THREAT ALERT

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — March 06, 2026

209 CVEs tracked today. 25 Critical, 96 High, 81 Medium, 2 Low.

CVE-2026-30831 CRITICAL CVSS 9.8
Auth bypass in Rocket.Chat before 7.10.8+. Second auth bypass CVE.

Authentication Bypass Rocket.Chat
CVE-2026-29789 CRITICAL CVSS 9.9
Missing authorization in Vito server management before 3.20.3. CVSS 9.9.

PHP Authentication Bypass Vito
CVE-2026-29183 CRITICAL CVSS 9.3
Reflected XSS in SiYuan knowledge management before 3.5.9.

XSS Siyuan
CVE-2026-29065 CRITICAL CVSS 9.1
Zip Slip in changedetection.io before 0.54.4 via backup restore. PoC and patch available.

Path Traversal Changedetection
CVE-2026-29058 CRITICAL CVSS 9.8
Unauthenticated OS command injection in AVideo before 7.0.

Command Injection Avideo Encoder
CVE-2026-29042 CRITICAL CVSS 9.8
Shell command injection in Nuclio serverless framework before 1.15.20. PoC and patch available.

Command Injection AI / ML Nuclio
CVE-2026-28802 CRITICAL CVSS 9.8
JWT verification bypass in Authlib 1.6.5-1.6.6. PoC and patch available.

Python Authlib
CVE-2026-28795 CRITICAL CVSS 9.8
Path traversal in OpenChatBI before fix. PoC and patch available.

Path Traversal AI / ML Openchatbi
CVE-2026-28794 CRITICAL CVSS 9.8
Prototype pollution in oRPC before 1.13.6. PoC and patch available.

Node.js RCE Denial Of Service Authentication Bypass Deserialization
CVE-2026-28785 CRITICAL CVSS 9.8
SQL injection in Ghostfolio before 2.244.0 via symbol validation bypass. Patch available.

RCE SQLi Ghostfolio
CVE-2026-28710 CRITICAL CVSS 9.8
Improper authentication in Acronis Cyber Protect 17.

Linux Windows Information Disclosure Cyber Protect
CVE-2026-28680 CRITICAL CVSS 9.3
SSRF in Ghostfolio wealth management before 2.245.0. Patch available.

SSRF Ghostfolio
CVE-2026-28514 CRITICAL CVSS 9.8
Auth bypass in Rocket.Chat before 7.8.6+. Multiple versions affected.

Authentication Bypass Rocket.Chat
CVE-2026-28501 CRITICAL CVSS 9.8
Unauthenticated SQL injection in AVideo before 24.0.

PHP SQLi Avideo
CVE-2026-28497 CRITICAL CVSS 9.1
Integer overflow in TinyWeb before 2.03.

Integer Overflow Authentication Bypass Tinyweb
CVE-2026-28438 CRITICAL CVSS 9.8
SQL injection in CocoIndex Doris connector before 0.3.34. Patch available.

SQLi AI / ML Cocoindex
CVE-2026-27005 CRITICAL CVSS 9.8
SQL injection in Chartbrew before 4.8.3. PoC available.

MySQL PostgreSQL Chartbrew
CVE-2026-26288 CRITICAL CVSS 9.4
WebSocket auth bypass — same family.

Privilege Escalation
CVE-2026-26051 CRITICAL CVSS 9.4
WebSocket auth bypass — same industrial platform family.

Privilege Escalation
CVE-2026-22552 CRITICAL CVSS 9.4
WebSocket auth bypass — same family as earlier industrial WebSocket CVEs.

Privilege Escalation
CVE-2026-2446 CRITICAL CVSS 9.8
Auth bypass in PowerPack for LearnDash WordPress plugin before 1.3.0.

WordPress
CVE-2026-2331 CRITICAL CVSS 9.8
Unauthenticated file read/write via AppEngine Fileaccess over HTTP.

Path Traversal Information Disclosure
CVE-2026-2330 CRITICAL CVSS 9.4
Filesystem access via CROWN REST interface on industrial device. EPSS 0.25%.

Path Traversal Information Disclosure
CVE-2025-59543 CRITICAL CVSS 9.0
Second stored XSS in Chamilo LMS before 1.11.34.

XSS Chamilo Lms
CVE-2025-59542 CRITICAL CVSS 9.0
Stored XSS in Chamilo LMS before 1.11.34.

XSS Chamilo Lms
CVE-2026-30846 HIGH CVSS 7.5
Wekan versions 8.31.0 through 8.33 expose global webhook configurations including sensitive URLs and authentication tokens through an unauthenticated server-side publication, allowing any network-based attacker to retrieve webhook credentials without authentication. An attacker exploiting this vulnerability could hijack webhook integrations and gain unauthorized access to connected external services. The vulnerability has been patched in version 8.34.

Authentication Bypass Information Disclosure Wekan
CVE-2026-30845 HIGH CVSS 8.2
Wekan versions 8.31.0 through 8.33 expose webhook URLs and authentication tokens to all board members through unfiltered publication of integration data, allowing any user with board access—including read-only members and users on public boards—to retrieve sensitive credentials. Attackers can leverage these exposed tokens to make unauthorized requests to connected external services and trigger unintended actions. The vulnerability affects Wekan's board composite publication mechanism and has been patched in version 8.34.

Information Disclosure Wekan
CVE-2026-30844 HIGH CVSS 8.1
Server-Side Request Forgery in Wekan 8.32-8.33 allows authenticated users to force the server to make arbitrary HTTP requests by supplying malicious attachment URLs during board imports from JSON data or Trello. An attacker could exploit this to access internal network services, cloud metadata endpoints, or expose sensitive credentials without any URL validation occurring on the server side.

SSRF Wekan
CVE-2026-30244 HIGH CVSS 7.5
Unauthenticated attackers can enumerate workspace members and harvest sensitive information including email addresses, user roles, and internal identifiers from Plane prior to version 1.2.2 due to misconfigured Django REST Framework permissions. The vulnerability requires no authentication or user interaction and allows remote attackers to directly access protected endpoints over the network. No patch is currently available for affected Golang and Django deployments.

Golang Django Plane
CVE-2026-30242 HIGH CVSS 8.5
Plane is an an open-source project management tool. [CVSS 8.5 HIGH]

SSRF Plane
CVE-2026-30241 HIGH CVSS 8.2
Mercurius versions prior to 16.8.0 fail to validate GraphQL subscription query depth limits over WebSocket connections, allowing remote attackers to bypass depth restrictions that are properly enforced for HTTP queries. An attacker can exploit this to submit arbitrarily nested subscription queries that cause denial of service through exponential data resolution on schemas with recursive types. A patch is available in version 16.8.0.

Denial Of Service Mercurius
CVE-2026-30230 HIGH CVSS 8.2
self-hostable file sharing platform that integrates with screenshot tools. versions up to 1.7.2 is affected by authorization bypass through user-controlled key.

Authentication Bypass
CVE-2026-30229 HIGH CVSS 7.2
Improper authorization in Parse Server versions prior to 8.6.6 and 9.5.0-alpha.4 allows read-only master key holders to bypass access controls via the /loginAs endpoint and obtain valid session tokens for arbitrary users. An attacker with readOnlyMasterKey credentials can impersonate any user and gain full read and write access to their data. All Parse Server deployments utilizing readOnlyMasterKey functionality are affected, and no patch is currently available.

Node.js Parse Server
CVE-2026-30223 HIGH CVSS 8.8
OliveTin gives access to predefined shell commands from a web interface. [CVSS 8.8 HIGH]

Authentication Bypass Olivetin
CVE-2026-29788 HIGH CVSS 7.5
TSPortal versions prior to 30 contain a logic flaw where empty strings are converted to null values, enabling attackers to forge Data Protection Act reports as legitimate user deletion requests. This affects the WikiTide Foundation's Trust and Safety platform and could allow misuse of the reporting system to obscure malicious activity. Public exploit code exists, and no patch is currently available for affected deployments.

