Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 10 March 2026
RSS658 vulnerabilities published on 10 March 2026
Severity:
Firefox: Code Execution via Malicious Add-Ons
RHSA-2026:3976
7.5
Ghost: CSRF Protection Allows Potential Phishing Takeovers
GHSA-9m84-wc28-w895
CVE-2026-29784
BIT-ghost-2026-29784
Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to u...
7.5
Misskey Servers Without Update Risk Authentication Bypass
CVE-2026-28432
Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP s...
7.1
Misskey social media platform exposes sensitive data to unauthorized access
CVE-2026-28431
Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vu...
9.2
Parse Server Crash with Unauthenticated Attack
GHSA-5j86-7r7m-p8h6
CVE-2026-30939
### Impact
An unauthenticated attacker can crash the Parse Server process by calling a Cloud Function endpoint with a prototype property name as the ...
8.6
Parse Server's LiveQuery can be crashed by malicious client requests
GHSA-mf3j-86qx-cq5j
CVE-2026-30925
BIT-parse-2026-30925
### Impact
A malicious client can subscribe to a LiveQuery with a crafted `$regex` pattern that causes catastrophic backtracking, blocking the Node.j...
8.3
VPU Driver Vulnerability: Local Privilege Escalation Possible
CVE-2026-0112
In vpu_open_inst of vpu_ioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no ...
7.4
Git for Windows: Weak User Passwords Exposed via Malicious Server
CVE-2025-66413
Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into cloning from a malic...
7.4
IBM Trusteer Rapport Installer Can Be Tricked into Running Malicious Code
CVE-2026-2713
IBM Trusteer Rapport installer 3.5.2309.290 IBM Trusteer Rapport could allow a local attacker to execute arbitrary code on the system, caused by DLL u...
7.4
Microsoft Brokering File System Privilege Elevation
CVE-2026-25167
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally....
7.4
Remote Desktop Connection for Linux Vulnerability Exposes Servers
RHSA-2026:3975
7.4
Vaadin Apps Using Spring Security Can Be Hacked Without a Password
CVE-2026-2742
GHSA-rjgh-wgc7-m37j
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1...
7.3
CODESYS Development System: Local Privilege Escalation Through Self-Update
CVE-2026-2364
If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can ga...
7.3
Red Hat Linux Kernel Security Update: System Crashes Possible
RHSA-2026:4111
7.3
Unlimited Elements for Elementor plugin allows malicious scripts to run in WordPress admin
CVE-2026-2724
The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form entry fields in all versions up to...
7.2
Engineering Workstation Vulnerability: Malicious Files Can Execute Untrusted Commands
CVE-2026-2273
CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on the engineer...
7.2
Fortinet FortiSandbox Cloud: Unapproved Code Execution Risk
CVE-2026-25836
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4 may a...
7.2
Fortinet FortiAnalyzer and FortiManager: Password Bypass After Multiple Requests
CVE-2026-22572
An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7...
7.2
MetForm Pro plugin on WordPress allows hackers to inject malicious scripts
CVE-2026-1261
The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz feature in all versions up to, and including, 3.9.6 due...
7.2
Fortinet FortiAnalyzer, FortiManager: Attacker Privilege Escalation via Malformed Input
CVE-2025-68648
A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnal...
7.2
Fortinet FortiWeb: Unauthorized Command Execution via Special HTTP Requests
CVE-2025-66178
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, F...
7.2
Intel UEFI ImcErrorHandler Module Has Privilege Escalation Flaw
CVE-2025-20068
Improper input validation in the UEFI ImcErrorHandler module for some Intel(R) reference platforms may allow an escalation of privilege. System softwa...
7.1
Intel(R) Reference Platforms May Allow Escalation of Privilege
CVE-2025-20028
Time-of-check time-of-use race condition in the WheaERST SMM module for some Intel(R) reference platforms may allow an escalation of privilege. System...
7.1
Intel UEFI WheaERST module on some Intel platforms allows unauthorized access
CVE-2025-20027
Improper input validation in the UEFI WheaERST module for some Intel(R) reference platforms may allow an escalation of privilege. System software adve...
7.1
Alienbin pastes can be deleted by submitting malicious code
CVE-2026-31827
Alienbin is an anonymous code and text sharing web service. In 1.0.0 and earlier, the /save endpoint in server.js drops and recreates the MongoDB TTL ...
7.1