Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 10 March 2026

RSS

658 vulnerabilities published on 10 March 2026

Severity:
Microsoft Office SharePoint Cross-Site Scripting Attack Risk
CVE-2026-26105
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to...
9.3
Linkdave Server Allows Unsecured Access to Critical Functions
GHSA-xv8g-fj9h-6gmv
The `linkdave` server does not enforce authentication on its REST and WebSocket routes in versions prior to `0.1.5`. ### Impact An attacker with net...
9.3
MCP Atlassian allows attackers to write files anywhere on the server
GHSA-xjgw-4wvw-rgm4 CVE-2026-27825
### Summary The `confluence_download_attachment` MCP tool accepts a `download_path` parameter that is written to without any directory boundary enforc...
9.1
Coral Server: Unauthenticated Agent Session Creation
CVE-2026-30970
Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1....
8.8
Coral Server: Unsecured Sessions Allow Impersonation
CVE-2026-30969
Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1....
7.6
Deutsche Telekom's Account Management Portal allows unlimited login attempts
CVE-2025-69615
Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. A...
9.1
SAP NetWeaver Portal: Malicious Uploads Can Damage System
CVE-2026-27685
SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, c...
9.1
Hitachi Vantara Pentaho: Unrestricted Scripts in Reports Allow Remote Code Execution
CVE-2025-11158
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT r...
9.1
Apache Maven uses insecure repositories by default
GHSA-2f88-5hg8-9x2x CVE-2021-26291 BIT-maven-2021-26291
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting i...
9.1
Craft Commerce Ecommerce Platform SQL Injection Risk
GHSA-pmgj-gmm4-jh6j CVE-2026-29174
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Craft Commerce is vulnerable to SQL Injection in the inventory levels table dat...
8.7
Craft Commerce: SQL Injection in Purchasables Table Endpoint
GHSA-j3x5-mghf-xvfw CVE-2026-29172
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, Craft Commerce is vulnerable to SQL Injection in the purchasables ta...
8.7
GetSimple CMS massiveAdmin Plugin Allows Admin to Overwrite Configuration File
CVE-2026-28495
GetSimple CMS is a content management system. The massiveAdmin plugin (v6.0.3) bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administra...
8.8
GitHub Enterprise Server allows attackers to run code on the server
CVE-2026-3854
An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a...
8.7
Firefox Browser: Memory Bugs Can Crash or Run Malware
CVE-2026-3847
Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of ...
8.8
Firefox for Android: Malicious Audio/Video Can Crash App
CVE-2026-3845
Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability affects Firefox < 148.0.2....
8.8
Azure MCP Server allows authorized attackers to elevate network privileges
CVE-2026-26118 GHSA-hhfx-wfvq-7g9c
Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network....
8.8
SQL Server Allows Unauthorized Privilege Elevation Over Network
CVE-2026-26116
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges...
8.8
SQL Server: Privilege Elevation via Malicious Input
CVE-2026-26115
Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network....
8.8
Microsoft Office SharePoint Allows Remote Code Execution
CVE-2026-26114
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network....
8.8
Microsoft Office SharePoint Allows Malicious Code Execution
CVE-2026-26106
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network....
8.8
Windows Telephony Service: Unprivileged Network Access via Overflow
CVE-2026-25188
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network....
8.8
Windows Active Directory: Unauthorized Privilege Escalation via File Access
CVE-2026-25177
Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges ov...
8.8
Windows File Server Privilege Elevation Vulnerability
CVE-2026-24283
Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally....
8.8
Unauthorized Code Execution in Windows Print Spooler Components
CVE-2026-23669
Use after free in Windows Print Spooler Components allows an authorized attacker to execute code over a network....
8.8
Zero-Shot SC Foundation GitHub Repository Contains Vulnerable Component
CVE-2026-23654
Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network....
8.8
9 Mar 2026 All days 11 Mar 2026