Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 11 March 2026

RSS

385 vulnerabilities published on 11 March 2026

Severity:
InputMapper Crashes with Excessively Long Username
CVE-2019-25464
InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an ...
6.7
Adobe Commerce allows attackers to bypass security controls
CVE-2026-21294
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery (S...
5.5
Adobe Commerce versions allow hackers to access unauthorized server resources
CVE-2026-21293
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery (S...
5.5
Quill Fails to Safely Parse Mach-O Binaries, Leading to Crash
GHSA-xj69-m9qq-8m94 CVE-2026-31961
### Impact Quill before version `v0.7.1` contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires th...
5.5
Tornado cookie settings can be manipulated by attackers
GHSA-78cv-mqj4-43f7
Values passed to the `domain`, `path`, and `samesite` arguments of `RequestHandler.set_cookie` were not completely validated in versions of Tornado pr...
5.4
Tornado has incomplete validation of cookie attributes
GHSA-78cv-mqj4-43f7
Values passed to the `domain`, `path`, and `samesite` arguments of `RequestHandler.set_cookie` were not completely validated in versions of Tornado pr...
5.4
OpenEMR Track Anything feature allows script injection
CVE-2026-32125
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, track/item names from the T...
5.4
OpenEMR returns unescaped code descriptions in browser
CVE-2026-32124
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJA...
5.4
OpenEMR: Malicious Code Can Be Injected into Patient Demographics
CVE-2026-32121
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription...
5.4
OpenEMR: Stored XSS in Track Anything Graphs via Unescaped Dygraph Titles/Labels
CVE-2026-32125 GHSA-244w-vxhp-7x99
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, track/item names from the T...
5.4
OpenEMR: Dynamic Code Picker Renders Unescaped Descriptions (Stored XSS)
CVE-2026-32124 GHSA-9hw7-22mr-qhfc
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJA...
5.4
OpenEMR has Stored XSS in Graphical Pain Map legend via unescaped annotation text
CVE-2026-32118 GHSA-55qj-x8wh-m4rm
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, stored cross-site scripting...
5.4
Plunk Email Platform Allows Malicious SVG Files to Be Uploaded
CVE-2026-32095
Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.1, Plunk's image upload endpoint accepted SVG files, which browsers treat...
5.4
Notesnook note-taking app allows malicious tweets to steal user data
CVE-2026-31876
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to 3.3.9, a Stored Cross-Site Scripting (XSS) vulnerability existed in Not...
5.4
Splunk Enterprise: Unauthorized access to Observability Cloud API token
CVE-2026-20166
In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-pri...
5.4
GitLab: Authenticated User Can Inject JavaScript
CVE-2026-1090 BIT-gitlab-2026-1090
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could h...
5.4
Happy Addons for Elementor plugin allows attackers to clone any post on WordPress sites
CVE-2026-2917
The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via...
5.4
Adobe Commerce: Malicious scripts can be injected into form fields
CVE-2026-21292
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (X...
5.4
Adobe Experience Manager: Malicious Scripts Can Be Injected
CVE-2026-27266
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-p...
5.4
Adobe Experience Manager versions 6.5.23 and earlier: Malicious scripts injected via vulnerable form fields
CVE-2026-27265
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-p...
5.4
Adobe Experience Manager versions 6.5.23 and earlier allow malicious scripts to run in user browsers
CVE-2026-27264
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-p...
5.4
Adobe Experience Manager: Malicious Scripts Injected in Forms
CVE-2026-27263
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-p...
5.4
Adobe Experience Manager: Malicious Code Injection Through Form Fields
CVE-2026-27262
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an atta...
5.4
Adobe Experience Manager: Malicious Scripts Injected Through User Input
CVE-2026-27261
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-p...
5.4
Adobe Experience Manager versions 6.5.23 and earlier allow hackers to inject malicious scripts
CVE-2026-27260
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-p...
5.4
10 Mar 2026 All days 12 Mar 2026