CVE Vulnerabilities - 11 March 2026

Himmelblau: Unsecured Authentication Exposes Data in Remote Environments

CVE-2026-31957

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a confi...

10.0

Jellyfin iOS App Security Risk: GitHub Workflow Exploit

CVE-2026-31852

Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code executi...

10.0

Vociferous: Unvalidated File Path Allows Arbitrary File Overwriting

CVE-2026-27897

Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py wit...

10.0

Terraform Provider for SendGrid: Man-in-the-Middle Attacks Possible

GHSA-j443-wcqq-xprh

### Summary A critical vulnerability has been identified at https://security.snyk.io/package/linux/chainguard:latest/terraform-provider-sendgrid, ass...

10.0

Parse Server allows unauthorized access to internal data through API

CVE-2026-30966 GHSA-5f92-jrq3-28rc

### Impact Parse Server's internal tables, which store Relation field mappings such as role memberships, can be directly accessed via the REST API or...

10.0

n8n Allows Malicious Code Execution via Workflow Expression

GHSA-v98v-ff95-f3cp CVE-2025-68613

n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remo...

10.0 KEV

Asseco SEE Live 2.0: Unauthorized Access to Attachments via URL

CVE-2025-66956

Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachmen...

9.9

AdGuard Home: Unauthenticated Access via HTTP/2 Upgrade

CVE-2026-32136 GHSA-5fg6-wrq4-w5gh

AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentica...

9.8

ThermaKube Master Hard-coded Password Exposure

CVE-2025-70041

An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master....

9.8

benkeen generatedata 4.0.14: SQL Injection via User Input

CVE-2025-70024

An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14....

9.8

WeGIA Web Manager SQL Injection Allows Data Theft or Denial of Service

CVE-2026-31896

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. Th...

9.8

Taskosaur 1.0.0: Unrestricted Access to Admin Roles

CVE-2026-31874

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly ...

9.8

SAPIDO RB-1732 V2.0.43: Unauthenticated Attackers Can Run System Commands

CVE-2019-25487

SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by...

9.3

FileThingie 2.5.7 allows attackers to upload malicious files via ZIP archives

CVE-2019-25471

FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files by sending ZIP archives through the ...

9.3

NetGain EM Plus 10.1.68: Unauthenticated Code Execution Through Web Request

CVE-2019-25468

NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by s...

9.3

Epross AVCON6 management platform allows attackers to execute system commands

CVE-2018-25159

Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL) injection vulnerability that allows unauthenticated atta...

9.3

Cloud CLI: Malicious Input Can Execute System Commands

GHSA-gv8f-wpm2-m5wr CVE-2026-31975

Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.25.0, OS Command Injection vi...

8.7

Parse Server: SQL Injection via Malicious Database Queries

GHSA-q3vj-96h2-gwvg CVE-2026-31856

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A SQL injection vulnerability exists in the Po...

9.3

Parse Server: SQL injection in PostgreSQL database

GHSA-qpr4-jrj4-6f27 CVE-2026-31840

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.2 and 8.6.28, an attacker...

9.3

Lantronix EDS3000PS v.3.1.0.0R2 allows arbitrary code execution and data theft

CVE-2025-70082

An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component...

9.8

Lantronix EDS3000PS: Unrestricted File Access via TFTP Client

CVE-2025-67041

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitiz...

9.8

Lantronix EDS5000 allows remote code execution through username field

CVE-2025-67038

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. T...

9.8

Lantronix EDS5000: Unsanitized Input Allows Command Injection

CVE-2025-67035

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due ...

9.8

OpenClaw Agent Platform: Malicious Code Execution via User Input

CVE-2026-30741

A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary code via a Request-Side prompt ...

9.8

iSourcecode University Management System SQL Injection Risk

CVE-2026-3944

A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /att_add.php. Thi...

6.9