Information Disclosure Tsportal
CVE-2026-29182 HIGH CVSS 7.2
Parse Server's readOnlyMasterKey incorrectly permits write operations on Cloud Hooks and Cloud Jobs despite being documented to deny mutations, allowing authenticated attackers with knowledge of the key to create, modify, and delete hooks or trigger jobs for potential data exfiltration. This vulnerability affects all Parse Server deployments using the readOnlyMasterKey option and has been patched in versions 8.6.4 and 9.4.1-alpha.3.

Node.js Parse Server
CVE-2026-29093 HIGH CVSS 8.1
Memcached session storage exposure in AVideo prior to version 24.0 allows unauthenticated remote attackers to read, modify, or delete user sessions by accessing the publicly exposed memcached service on port 11211. An attacker with network access to this port can hijack admin accounts, impersonate users, or destroy all active sessions without any authentication. This affects the official Docker deployment configuration for PHP, Docker, and AVideo products.

PHP Docker Authentication Bypass Avideo
CVE-2026-29091 HIGH CVSS 8.1
Remote code execution in Locutus prior to version 3.0.0 allows unauthenticated remote attackers to execute arbitrary JavaScript code through improper validation in the call_user_func_array function, which unsafely passes user-controlled callback parameters to eval(). Applications using the vulnerable versions of this JavaScript standard library implementation are at risk of complete compromise through network-based attacks. No patch is currently available for affected deployments.

RCE Code Injection Locutus
CVE-2026-29089 HIGH CVSS 8.8
Arbitrary code execution in TimescaleDB 2.23.0 through 2.25.1 allows local authenticated users to execute malicious functions by shadowing built-in PostgreSQL functions through user-writable schemas in the search_path setting during extension upgrades. An attacker with database access can create malicious functions in writable schemas that are invoked instead of legitimate PostgreSQL functions, resulting in code execution with database privileges. No patch is currently available for affected installations.

PostgreSQL RCE Timescaledb
CVE-2026-29087 HIGH CVSS 7.5
@hono/node-server versions prior to 1.19.10 contain an authorization bypass in static file serving due to inconsistent URL decoding between routing middleware and file resolution logic. An unauthenticated remote attacker can bypass route-based access controls by crafting requests with encoded slashes (%2F) to access protected static resources that should be restricted by middleware. Organizations running affected versions should upgrade immediately as no workaround is available.

Node.js
CVE-2026-29082 HIGH CVSS 7.3
Kestra versions 1.1.10 and earlier allow authenticated users to perform cross-site scripting (XSS) attacks through the execution-file preview feature, which renders unsanitized Markdown as HTML. An attacker with login credentials can inject malicious scripts that execute in other users' browsers, potentially leading to session hijacking or credential theft. Public exploit code exists and no patch is currently available.

XSS Kestra
CVE-2026-29075 HIGH CVSS 8.3
Unsafe checkout of untrusted code in Mesa's benchmarks.yml GitHub Actions workflow prior to version 3.5.1 enables arbitrary code execution with elevated privileges on CI/CD runners. An attacker can exploit this by submitting malicious pull requests to execute commands in the privileged runner environment, potentially compromising the build pipeline and downstream users. A patch is available in commit c35b8cd.

Python AI / ML Mesa
CVE-2026-29074 HIGH CVSS 7.5
Denial of service in SVGO versions 2.1.0-2.8.0, 3.0.0-3.3.2, and before 4.0.1 allows unauthenticated attackers to crash the Node.js process through XML entity expansion attacks, with a minimal 811-byte payload triggering heap exhaustion. Public exploit code exists for this vulnerability, and no patch is currently available. Affected users of SVGO, Node.js, and Golang implementations should restrict input sources until updates are released.

Node.js Golang Denial Of Service Svgo
CVE-2026-29073 HIGH CVSS 8.8
SQL injection in SiYuan prior to version 3.6.0 allows any authenticated user, including those with read-only access, to execute arbitrary database queries through the /api/query/sql endpoint due to insufficient authorization checks. Public exploit code exists for this vulnerability, enabling attackers to extract sensitive data or modify the knowledge base contents. No patch is currently available for affected versions.

SQLi Siyuan
CVE-2026-29068 HIGH CVSS 7.5
PJSIP versions prior to 2.17 are vulnerable to a stack buffer overflow in the RTP payload parsing mechanism when processing more frames than allocated buffers can accommodate, enabling remote denial of service attacks over the network without authentication. An attacker can trigger a crash by sending specially crafted RTP packets containing excessive frame data, causing the application to become unavailable.

Buffer Overflow Pjsip
CVE-2026-29064 HIGH CVSS 8.2
Zarf is an Airgap Native Packager Manager for Kubernetes. [CVSS 8.2 HIGH]

Kubernetes Path Traversal Zarf
CVE-2026-29062 HIGH CVSS 7.5
Jackson Core versions 3.0.0 through 3.0.x fail to enforce maximum nesting depth limits in UTF8DataInputJsonParser and ReaderBasedJsonParser, allowing attackers to craft deeply nested JSON documents that trigger StackOverflowError and crash the application. This denial of service vulnerability affects any Java application using the vulnerable Jackson Core versions to parse untrusted JSON input. A patch is available in version 3.1.0.

Java Denial Of Service Jackson Core
CVE-2026-29046 HIGH CVSS 8.2
TinyWeb versions prior to 2.04 fail to properly sanitize control characters and encoded sequences (CR, LF, NUL) in HTTP request headers, allowing attackers to inject malicious values into CGI environment variables and bypass parser validation. This network-accessible vulnerability enables header injection attacks that could lead to data corruption or denial of service without requiring authentication. No patch is currently available for affected deployments.

Information Disclosure Tinyweb
CVE-2026-29041 HIGH CVSS 8.8
Authenticated arbitrary code execution in Chamilo LMS versions prior to 1.11.34 allows low-privileged users to bypass file upload restrictions through MIME-type spoofing and execute malicious commands on the server. The vulnerability stems from insufficient validation of file extensions and improper storage restrictions, enabling attackers to upload and execute arbitrary files. No patch is currently available for affected deployments.

RCE Chamilo Lms
CVE-2026-29039 HIGH CVSS 7.5
Arbitrary file read in changedetection.io prior to 0.54.4 allows unauthenticated remote attackers to access sensitive files by injecting malicious XPath expressions into content filters, exploiting the unparsed-text() function in the elementpath library. The application fails to validate or sanitize XPath input, enabling attackers to read any file accessible to the application process. Public exploit code exists for this vulnerability.

RCE Code Injection Information Disclosure Changedetection
CVE-2026-28799 HIGH CVSS 7.5
PJSIP versions prior to 2.17 contain a heap use-after-free vulnerability in the event subscription framework that can be triggered through presence unsubscription requests, allowing remote attackers without authentication to cause denial of service. The vulnerability resides in the evsub.c component and is exploitable over the network with no user interaction required. A patch is available in version 2.17 and later.

Use After Free Pjsip
CVE-2026-28787 HIGH CVSS 8.2
OneUptime versions 10.0.11 and earlier contain an improper WebAuthn implementation where server-side challenge validation is missing, allowing attackers with a captured assertion to replay valid authentication tokens indefinitely and bypass multi-factor authentication. The vulnerability affects authenticated users and requires only low privileges to exploit, with public exploit code already available. No patches are currently available for this high-severity flaw.

