Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 9 March 2026
RSS257 vulnerabilities published on 9 March 2026
Severity:
Twake: Unvalidated Input Can Execute Malicious Commands
CVE-2025-70039
An issue pertaining to CWE-78: Improper Neutralization of Special Elements used in an OS Command was discovered in linagora Twake v2023.Q1.1223....
9.8
Miazzy oa-front-service Allows Execution of Untrusted Code
CVE-2025-70046
An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-front-service master....
9.8
ThermaKube Master Allows Malicious Requests to Access Unintended Network Locations
CVE-2025-70042
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master....
9.8
Tiandy Easy7 CMS: Unsecured Data Exposure through Remote SQL Injection
CVE-2026-3818
A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manip...
6.9
OpenCC JFlow Calculates Malicious Data from Remote Attackers
CVE-2026-3813
A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. Affected by this vulnerability is the function Calculat...
5.3
Eventobot Allows Unsecured Access to Databases
CVE-2025-40639
A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases thro...
8.7
Apache IoTDB: Malicious Data Can Crash the Database
CVE-2026-24713
GHSA-6w48-2g9j-v9q5
Improper Input Validation vulnerability in Apache IoTDB.
This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7.
Users ar...
9.8
Apache IoTDB Has a Security Risk Due to Insecure Default Settings
CVE-2026-24015
GHSA-74cf-pgh9-m5q2
A vulnerability in Apache IoTDB.
This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7.
Users are recommended to upgrade...
9.8
Atop Technologies EHG2408 Switch Can Be Controlled Remotely
CVE-2026-3823
EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to con...
9.3
Delta Electronics COMMGR2: Data Disclosure and Code Execution Risk
CVE-2026-3630
Delta Electronics COMMGR2 has
Stack-based Buffer Overflow vulnerability....
9.8
Doramart DoraCMS 3.0.x allows remote file access
CVE-2026-3795
A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1...
5.3
DoraCMS 3.0.x Email API Remote Authentication Bypass
CVE-2026-3794
A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the component Em...
6.9
SolarWinds Web Help Desk Allows Malicious Code Execution
CVE-2025-26399
SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the ho...
9.8
KEV
Budibase: Attacker can read sensitive server files with malicious ZIP
CVE-2026-30240
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the...
9.6
Budibase Server API Endpoints Can Be Accessed Without Authentication
CVE-2026-31816
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Budibase server's authorized() mi...
9.1
Unauthorized uploads can modify web server settings and data
CVE-2025-41765
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary da...
9.1
Unauthorized Update Upload in Zabbix Web Interface
CVE-2025-41764
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary up...
9.1
Budibase: Malicious files can be uploaded via UI bypass
CVE-2026-25737
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerabilit...
9.0
FileBrowser Quantum: Malicious Scripts Can Run When Sharing Files
GHSA-r633-fcgp-m532
CVE-2026-30934
## Summary
Stored XSS is possible via share metadata fields (e.g., `title`, `description`) that are rendered into HTML for `/public/share/<hash>` with...
8.9
Ingress-Nginx Configuration Injection Allows Malicious Code Execution
CVE-2026-3288
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject confi...
8.8
Budibase: Creator Can Impersonate Tenant Admin or Owner
CVE-2026-25045
Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation...
8.7
SunbirdEd-portal: Unauthorized actions can be performed by attackers
CVE-2025-70031
An issue pertaining to CWE-352: Cross-Site Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4....
8.8
Linagora Twake allows malicious code execution through web input
CVE-2025-70038
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. This allows...
8.8
Apache Airflow HTTP Provider Allows Unauthorized Code Execution
CVE-2025-69219
GHSA-9r5j-7r2x-rv4g
A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB ...
8.8
Privileged user can escape jail by mounting nullfs filesystems
CVE-2025-15547
By default, jailed processes cannot mount filesystems, including nullfs(4). However, the allow.mount.nullfs option enables mounting nullfs filesystem...
8.8