Security Vulnerabilities
IBM Aspera faspio Gateway 1.3.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information
CVSS Score
5.1
EPSS Score
0.0
Published
2026-03-03
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component.
CVSS Score
6.3
EPSS Score
0.0
Published
2026-03-03
A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function child_process.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may be performed from remote. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The patch is identified as 30a6b9e1c7fa6146f51e28d6ab83a2568d9a3488. It is best practice to apply a patch to resolve this issue.
CVSS Score
6.3
EPSS Score
0.004
Published
2026-03-03
In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-03-03
Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_parcel_type.php.
CVSS Score
2.7
EPSS Score
0.0
Published
2026-03-03
Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_carrier.php.
CVSS Score
7.2
EPSS Score
0.0
Published
2026-03-03
dr_libs version 0.14.4 and earlier (fixed in commit 8a7258c) contain a heap buffer overflow vulnerability in the drwav__read_smpl_to_metadata_obj() function of dr_wav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 and unconditional processing in pass 2 to overflow heap allocations with 36 bytes of attacker-controlled data through any drwav_init_*_with_metadata() call on untrusted input.
CVSS Score
7.3
EPSS Score
0.0
Published
2026-03-03
IBM webMethods API Gateway (on-prem) 10.11 through 10.11_Fix3210.15 to 10.15_Fix2711.1 to 11.1_Fix7 IBM webMethods API Management (on-prem) fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI schema instead of the expected https:// schema, enabling unauthorized arbitrary file read access on the underlying server file system.
CVSS Score
6.5
EPSS Score
0.001
Published
2026-03-03
HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was
remediated with HP System Event Utility version 3.2.16.
CVSS Score
7.1
EPSS Score
0.0
Published
2026-03-03
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_supplier.php.
CVSS Score
2.7
EPSS Score
0.0
Published
2026-03-03