Authentication Bypass XSS Oneuptime
CVE-2026-28727 HIGH CVSS 7.8
Acronis Cyber Protect and Cloud Agent on macOS before specific builds contain an insecure Unix socket permissions vulnerability that allows local authenticated users to escalate privileges and gain complete system control. An attacker with local access can exploit this misconfiguration to read sensitive data, modify system files, and execute arbitrary commands with elevated rights. No patch is currently available for this HIGH severity vulnerability.

Privilege Escalation Apple
CVE-2026-28722 HIGH CVSS 7.3
Improper symbolic link handling in Acronis Cyber Protect 17 for Windows (before build 41186) enables local attackers with limited privileges to escalate to system-level access through a race condition. An authenticated user can exploit this vulnerability to gain full control over the affected system, including reading sensitive data and modifying system configurations. No patch is currently available for this high-severity flaw.

Windows Privilege Escalation Cyber Protect
CVE-2026-28721 HIGH CVSS 7.3
Acronis Cyber Protect 17 for Windows before build 41186 allows local attackers with standard user privileges to escalate to system-level access through improper handling of symbolic links. An authenticated attacker can exploit this vulnerability to gain full control over the affected system, including the ability to read, modify, or delete sensitive data and execute arbitrary code. No patch is currently available for this vulnerability.

Windows Privilege Escalation Cyber Protect
CVE-2026-28718 HIGH CVSS 7.5
Acronis Cyber Protect 17 on Linux and Windows versions prior to build 41186 is vulnerable to denial of service through improper input validation in authentication logging functions. An unauthenticated remote attacker can crash the application or render it unavailable without requiring user interaction. No patch is currently available for this vulnerability.

Linux Windows Denial Of Service Cyber Protect
CVE-2026-28713 HIGH CVSS 7.1
Acronis Cyber Protect and Agent virtual appliances on VMware contain hardcoded default credentials for local privileged accounts, allowing attackers with network access and user interaction to gain high-level system access and potentially modify or disrupt backup operations. The vulnerability affects Cyber Protect Cloud Agent (VMware) before build 36943 and Cyber Protect 17 (VMware) before build 41186, with no patch currently available. An attacker exploiting this could achieve privilege escalation and lateral movement within virtualized environments.

Information Disclosure Cyber Protect Agent
CVE-2026-28683 HIGH CVSS 8.7
Stored XSS in Gokapi through malicious SVG file uploads enables authenticated attackers to execute arbitrary JavaScript in users' browsers via hotlinked files. An attacker with valid credentials can craft SVG payloads that persist in the application and compromise other users accessing the shared links. No patch is currently available for versions prior to 2.2.3.

XSS Gokapi Suse
CVE-2026-28681 HIGH CVSS 8.1
Unauthorized account takeover in Internet Routing Registry daemon (IRRD) versions 4.4.0-4.4.4 and 4.5.0-4.5.0 results from improper Host header validation during password reset and account creation flows, allowing attackers to redirect confirmation emails to attacker-controlled domains. An attacker can intercept the confirmation token from a user's email and leverage it to compromise the targeted account, potentially gaining ability to modify RPSL objects and perform unauthorized account actions. Users without two-factor authentication enabled face complete account compromise, while those with 2FA may still be at risk depending on implementation details.

Open Redirect
CVE-2026-28679 HIGH CVSS 8.6
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. [CVSS 8.6 HIGH]

Path Traversal Homegallery
CVE-2026-28677 HIGH CVSS 8.2
OpenSift versions prior to 1.6.3-alpha are vulnerable to server-side request forgery (SSRF) attacks through the URL ingest pipeline, which fails to properly validate credentialed URLs, non-standard ports, and cross-host redirects in non-localhost deployments. An unauthenticated remote attacker can exploit this to access internal resources and potentially exfiltrate sensitive data from the affected system. No patch is currently available for this vulnerability.

SSRF Opensift
CVE-2026-28676 HIGH CVSS 8.8
OpenShift versions prior to 1.6.3-alpha contain a path traversal vulnerability in multiple storage helpers that fail to properly validate directory boundaries, allowing authenticated attackers to read, write, or delete arbitrary files on the system. An attacker with valid credentials can exploit insufficient path sanitization to escape the intended base directory and access sensitive data or modify system files. No patch is currently available for affected versions.

Path Traversal Opensift
CVE-2026-28508 HIGH CVSS 8.6
Idno prior to version 1.6.4 contains an authentication bypass in the URL unfurl API endpoint that allows unauthenticated attackers to trigger arbitrary outbound HTTP requests from the server. An attacker can exploit this to access internal network addresses and cloud metadata services, potentially exposing sensitive configuration and credentials. No patch is currently available for affected installations.

CSRF SSRF Known
CVE-2026-28507 HIGH CVSS 7.2
Unauthenticated attackers can achieve remote code execution in Idno social publishing platform versions before 1.6.4 by exploiting a chain of import file write and template path traversal vulnerabilities. An attacker with high privileges can leverage command injection to execute arbitrary code on affected systems. A patch is available in version 1.6.4 and should be applied immediately as this vulnerability carries a 7.2 CVSS score.

RCE Path Traversal Command Injection Known
CVE-2026-28502 HIGH CVSS 8.8
Unauthenticated administrators in WWBN AVideo versions before 24.0 can achieve remote code execution by uploading malicious ZIP files through the plugin upload functionality, which extracts files without proper validation into web-accessible directories. This allows attackers to execute arbitrary PHP code on the server with high impact to confidentiality, integrity, and availability. No patch is currently available for affected PHP installations using vulnerable AVideo versions.

PHP RCE File Upload Avideo
CVE-2026-28429 HIGH CVSS 7.5
ParseGamestate.php in Talishar allows unauthenticated remote attackers to read arbitrary files through path traversal in the gameName parameter when the script is accessed directly, bypassing input validation present in primary application entry points. An attacker can exploit this vulnerability to access sensitive files on the affected server without authentication or user interaction. No patch is currently available for this vulnerability.

PHP Path Traversal
CVE-2026-27778 HIGH CVSS 7.5
Unrestricted authentication attempts in the WebSocket API enable attackers to launch denial-of-service attacks against charger telemetry systems or execute brute-force credential compromise attempts without rate-limiting protections. Organizations operating connected charging infrastructure are vulnerable to service disruption and unauthorized access exploitation. No patch is currently available to remediate this vulnerability.

Authentication Bypass
CVE-2026-27764 HIGH CVSS 7.3
WebSocket session handling in charging station backends allows multiple connections to use identical session identifiers, enabling attackers to hijack active sessions and impersonate legitimate stations without authentication. An adversary can intercept backend commands intended for a target charging station or launch denial-of-service attacks by flooding the backend with spoofed session requests. This vulnerability affects any system relying on this WebSocket implementation and currently lacks an available patch.

Authentication Bypass
CVE-2026-27603 HIGH CVSS 7.5
Chartbrew versions up to 4.8.4 is affected by missing authentication for critical function (CVSS 7.5).

Authentication Bypass Chartbrew
CVE-2026-27137 HIGH CVSS 7.5
Improper validation of multi-constraint email certificates allows attackers to bypass certificate chain verification by exploiting a logic error that only processes the final constraint when multiple constraints share common local portions. This affects any system relying on certificate validation for email authentication, enabling an attacker to present a malicious certificate that would normally be rejected. No patch is currently available for this denial-of-service vulnerability.

Information Disclosure Redhat Suse
CVE-2026-26018 HIGH CVSS 7.5
Coredns versions up to 1.14.2 contains a vulnerability that allows attackers to crash the DNS server by sending specially crafted DNS queries (CVSS 7.5).

