ReportizFlow
Filtered by vendor
Subscriptions
Total
34647 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24733 | 2 Apache, Apache Tomcat | 2 Tomcat, Apache Tomcat | 2026-03-11 | 6.5 Medium |
| Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a (specification invalid) HEAD request using HTTP/0.9. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112. Older, EOL versions are also affected. Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue. | ||||
| CVE-2026-26310 | 1 Envoyproxy | 1 Envoy | 2026-03-11 | 5.9 Medium |
| Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, calling Utility::getAddressWithPort with a scoped IPv6 addresses causes a crash. This utility is called in the data plane from the original_src filter and the dns filter. This vulnerability is fixed in 1.37.1, 1.36.5, 1.35.8, and 1.34.13. | ||||
| CVE-2026-28446 | 1 Openclaw | 1 Openclaw | 2026-03-11 | 9.4 Critical |
| OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inbound access controls by placing calls with missing caller IDs or numbers ending with allowlisted digits to reach the voice-call agent and execute tools. | ||||
| CVE-2025-69651 | 1 Gnu | 1 Binutils | 2026-03-10 | 5.5 Medium |
| GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service. | ||||
| CVE-2025-43538 | 1 Apple | 2 Macos, Macos Sonoma | 2026-03-10 | 3.3 Low |
| A logging issue was addressed with improved data redaction. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. An app may be able to access sensitive user data. | ||||
| CVE-2026-24015 | 1 Apache | 1 Iotdb | 2026-03-10 | 9.8 Critical |
| A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue. | ||||
| CVE-2026-27723 | 2 Openproject, Opf | 2 Openproject, Openproject | 2026-03-10 | 4.3 Medium |
| OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2. | ||||
| CVE-2025-40594 | 1 Siemens | 6 Sinamics G220, Sinamics G220 Firmware, Sinamics S200 and 3 more | 2026-03-10 | 6.3 Medium |
| A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions < V6.4 HF7), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges. | ||||
| CVE-2026-24414 | 1 Icinga | 2 Icinga Powershell Framework, Powershell-framework | 2026-03-10 | 5.5 Medium |
| The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of Windows environments. In versions prior to 1.13.4, 1.12.4, and 1.11.2, permissions of the Icinga for Windows `certificate` directory grant every user read access, which results in the exposure of private key of the Icinga certificate for the given host. All installations are affected. Versions 1.13.4, 1.12.4, and 1.11.2 contains a patch. Please note that upgrading to a fixed version of Icinga for Windows will also automatically fix a similar issue present in Icinga 2, CVE-2026-24413. As a workaround, the permissions can be restricted manually by updating the ACL for the given folder `C:\Program Files\WindowsPowerShell\modules\icinga-powershell-framework\certificate` (and `C:\ProgramData\icinga2\var` to fix the issue for the Icinga 2 agent as well) including every sub-folder and item to restrict access for general users, only allowing the Icinga service user and administrators access. | ||||
| CVE-2026-23896 | 2 Immich, Immich-app | 2 Immich, Immich | 2026-03-10 | 7.2 High |
| immich is a high performance self-hosted photo and video management solution. Prior to version 2.5.0, API keys can escalate their own permissions by calling the update endpoint, allowing a low-privilege API key to grant itself full administrative access to the system. Version 2.5.0 fixes the issue. | ||||
| CVE-2026-27939 | 1 Statamic | 2 Cms, Statamic | 2026-03-10 | 8.8 High |
| Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensitive operations and, depending on the user’s existing permissions, may lead to privilege escalation. This has been fixed in 6.4.0. | ||||
| CVE-2025-61611 | 2 Linuxfoundation, Unisoc | 2 Yocto, Udx710 | 2026-03-10 | 7.5 High |
| In modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.. | ||||
| CVE-2025-61612 | 2 Google, Unisoc | 6 Android, T7300, T8100 and 3 more | 2026-03-10 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | ||||
| CVE-2025-61613 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2026-03-10 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | ||||
| CVE-2025-61614 | 2 Google, Unisoc | 6 Android, T7300, T8100 and 3 more | 2026-03-10 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | ||||
| CVE-2025-61615 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2026-03-10 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | ||||
| CVE-2025-61616 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2026-03-10 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | ||||
| CVE-2025-69278 | 2 Google, Unisoc | 6 Android, T7300, T8100 and 3 more | 2026-03-10 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | ||||
| CVE-2025-69279 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2026-03-10 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | ||||
| CVE-2026-2780 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-03-10 | 8.8 High |
| Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||