Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 9 March 2026

RSS

257 vulnerabilities published on 9 March 2026

Severity:
Sunbird-Ed Portal: Inefficient Regular Expression Can Cause Slow Performance
CVE-2025-70030
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4....
7.5
FreshRSS: Anonymous users can view other users' feeds
CVE-2025-62166
FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication tokens, this restriction is b...
7.5
OpenClaw: Malicious Headers Sent to Wrong Server
GHSA-6mgf-v5j7-45cr
OpenClaw's `fetchWithSsrFGuard(...)` followed cross-origin redirects while preserving arbitrary caller-supplied headers except for a narrow denylist (...
7.5
OpenClaw: Forwarding Sensitive Headers Across Redirects
GHSA-6mgf-v5j7-45cr
OpenClaw's `fetchWithSsrFGuard(...)` followed cross-origin redirects while preserving arbitrary caller-supplied headers except for a narrow denylist (...
7.5
FileBrowser Quantum: Password-Protected Share Download Links Leaked
GHSA-525j-95gf-766f CVE-2026-30933
### Summary The remediation for CVE-2026-27611 appears incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/sha...
7.5
Tenda W15E: Unauthorized access to configuration file with admin credentials
CVE-2026-30140
An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/Router...
7.5
Inefficient Regular Expression in mscdex ssh2 Can Cause Performance Issues
CVE-2025-70034
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in mscdex ssh2 v1.17.0....
7.5
IKEA Dirigera v2.866.4 Allows Private Key Exfiltration
CVE-2026-3588
A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted reques...
7.5
Nexusoft NexusInterface v3.2.0-beta.2 Sends Sensitive Data Unsecured
CVE-2025-70048
An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterface v3.2.0-beta.2....
7.5
Nexusoft NexusInterface: Uncontrolled CPU Usage Leads to Crash
CVE-2025-70047
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.2....
7.5
D-Link DIR-513 Router: Time Parameter Overwrite Risk
CVE-2025-70250
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formdumpeasysetup....
7.5
D-Link DIR-513 Wireless Router Time Parameter Overwrite
CVE-2025-70243
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard534....
7.5
D-Link DIR-513 Router Allows Remote Access
CVE-2025-70238
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52....
7.5
YMFE yapi v1.12.0 Denial of Service via Resource Exhaustion
CVE-2025-70059
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of servic...
7.5
Router Function Can Be Crashed by Malicious User Input
CVE-2026-3038
The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_stora...
7.5
blocklistd Can Be Disabled by Malicious Activity
CVE-2026-2261
Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets i...
7.5
Jailed processes can access shared directory via nullfs mount
CVE-2025-15576
If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the ...
7.5
Firefox Security Update Fixes Several Critical Flaws
RHSA-2026:3984
7.5
Git LFS on Red Hat Systems Allows Unauthorized File Access
RHSA-2026:3985
7.5
Mozilla Thunderbird: Security Update for Malware and Data Exposure
RHSA-2026:3983
7.5
Critical Security Flaw in Thunderbird Email Client
RHSA-2026:3981
7.5
Thunderbird: Unpatched Flaw Allows Malicious Email Attachment Execution
RHSA-2026:3982
7.5
Mozilla Thunderbird Security Update Fixes Multiple Vulnerabilities
RHSA-2026:3980
7.5
Mozilla Thunderbird Update Fixes Security Flaw
RHSA-2026:3979
7.5
RHEL: golang-github-openprinting-ipp-usb Uncontrolled Memory Allocation
RHSA-2026:3977
7.5
8 Mar 2026 All days 10 Mar 2026