Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 10 March 2026
RSS661 vulnerabilities published on 10 March 2026
Severity:
Shescape 2.1.8 and earlier: Sensitive information exposed through shell bypass
GHSA-6f6w-6j58-rq76
CVE-2026-30916
Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This ca...
2.9
Heliox EV Charging Stations: Unauthorized Access via Charging Cable
CVE-2025-27769
A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (All versions < F4.11.1), Heliox Mobile DC 40 kW EV Charging Station (Al...
2.4
Unix File Listing Can Access Unintended File Metadata
CVE-2026-27139
BIT-golang-2026-27139
On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of...
2.5
Vaadin: Malicious ZIP archives can write to wrong files on your server
CVE-2026-2741
GHSA-8jrh-7jg8-fvmv
Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 2...
2.3
Trusted Execution Environment May Leak Sensitive Keys
CVE-2026-0115
In Trusted Execution Environment, there is a possible key leak due to side channel information disclosure. This could lead to physical information dis...
2.1
MediaWiki Extension Allows Malicious Code to be Injected via Stored XSS
CVE-2026-30977
RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScript. Prior to 0.1.1, there is S...
2.0
Intel UEFI Platforms May Expose Sensitive Data
CVE-2025-20073
Improper buffer restrictions in the UEFI DXE module for some Intel(R) Reference Platforms within UEFI may allow an information disclosure. System soft...
1.8
Oracle WebLogic Server Remote Code Execution Risk
MINI-vj8w-vw2p-fh68
Drupal 8 and 9 File Uploads Can Be Used to Upload Arbitrary Files
MINI-jp45-j8fc-hhgp
MINI-r4vr-h5fw-63mg
MINI-r4vr-h5fw-63mg
Adobe Flash Player: Malicious Code Execution through Memory Corruption
MINI-r26j-m9qf-7qc4
MINI-8wrh-jrg2-qhvp
MINI-8wrh-jrg2-qhvp
SAP ERP System Can Be Hacked if Not Updated
MINI-9545-jv5r-rq4p
Apache HTTP Server Denial of Service via Large HTTP Request
MINI-x4p4-8gmp-337g
Mozilla Firefox allows attackers to steal user session cookies
MINI-jccg-rrhh-gghx
WordPress Plugin 'WP User Manager' Has a Security Flaw
MINI-xc84-qhm5-pc6j
Apache Cassandra: Unrestricted File Access via Data Corruption
MINI-qv6f-67xj-7q46
WordPress Plugin 'WP Super Cache' Allows Unauthorized Access
MINI-mm5w-r38q-2x5r
WordPress Plugin PHP Code Injection Vulnerability
MINI-r8qm-6hpv-wqwp
MINI-3hv6-7g75-x6xh
MINI-3hv6-7g75-x6xh
MINI-83c5-39p5-5g6r
MINI-83c5-39p5-5g6r
Apache HTTP Server Unsecured Files Exposure
MINI-f23q-34mh-g48h
Apache HTTP Server Remote File Inclusion Vulnerability
MINI-3fx8-75f6-g422
VLC Media Player Has a Critical Remote Code Execution Flaw
MINI-2vfg-c32h-m3q9
WordPress Plugin 'WP Recent Comments' Allows Unauthenticated Comment Insertion
MINI-7jm6-vg43-45p2