Dns Denial Of Service Coredns Redhat Suse
CVE-2026-26017 HIGH CVSS 7.7
CoreDNS versions prior to 1.14.2 allow authenticated attackers to bypass DNS access controls through a Time-of-Check Time-of-Use race condition in the plugin execution chain, where the rewrite plugin processes requests after security plugins like ACL have already validated them. An attacker with network access can exploit this logical flaw to access DNS records that should be restricted by configured access control policies. No patch is currently available for affected deployments.

Dns Race Condition Coredns Redhat Suse
CVE-2026-25888 HIGH CVSS 8.8
Remote code execution in Chartbrew prior to version 4.8.1 allows authenticated attackers to execute arbitrary code through a vulnerable API endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers with valid credentials can achieve full system compromise including data exfiltration and integrity violations.

RCE Chartbrew
CVE-2026-25887 HIGH CVSS 7.2
Remote code execution in Chartbrew versions prior to 4.8.1 allows authenticated attackers with high privileges to execute arbitrary code through malicious MongoDB dataset queries. The vulnerability affects users connecting Chartbrew to MongoDB databases for chart creation and has active public exploit code available. No patch is currently available for affected versions.

MongoDB RCE Chartbrew
CVE-2026-25679 HIGH CVSS 7.5
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. [CVSS 7.5 HIGH]

Information Disclosure Redhat Suse
CVE-2026-24912 HIGH CVSS 7.3
WebSocket session handling in charging station backends accepts duplicate session identifiers, allowing attackers to hijack active sessions and intercept commands intended for legitimate stations or impersonate authenticated users. An unauthenticated remote attacker can exploit this predictable session management to displace legitimate connections, redirect backend communications, or launch denial-of-service attacks by flooding the system with valid session requests. No patch is currently available.

Authentication Bypass
CVE-2026-24696 HIGH CVSS 7.5
Unrestricted authentication attempts against WebSocket APIs enable attackers to launch denial-of-service attacks that disrupt charger telemetry reporting or execute brute-force credential compromise attacks. This vulnerability affects systems relying on WebSocket-based authentication without rate limiting protections. No patch is currently available to address this threat.

Authentication Bypass
CVE-2026-20882 HIGH CVSS 7.5
Unrestricted authentication requests in the WebSocket API enable attackers to launch denial-of-service attacks against charger telemetry systems or execute brute-force attacks to gain unauthorized access. The vulnerability affects systems relying on this API without rate-limiting controls, and no patch is currently available. An unauthenticated remote attacker can exploit this over the network with minimal complexity to disrupt service availability or compromise system access.

Authentication Bypass
CVE-2026-20748 HIGH CVSS 7.3
WebSocket session management in charging station backends allows multiple connections using identical session identifiers, enabling attackers to hijack legitimate sessions and intercept commands or impersonate authorized stations. Unauthenticated remote attackers can exploit this predictable identifier scheme to displace active connections, redirect backend communications, or launch denial-of-service attacks against the charging infrastructure. The vulnerability affects any deployment relying on this WebSocket backend without an available patch.

Authentication Bypass
CVE-2026-3613 HIGH CVSS 7.2
Stack-based buffer overflow in Wavlink WL-NU516U1 firmware's login.cgi allows remote attackers with high privileges to achieve complete system compromise through a malformed ipaddr parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables unauthenticated remote code execution with full read, write, and execution capabilities on affected devices.

Buffer Overflow Stack Overflow Wl Nu516u1 Firmware
CVE-2026-3612 HIGH CVSS 7.2
Remote code execution in Wavlink WL-NU516U1 firmware allows unauthenticated attackers to execute arbitrary commands through the firmware_url parameter in the OTA upgrade function, requiring only high-level privileges to trigger. Public exploit code exists for this vulnerability and no patch is currently available, making it an immediate risk for affected devices.

Command Injection Wl Nu516u1 Firmware
CVE-2026-3589 HIGH CVSS 7.5
WooCommerce plugin versions 5.4.0 through 10.5.2 fail to properly validate batch requests, enabling unauthenticated attackers to execute administrative actions through CSRF attacks, including creation of arbitrary admin accounts. The vulnerability affects all WordPress installations running vulnerable WooCommerce versions and requires user interaction to exploit. No patch is currently available.

WordPress CSRF
CVE-2026-2754 HIGH CVSS 7.5
Navtor NavBox devices allow unauthenticated remote attackers to retrieve sensitive operational data including ECDIS information, device identifiers, and service logs by sending HTTP requests to the unprotected API on port 8080. An attacker with network access can obtain this configuration and system information without any credentials, potentially facilitating further attacks against maritime navigation systems. No patch is currently available for this vulnerability.

Authentication Bypass
CVE-2026-2753 HIGH CVSS 7.5
Navtor NavBox exposes an unauthenticated path traversal vulnerability in its HTTP service that allows remote attackers to read arbitrary files from the server by submitting requests with absolute filesystem paths. Successful exploitation enables unauthorized disclosure of sensitive configuration files and system information, limited only by the service process privileges. No patch is currently available.

Path Traversal
CVE-2025-70363 HIGH CVSS 7.5
Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object IDs. [CVSS 7.5 HIGH]

Authentication Bypass Information Disclosure
CVE-2025-69654 HIGH CVSS 7.5
A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 (2025-12-11),`qjs` interpreter using the `-m` option and a low memory limit can cause an out-of-memory condition followed by an assertion failure in JS_FreeRuntime (list_empty(&rt->gc_obj_list)) during runtime cleanup. [CVSS 7.5 HIGH]

Denial Of Service Suse
CVE-2025-69650 HIGH CVSS 7.5
GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. [CVSS 7.5 HIGH]

Memory Corruption Denial Of Service Binutils Redhat Suse
CVE-2025-69649 HIGH CVSS 7.5
GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. [CVSS 7.5 HIGH]

Null Pointer Dereference Memory Corruption Binutils Redhat Suse
CVE-2025-59541 HIGH CVSS 8.1
Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete projects inside a course without the victim’s consent. [CVSS 8.1 HIGH]

CSRF Chamilo Lms
CVE-2025-55289 HIGH CVSS 8.8
Chamilo is a learning management system. Prior to version 1.11.34, there is a stored XSS vulnerability in Chamilo LMS (Verison 1.11.32) allows an attacker to inject arbitrary JavaScript into the platform’s social network and internal messaging features. [CVSS 8.8 HIGH]

XSS Chamilo Lms
CVE-2025-15602 HIGH CVSS 8.8
Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the Super Admin account. By changing the email address of the Super Admin and triggering a password reset,...

Code Injection
CVE-2025-11792 HIGH CVSS 7.3
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 41124. [CVSS 7.3 HIGH]

Privilege Escalation Agent Windows
CVE-2025-11791 HIGH CVSS 7.1
Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124. [CVSS 5.5 MEDIUM]

Information Disclosure Authentication Bypass Cyber Protect Agent Windows
CVE-2018-25199 HIGH CVSS 8.2
OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. [CVSS 8.2 HIGH]

PHP SQLi Php Oop Cms Blog
CVE-2018-25197 HIGH CVSS 8.2
PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. [CVSS 8.2 HIGH]

PHP SQLi
CVE-2018-25196 HIGH CVSS 8.2
ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. [CVSS 8.2 HIGH]

PHP SQLi Authentication Bypass
CVE-2018-25194 HIGH CVSS 8.2
Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. [CVSS 8.2 HIGH]

PHP SQLi
CVE-2018-25193 HIGH CVSS 7.5
Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. [CVSS 7.5 HIGH]

Denial Of Service
CVE-2018-25192 HIGH CVSS 8.2
GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. [CVSS 8.2 HIGH]

PHP SQLi Authentication Bypass
CVE-2018-25191 HIGH CVSS 7.1
Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'mod_id' parameter. [CVSS 7.1 HIGH]

