CVE Vulnerabilities - 16 March 2026

The Tenda AC8 router's IPv6 authentication can be bypassed remotely, allowing unauthorized access. This is a serious security risk because it lets attackers gain access to the router and potentially t...

An attacker can inject malicious code into a WordPress plugin's database queries, potentially allowing them to access sensitive information. This is a type of cyber attack that can happen if an attack...

Parse Server's default setting for anonymous user sign-ups leaves accounts open to takeover by hackers. This can happen if the server is not configured to check user names properly. To fix this, updat...

A bug in pyOpenSSL could cause a crash if a server is given a very long cookie value. This has been fixed by pyOpenSSL's developers, so you should update to the latest version to stay safe.

An unauthenticated Glances Browser API can expose server credentials to unauthorized users. This occurs when the Glances Browser/API instance is started without a password, allowing anyone with networ...

A security flaw in Authlib's JWS (JSON Web Signature) feature allows attackers to create fake tokens that can trick servers into accepting them as genuine. This bypasses authentication and authorizati...

Malicious URLs with underscores can bypass security checks in Spinnaker's clouddriver and orca components, allowing potential security breaches. This issue has been fixed in recent updates, and users ...

A security flaw in ONNX allows hackers to trick users into downloading and running malicious models from untrusted sources without any warnings. This can lead to sensitive information being stolen fro...

Glances web server exposes sensitive system information, including passwords, API keys, and tokens, to any network client without a password. This can happen if you run Glances with the `-w` option wi...

The Authlib library in certain configurations allows attackers to determine the validity of JSON Web Encryption (JWE) padding, potentially exposing sensitive data. This issue is present in any Authlib...

Glances, a server monitoring tool, has a security issue that allows an attacker on the same local network to steal login credentials. This happens when an attacker tricks the tool into thinking a fake...

Glances's default settings allow any website to access sensitive information about your system, such as monitoring data and configuration secrets, if you're using the Glances API. This is a concern be...

## 1. Executive Summary A critical library-level vulnerability was identified in the **Authlib** Python library concerning the validation of OpenID Connect (OIDC) ID Tokens. Specifically, the interna...

A vulnerability in SOLIDWORKS Desktop can allow hackers to run malicious code on your computer if you open a specially crafted file. This could lead to your computer being compromised and your data at...

IncusOS systems can be compromised if an attacker with physical access to the machine can substitute the root partition with a fake one. This allows the attacker to bypass encryption and access sensit...

Using a vulnerable version of the Leanprover Unicode Input Component can allow attackers to inject malicious code into your website. This can happen if you're using version 0.1.9 or earlier of the com...

Glances' API endpoint for displaying command-line arguments exposes sensitive information like password hashes and SNMP credentials when accessed without authentication. This allows unauthorized users...

LeafKit's data display feature can be bypassed, allowing hackers to inject malicious code. This can happen when displaying collections of data. To fix this, update LeafKit to the latest version or app...

The DiceBear Converter, used to generate avatars, can be forced to use up too much memory if it's given an SVG with very large width or height values. This can cause a server to become unresponsive. I...

The FastMCP OAuth Proxy incorrectly issues tokens for the wrong server, not the one it's supposed to be protecting. This means an attacker can trick the proxy into issuing tokens for their own server,...

If you're using multiple OAuth2 providers with Parse Server, a bug can let a token be accepted even if it shouldn't be. This happens because the same instance of the OAuth2 adapter is used for all pro...

Glances has a security risk in its DuckDB export feature, which could allow an attacker to manipulate database queries. This means an attacker might be able to access sensitive data or disrupt the dat...

Glances has a security issue where attackers can inject malicious commands if they can control a process name or container name. This could allow them to execute arbitrary system commands. To protect ...

A security issue in SiYuan's renderSprig feature allows any logged-in user to access all data in the workspace database, including sensitive information. This is because the feature is missing a cruci...

A security update is available for vsftpd on Red Hat systems. This update addresses a security weakness that could allow an attacker to execute arbitrary commands on a server without permission. Users...