Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 11 March 2026
RSS385 vulnerabilities published on 11 March 2026
Severity:
SQL Server Password Changer Crashes from Oversized Input
CVE-2019-25475
SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversiz...
6.9
Easy MP3 Downloader 4.7.8.8 Crashes if Given an Extremely Long Unlock Code
CVE-2019-25474
Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively ...
6.9
Folder Lock 7.7.9 Crashes When Given Too Much Data
CVE-2019-25469
Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the applicatio...
6.9
SpotIE Password Recovery Crashes with Long Registration Key
CVE-2019-25463
SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local atta...
6.9
GNU C Library Crash Risk with nscd
CVE-2026-3904
Calling NSS-backed functions that support caching via nscd may call the
nscd client side code and in the GNU C Library version 2.36 under high
load ...
6.2
GNU C Library (nscd client) on x86_64 may crash under high load
CVE-2026-3904
Calling NSS-backed functions that support caching via nscd may call the
nscd client side code and in the GNU C Library version 2.36 under high
load ...
6.2
Lenovo Smart Connect Driver: Memory Corruption via Local Authenticated Attack
CVE-2026-1652
A potential buffer overflow vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated u...
6.9
Cisco Unified CCX Web Interface Allows Unauthenticated XSS Attacks
CVE-2026-20117
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote att...
6.1
Cisco Contact Center Software Allows Malicious Code Injection
CVE-2026-20116
A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise (Packaged CCE), Cisco Unified C...
6.1
Traefik: Hijacking traffic by injecting malicious gateway rules
GHSA-8q2w-wr49-whqj
CVE-2026-29777
## Summary
There is a potential vulnerability in Traefik's Kubernetes Gateway provider related to rule injection.
A tenant with write access to an H...
6.1
IFTOP by WellChoose: Malicious Code Runs in User Browsers
CVE-2026-3825
IFTOP developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScr...
5.1
IFTOP by WellChoose: Malicious Redirects Possible via Crafted URLs
CVE-2026-3824
IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote attackers to craft a URL that tricks users into visiti...
5.1
spin.js Versions Before 3.0.0 Allow Malicious Website Attacks
CVE-2026-3884
Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting (XSS) via the spin() function that allows a creation of more than ...
2.0
LatePoint WordPress Plugin: Attackers can trick admins into adding malicious scripts
CVE-2026-2324
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions u...
6.1
RTMKit Plugin for WordPress: Unauthenticated Script Injection via Theme Builder
CVE-2025-12473
The RTMKit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'themebuilder' parameter in all versions up to, and including,...
6.1
Sylius Checkout Form Allows Malicious Code Injection
CVE-2026-31822
GHSA-vgh8-c6fp-7gcg
### Impact
A cross-site scripting (XSS) vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. ...
5.3
Sylius allows attackers to redirect users to malicious sites
CVE-2026-31819
GHSA-9ffx-f77r-756w
### Impact
`CurrencySwitchController::switchAction()`, `ImpersonateUserController::impersonateAction()` and `StorageBasedLocaleSwitcher::handle()` use...
6.9
Parse Server's MFA Recovery Codes Can be Used Multiple Times
GHSA-4hf6-3x24-c9m8
CVE-2026-31875
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.7 and 8.6.33, when multi-...
8.2
WordPress Guest Posting Plugin Leaks Admin Email and Form Data
CVE-2026-1867
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on ...
5.9
Palo Alto Networks Cortex XDR Broker VM Sensitive Info Available to Authenticated User
CVE-2026-0231
An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive inform...
5.7
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in the SFW decoder wh...
DEBIAN-CVE-2026-31853
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit ...
5.7
ImageMagick crashes on 32-bit systems with very large images
GHSA-56jp-jfqg-f8f4
CVE-2026-31853
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit ...
5.7
Lenovo PC Manager lets local users kill important system processes
CVE-2026-2640
During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to t...
6.8
Lenovo Productivity System Addin: Privilege Escalation Risk
CVE-2026-1717
An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local...
6.8
Lenovo Virtual Bus Driver Can Crash Windows with Blue Screen
CVE-2026-1653
A potential divide by zero vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated us...
6.8