CVE Vulnerabilities - 9 March 2026

Sunbird-Ed Portal v1.13.4: Unfiltered User Input in Web Pages

CVE-2025-70033

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4....

5.4

YMFE yapi: Unvalidated Input Can Cause Data Leaks

CVE-2025-70060

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0....

5.4

SourceCodester Resort Reservation System 1.0: Malicious Code Injection

CVE-2026-3819

A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_...

5.1

Apache Airflow AWS Auth Manager Allows Unauthorized Access to Different Instances

CVE-2026-25604 GHSA-rv5f-ccpm-xjj4

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL.  ...

5.4

OpenClaw's hooks can be locked out by non-POST requests

GHSA-6rmx-gvvg-vh6j

OpenClaw's hooks HTTP handler counted hook authentication failures before rejecting unsupported HTTP methods. An unauthenticated client could send rep...

5.3

OpenClaw: Unauthenticated requests can temporarily lock out webhook delivery

GHSA-6rmx-gvvg-vh6j

OpenClaw's hooks HTTP handler counted hook authentication failures before rejecting unsupported HTTP methods. An unauthenticated client could send rep...

5.3

LupinLin1 jimeng-web-mcp v2.1.2 Leaks Sensitive Data to Logs

CVE-2025-70040

An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an att...

5.3

Actual Sync Server allows unauthorized file uploads in older versions

GHSA-27vg-33gh-4hwg CVE-2026-3089

Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of...

5.3

Unauthorized access to patient data in Queue Management System

CVE-2026-3817

A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. This issue affects some unknown processing of the fi...

5.3

SourceCodester Patients Waiting Area Queue Management System: Unauthorized Access to Patient Information

CVE-2026-3817

A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. This issue affects some unknown processing of the fi...

5.5

libssh: Unauthorized access to sensitive server data

UBUNTU-CVE-2026-3731

(A weakness has been identified in libssh up to 0.11.3. The impacted el ...)...

7.8

Libpng PNM Converter Allows Local Code Execution

UBUNTU-CVE-2026-3713

A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png....

6.9

OpenClaw: Malicious Commands Can Still Be Stored

GHSA-9q2p-vc84-2rwm

OpenClaw's `system.run` allowlist analysis did not honor POSIX shell comment semantics when deriving `allow-always` persistence entries. A caller in ...

5.0

OpenClaw: Malicious code can still be executed after appearing to be blocked

GHSA-9q2p-vc84-2rwm

OpenClaw's `system.run` allowlist analysis did not honor POSIX shell comment semantics when deriving `allow-always` persistence entries. A caller in ...

5.0

OpenClaw: Shallow Command Wrappers Can Bypass Approval

GHSA-r6qf-8968-wj9q

OpenClaw's `system.run` dispatch-wrapper handling applied different depth-boundary rules to shell-wrapper approval detection and execution planning. ...

5.0

OpenClaw: Malicious Commands Can Bypass Shell Approval in Certain Scenarios

GHSA-r6qf-8968-wj9q

OpenClaw's `system.run` dispatch-wrapper handling applied different depth-boundary rules to shell-wrapper approval detection and execution planning. ...

5.0

OpenClaw's system.run fails to block PowerShell encoded commands

GHSA-3h2q-j2v4-6w5r

OpenClaw's `system.run` shell-wrapper detection did not recognize PowerShell `-EncodedCommand` forms as inline-command wrappers. In `allowlist` mode,...

5.0

OpenClaw: PowerShell Command Injection via Encoded Command Wrappers

GHSA-3h2q-j2v4-6w5r

OpenClaw's `system.run` shell-wrapper detection did not recognize PowerShell `-EncodedCommand` forms as inline-command wrappers. In `allowlist` mode,...

5.0

UBR Pass Filter Empty Table Allows All Network Traffic

CVE-2025-41760

An administrator may attempt to block all traffic by configuring a pass filter with an empty table. However, in UBR, an empty list does not enforce an...

4.9

Admin mistake can leave network vulnerable to all incoming connections

CVE-2025-41759

An administrator may attempt to block all networks by specifying "\*" or "all" as the network identifier. However, these values are not supported and ...

4.9

ScadaBR 1.12.4: Unsecured session IDs allow session hijacking

CVE-2025-70973

ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session cookie to unauthenticated users and does not regenerate...

4.8

Taipower Android App Fails to Check Server Certificates

CVE-2026-3822

Taipower APP for Andorid developed by Taipower has an Improper Certificate Validation vulnerability. When establishing an HTTPS connection with the se...

8.3

Non-privileged software can write to protected memory on some NVIDIA GPUs

CVE-2026-21736

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memo...

4.4

OpenClaw: Unauthorized Access to Admin Config Settings

GHSA-hfpr-jhpq-x4rm

### Summary A gateway client authenticated with `operator.write` could route `/config set` or `/config unset` through `chat.send` and reach persistent...

4.3

OpenClaw: Authenticated Gateway Client Can Change Config Settings

GHSA-hfpr-jhpq-x4rm

### Summary A gateway client authenticated with `operator.write` could route `/config set` or `/config unset` through `chat.send` and reach persistent...

4.3