Overview
- OpenClaw
- OpenClaw
05 Mar 2026
Published
06 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
Pending
KEV
Description
OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inbound access controls by placing calls with missing caller IDs or numbers ending with allowlisted digits to reach the voice-call agent and execute tools.
Statistics
- 1 Post
Last activity: 23 hours ago
Overview
- siyuan-note
- siyuan
06 Mar 2026
Published
06 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.3)
EPSS
0.03%
KEV
Description
SiYuan is a personal knowledge management system. Prior to version 3.5.9, an unauthenticated reflected XSS vulnerability exists in the dynamic icon API endpoint "GET /api/icon/getDynamicIcon" when type=8, attacker-controlled content is embedded into SVG output without escaping. Because the endpoint is unauthenticated and returns image/svg+xml, a crafted URL can inject executable SVG/HTML event handlers (for example onerror) and run JavaScript in the SiYuan web origin. This can be chained to perform authenticated API actions and exfiltrate sensitive data when a logged-in user opens the malicious link. This issue has been patched in version 3.5.9.
Statistics
- 1 Post
Last activity: 23 hours ago
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 1 Post
Last activity: 23 hours ago
Overview
- Microsoft
- Microsoft SQL Server 2016 Service Pack 3 (GDR)
10 Mar 2026
Published
10 Mar 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
Pending
KEV
Description
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
Statistics
- 1 Post
Last activity: 23 hours ago
Overview
- Microsoft
- Microsoft Devices Pricing Program
05 Mar 2026
Published
10 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.40%
KEV
Description
Microsoft Devices Pricing Program Remote Code Execution Vulnerability
Statistics
- 1 Post
Last activity: 23 hours ago
Overview
- Microsoft
- .NET 10.0
10 Mar 2026
Published
10 Mar 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV
Description
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
Statistics
- 1 Post
Last activity: 23 hours ago