Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 9 March 2026

RSS

257 vulnerabilities published on 9 March 2026

Severity:
AzuraCast: Untrusted User Input Can Run Malicious Code
GHSA-93fx-5qgc-wr38
## Summary AzuraCast's `ConfigWriter::cleanUpString()` method fails to sanitize Liquidsoap string interpolation sequences (`#{...}`), allowing authen...
8.7
Glances Exposes Sensitive Configuration Settings Online
GHSA-gh4x-f7cq-wwx6 CVE-2026-30928
### Summary The /api/4/config REST API endpoint returns the entire parsed Glances configuration file (glances.conf) via self.config.as_dict() with no ...
8.7
Nltk 3.9.2 allows attackers to read any file on your system
DEBIAN-CVE-2026-0846
A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation o...
8.6
Nltk 3.9.2 allows attackers to access sensitive system files
CVE-2026-0846
A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation o...
8.6
Archer AXE75 Router Vulnerable to Remote Code Execution from Neighboring Network
CVE-2025-15568
A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network ...
8.5
Quinn Denial of Service via Bad QUIC Parameters
CVE-2026-31812 GHSA-6xvm-j4wr-6v98 RUSTSEC-2026-0037
Receiving QUIC transport parameters containing invalid values could lead to a panic. Unfortunately the maintainers did not properly assess usage of `...
8.3
PJSIP Library Allows Unauthorized Access to Audio Streams
UBUNTU-CVE-2026-28799
(PJSIP is a free and open source multimedia communication library writt ...)...
8.3
PJSIP Library Exposes Sensitive Information to Unauthenticated Users
UBUNTU-CVE-2026-29068
(PJSIP is a free and open source multimedia communication library writt ...)...
8.3
Immutable.js: Prototype Pollution in Merge Functions
UBUNTU-CVE-2026-29063
Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutab...
8.3
FreshRSS password verification fails due to incorrect nonce length
CVE-2025-68402
FreshRSS is a free, self-hostable RSS aggregator. From 57e1a37 - 00f2f04, the lengths of the nonce was changed from 40 chars to 64. password_verify() ...
8.2
Netmaker: Unauthorized Access to Other Hosts with Valid Token
CVE-2026-29194 GHSA-hmqr-wjmj-376c
The Authorise middleware in Netmaker incorrectly validates host JWT tokens. When a route permits host authentication (hostAllowed=true), a valid host ...
8.6
Apache HTTP Server: Unauthenticated File Writing in Unused API Endpoint
CVE-2025-41756
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files o...
8.1
Caddy Server: Identity Injection in Forward Auth
UBUNTU-CVE-2026-30851
Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forward_auth copy_headers does not stri...
8.1
MobaXterm Prior to 26.1 Allows Malicious Files to Run as Notepad++
CVE-2026-25866
MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without...
8.5
Red Hat Linux Kernel Updated to Fix Security Flaws
RHSA-2026:4011
7.8
Red Hat Linux Kernel Update Fixes Security Flaws
RHSA-2026:3966
7.8
Red Hat Linux Kernel RT: Privilege Escalation Risk
RHSA-2026:3964
7.8
Red Hat Linux Kernel Update Fixes Security Flaw
RHSA-2026:3963
7.8
Ubuntu Backup Server Service Account Privilege Escalation Risk
CVE-2025-41761
A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. This...
7.8
Qsee Client installer can run malicious code with admin rights
CVE-2026-30896
The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). When a user is directed to place some malicious ...
8.4
Qi-ANXIN QAX Virus Removal allows malicious processes to run unchecked
CVE-2026-3796
A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 2025-10-22. The affected element is the function ZwTerminateProcess in the library ...
4.8
Caddy Server Leaks Sensitive Data from User- Controlled Input
UBUNTU-CVE-2026-30852
Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the vars_regexp matcher in vars.go:337 d...
7.8
Node.js Tar Library Fails to Prevent File Overwrite
UBUNTU-CVE-2026-29786
node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction d...
7.6
Zabbix: Authenticated User Can Write Arbitrary Hosts
UBUNTU-CVE-2026-23925
(An authenticated Zabbix user (User role) with template/host write perm ...)...
7.6
Sunbird-Ed SunbirdEd-portal Path Traversal Risk
CVE-2025-70028
An issue pertaining to CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') was discovered in Sunbird-Ed SunbirdEd-p...
7.5
8 Mar 2026 All days 10 Mar 2026