Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 10 March 2026
RSS661 vulnerabilities published on 10 March 2026
Severity:
Intel UEFI ImcErrorHandler Module Has Privilege Escalation Flaw
CVE-2025-20068
Improper input validation in the UEFI ImcErrorHandler module for some Intel(R) reference platforms may allow an escalation of privilege. System softwa...
7.1
Intel(R) Reference Platforms May Allow Escalation of Privilege
CVE-2025-20028
Time-of-check time-of-use race condition in the WheaERST SMM module for some Intel(R) reference platforms may allow an escalation of privilege. System...
7.1
Intel UEFI WheaERST module on some Intel platforms allows unauthorized access
CVE-2025-20027
Improper input validation in the UEFI WheaERST module for some Intel(R) reference platforms may allow an escalation of privilege. System software adve...
7.1
Alienbin pastes can be deleted by submitting malicious code
CVE-2026-31827
Alienbin is an anonymous code and text sharing web service. In 1.0.0 and earlier, the /save endpoint in server.js drops and recreates the MongoDB TTL ...
7.1
SICAM SIAPP SDK Deletes Files Without Checking What To Delete
CVE-2026-25605
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application performs file deletion without properly valid...
5.9
Older Pocket ID versions allow unwanted access to services
GHSA-qh6q-598w-w6m2
CVE-2026-28513
Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.4.0, the OIDC token endpoint rejects ...
7.1
InstantCMS: Unprotected Access to Moderator Features
CVE-2026-28281
InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers gran...
7.1
SiYuan: Low-privilege users can modify sensitive notebook content
GHSA-f9cq-v43p-v523
CVE-2026-30926
SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note t...
7.1
Windows Ancillary Function Driver for WinSock Privilege Escalation Risk
CVE-2026-25179
Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges lo...
7.0
Windows Ancillary Function Driver for WinSock Privilege Elevation Risk
CVE-2026-25178
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally....
7.0
Windows Authentication Methods Privilege Elevation Vulnerability
CVE-2026-25171
Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally....
7.0
Windows Hyper-V Privilege Elevation Vulnerability
CVE-2026-25170
Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally....
7.0
Windows Device Association Service Privilege Elevation Vulnerability
CVE-2026-24296
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized...
7.0
Windows Device Association Service Privilege Elevation Risk
CVE-2026-24295
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized...
7.0
Windows Win32K Privilege Elevation Vulnerability
CVE-2026-24285
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally....
7.0
Windows Bluetooth Driver Privilege Elevation Exploit
CVE-2026-23671
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an autho...
7.0
Microsoft Graphics Component: Privilege Elevation Through Local Attack
CVE-2026-23668
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attac...
7.0
Authorized attackers can gain local admin access on Broadcast DVR
CVE-2026-23667
Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally....
7.0
Malicious Project File Can Expose Confidential Data and Allow Unwanted Access
CVE-2026-1286
CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execut...
7.0
Istio: Unauthorized access to services through crafted HTTP requests
CVE-2026-31838
Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a vulnerability in Envoy RBAC header matc...
6.9
Machine Expert Protocol - Malicious Payload Causes Network Disruption
CVE-2025-13901
CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unaut...
6.9
Vulnerable Code in usim_Registration Allows Privilege Escalation
CVE-2026-0119
In usim_SendMCCMNCIndMsg of usim_Registration.c, there is a possible out of bounds write due to memory corruption. This could lead to physical escalat...
6.8
Windows Mobile Broadband allows unauthorized code execution via physical attack
CVE-2026-24288
Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack....
6.8
Fortinet FortiAnalyzer and FortiManager: Unrestricted Admin Access
CVE-2025-48418
A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2...
6.7
FortiWeb: Unauthorized Code Execution via Malformed HTTP Requests
CVE-2026-30897
A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, For...
6.6