Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 11 March 2026
RSS362 vulnerabilities published on 11 March 2026
Severity:
Splunk Enterprise and Cloud Platform: Privilege Escalation via Malicious File Unarchiving
CVE-2026-20163
In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.1...
7.2
Umbraco: Hackers Can Become Admin by Misusing User Permissions
CVE-2026-31834
GHSA-rhcg-3h8r-v6vp
### Description
A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users with...
7.2
Name Directory plugin for WordPress lets attackers inject malicious code
CVE-2026-3178
The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name_directory_name' parameter in all versions up to, an...
7.2
WooCommerce Checkout Manager plugin allows malicious scripts on admin order pages
CVE-2026-3231
The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom radio and ch...
7.2
WordPress Plugin Allows Attackers to Inject Scripts into Admin Dashboard
CVE-2026-1454
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, ...
7.2
MR-GM5L-S1 and MR-GM5A-L1 allow unauthorized administrator commands
CVE-2026-20892
Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary comm...
8.6
AOS-CX Switches allow authenticated attackers to execute arbitrary OS commands
CVE-2026-23816
A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the und...
7.2
AOS-CX Switches: High-Privilege Command Injection via CLI
CVE-2026-23815
A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated remote attacker with high privileges to perform command i...
7.2
Lenovo Filez App Allows Malicious Code Execution via Man-in-the-Middle Attack
CVE-2026-2368
An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network ...
7.5
Lenovo Vantage and Lenovo Baiying: Malicious Registry Deletion
CVE-2026-1716
An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local aut...
6.9
Lenovo Vantage and Lenovo Baiying allow unauthorized registry modifications
CVE-2026-1715
An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local aut...
6.9
OpenProject: Users can delete budget assignments by mistake
CVE-2026-30239
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned ...
7.1
OpenClaw 2026.2.19-2 allows attackers to execute arbitrary commands
CVE-2026-32063
OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled e...
6.9
DukaPress plugin allows malicious code injection via user input
CVE-2026-2466
The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cr...
7.1
Flowise Server Exposed to Internal Network Access through Malicious Chatflows
CVE-2026-31829
GHSA-fvcw-9w9r-pxc7
**Description:**
Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default...
7.1
StudioCMS: Unsecured Token Revocation Risks Data Loss and Disruption
GHSA-8rgj-vrfr-6hqr
CVE-2026-30945
## Summary
The DELETE /studiocms_api/dashboard/api-tokens endpoint allows any authenticated user with editor privileges or above to revoke API tokens ...
7.1
Zoom Rooms for Windows in Kiosk Mode: Escalation of Privileges Possible
CVE-2026-30901
Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege v...
7.0
Shescape Fails to Escape Bash and BusyBox Glob Syntax
CVE-2026-32094
GHSA-9jfh-9xrq-4vwm
### Summary
`Shescape#escape()` does not escape square-bracket glob syntax for Bash, BusyBox `sh`, and Dash. Applications that interpolate the return...
6.9
CraftCMS allows attackers to inject malicious JavaScript code
GHSA-fvwq-45qv-xvhv
CVE-2026-31859
### Summary
The fix for CVE-2025-35939 in `craftcms/cms` introduced a `strip_tags()` call in `src/web/User.php` to sanitize return URLs before they a...
6.9
Cisco NCS 5500 and NCS 5700 routers: potential traffic disruption
CVE-2026-20118
A vulnerability in the handling of an Egress Packet Network Interface (EPNI) Aligner interrupt in Cisco IOS XR Software for Cisco Network Convergence ...
6.8
JetBrains Hub: Sign-in account mismatch without 2-Step Verification
CVE-2026-32229
In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled...
6.8
Gutena Forms plugin lets users with contributor access update sensitive settings
CVE-2026-1753
The Gutena Forms WordPress plugin before 1.6.1 does not validate option to be updated, which could allow contributors and above role to update arbitr...
6.8
Adobe Commerce: Unauthorized Access to Files Through Misused Path Names
CVE-2026-21360
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Limitation of a Path...
6.8
ThinkPad BIOS vulnerability allows local user to modify data and execute code
CVE-2026-0940
A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data a...
8.4
Dell Alienware Command Center: Unapproved Access to Sensitive Settings
CVE-2026-24510
Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerability. A low privileged attacker w...
6.7