Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 13 March 2026

RSS

114 vulnerabilities published on 13 March 2026

Severity:
GitLab Allows Attackers to Leak Private Project Data
CVE-2026-0602 BIT-gitlab-2026-0602
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could h...
4.3
Unauthorized Notes Can Be Created in WordPress Posts
CVE-2026-3906 BIT-wordpress-multisite-2026-3906
WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature (block-level collaboration annotations) was intro...
4.3
Gokapi Allows Users to Delete Other Users' Files
GHSA-j6jp-78w8-34x6 CVE-2026-30943
## Summary An insufficient authorization check in the file replace API allows a user with only list visibility permission (`UserPermListOtherUploads`...
4.1
GitLab Incorrectly Displays Repository Code Downloads
CVE-2026-1230 BIT-gitlab-2026-1230
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could ha...
4.1
GitLab users can access sensitive projects without permission
CVE-2025-12704 BIT-gitlab-2025-12704
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have...
3.5
OpenClaw: Local credentials may be used when they shouldn't be
GHSA-qvr7-g57c-mrc7
## Summary In affected versions of `openclaw`, local gateway helper credential resolution treated configured but unavailable `gateway.auth.token` and ...
2.5
GitLab Exposes Datadog API Keys for Maintainer Users
CVE-2025-12697 BIT-gitlab-2025-12697
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could h...
2.2
OpenClaw's Zalouser allows wrong groups to send messages
GHSA-f5mf-3r52-r83w
### Summary OpenClaw's Zalouser allowlist mode accepted mutable group names and normalized slugs as authorization matches instead of requiring stable...
Centrifugo's InsecureSkipTokenSignatureVerify flag silently disables JWT verification with no warning
GHSA-q926-c743-49qj
### Summary Centrifugo supports a configuration flag `insecure_skip_token_signature_verify` that completely disables JWT signature verification. When ...
Rootio ImageMagick: Unpatched Images Can Allow Remote Code Execution
ROOT-OS-DEBIAN-11-CVE-2026-25985
Root has patched CVE-2026-25985 in the rootio-imagemagick package for Root:Debian:11. Multiple fixed versions available....
Rootio-Imagemagick Allows Unauthenticated Access to Configuration
ROOT-OS-DEBIAN-11-CVE-2026-25989
Root has patched CVE-2026-25989 in the rootio-imagemagick package for Root:Debian:11. Multiple fixed versions available....
Rootio-imagemagick: Unauthorized Image Access via Malicious File
ROOT-OS-DEBIAN-11-CVE-2026-24481
Root has patched CVE-2026-24481 in the rootio-imagemagick package for Root:Debian:11. Multiple fixed versions available....
Rootio-imagemagick: Unpatched ImageMagick Library Allows Remote Code Execution
ROOT-OS-DEBIAN-11-CVE-2026-24485
Root has patched CVE-2026-24485 in the rootio-imagemagick package for Root:Debian:11. Multiple fixed versions available....
Rootio-Imagemagick: Unpatched Image Files Can Cause Code Execution
ROOT-OS-DEBIAN-11-CVE-2026-25794
Root has patched CVE-2026-25794 in the rootio-imagemagick package for Root:Debian:11. Multiple fixed versions available....
Rootio Imagick Image Processing Security Risk: Unauthorized Data Access
ROOT-OS-DEBIAN-11-CVE-2026-25965
Root has patched CVE-2026-25965 in the rootio-imagemagick package for Root:Debian:11. Multiple fixed versions available....
MINI-8vfj-rjvr-q4cc
MINI-8vfj-rjvr-q4cc
Adobe Acrobat Reader: Unrestricted File Access via Malicious PDF
MINI-2wwr-2w75-v3p4
MINI-64m2-q46f-6g5r
MINI-64m2-q46f-6g5r
WordPress Plugin Theme Editor Allows Unauthorized File Access
MINI-4pj2-9mw6-c8q7
rootio-nss: Unauthorized access to sensitive data
ROOT-OS-DEBIAN-11-CVE-2026-2781
Root has patched CVE-2026-2781 in the rootio-nss package for Root:Debian:11. Multiple fixed versions available....
rootio-linux: Unpatched Linux System Allows Unauthorized Access
ROOT-OS-UBUNTU-2404-CVE-2025-37933
Root has patched CVE-2025-37933 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available....
rootio-linux: Unpatched Root Access via Local File Inclusion
ROOT-OS-UBUNTU-2404-CVE-2023-52879
Root has patched CVE-2023-52879 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available....
rootio-linux: Remote attackers can access sensitive system data
ROOT-OS-UBUNTU-2404-CVE-2025-68220
Root has patched CVE-2025-68220 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available....
rootio-linux: Unpatched Root Access on Ubuntu Systems
ROOT-OS-UBUNTU-2404-CVE-2025-40098
Root has patched CVE-2025-40098 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available....
rootio-linux: Unpatched Systems at Risk of Data Theft
ROOT-OS-UBUNTU-2404-CVE-2025-40040
Root has patched CVE-2025-40040 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available....
12 Mar 2026 All days 14 Mar 2026