Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 11 March 2026
RSS362 vulnerabilities published on 11 March 2026
Severity:
Google Chrome: Malicious Website Can Access Unauthorized Data
CVE-2026-3926
Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML p...
8.8
Google Chrome: Heap Corruption via Malicious Web Page
CVE-2026-3923
Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML ...
8.8
Google Chrome: Malicious websites can crash your browser
CVE-2026-3922
Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted H...
8.8
Google Chrome: Malicious Web Page Can Crash Browser
CVE-2026-3921
Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted ...
8.8
Google Chrome: Malicious web pages can crash browser, leak memory
CVE-2026-3920
Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a cr...
8.8
Installing malicious Google Chrome extensions can crash the browser
CVE-2026-3919
Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to pote...
8.8
Google Chrome: Heap Corruption via Malicious HTML Page
CVE-2026-3918
Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML p...
8.8
Google Chrome Agents may be affected by data corruption
CVE-2026-3917
Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML p...
8.8
Google Chrome: Remote attackers can read sensitive data from your computer
CVE-2026-3915
Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform an out of bounds memory read via a crafted ...
8.8
Google Chrome: Uncontrolled Memory Access via Malicious Web Page
CVE-2026-3914
Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML ...
8.8
Google Chrome: Malicious Web Pages Can Crash Your Browser
CVE-2026-3913
Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted H...
8.8
OpenEMR Electronic Health Records Software Has SQL Injection Flaw
CVE-2026-32127
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, OpenEMR contains a SQL inje...
8.8
Microsoft Himmelblau Interoperability Suite: Local File Overwrite Risk
CVE-2026-31979
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as ro...
8.8
WeGIA Web Manager: SQL Injection in Product Restore Feature
CVE-2026-31895
WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA (Web gerenciador para instituições assistenciais) contains a SQL inj...
8.8
Cisco IOS XR Software Privilege Elevation Vulnerability
CVE-2026-20046
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate p...
8.8
Cisco IOS XR Software Allows Local Attackers to Escalate Privileges
CVE-2026-20040
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlyi...
8.8
Microsoft DirectX Installer Allows Malicious Code Execution with Elevated Privileges
CVE-2025-68623
In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, ...
8.8
Lantronix EDS5000 allows attackers to run commands with root access
CVE-2025-67037
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tu...
8.8
Lantronix EDS5000: Unauthorized OS Command Execution via Log File Name
CVE-2025-67036
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sa...
8.8
Lantronix EDS5000: Authorized User Can Execute Root Commands
CVE-2025-67034
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL c...
8.8
OpenClaw versions prior to 2026.2.14 can write or delete files outside the workspace
CVE-2026-32060
OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in apply_patch that allows attackers to write or delete files outside the ...
8.7
OpenClaw tools.exec.safeBins doesn't validate sort command options correctly
CVE-2026-32059
OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option abbreviatio...
8.7
ExactMetrics Plugin Allows Malicious Users to Gain Admin Access
CVE-2026-1993
The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in versions 7.1.0 through 9.0.2. Thi...
8.8
ExactMetrics WordPress plugin allows unauthorized plugin installation
CVE-2026-1992
The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. ...
8.8
Koha Staff Interface SQL Injection Risk: Unauthorized Database Access
CVE-2026-31844
An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to...
8.7