Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 11 March 2026
RSS396 vulnerabilities published on 11 March 2026
Severity:
Frappe Framework: Users can alter other users' workspace
CVE-2026-31879
Frappe is a full-stack web application framework. Prior to 14.100.2, 15.101.0, and 16.10.0, due to a lack of validation and improper permission checks...
5.1
Frappe: Malicious Request Allows Server to Make Unwanted HTTP Calls
CVE-2026-31878
Frappe is a full-stack web application framework. Prior to 14.100.1, 15.100.0, and 16.6.0, a malicious user could send a crafted request to an endpoin...
5.0
Frappe: Possible SSRF by any authenticated user
CVE-2026-31878
GHSA-mggg-hmjm-j6c2
Frappe is a full-stack web application framework. Prior to 14.100.1, 15.100.0, and 16.6.0, a malicious user could send a crafted request to an endpoin...
5.0
Supabase Auth: Unauthorized Sessions Issued for User Accounts
CVE-2026-31813
Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attac...
4.8
Adobe Commerce: Stored Cross-Site Scripting in Form Fields
CVE-2026-21291
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (X...
4.8
Hono Allows Malicious Data to Access Sensitive System Data
GHSA-v8w9-8mx6-g223
## Summary
When using `parseBody({ dot: true })` in HonoRequest, specially crafted form field names such as `__proto__.x` could create objects contai...
4.8
Sylius: Malicious Admins Can Execute Code on Storefront
CVE-2026-31823
GHSA-mx4q-xxc9-pf5q
### Impact
An authenticated stored cross-site scripting (XSS) vulnerability exists in multiple places across the shop frontend and admin panel due to...
4.8
Weimai-WetApp allows attackers to inject malicious SQL code
CVE-2026-3957
A flaw has been found in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This vulnerability affects the function getLikeMovi...
5.1
Weimai-Wetapp allows attackers to inject malicious SQL code
CVE-2026-3956
A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This affects the function getAdmins of the f...
5.1
Parse Server with PostgreSQL: attacker can inject malicious SQL
CVE-2026-32234
GHSA-c442-97qw-j6c6
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.10 and 8.6.36, an attacke...
5.1
Adobe Commerce: Unauthorized Access to Sensitive Data Possible
CVE-2026-21359
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulne...
4.7
Copyparty File Server Allows Malicious File Uploads
CVE-2026-32109
GHSA-rcp6-88mm-9vgf
Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a...
4.4
OpenClaw versions before 2026.2.17: Access to sensitive files
CVE-2026-32061
OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local f...
6.7
Jcharis Machine-Learning-Web-Apps: Malicious Code Injection Possible
CVE-2026-3962
A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the functi...
5.3
Google Chrome UI Spoofing via PictureInPicture
CVE-2026-3942
Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML ...
4.3
Old Google Chrome versions can be tricked into navigating to wrong pages
CVE-2026-3941
Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a ...
4.3
Google Chrome Picture-in-Picture UI Can Be Tricked by Malicious Websites
CVE-2026-3927
Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML ...
4.3
Google Chrome on Android: Attackers can fake website UI
CVE-2026-3925
Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a cra...
4.3
OpenEMR Exposes Billing Information to Unauthorized Users
CVE-2026-32122
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the Claim File Tracker feat...
4.3
OpenEMR: Missing Authorization on Claim File Tracker UI and AJAX Endpoint (V2)
CVE-2026-32122
GHSA-rwf9-px3c-3prw
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the Claim File Tracker feat...
4.3
LockerProject Locker Allows Hackers to Inject Malicious Code via IDs
CVE-2026-3951
A security flaw has been discovered in LockerProject Locker 0.0.0/0.0.1/0.1.0. Affected is the function authIsAwesome of the file source-code/Locker-m...
5.3
OpenProject: Unauthenticated Access to User Labor Cost Rate
CVE-2026-30236
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and planning the labor cost, it w...
4.3
GitLab: Authenticated Users Can Access Old Pipeline Data
CVE-2025-12555
BIT-gitlab-2025-12555
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that, under ...
4.3
GitLab: Authenticated Users Can View Confidential Issue Titles
CVE-2026-1732
BIT-gitlab-2026-1732
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could h...
4.3
GitLab CE/EE: Authenticated users can add labels to private projects
CVE-2026-1663
BIT-gitlab-2026-1663
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could h...
4.3