PHP SQLi
CVE-2018-25189 HIGH CVSS 8.2
Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dca_login.php that allows unauthenticated attackers to execute arbitrary SQL queries. [CVSS 8.2 HIGH]

PHP SQLi
CVE-2018-25188 HIGH CVSS 8.2
Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. [CVSS 8.2 HIGH]

PHP SQLi
CVE-2018-25187 HIGH CVSS 8.2
Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. [CVSS 8.2 HIGH]

SQLi
CVE-2018-25182 HIGH CVSS 8.2
Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. [CVSS 8.2 HIGH]

PHP SQLi
CVE-2018-25181 HIGH CVSS 7.5
Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. [CVSS 7.5 HIGH]

Path Traversal
CVE-2018-25180 HIGH CVSS 7.1
Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail modules. [CVSS 7.1 HIGH]

SQLi
CVE-2018-25179 HIGH CVSS 8.2
Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. [CVSS 8.2 HIGH]

SQLi
CVE-2018-25178 HIGH CVSS 7.5
Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. [CVSS 7.5 HIGH]

PHP
CVE-2018-25176 HIGH CVSS 8.2
Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. [CVSS 8.2 HIGH]

RCE SQLi
CVE-2018-25175 HIGH CVSS 8.2
Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. [CVSS 8.2 HIGH]

PHP SQLi
CVE-2018-25173 HIGH CVSS 8.2
Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. [CVSS 8.2 HIGH]

PHP SQLi
CVE-2018-25172 HIGH CVSS 8.2
Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. [CVSS 8.2 HIGH]

PHP SQLi
CVE-2018-25171 HIGH CVSS 8.2
EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. [CVSS 8.2 HIGH]

SQLi
CVE-2018-25170 HIGH CVSS 8.2
DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. [CVSS 8.2 HIGH]

PHP SQLi
CVE-2018-25169 HIGH CVSS 7.5
AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and cause service unavailability. [CVSS 7.5 HIGH]

Denial Of Service
CVE-2018-25167 HIGH CVSS 8.2
Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. [CVSS 8.2 HIGH]

PHP SQLi
CVE-2018-25166 HIGH CVSS 8.2
Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. [CVSS 8.2 HIGH]

PHP SQLi
CVE-2018-25165 HIGH CVSS 7.1
Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'type' parameter. [CVSS 7.1 HIGH]

PHP SQLi
CVE-2018-25164 HIGH CVSS 7.5
EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated attackers to access sensitive files by requesting them directly from the files directory. [CVSS 7.5 HIGH]

Path Traversal Information Disclosure
CVE-2018-25163 HIGH CVSS 8.2
BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php and login.php. [CVSS 8.2 HIGH]

PHP Zoom SQLi
CVE-2018-25161 HIGH CVSS 8.2
Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. [CVSS 8.2 HIGH]

PHP SQLi
CVE-2026-30847 MEDIUM CVSS 6.5
Wekan is an open source kanban tool built with Meteor. [CVSS 6.5 MEDIUM]

React Wekan
CVE-2026-30843 MEDIUM CVSS 6.5
Wekan versions 8.32 and 8.33 allow authenticated users to modify custom fields across any board due to insufficient access validation in the custom fields API endpoints. An attacker with access to one board can exploit this Insecure Direct Object Reference vulnerability to manipulate custom fields on other boards by supplying foreign field IDs. A patch is available to address this authorization bypass.

Authentication Bypass Wekan
CVE-2026-30835 MEDIUM CVSS 5.3
Parse Server versions prior to 8.6.7 and 9.5.0-alpha.6 expose sensitive database information through unfiltered error responses when processing malformed regex queries. An unauthenticated attacker can craft specially crafted query parameters to leak database internals including error messages, cluster details, and topology information. Patches are available for affected versions.

Node.js Parse Server
CVE-2026-30833 MEDIUM CVSS 5.3
Unauthenticated NoSQL injection in Rocket.Chat's authentication service allows attackers to manipulate MongoDB queries by injecting operator expressions into username fields, potentially bypassing login controls and accessing unintended user accounts. The vulnerability affects versions prior to 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, with no patch currently available for affected deployments.

Code Injection Rocket.Chat
CVE-2026-30238 MEDIUM CVSS 6.1
Reflected cross-site scripting in GroupOffice versions before 6.8.155, 25.0.88, and 26.0.10 allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the Base64-encoded f parameter. The vulnerability exists in the external/index flow where user input is decoded and inserted into inline JavaScript without proper sanitization. Public exploit code exists for this vulnerability.

XSS Group Office
CVE-2026-30237 MEDIUM CVSS 6.1
Reflected cross-site scripting in GroupOffice installer versions prior to 6.8.155, 25.0.88, and 26.0.10 allows unauthenticated attackers to inject arbitrary scripts through the license parameter in install/license.php. Public exploit code exists for this vulnerability, enabling attackers to execute malicious JavaScript in users' browsers with moderate impact to confidentiality and integrity. The vulnerability requires user interaction and affects the web-accessible installation endpoint.

PHP XSS Group Office
CVE-2026-30233 MEDIUM CVSS 6.5
OliveTin prior to version 3000.11.1 fails to enforce view permission checks on dashboard and API endpoints, allowing authenticated users to enumerate action bindings, titles, IDs, icons, and argument metadata despite having restricted access. While command execution remains properly denied, this information disclosure enables attackers to map available actions and their configurations. Public exploit code exists for this medium-severity vulnerability, and a patch is available.

Information Disclosure Olivetin
CVE-2026-30231 MEDIUM CVSS 6.0
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the content, which is inconsistent with stricter checks used by other endpoints. This issue has been patched...

Authentication Bypass
CVE-2026-30228 MEDIUM CVSS 4.9
Parse Server versions before 8.6.5 and 9.5.0-alpha.3 allow the readOnlyMasterKey to perform write and delete operations on files, violating the intended read-only access restriction. An authenticated attacker with the readOnlyMasterKey can upload arbitrary files or delete existing files via the Files API on affected deployments. No patch is currently available for this medium-severity vulnerability that impacts organizations using Parse Server with exposed file endpoints.

Node.js Parse Server
CVE-2026-30227 MEDIUM CVSS 5.3
Mimekit versions up to 4.15.1 contains a vulnerability that allows attackers to embed \r\n into the SMTP envelope address local-part (when the local-part is a q (CVSS 5.3).

Command Injection Mimekit
CVE-2026-30225 MEDIUM CVSS 5.3
OliveTin versions prior to 3000.11.1 contain an authentication bypass in RestartAction that allows authenticated users to execute shell commands beyond their assigned permissions. The vulnerability stems from improper request context handling that causes the system to fall back to guest user privileges, which may have broader access than the authenticated caller. Public exploit code exists for this medium-severity flaw that enables privilege escalation and unauthorized command execution.

Privilege Escalation Olivetin
CVE-2026-30224 MEDIUM CVSS 5.4
OliveTin prior to version 3000.11.1 fails to invalidate server-side sessions upon user logout, allowing attackers with a stolen session cookie to maintain authenticated access even after the legitimate user logs out. The vulnerability persists because browser cookies are cleared while the corresponding server session remains valid for approximately one year by default. Public exploit code exists for this session management bypass.

Authentication Bypass Olivetin
CVE-2026-29795 MEDIUM CVSS 4.0
Stellar-xdr prior to version 25.0.1 fails to validate string length constraints in the StringM::from_str function, allowing oversized strings to bypass maximum length checks and create invalid StringM objects. Applications relying on this type's length invariant for serialization, validation, or security decisions could process malformed data that violates expected constraints. Local attackers or malicious input sources could exploit this to cause unexpected behavior in dependent code.

