CVE Vulnerabilities - 16 March 2026

An attacker can inject malicious code into a WordPress plugin's database queries, potentially allowing them to access sensitive information. This is a type of cyber attack that can happen if an attack...

Parse Server's default setting for anonymous user sign-ups leaves accounts open to takeover by hackers. This can happen if the server is not configured to check user names properly. To fix this, updat...

A security flaw in Authlib's JWS (JSON Web Signature) feature allows attackers to create fake tokens that can trick servers into accepting them as genuine. This bypasses authentication and authorizati...

Malicious URLs with underscores can bypass security checks in Spinnaker's clouddriver and orca components, allowing potential security breaches. This issue has been fixed in recent updates, and users ...

The FastMCP OAuth Proxy incorrectly issues tokens for the wrong server, not the one it's supposed to be protecting. This means an attacker can trick the proxy into issuing tokens for their own server,...

## 1. Executive Summary A critical library-level vulnerability was identified in the **Authlib** Python library concerning the validation of OpenID Connect (OIDC) ID Tokens. Specifically, the interna...

The Authlib library in certain configurations allows attackers to determine the validity of JSON Web Encryption (JWE) padding, potentially exposing sensitive data. This issue is present in any Authlib...

A vulnerability in SOLIDWORKS Desktop can allow hackers to run malicious code on your computer if you open a specially crafted file. This could lead to your computer being compromised and your data at...

The DiceBear Converter, used to generate avatars, can be forced to use up too much memory if it's given an SVG with very large width or height values. This can cause a server to become unresponsive. I...

If you're using multiple OAuth2 providers with Parse Server, a bug can let a token be accepted even if it shouldn't be. This happens because the same instance of the OAuth2 adapter is used for all pro...

A previous version of pyOpenSSL allowed an attacker to bypass security features by causing a callback function to crash. This has been fixed, so connections will now be rejected if the callback fails....

A security update is available for vsftpd on Red Hat systems. This update addresses a security weakness that could allow an attacker to execute arbitrary commands on a server without permission. Users...

A security update is available for vsftpd on Red Hat systems, addressing a critical issue that could allow unauthorized access if exploited. This means hackers could potentially gain access to your se...

The OAuth2 login feature in Parse Server has a problem that can cause login failures or allow unauthorized access. This affects systems that use the OAuth2 adapter with specific settings. To fix the i...

WP EasyPay, a plugin used for payment processing, has a security issue that allows unauthorized users to access sensitive features. This affects versions 1 through 4.2.11. To fix, update to version 4....

Certain security settings are not properly enforced, allowing unauthorized users to view or modify events they shouldn't have access to. This affects users of Modern Events Calendar, specifically thos...

The INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App on Android devices has a security flaw that could allow an attacker to access sensitive information. This flaw is present in version...

A security issue in the Albert Health app on Android means that sensitive information, like passwords and access keys, are stored in a way that can be easily accessed by attackers if they have access ...

Using LibreChat RAG API version 0.7.0, an attacker can manipulate log entries. This makes it difficult to trust the accuracy of the logs. Upgrade to a fixed version to prevent forged log entries.

A security flaw in the OpenEDR 2.5.1.0 kernel driver lets an unauthorized user, with normal user privileges, take control of the entire computer. This can happen if an attacker tricks the system into ...

A local attacker with malicious intent can rename a malicious file to mimic a trusted system process, potentially allowing them to access sensitive features of OpenEDR. This is a significant concern a...

An attacker can inject malicious comments into NetBox's comment field, which can be viewed by other users and potentially cause them to see incorrect or misleading information on the screen. This coul...

Adobe Acrobat Reader has a bug that can cause it to crash if you open a specially crafted PDF file. This is a serious issue because it can leave your computer open to other types of attacks. To stay s...

A bug in Microsoft Windows SMB Server can allow attackers to access sensitive data on a network. This could happen if an attacker can connect to the server and exploit the vulnerability. Update your s...