Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 11 March 2026
RSS362 vulnerabilities published on 11 March 2026
Severity:
FastGPT 4.14.7 and earlier allows arbitrary file creation/overwrites
CVE-2026-32128
FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox (fastgpt-sandbox) includes guardrails intended to prevent fi...
6.3
elecV2P 3.8.3 Allows Remote Code Injection
CVE-2026-3955
A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-ma...
5.3
OPNsense Firewall and Routing Platform Allows Unauthorized Configuration Changes
CVE-2026-30868
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.4, multiple OPNsense MVC API endpoints perform state‑changing operations but ...
6.3
Splunk: Low-Privilege Users Can Access Sensitive Data
CVE-2026-20165
In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.1...
6.3
Splunk Enterprise, Cloud Platform: Malicious Code Can Run in Browser
CVE-2026-20162
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11...
6.3
Parse Server allows attackers to steal user data via uploaded files
GHSA-v5hf-f4c3-m5rv
CVE-2026-31868
### Impact
An attacker can upload a file with a file extension or content type that is not blocked by the default configuration of the Parse Server `...
6.3
R on Windows: Malicious Code Can Bypass Security Protections
CVE-2019-25485
R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP a...
6.9
WinMPG iPod Convert 3.0 Crashes When Given Oversized Registration Input
CVE-2019-25484
WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supply...
6.9
RAR Password Recovery 1.80 Crashes with Oversized Registration Input
CVE-2019-25477
RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized pay...
6.9
Outlook Password Recovery 2.10 Crashes from Oversized Text Entry
CVE-2019-25476
Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized...
6.9
SQL Server Password Changer Crashes from Oversized Input
CVE-2019-25475
SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversiz...
6.9
Easy MP3 Downloader 4.7.8.8 Crashes if Given an Extremely Long Unlock Code
CVE-2019-25474
Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively ...
6.9
Folder Lock 7.7.9 Crashes When Given Too Much Data
CVE-2019-25469
Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the applicatio...
6.9
SpotIE Password Recovery Crashes with Long Registration Key
CVE-2019-25463
SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local atta...
6.9
GNU C Library Crash Risk with nscd
CVE-2026-3904
Calling NSS-backed functions that support caching via nscd may call the
nscd client side code and in the GNU C Library version 2.36 under high
load ...
6.2
GNU C Library (nscd client) on x86_64 may crash under high load
CVE-2026-3904
Calling NSS-backed functions that support caching via nscd may call the
nscd client side code and in the GNU C Library version 2.36 under high
load ...
6.2
Lenovo Smart Connect Driver: Memory Corruption via Local Authenticated Attack
CVE-2026-1652
A potential buffer overflow vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated u...
6.9
Cisco Unified CCX Web Interface Allows Unauthenticated XSS Attacks
CVE-2026-20117
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote att...
6.1
Cisco Contact Center Software Allows Malicious Code Injection
CVE-2026-20116
A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise (Packaged CCE), Cisco Unified C...
6.1
Traefik: Hijacking traffic by injecting malicious gateway rules
GHSA-8q2w-wr49-whqj
CVE-2026-29777
## Summary
There is a potential vulnerability in Traefik's Kubernetes Gateway provider related to rule injection.
A tenant with write access to an H...
6.1
IFTOP by WellChoose: Malicious Code Runs in User Browsers
CVE-2026-3825
IFTOP developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScr...
5.1
IFTOP by WellChoose: Malicious Redirects Possible via Crafted URLs
CVE-2026-3824
IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote attackers to craft a URL that tricks users into visiti...
5.1
spin.js Versions Before 3.0.0 Allow Malicious Website Attacks
CVE-2026-3884
Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting (XSS) via the spin() function that allows a creation of more than ...
2.0
LatePoint WordPress Plugin: Attackers can trick admins into adding malicious scripts
CVE-2026-2324
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions u...
6.1
RTMKit Plugin for WordPress: Unauthenticated Script Injection via Theme Builder
CVE-2025-12473
The RTMKit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'themebuilder' parameter in all versions up to, and including,...
6.1