Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 10 March 2026
RSS658 vulnerabilities published on 10 March 2026
Severity:
GMC Software: Local Privilege Escalation Possible
CVE-2026-0107
In gmc_ddr_handle_mba_mr_req of gmc_mba_ddr.c, there is a possible escalation of privileges due to a confused deputy. This could lead to local escalat...
8.4
Tenda G1V3.1si Router Has Hardcoded Admin Password
CVE-2025-70802
Tenda G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers t...
8.4
Tenda i24V3.0 router's admin password is hardcoded and publicly available
CVE-2025-70798
Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to l...
8.4
KVM on ARM64: Unvalidated Input Allows Privilege Escalation
CVE-2025-36920
In hyp_alloc of arch/arm64/kvm/hyp/nvhe/alloc.c, there is a possible out of bounds write due to improper input validation. This could lead to local es...
8.4
QUIC transport protocol in Quinn can be crashed remotely
DEBIAN-CVE-2026-31812
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can tr...
8.3
Flare File Sharing Platform: Authenticated File Access Risk
CVE-2026-30942
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal v...
8.3
Envoy Proxy: Malicious Headers Can Bypass Security Rules
GHSA-ghc4-35x6-crw5
CVE-2026-26308
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC (Role-Based Access Control) filter...
8.2
Atlassian MCP allows malicious URLs in custom headers
CVE-2026-27826
GHSA-7r34-79r5-rcc9
### Summary
An unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to a...
8.2
npm's tar tool can extract files outside intended directories
CVE-2026-31802
GHSA-9ppj-qmqm-q256
node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extract...
8.2
PX4 Autopilot: Insecure Takeoff from Manual Mode
CVE-2026-26742
PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies...
8.1
Drone loses control when switching modes in certain situations
CVE-2026-26741
PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while ...
8.1
Azure Entra ID lets unauthorized users access sensitive data
CVE-2026-26148
External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally....
8.1
FortiWeb: Attackers Can Send Many Login Attempts Without Being Blocked
CVE-2026-24017
An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7....
8.1
Fortinet FortiManager: Unauthorized Commands Can Be Run Remotely
CVE-2025-54820
A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, F...
8.1
Red Hat Freerdp Update: Remote Code Execution Risk
RHSA-2026:4121
8.1
Windows RRAS Integer Overflow Allows Remote Code Execution
CVE-2026-26111
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network....
8.0
Windows RRAS Integer Overflow Allows Remote Code Execution
CVE-2026-25173
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network....
8.0
Windows RRAS Integer Overflow Allows Remote Code Execution
CVE-2026-25172
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network....
8.0
Docker Desktop Allows Malicious Plugins on Windows
CVE-2025-15558
GHSA-p436-gjf2-799p
BIT-docker-cli-2025-15558
This issue affects Docker CLI through 29.1.5
### Impact
Docker CLI for Windows searches for plugin binaries in `C:\ProgramData\Docker\cli-plugins`, ...
8.4
Adobe Illustrator versions 29.8.4 and 30.1 allow attackers to run unauthorized code
CVE-2026-27272
Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in th...
7.8
Illustrator: Malicious files can run code on your computer
CVE-2026-27271
Illustrator versions 29.8.4, 30.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution...
7.8
Illustrator: Malicious File Can Run Unwanted Code as You
CVE-2026-27267
Illustrator versions 29.8.4, 30.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code executio...
7.8
Adobe Illustrator: Malicious File Can Run Code on Your Computer
CVE-2026-21362
Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in th...
7.8
Adobe Acrobat Reader: Malicious File Can Execute Unauthorized Code
CVE-2026-27278
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbit...
7.8
Acrobat Reader: Opening Malicious Files Can Crash and Run Code
CVE-2026-27220
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbit...
7.8