CVE Vulnerabilities - 16 March 2026

A security update is available for vsftpd on Red Hat systems, addressing a critical issue that could allow unauthorized access if exploited. This means hackers could potentially gain access to your se...

The OAuth2 login feature in Parse Server has a problem that can cause login failures or allow unauthorized access. This affects systems that use the OAuth2 adapter with specific settings. To fix the i...

If multiple sandboxes share the same environment, a malicious sandbox can cause another sandbox to use up its CPU or memory allowance, leading to unexpected behavior or crashes. To fix this, update to...

Glances' REST API and WebUI are still vulnerable to DNS rebinding attacks, which allow hackers to bypass browser security protections and access sensitive data. This is a separate issue from a previou...

An older version of the AWS API MCP Server software has a flaw that could allow unauthorized access to sensitive files. This could expose confidential information. To fix this, update to the latest ve...

WP EasyPay, a plugin used for payment processing, has a security issue that allows unauthorized users to access sensitive features. This affects versions 1 through 4.2.11. To fix, update to version 4....

Certain security settings are not properly enforced, allowing unauthorized users to view or modify events they shouldn't have access to. This affects users of Modern Events Calendar, specifically thos...

Memray versions before 1.19.2 can insert malicious code into HTML reports, which can be executed when a user opens the report in a browser. This can happen if an attacker has control over the process ...

The INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App on Android devices has a security flaw that could allow an attacker to access sensitive information. This flaw is present in version...

An issue in the StudioCMS REST API allows admins to see sensitive information about owner accounts, including IDs, usernames, display names, and email addresses. This is unexpected because the API is ...

The CityData CityChat app on Android stores sensitive credentials in an unprotected file. This means that if someone gains access to your device, they could potentially access your login information a...

A security issue in the Albert Health app on Android means that sensitive information, like passwords and access keys, are stored in a way that can be easily accessed by attackers if they have access ...

A previous version of pyOpenSSL allowed an attacker to bypass security features by causing a callback function to crash. This has been fixed, so connections will now be rejected if the callback fails....

A remote attacker can crash GoBGP's BGP daemon (gobgpd) by sending a specially crafted BGP message, making the system unavailable. This affects all systems running GoBGP gobgpd version 4.2.0. To fix, ...

A security issue in the Courses/Work Assignments module of gunet Open eClass v3.11 allows attackers to run malicious code on a website after uploading a specially crafted image file. This could potent...

This vulnerability report has been rejected due to a lack of evidence linking it to a specific security issue. As a result, there is no identified risk to be concerned about. No action is required.

This is not a legitimate vulnerability report. It appears to be a rejected candidate number with no associated issue. No action is required.

This candidate was not associated with a known vulnerability in 2025. However, since it's not clear what software or issue this pertains to, we can't provide further information or guidance. It's like...

Adobe Acrobat Reader users are at risk of having malicious code run on their computers if they open a specially crafted PDF file. This could lead to data theft, system compromise, or other malicious a...

Log4j, a popular logging library used in many Java applications, contains a security weakness that could allow an attacker to inject malicious code and execute it on a server. This could potentially a...

Using LibreChat RAG API version 0.7.0, an attacker can manipulate log entries. This makes it difficult to trust the accuracy of the logs. Upgrade to a fixed version to prevent forged log entries.

A security flaw in the OpenEDR 2.5.1.0 kernel driver lets an unauthorized user, with normal user privileges, take control of the entire computer. This can happen if an attacker tricks the system into ...