2589
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and inc...
5.3
Group-Office: Malicious Code Can Run in Your Browser
CVE-2026-30238
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflect...
5.1
5 Mar 2026 All days 7 Mar 2026