Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 9 March 2026
RSS257 vulnerabilities published on 9 March 2026
Severity:
Apache HTTP Server: Remote Code Execution via Malformed HTTP Request
CGA-m846-hwg2-33fg
Apache HTTP Server Allows Unauthorized Access to Sensitive Files
CVE-2025-33022
Rejected reason: The reporter agreed to not assign CVE ID...
Flask Web Application May Leak User Session Data
SUSE-SU-2026:0849-1
This update for python-Flask fixes the following issue:
- CVE-2026-27205: information disclosure due to Flask session not adding the `Vary: Cookie` h...
Flask Website Sessions Exposed to Unwanted Data Sharing
This update for python-Flask fixes the following issue:
- CVE-2026-27205: information disclosure due to Flask session not adding the `Vary: Cookie` h...
Python 3.4-3.14: Email, XML, and Plist Parsing Issues
USN-8018-2
USN-8018-1 fixed vulnerabilities in python3. That update introduced
regressions. The patches for CVE-2025-15366 and CVE-2025-15367 caused
behavior re...
Microsoft Windows Remote Desktop Services allows remote code execution
ECHO-17b7-25f0-56d7
TinyOBJ Library Can Crash with Bad Data
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=490598877
```
Crash type: Heap-buffer-overflow READ 1
Crash state:
tinyobj::tr...
TinyOBJ loader crashes with bad 3D file
OSV-2026-371
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=490598877
```
Crash type: Heap-buffer-overflow READ 1
Crash state:
tinyobj::tr...
PostgreSQL Security Update Fixes Critical Flaws
ALSA-2026:4024
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
* postgresql: PostgreSQL missing validation o...
Apache ZooKeeper: Attackers can impersonate servers with fake certificate
UBUNTU-CVE-2026-24281
Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control ...
Outdated MongoDB Driver for Python Puts Data at Risk on openSUSE Tumbleweed
openSUSE-SU-2026:10312-1
These are all security issues fixed in the python311-pymongo-4.16.0-1.1 package on the GA media of openSUSE Tumbleweed....
PostgreSQL: Missing Input Validation Can Execute Harmful Code
ALSA-2026:4110
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
* postgresql: PostgreSQL missing validation o...
Apache Struts Framework: Unrestricted File Upload
UBUNTU-CVE-2026-3632
[Unknown description]...
OpenSSL: Empty DNS name in certificate chain can crash verification
UBUNTU-CVE-2026-27138
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constr...
Multiple Email Address Constraints in Certificates Cause Incorrect Validation
UBUNTU-CVE-2026-27137
When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but di...
OpenSUSE Tumbleweed: Traefik 2.11.40-1.1 Fixes Security Issues
openSUSE-SU-2026:10314-1
These are all security issues fixed in the traefik2-2.11.40-1.1 package on the GA media of openSUSE Tumbleweed....
Unescaped URLs in Meta Tags Allow Cross-Site Scripting
UBUNTU-CVE-2026-27142
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attr...
Apache HTTP Server Remote Code Execution Vulnerability
UBUNTU-CVE-2026-3633
[Unknown description]...
Apache ZooKeeper 3.8.5 and 3.9.4: Sensitive client info exposed in logs
UBUNTU-CVE-2026-24308
Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive info...
Malicious binary files can cause Binutils to freeze
UBUNTU-CVE-2025-69644
An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malforme...
GNU Binutils readelf crashes when processing malformed ELF files
UBUNTU-CVE-2025-69650
GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT re...
Malformed ELF Binary Can Crash GNU Binutils' readelf Tool
UBUNTU-CVE-2025-69652
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abb...
WordPress Plugin 'WP Live Chat Support' Has a Security Weakness
UBUNTU-CVE-2026-3634
[Unknown description]...
Binutils objdump crashes when processing malformed debug data
UBUNTU-CVE-2025-69645
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in ...
PostgreSQL Database Software: Critical Security Updates Required
ALSA-2026:4059
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
* postgresql: PostgreSQL missing validation o...