Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 10 March 2026

RSS

658 vulnerabilities published on 10 March 2026

Severity:
Windows ReFS Allows Unauthorized File Access on Local Machines
CVE-2026-23673
Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally....
7.8
Windows UDFS Driver Allows Malicious Code to Run with Administrator Privileges
CVE-2026-23672
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability...
7.8
Azure Linux VMs: Privilege Elevation via Local Attack
CVE-2026-23665
Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally....
7.8
Azure Portal Windows Admin Center: Local Privilege Escalation Risk
CVE-2026-23660
Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally....
7.8
Red Hat Linux Kernel Update Fixes Security Flaw
RHSA-2026:4012
7.8
ImageMagick has a buffer overflow that could crash the program
CVE-2026-30931 GHSA-h95r-c8c7-mrwx
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, a heap-based buffer overflo...
7.8
ImageMagick Image Magnification Flaw Allows Harmful Code Injection
CVE-2026-30929 GHSA-rqq8-jh93-f4vg
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage ...
7.8
ImageMagick: Large Image Can Crash Software
CVE-2026-30883 GHSA-qmw5-2p58-xvrc
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely ...
7.8
Unauthorized Overwrite of Existing Latest Docker Tag
CVE-2026-31801 GHSA-85jx-fm8m-x8c6
zot’s dist-spec authorization middleware infers the required action for `PUT /v2/{name}/manifests/{reference}` as `create` by default, and only switch...
7.7
LinkAce allows internal network links to be created
CVE-2026-30953
LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provi...
7.7
Using a certain software, an attacker can freeze the system
CVE-2026-27689
Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network acce...
7.7
pdfmake: Hackers can access sensitive server data through fake requests
CVE-2026-26801 GHSA-wp52-r2fp-4vmr
Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive informati...
7.5
Wi-Fi Driver Denial of Service on Remote Connection
CVE-2026-0109
In dhd_tcpdata_info_get of dhd_ip.c, there is a possible Denial of Service due to a precondition check failure. This could lead to remote denial of se...
7.5
D-Link DIR-513 Router: Unsecured Web Interface
CVE-2025-70244
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanSetup....
7.5
Elysia URL Format Can Be Slow or Crashed by Repeated Input
CVE-2026-30837 GHSA-f45g-68q3-5w8x
### Impact `t.String({ format: 'url' })` is vulnerable to redos Repeating a partial url format (protocol and hostname) multiple times cause regex to ...
7.5
Envoy Proxy Can Crash with Malformed Rate Limit Configuration
GHSA-c23c-rp3m-vpg3 CVE-2026-26330
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, At the rate limit filter, if the response phase l...
7.5
D-Link DIR-513 Router: Guest Network Setup Parameter Can Cause Crash
CVE-2025-70251
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanGuestSetup....
7.5
D-Link DIR-513 Router May Crash or Allow Data Theft
CVE-2025-70249
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard2....
7.5
D-Link DIR-513 Router: Unauthenticated Remote Code Execution
CVE-2025-70247
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard1....
7.5
D-Link DIR-513 Router Allows Remote Code Execution
CVE-2025-70246
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formVirtualServ....
7.5
D-Link DIR-513 Router Allows Unauthorized Configuration Changes
CVE-2025-70242
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formSetWanPPTP....
7.5
D-Link DIR-513 Firmware Allows Unauthenticated Code Execution
CVE-2025-70227
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the nextPage parameter to goform/formLanguageChange....
7.5
IBM Aspera Orchestrator stores sensitive info in URLs
CVE-2025-13219
IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized pa...
7.5
ASP.NET Core: Unrestricted Resource Allocation Leads to Service Denial
GHSA-vh8f-65qg-3m8j
### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4vgm-c2wm-63mw. This link is maintained to preserve external...
7.5
Microsoft .NET: Unauthorized Network Denial of Service
GHSA-c8gq-rhqh-wgwm
### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-73j8-2gch-69rq. This link is maintained to preserve external...
7.5
9 Mar 2026 All days 11 Mar 2026