Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 10 March 2026
RSS658 vulnerabilities published on 10 March 2026
Severity:
Fortinet FortiSwitchAX Fixed: Unauthorized Code Execution via Network Packet
CVE-2026-22627
A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an...
8.8
SQL Server allows attackers to gain extra access over a network
CVE-2026-21262
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network....
8.8
System Center Operations Manager Privilege Escalation via Network
CVE-2026-20967
Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network....
8.8
StudioCMS API Token Generation Allows Unauthorized Access
GHSA-667w-mmh7-mrr4
CVE-2026-30944
## Summary
The /studiocms_api/dashboard/api-tokens endpoint allows any authenticated user (at least Editor) to generate API tokens for any other user,...
8.8
MediaWiki Bucket Extension: Malicious Code Can Execute on Article Pages
CVE-2026-30917
Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table ...
8.8
PostgreSQL: Critical Data Exposure through SQL Injection
RHSA-2026:4110
8.8
PostgreSQL 12 Security Update Fixes Multiple Vulnerabilities
RHSA-2026:4075
8.8
PostgreSQL 13: Unauthenticated Data Exposure in Query Planning
RHSA-2026:4074
8.8
Critical Security Flaw in Red Hat PostgreSQL Database
RHSA-2026:4064
8.8
PostgreSQL 15 Security Update Fails to Validate User Input
RHSA-2026:4059
8.8
PostgreSQL Vulnerability: Remote Code Execution via Malicious Database Queries
RHSA-2026:4063
8.8
PostgreSQL 13: Unauthorized database access possible through malicious queries
RHSA-2026:4024
8.8
Ghostty Terminal Emulator: Hidden Commands in Pasted Text
CVE-2026-26982
Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 (Ctrl+C) in pasted and dropped text. These can be used t...
8.8
Intel UEFI Firmware: Escalation of Privilege via Local Attack
CVE-2025-20105
Improper input validation in some UEFI firmware SMM module for the Intel(R) reference platforms may allow an escalation of privilege. System software ...
8.7
Intel UEFI module on certain platforms may allow unauthorized system access
CVE-2025-20064
Improper input validation in the UEFI FlashUcAcmSmm module for some Intel(R) reference platforms may allow an escalation of privilege. System software...
8.7
Istio: Exposed default security settings if JWKS resolver fails
CVE-2026-31837
Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS r...
8.7
LiquidJS allows malicious file access through absolute paths
GHSA-wmfp-5q7x-987x
CVE-2026-30952
### Impact
The `layout`, `render`, and `include` tags allow arbitrary file access via absolute paths (either as string literals or through Liquid vari...
8.7
Illustrator versions 29.8.4 and 30.1 may allow code to run on your computer
CVE-2026-21333
Illustrator versions 29.8.4, 30.1 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary c...
8.6
OneUptime: Unauthenticated File Access through Malicious File Request
CVE-2026-30958
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:compon...
8.6
OneUptime GitHub App allows unauthorized access to other projects
GHSA-656w-6f6c-m9r6
CVE-2026-30920
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled stat...
8.6
SAP HANA Deserialization Bug Allows Privileged Code Execution
CVE-2025-11739
CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locall...
8.5
Missing Bounds Check in EfwApTransport Allows Local Escalation of Privilege
CVE-2026-0123
In EfwApTransport::ProcessRxRing of efw_ap_transport.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to loc...
8.4
Adobe Acrobat Reader allows attackers to run malicious code on victim's computer
CVE-2026-0122
In multiple places, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional exec...
8.4
oobconfig Software Allows Local Privilege Escalation
CVE-2026-0118
In oobconfig, there is a possible bypass of carrier restrictions due to a logic error. This could lead to local escalation of privilege with no additi...
8.4
Incorrect Bounds Check in Media Framework Could Lead to Local Privilege Escalation
CVE-2026-0117
In mfc_dec_dqbuf of mfc_dec_v4l2.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of p...
8.4