Denial Of Service Stellar Xdr
CVE-2026-29791 MEDIUM CVSS 4.9
Agentgateway versions prior to 0.12.0 fail to sanitize input parameters (path, query, and header values) when converting MCP tool requests to OpenAPI calls, allowing authenticated users to inject malicious data that could lead to unauthorized information disclosure or data modification. An attacker with valid credentials could exploit this input validation weakness to manipulate API requests across agent frameworks. No patch is currently available for affected deployments.

Information Disclosure Agentgateway
CVE-2026-29790 MEDIUM CVSS 5.3
Path traversal in dbt-common's tarball extraction function allows attackers to write files outside the intended destination directory by exploiting improper path validation in the safe_extract() method. An attacker can craft a malicious tarball to place files in sibling directories, potentially compromising systems using affected versions of dbt-common in dbt-core and adapter implementations. No patch is currently available for this vulnerability.

Path Traversal Dbt Common
CVE-2026-29084 MEDIUM CVSS 4.6
Gokapi versions prior to 2.2.3 lack CSRF protection on the login endpoint, allowing authenticated attackers to perform unwanted actions on behalf of legitimate users through malicious cross-site requests. An attacker can exploit this by crafting a webpage that tricks a logged-in user into unknowingly submitting forged login credentials or session-modifying requests. The vulnerability requires user interaction and a prior login session but could lead to unauthorized account access or session hijacking on self-hosted Gokapi instances.

CSRF Gokapi
CVE-2026-29061 MEDIUM CVSS 5.4
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. [CVSS 5.4 MEDIUM]

Privilege Escalation Gokapi
CVE-2026-29060 MEDIUM CVSS 5.0
Privilege escalation in Gokapi prior to version 2.2.3 allows authenticated users to generate API keys with elevated permissions for file request management, despite lacking those privileges themselves. This affects deployments where no administrative users have access to the upload menu, enabling unauthorized users to create or modify file requests. No patch is currently available.

Authentication Bypass Gokapi
CVE-2026-29059 MEDIUM CVSS 6.9
Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's get_log_file endpoint "(/api/w/{workspace}/jobs_u/get_log_file/{filename})".

Path Traversal
CVE-2026-29049 MEDIUM CVSS 4.3
Melange versions 0.40.5 and earlier are vulnerable to disk exhaustion when the update-cache function downloads files from attacker-controlled URIs without enforcing size limits or timeouts. An attacker can craft a malicious melange configuration file to trigger unbounded disk writes on build systems, consuming all available storage and denying service to legitimate builds. No patch is currently available.

Denial Of Service Melange
CVE-2026-29048 MEDIUM CVSS 6.1
Cross-site scripting in HumHub 1.18.0's Button component allows unauthenticated attackers to inject and execute malicious scripts in users' browsers through inconsistent output encoding. Affected users could have their sessions compromised or be redirected to malicious content without any user interaction beyond visiting a crafted page. A patch is available in version 1.18.1.

XSS Humhub
CVE-2026-29038 MEDIUM CVSS 6.1
Reflected XSS in changedetection.io versions prior to 0.54.4 allows unauthenticated remote attackers to inject malicious JavaScript through the /rss/tag/ endpoint via an unescaped tag_uuid parameter, enabling session hijacking or credential theft when victims visit crafted links. The vulnerability requires user interaction to trigger and affects the Flask-based application with public exploit code available. Users should upgrade to version 0.54.4 or later immediately.

Flask XSS Changedetection
CVE-2026-28804 MEDIUM CVSS 5.3
pypdf versions prior to 6.7.5 are vulnerable to denial-of-service attacks where specially crafted PDF files with ASCIIHexDecode filtered streams can cause excessive processing time and application hang. An unauthenticated attacker can exploit this by providing a malicious PDF that consumes significant computational resources when processed. A patch is available in version 6.7.5 and later.

Python Pypdf
CVE-2026-28801 MEDIUM CVSS 6.6
Natro Macro versions prior to 1.1.0 execute arbitrary AutoHotkey code embedded in shared pattern and path files, allowing attackers to achieve code execution with the privileges of the logged-in user. Since these configuration files are commonly distributed among users, malicious actors can inject code that executes silently in the background alongside legitimate macro functionality. The vulnerability affects users who load untrusted pattern or path files from external sources.

RCE Code Injection Natro Macro
CVE-2026-28800 MEDIUM CVSS 6.4
Natro Macro versions prior to 1.1.0 allow any user with message permissions in a Discord channel where Remote Control is enabled to execute arbitrary commands on affected systems, including keyboard and mouse control and unrestricted file access. The vulnerability stems from improper access controls on the remote control feature when configured in non-private channels. No patch is currently available for affected versions.

Path Traversal Natro Macro
CVE-2026-28726 MEDIUM CVSS 4.3
Improper access control in Acronis Cyber Protect 17 (Linux and Windows) prior to build 41186 allows authenticated users to view sensitive information they should not have access to. The vulnerability requires valid credentials and network access but does not enable data modification or system availability impacts. No patch is currently available for this medium-severity disclosure risk.

Information Disclosure Authentication Bypass Cyber Protect Windows
CVE-2026-28725 MEDIUM CVSS 5.5
Acronis Cyber Protect 17 on Linux and Windows (before build 41186) exposes sensitive information through insecure headless browser configuration, allowing local authenticated users to read confidential data without modifying or disrupting system operations. The vulnerability requires local access and valid credentials but poses a direct confidentiality risk to organizations using affected versions. No patch is currently available.

Information Disclosure Cyber Protect Windows
CVE-2026-28724 MEDIUM CVSS 4.3
Acronis Cyber Protect 17 prior to build 41186 contains insufficient access control validation that permits authenticated users to read sensitive data they should not have access to. The vulnerability affects both Linux and Windows deployments and requires valid credentials to exploit, limiting the attack surface to authenticated attackers. No patch is currently available.

Authentication Bypass Cyber Protect Windows
CVE-2026-28723 MEDIUM CVSS 4.3
Acronis Cyber Protect 17 (Linux, Windows) before build 41186 contains an improper access control vulnerability allowing authenticated users to delete reports they should not have permission to access. An attacker with valid credentials could exploit this to remove audit trails or other critical reports, potentially compromising compliance and forensic capabilities. No patch is currently available for this issue.

Authentication Bypass Cyber Protect Windows
CVE-2026-28720 MEDIUM CVSS 4.3
Acronis Cyber Protect 17 on Linux and Windows before build 41186 allows authenticated users to modify application settings due to inadequate authorization validation. An attacker with valid credentials could exploit this to alter configurations and potentially compromise system integrity or bypass security controls. No patch is currently available.

Authentication Bypass Cyber Protect Windows
CVE-2026-28719 MEDIUM CVSS 4.3
Acronis Cyber Protect 17 on Linux and Windows (before build 41186) fails to properly validate user permissions, allowing authenticated users to modify resources they should not have access to. The vulnerability requires valid credentials and does not enable remote code execution or denial of service, but could allow privilege escalation or unauthorized data manipulation within the application. No patch is currently available.

Authentication Bypass Cyber Protect Windows
CVE-2026-28717 MEDIUM CVSS 5.0
Improper directory permissions in Acronis Cyber Protect 17 for Windows (before build 41186) allow local authenticated users to escalate privileges through a user-interaction-dependent attack vector. An attacker with local access could modify files or settings to gain elevated system permissions. No patch is currently available for this vulnerability.

Windows Privilege Escalation Cyber Protect
CVE-2026-28716 MEDIUM CVSS 4.4
Improper authorization checks in Acronis Cyber Protect 17 (Linux, Windows) before build 41186 allow local authenticated users to access sensitive information and modify data. This medium-severity vulnerability requires local access and user privileges but poses no availability risk. No patch is currently available for this issue.

