Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 12 March 2026

RSS

831 vulnerabilities published on 12 March 2026

Severity:
Projectsend versions up to r1945 allow attackers to manipulate user data
CVE-2026-4045
A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of ...
6.3
Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1: Attack via athlete name input
CVE-2026-3984
A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of ...
5.1
Campcodes Game Result Matrix System 2.1: Remote Code Injection Risk
CVE-2026-3983
A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the fi...
5.1
OpenClaw Tools Allow Local Access to Sensitive Information
GHSA-xjj9-2w6f-jg55
### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of [OTHER GHSA-ID]. This link is maintained to preserve external ref...
4.8
OpenClaw: Local Access Can Expose Sensitive Information
CVE-2026-4040
A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handle...
4.8
Rxi FE: Local File Access via Out-of-Bounds Read
CVE-2026-4012
A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The impacted element is the function read_ of the file src/fe...
1.9
Pocketlang May Cause Data Corruption with Large Input
CVE-2026-4010
A vulnerability was found in ThakeeNathees pocketlang up to cc73ca61b113d48ee130d837a7a8b145e41de5ce. The affected element is the function pkByteBuffe...
4.8
Jarikomppa Soloud WAV File Parsing Bug Can Cause Data Exposure
CVE-2026-4009
A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__msadpcm in the library src/aud...
4.8
Keycloak: Unauthorized Access to User Organization Memberships
CVE-2026-2366 GHSA-r8jr-wg88-fq5c
A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without admini...
3.1
Sveltejs devalue functions can pollute object prototypes
GHSA-mwv9-gp5h-frr4
In some circumstances, `devalue.parse` and `devalue.unflatten` could emit objects with `__proto__` own properties. This in and of itself is not a secu...
2.7
TAR file module misinterprets certain archive types
CVE-2025-13462
The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_...
2.0
SQLite Zip Function Fails to Protect Sensitive Data in ZIP Files
CVE-2025-70873
An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap ...
Asseco SEE Live 2.0 allows authenticated users to access local files via email and attachments
CVE-2025-66955
Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the h...
LibreDWG: Malicious DWG files can crash the software
CVE-2025-61154
Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.7571 up to v0.13.3.7835 allows a crafted DWG file to cause a Denial of Service (DoS) v...
OpenSSH Security Risk: Crash or Code Execution
USN-8090-2
USN-8090-1 fixed vulnerabilities in OpenSSH. This update provides the corresponding updates for Ubuntu 20.04 LTS. Original advisory details: Jeremy ...
OpenSSH Crash or Code Execution from Malicious Usernames
USN-8090-1
Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly handled disconnecting clients. In non-default configurations where the GSSAPI...
Backstage Auth Backend Allows Attackers to Access Internal Resources
GHSA-qp4c-xg64-7c6x CVE-2026-32236
### Impact ...
0.0
Kora Token Payment Verification Error Causes Paymaster Losses
GHSA-725g-w329-g7qr
## Summary When a user pays transaction fees using a Token-2022 token with a `TransferFeeConfig` extension, Kora's `verify_token_payment()` credits t...
Unhead Allows Malicious CSS Injection via Case-Sensitive URI Scheme Bypass
GHSA-5339-hvwr-7582 CVE-2026-31873
The `link.href` check in `makeTagSafe` (safe.ts, line 68-71) uses `String.includes()`, which is case-sensitive: ```typescript if (key === 'href') { ...
0.0
rootio-linux: Unpatched Software Allows Unauthorized Configuration Changes
ROOT-OS-DEBIAN-11-CVE-2022-49610
Root has patched CVE-2022-49610 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available....
rootio-linux: Malicious Code Injection via Specially Crafted Input
ROOT-OS-DEBIAN-11-CVE-2022-3344
Root has patched CVE-2022-3344 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available....
rootio-linux: Unauthorized Access to Root System
ROOT-OS-DEBIAN-11-CVE-2025-22026
Root has patched CVE-2025-22026 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available....
rootio-linux: Unauthenticated Access to Root Account
ROOT-OS-DEBIAN-11-CVE-2025-39835
Root has patched CVE-2025-39835 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available....
Rootio Linux: Unauthenticated Remote Code Execution via Network
ROOT-OS-DEBIAN-11-CVE-2022-50336
Root has patched CVE-2022-50336 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available....
rootio-linux: unauthorized access to sensitive files
ROOT-OS-DEBIAN-11-CVE-2024-36029
Root has patched CVE-2024-36029 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available....
11 Mar 2026 All days 13 Mar 2026