Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 12 March 2026

RSS

830 vulnerabilities published on 12 March 2026

Severity:
Multipart library vulnerable to slow-down attacks on request headers
CVE-2026-28356 GHSA-p2m9-wcp5-6qw3
## Summary The `parse_options_header()` function in `multipart.py` uses a regular expression with an *ambiguous alternation*, which can cause *expone...
7.5
Jettweb PHP News Site Script V3 Allows Unauthenticated Admin Access
CVE-2019-25515
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenti...
8.7
ImageMagick's JBIG Decoder Can Crash or Cause Data Corruption
CVE-2026-28691 GHSA-wj8w-pjxf-9g4f
An uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check....
7.5
My Sticky Bar plugin for WordPress exposes sensitive data to attackers
CVE-2026-3657
The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the `stickymenu_contact_lead_form` AJAX action in all versions up to, and in...
7.5
Parse Server's OAuth2 adapter can validate wrong provider's tokens
GHSA-2cjm-2gwv-m892 CVE-2026-32242
### Impact Parse Server's built-in OAuth2 auth adapter exports a singleton instance that is reused directly across all OAuth2 provider configurations...
9.1
TinaCMS: Malicious File Uploads Can Write to Arbitrary Locations
CVE-2026-28791 GHSA-5hxf-c7j4-279c
Tina is a headless content management system. Prior to 2.1.7, a path traversal vulnerability exists in the TinaCMS development server's media upload h...
7.4
ImageMagick: Image data can be written outside its boundaries
CVE-2026-25968 GHSA-3mwp-xqp2-q6ph
A stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory corrupti...
7.4
itsourcecode Online Doctor Appointment System: SQL Injection via Doctor ID
CVE-2026-3981
A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor_action.php. ...
6.9
itsourcecode Online Doctor Appointment System: Patient ID Manipulation Risk
CVE-2026-3980
A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patient_actio...
6.9
FeMiner wms 1.0: Malicious Input Can Expose Sensitive Data
CVE-2026-3969
A vulnerability was detected in FeMiner wms up to 1.0. This impacts an unknown function of the file /wms-master/src/basic/depart/depart_add_bg.php of ...
6.9
Placeto CMS Alpha rv.4: Malicious Database Access Through Admin Panel
CVE-2019-25529
Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL cod...
7.1
Clinic Pro Lets Authorized Users Access Sensitive Data
CVE-2019-25473
Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the...
7.1
LINE Configuration Allows Unauthorized Access to Groups
GHSA-gp3q-wpq4-5c5h
### Summary In specific LINE configurations, sender IDs approved through DM pairing could also satisfy group allowlist checks when operators expected ...
7.1
OliveTin EventStream Leaks Sensitive Information to Unprivileged Users
CVE-2026-32102 GHSA-228v-wc5r-j8m7
### Summary OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-...
7.1
ImageMagick allows attackers to crash the application
CVE-2026-28494 GHSA-932h-jw47-73jm
A stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into...
7.1
OpenClaw: Malicious Files Can Be Written Outside Workspace
GHSA-qcc4-p59m-p54m
### Summary A sandbox boundary-validation gap in symlink alias handling allowed certain workspace-only write paths to be treated as in-boundary even w...
7.0
Linux distributions' OpenSSH GSSAPI patch may crash or behave erratically.
CVE-2026-3497
Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linu...
6.9
Trane HVAC Systems: Hard-coded Credentials Exposed to Attack
CVE-2026-28256
A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclos...
6.9
Trane Tracer SC: Unauthenticated Access to Sensitive Information
CVE-2026-28254
A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive...
6.9
Kora-lib: Unchecked Fee Payers in Unrecognized Instructions
GHSA-x442-m7cc-hr92
## Summary When inner CPI instructions use instruction types not recognized by Kora's parser (including Token-2022 extension instructions like `Confi...
6.9
OpenClaw's MS Teams Plugin Allows Unauthorized Senders
GHSA-g7cr-9h7q-4qxq
OpenClaw's Microsoft Teams plugin widened group sender authorization when a team/channel route allowlist was configured but `groupAllowFrom` was empty...
6.9
OpenClaw Installer Can Write Files Outside Intended Tools Directory
GHSA-vhwf-4x96-vqx2
OpenClaw's skills download installer validated the intended per-skill tools root lexically, but later reused that mutable path while downloading and c...
6.9
OliveTin's email check logs user-submitted email addresses
GHSA-xx6g-43w2-9g6g
### Summary The typeSafetyCheckEmail() function in service/internal/executor/arguments.go calls log.Errorf() on every invocation including when valida...
6.9
ImageMagick's MNG Encoder Can Be Forced to Crash or Run Malicious Code
CVE-2026-28690 GHSA-7h7q-j33q-hvpf
A stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-contro...
6.9
ASUS Business System Control Interface driver can leak system info or crash
CVE-2025-15038
An Out-of-Bounds Read vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivilege...
6.9
11 Mar 2026 All days 13 Mar 2026