Linux Windows Information Disclosure Cyber Protect
CVE-2026-28715 MEDIUM CVSS 6.5
Improper authorization checks in Acronis Cyber Protect 17 (Linux and Windows) before build 41186 allow authenticated users to access sensitive information they should not have permission to view. An attacker with valid credentials can exploit this vulnerability to disclose confidential data without performing any additional actions. No patch is currently available for this medium-severity issue.

Linux Windows Information Disclosure Cyber Protect
CVE-2026-28714 MEDIUM CVSS 4.8
Acronis Cyber Protect 17 before build 41186 transmits sensitive cryptographic material unnecessarily, allowing adjacent network attackers to potentially intercept and obtain this sensitive data under specific conditions. The vulnerability requires user interaction and affects both Linux and Windows deployments. No patch is currently available.

Information Disclosure Cyber Protect Windows
CVE-2026-28712 MEDIUM CVSS 6.3
Acronis Cyber Protect 17 for Windows before build 41186 is vulnerable to local privilege escalation through DLL hijacking, allowing authenticated attackers to escalate privileges on affected systems. An attacker with local access and low privileges can exploit this vulnerability to gain higher-level permissions without user interaction. No patch is currently available for this vulnerability.

Windows Privilege Escalation Cyber Protect
CVE-2026-28711 MEDIUM CVSS 6.3
Acronis Cyber Protect 17 before build 41186 on Windows is vulnerable to local privilege escalation through DLL hijacking, allowing authenticated users to gain elevated system privileges. An attacker with local access and low privileges can exploit this weakness to execute code with higher permissions. No patch is currently available for this issue.

Windows Privilege Escalation Cyber Protect
CVE-2026-28709 MEDIUM CVSS 4.3
Acronis Cyber Protect 17 on Linux and Windows before build 41186 contains an authorization bypass that allows authenticated users to manipulate resources they should not have access to. The vulnerability requires valid credentials and network access but poses a moderate risk of unauthorized data modification within the affected environment.

Linux Windows Cyber Protect
CVE-2026-28685 MEDIUM CVSS 6.5
Kimai versions prior to 2.51.0 lack proper customer-level access controls in the invoice API endpoint, allowing any user with the TEAMLEAD role to enumerate and read all invoices across the entire system regardless of customer ownership. Public exploit code exists for this authorization bypass vulnerability, which can lead to unauthorized disclosure of sensitive financial and customer data. A patch is available in version 2.51.0 and should be applied immediately.

Authentication Bypass Kimai
CVE-2026-28682 MEDIUM CVSS 6.4
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. [CVSS 6.4 MEDIUM]

Information Disclosure Gokapi Suse
CVE-2026-28675 MEDIUM CVSS 5.3
OpenShift versions prior to 1.6.3-alpha leak sensitive information through multiple vectors, including raw exception strings in API responses and authentication tokens exposed in UI rendering and token rotation endpoints. An unauthenticated remote attacker can obtain this information over the network to compromise user sessions or gain insight into application internals. No patch is currently available for affected deployments.

Information Disclosure Opensift
CVE-2026-28509 MEDIUM CVSS 6.3
LangBot is a global IM bot platform designed for LLMs. versions up to 4.8.7 is affected by cross-site scripting (xss) (CVSS 6.3).

XSS AI / ML Langbot
CVE-2026-28428 MEDIUM CVSS 5.3
Talishar is a fan-made Flesh and Blood project. [CVSS 5.3 MEDIUM]

Authentication Bypass
CVE-2026-28106 MEDIUM CVSS 4.7
Kings Plugins B2BKing Premium before version 5.4.20 contains an open redirect vulnerability that allows attackers to craft malicious links redirecting users to untrusted external sites. This network-accessible vulnerability requires user interaction to exploit but can be leveraged for phishing attacks with no patch currently available. The vulnerability has a CVSS score of 4.7 and affects the confidentiality of user information through credential harvesting or social engineering.

Open Redirect
CVE-2026-28080 MEDIUM CVSS 4.3
Rank Math SEO PRO through version 3.0.95 contains an authorization bypass in its access control implementation that allows authenticated users to perform unauthorized modifications. An attacker with valid login credentials could exploit this misconfiguration to alter content or settings they should not have access to. No patch is currently available to address this vulnerability.

Authentication Bypass
CVE-2026-27807 MEDIUM CVSS 4.9
Markus versions up to 2.9.4 is affected by improper restriction of recursive entity references in dtds (CVSS 4.9).

XXE Denial Of Service Markus
CVE-2026-27777 MEDIUM CVSS 6.5
Charging station authentication credentials are exposed through publicly accessible web-based mapping platforms, allowing unauthenticated remote attackers to obtain valid authentication identifiers. An attacker with these credentials could gain unauthorized access to charging station networks and potentially manipulate charging operations or access connected infrastructure. No patch is currently available for this vulnerability.

Authentication Bypass
CVE-2026-27770 MEDIUM CVSS 6.5
Charging station authentication credentials are exposed through public web-based mapping platforms, allowing unauthenticated remote attackers to obtain sensitive authentication identifiers. This exposure enables attackers to potentially gain unauthorized access to charging infrastructure and associated systems. No patch is currently available for this vulnerability.

Authentication Bypass
CVE-2026-27605 MEDIUM CVSS 6.3
Chartbrew versions prior to 4.8.4 allow authenticated users to upload arbitrary files by bypassing file type validation, enabling stored XSS attacks through malicious HTML files served from the uploads directory. An attacker can exploit this to steal authentication tokens stored in localStorage and achieve account takeover. Public exploit code exists for this vulnerability, and no patch is currently available.

XSS Chartbrew
CVE-2026-27142 MEDIUM CVSS 6.1
HTML meta tags with http-equiv="refresh" attributes fail to properly escape URLs inserted through certain actions, enabling cross-site scripting (XSS) attacks against applications using this functionality. An unauthenticated attacker can exploit this to execute arbitrary JavaScript in users' browsers by crafting malicious URLs. No patch is currently available, though a GODEBUG setting (htmlmetacontenturlescape=0) can be configured as a temporary mitigation.

XSS Redhat Suse
CVE-2026-27138 MEDIUM CVSS 5.9
DNS certificate verification can crash in systems handling X.509 certificate chains when processing certificates with empty DNS names paired with excluded name constraints, affecting applications performing direct certificate validation or using TLS. This denial of service condition requires no authentication or user interaction but depends on specific certificate chain configurations. No patch is currently available for this vulnerability.

Dns Denial Of Service Redhat Suse
CVE-2026-27027 MEDIUM CVSS 6.5
Charging station authentication credentials are exposed through publicly accessible web-based mapping platforms, allowing unauthenticated remote attackers to obtain sensitive authentication identifiers. An attacker with these credentials could potentially gain unauthorized access to charging infrastructure management systems or perform unauthorized operations on affected stations. No patch is currently available for this vulnerability.

Authentication Bypass
CVE-2026-25962 MEDIUM CVSS 6.5
Unrestricted zip file extraction in MarkUs prior to version 2.9.4 allows authenticated users to trigger denial of service through resource exhaustion by uploading specially crafted archives with excessive file counts or sizes. Instructors and students can exploit this during assignment configuration uploads or submission handling to consume server resources and impact system availability. No patch is currently available for affected installations.

Information Disclosure Markus
CVE-2026-25877 MEDIUM CVSS 6.5
Chartbrew versions before 4.8.1 fail to validate chart ownership during modification operations, allowing authenticated users to read, modify, or delete charts from other projects they shouldn't access. An attacker with valid credentials to any project can exploit this authorization bypass to manipulate arbitrary charts across the application. Public exploit code exists for this vulnerability, and no patch is currently available.

