CVE Vulnerabilities - 10 March 2026

Eaton EasySoft project files are not properly encrypted

CVE-2026-22614

The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this fi...

6.1

benkeen generatedata 4.0.14: Unvalidated data in web pages can lead to code injection

CVE-2025-70025

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in benkeen generatedata 4.0.14....

6.1

facileManager Web Apps Allow Malicious Code Injection via URLs

CVE-2026-30918

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , a reflected XSS occurs when an application receives dat...

6.1

Pocket ID: Malicious Redirects Possible with Invalid Callback URLs

GHSA-9h33-g3ww-mqff CVE-2026-28512

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. From 2.0.0 to before 2.4.0, a flaw in callback U...

6.1

SAP Business One Job Service allows malicious URL input from users

CVE-2026-0489

Due to insufficient validation of user-controlled input in the URLs query parameter. SAP Business One Job Service could allow an unauthenticated attac...

6.1

IBM InfoSphere Data Architect 9.2.1: Unauthorized Access to Sensitive Data

CVE-2025-36173

Affected Product(s)Version(s)InfoSphere Data Architect9.2.1...

6.1

Fortinet FortiAnalyzer SQL Injection Flaw Lets Attackers Run Unauthorized Code

CVE-2025-49784

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, F...

6.0

Camaleon CMS allows unauthorized access to server files via S3 uploader

CVE-2026-1776 GHSA-jw5g-f64p-6x78

Camaleon CMS versions 2.4.5.0 through 2.9.1, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation tha...

6.0

Intel Reference Platforms' Firmware Allows Privilege Escalation

CVE-2025-20096

Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escalation of privilege. System software adversary with...

5.9

Envoy Proxy May Let Attackers Keep Streams Open

GHSA-84xm-r438-86px CVE-2026-26311

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, a logic vulnerability in Envoy's HTTP connection ...

5.9

Windows App Installer Fails to Verify Data Authenticity, Enabling Spoofing

CVE-2026-23656

Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network....

5.9

Fortinet FortiAnalyzer and FortiManager: Confidential Data Exposure

CVE-2025-68482

A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 al...

5.9

Envoy Crashes When Handling Scoped IPv6 Addresses

GHSA-3cw6-2j68-868p CVE-2026-26310

### Summary Calling `Utility::getAddressWithPort` with a scoped IPv6 addresses causes a crash. This utility is called in the data plane from the orig...

5.9

SAP Business Warehouse Service API: Unauthorized Actions via Authenticated Attack

CVE-2026-27686

Due to a Missing Authorization Check in SAP Business Warehouse (Service API), an authenticated attacker could perform unauthorized actions via an affe...

5.9

Mitsubishi Electric CNC Machines: Denial of Service via Malicious Network Traffic

CVE-2025-2399

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric CNC M800V Series M800VW and M800VS, M80V Ser...

5.9

ASSA ABLOY Visionline on Windows grants too much access

CVE-2026-3315

Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ...

5.8

FortiSOAR Agent Security Flaw: Unauthorized File Access

CVE-2025-54659

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Com...

5.8

SAP S/4HANA and ERP HCM: Unauthorized Access to Sensitive Data

CVE-2026-27687

Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belon...

5.8

Intel Systems: Sensitive Data Exposure on Some Platforms

CVE-2025-22850

Time-of-check time-of-use race condition in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure. System s...

5.6

Intel UEFI Module Leaves Sensitive Data Exposed on Certain Platforms

CVE-2025-22444

Exposure of resource to wrong sphere in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure. System softw...

5.6

Intel UEFI Firmware: Escalation of Privilege May Occur

CVE-2025-20005

Improper buffer restrictions in some UEFI firmware for some Intel(R) reference platforms may allow an escalation of privilege. System software adversa...

5.6

SAP Customer Checkout stores sensitive data without proper protection

CVE-2026-24311

The SAP Customer Checkout application exhibits certain design characteristics that involve locally storing operational data using reversible protectio...

5.6

Adobe Illustrator versions 29.8.4 and earlier: Sensitive info exposed via malicious files

CVE-2026-27270

Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker coul...

5.5

Illustrator versions 29.8.4 and 30.1: Memory Exposure Risk from Malicious Files

CVE-2026-27268

Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker coul...

5.5

Adobe Acrobat Reader: Spoofing Signer Identity

CVE-2026-27221

Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that cou...

5.5