Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 10 March 2026
RSS661 vulnerabilities published on 10 March 2026
Severity:
Fortinet FortiWeb: A hacker can run malicious code on the server
CVE-2026-24640
A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7...
6.6
Firefox allows unauthorized data access
CVE-2026-3846
Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability affects Firefox < 148.0.2....
6.5
Firefox Browser: CSS Parsing Flaw Allows Malicious Website Access
CVE-2026-3846
Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability affects Firefox < 148.0.2....
6.5
Fortinet FortiDeceptor: Sensitive Files Can Be Deleted via Malicious HTTP Requests
CVE-2026-25689
An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0...
6.5
Fortinet FortiWeb Crashing with Malformed HTTP Requests
CVE-2026-24641
A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 ...
6.5
Adobe Acrobat Reader allows unauthorized access to sensitive files
CVE-2025-41712
An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is ...
6.5
FTP Server Allows Unauthenticated Access with Hardcoded Credentials
CVE-2025-41710
An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write priv...
6.5
PowerSync Service: Users may sync restricted data unintentionally
GHSA-q6wc-xx4m-92fj
CVE-2026-30870
PowerSync Service is the server-side component of the PowerSync sync engine. In version 1.20.0, when using new sync streams with config.edition: 3, ce...
6.5
Appium ZIP Extraction Allows Malicious File Writes
GHSA-rfx7-4xw3-gh4m
CVE-2026-30973
Appium is an automation framework that provides WebDriver-based automation possibilities for a wide range platforms. Prior to 7.0.6, @appium/support c...
6.5
MySQL 8.4 Security Update Fixes Critical Flaw on Red Hat Systems
RHSA-2026:4162
6.5
Outdated PHP on Red Hat Systems Allows Remote Code Execution
RHSA-2026:4086
6.5
Red Hat PHP Update Fixes Security Flaw in Server Software
RHSA-2026:4077
6.5
NextScripts: Social Networks Auto-Poster plugin for WordPress allows attackers to inject malicious scripts
CVE-2026-3228
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[nxs_fbembed]` shortcode in al...
6.4
SAP NetWeaver Feedback Notifications Service allows attackers to access or modify database data
CVE-2026-27684
SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code...
6.4
SAP NetWeaver ABAP Server Sends Sensitive Requests to Wrong Addresses
CVE-2026-24316
SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or ex...
6.4
SAP NetWeaver ABAP Server Allows Malicious Data Changes
CVE-2026-24309
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module...
6.4
ImageMagick can be tricked into accessing unauthorized files
CVE-2026-28689
GHSA-493f-jh8w-qhx3
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path"...
6.3
SiYuan: Unauthenticated JavaScript Injection via SVG Sanitizer Bypass
CVE-2026-31809
GHSA-pmc9-f5qr-2pcr
SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer (SanitizeSVG) checks href attributes for the javascript: pre...
6.4
SiYuan Personal Knowledge Management System - Unauthenticated XSS via SVG Animation
CVE-2026-31807
GHSA-5hc8-qmg8-pw27
SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer (SanitizeSVG) blocks dangerous elements (<script>, <iframe>,...
6.4
PluXml 5.8.22 and earlier article comments can inject malicious scripts
CVE-2025-70128
A Stored Cross-Site Scripting (XSS) vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. The applicatio...
6.1
iccDEV: Memory Disclosure or Crash with Malformed TIFF Image
CVE-2026-31797
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in C...
6.1
iccDEV: Crash when working with ICC color management profiles
CVE-2026-30984
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in C...
6.1
iccDEV Library Crashes and Leaks Memory When Converting Color Profiles
CVE-2026-30982
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in C...
6.1
iccDEV Color Management Tools: Out-of-Bounds Read Can Crash Software
CVE-2026-30981
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-buffer-overflow read in...
6.1
FortiSIEM: Hackers Can Use Spoofed URLs to Steal Data
CVE-2026-25972
An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 thr...
6.1