Authentication Bypass Chartbrew
CVE-2026-3616 MEDIUM CVSS 6.3
SQL injection in DefaultFunction Jeson CRM 1.0.0 allows authenticated attackers to manipulate the ID parameter in /modules/customers/edit.php and execute arbitrary SQL queries, potentially compromising data confidentiality and integrity. Public exploit code exists for this vulnerability, and no patch is currently available despite the identified fix commit hash.

PHP SQLi
CVE-2026-3610 MEDIUM CVSS 4.3
Reflected cross-site scripting in HSC Cybersecurity Mailinspector through version 5.3.2-3 allows remote attackers to inject malicious scripts via the error_description parameter in the URL handler component. Public exploit code exists for this vulnerability, which could enable attackers to steal session cookies or perform actions on behalf of authenticated users. Users should upgrade to version 5.4.0 or apply the available hotfix immediately.

PHP XSS
CVE-2026-3419 MEDIUM CVSS 5.3
Fastify improperly validates Content-Type headers by accepting RFC 9110-violating malformed values with trailing characters, allowing attackers to bypass content-type restrictions and route requests to unintended parsers. When regex-based content-type parsing is enabled, requests with invalid Content-Type headers such as "application/json garbage" are processed normally instead of being rejected, potentially enabling request misrouting and manipulation of parser behavior. No patch is currently available for this medium-severity vulnerability affecting Fastify applications.

Authentication Bypass Fastify
CVE-2026-2830 MEDIUM CVSS 6.1
Reflected cross-site scripting in WP All Import plugin versions up to 4.0.0 allows unauthenticated attackers to inject malicious scripts through the 'filepath' parameter due to improper input validation and output encoding. Successful exploitation requires tricking users into clicking a specially crafted link, after which arbitrary JavaScript executes in their browser session. A patch is not currently available.

WordPress XSS
CVE-2026-2752 MEDIUM CVSS 5.3
The /api/ais-data endpoint in Navtor NavBox leaks sensitive information through unhandled exception error messages, allowing unauthenticated remote attackers to obtain verbose .NET stack traces containing internal class names, method calls, and library dependencies. This information disclosure (CWE-209) enables attackers to map the application's internal structure and identify potential attack vectors. No patch is currently available for this medium-severity vulnerability affecting .NET implementations.

Dotnet Information Disclosure
CVE-2026-2589 MEDIUM CVSS 5.3
animation and page builder block versions up to 12.8.3 is affected by information exposure (CVSS 5.3).

WordPress Information Disclosure AI / ML
CVE-2026-1128 MEDIUM CVSS 4.3
WP eCommerce WordPre versions up to 3.15.1 is affected by cross-site request forgery (csrf) (CVSS 4.3).

WordPress CSRF
CVE-2025-69653 MEDIUM CVSS 6.5
A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09-13, fixed in commit 1dbba8a88eaa40d15a8a9b70bb1a0b8fb5b552e6 (2025-12-11), in file gc_decref_child in quickjs.c, when executed with the qjs interpreter using the -m option. [CVSS 6.5 MEDIUM]

Denial Of Service Suse
CVE-2025-69652 MEDIUM CVSS 6.2
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. [CVSS 6.2 MEDIUM]

Memory Corruption Denial Of Service Binutils Redhat Suse
CVE-2025-69651 MEDIUM CVSS 5.5
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. [CVSS 5.5 MEDIUM]

Memory Corruption Denial Of Service Binutils Redhat Suse
CVE-2025-69646 MEDIUM CVSS 5.5
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. [CVSS 5.5 MEDIUM]

Denial Of Service Redhat Suse
CVE-2025-69645 MEDIUM CVSS 5.5
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. [CVSS 5.5 MEDIUM]

Denial Of Service Redhat Suse
CVE-2025-69644 MEDIUM CVSS 5.0
An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. [CVSS 5.0 MEDIUM]

Denial Of Service Binutils Redhat Suse
CVE-2025-59544 MEDIUM CVSS 4.3
Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "category_id" parameter which allows users to update the category of any user by replacing the "category_id" parameter. [CVSS 4.3 MEDIUM]

Authentication Bypass Chamilo Lms
CVE-2025-59540 MEDIUM CVSS 5.4
Chamilo is a learning management system. Prior to version 1.11.34, a stored XSS vulnerability exists in Chamilo LMS that allows a staff account to execute arbitrary JavaScript in the browser of higher-privileged admin users. [CVSS 5.4 MEDIUM]

XSS Chamilo Lms
CVE-2025-30413 MEDIUM CVSS 4.4
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186. [CVSS 4.4 MEDIUM]

Information Disclosure Cyber Protect Agent Windows macOS
CVE-2025-11790 MEDIUM CVSS 4.4
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124. [CVSS 4.4 MEDIUM]

Information Disclosure Agent Windows macOS
CVE-2024-35644 MEDIUM CVSS 5.9
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pascal Birchler Preferred Languages allows DOM-Based XSS.This issue affects Preferred Languages: from n/a through 2.2.2. [CVSS 5.9 MEDIUM]

XSS
CVE-2018-25200 MEDIUM CVSS 5.3
OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. [CVSS 5.3 MEDIUM]

PHP CSRF Php Oop Cms Blog
CVE-2018-25198 MEDIUM CVSS 6.2
eToolz 3.4.8.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying oversized input buffers. Attackers can create a payload file containing 255 bytes of data that triggers a buffer overflow condition when processed by the application. [CVSS 6.2 MEDIUM]

Buffer Overflow Denial Of Service
CVE-2018-25190 MEDIUM CVSS 5.3
Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. [CVSS 5.3 MEDIUM]

PHP CSRF
CVE-2018-25186 MEDIUM CVSS 5.3
Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests to the profile endpoint. [CVSS 5.3 MEDIUM]

CSRF
CVE-2018-25184 MEDIUM CVSS 6.2
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. [CVSS 6.2 MEDIUM]

PHP Lfi Path Traversal
CVE-2018-25177 MEDIUM CVSS 5.3
Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by submitting crafted POST requests. [CVSS 5.3 MEDIUM]

PHP CSRF
CVE-2018-25174 MEDIUM CVSS 5.3
ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to _configurar_perfil.php. [CVSS 5.3 MEDIUM]

PHP CSRF
CVE-2018-25168 MEDIUM CVSS 4.3
Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. [CVSS 4.3 MEDIUM]

CSRF
CVE-2018-25162 MEDIUM CVSS 6.5
2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. [CVSS 6.5 MEDIUM]

PHP RCE
CVE-2026-29783 None
The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns.

Github
CVE-2026-29178 None
Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypub_federation, a framework for ActivityPub federation in Rust. Prior to version 0.19.16, the GET /api/v4/image/{filename} endpoint is vulnerable to unauthenticated SSRF through parameter injection in the file_type query parameter. An attacker can inject arbitrary query parameters into the internal request to pict-rs, including the proxy parameter which causes pict-rs...

SSRF
CVE-2026-29110 LOW CVSS 2.2
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.0, in non-debug mode Cryptomator might leak cleartext paths into the log file. This can reveal meta information about the files stored inside a vault at a time, where the actual vault is closed. Not every cleartext path is logged. Only if a filesystem request fails for some reason (e.g. damaged encrypted file,...

Information Disclosure
CVE-2026-29063 None
Immutable.js provides many Persistent Immutable data structures. versions up to 3.8.3 is affected by improperly controlled modification of object prototype attributes (prototype pollution).

Code Injection
CVE-2026-27139 LOW CVSS 2.5
On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. [CVSS 2.5 LOW]

Information Disclosure
CVE-2026-23925 None
An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts.

Authentication Bypass
CVE-2026-1468 None
QuickCMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. An attacker can craft special website, which when visited by the victim, will automatically send a POST request with victim's privileges.

CSRF

Today's Vulnerabilities Vulnerabilities