Skip to main content
CVE-2026-28726 MEDIUM This Month

Improper access control in Acronis Cyber Protect 17 (Linux and Windows) prior to build 41186 allows authenticated users to view sensitive information they should not have access to. The vulnerability requires valid credentials and network access but does not enable data modification or system availability impacts. No patch is currently available for this medium-severity disclosure risk.

Information Disclosure Authentication Bypass Cyber Protect Windows
NVD
CVSS 3.0
4.3
EPSS
0.0%
CVE-2026-28724 MEDIUM This Month

Acronis Cyber Protect 17 prior to build 41186 contains insufficient access control validation that permits authenticated users to read sensitive data they should not have access to. The vulnerability affects both Linux and Windows deployments and requires valid credentials to exploit, limiting the attack surface to authenticated attackers. No patch is currently available.

Authentication Bypass Cyber Protect Windows
NVD
CVSS 3.0
4.3
EPSS
0.0%
CVE-2026-28080 MEDIUM This Month

Rank Math SEO PRO through version 3.0.95 contains an authorization bypass in its access control implementation that allows authenticated users to perform unauthorized modifications. An attacker with valid login credentials could exploit this misconfiguration to alter content or settings they should not have access to. No patch is currently available to address this vulnerability.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-1128 MEDIUM This Month

WP eCommerce WordPre versions up to 3.15.1 is affected by cross-site request forgery (csrf) (CVSS 4.3).

WordPress CSRF
NVD WPScan
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-29795 MEDIUM PATCH This Month

Stellar-xdr prior to version 25.0.1 fails to validate string length constraints in the StringM::from_str function, allowing oversized strings to bypass maximum length checks and create invalid StringM objects. Applications relying on this type's length invariant for serialization, validation, or security decisions could process malformed data that violates expected constraints. Local attackers or malicious input sources could exploit this to cause unexpected behavior in dependent code.

Denial Of Service Stellar Xdr
NVD GitHub VulDB
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-27139 LOW PATCH Monitor

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. [CVSS 2.5 LOW]

Path Traversal Go
NVD VulDB
CVSS 3.1
2.5
EPSS
0.0%
CVE-2026-29110 LOW Monitor

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.0, in non-debug mode Cryptomator might leak cleartext paths into the log file. This can reveal meta information about the files stored inside a vault at a time, where the actual vault is closed. Not every cleartext path is logged. Only if a filesystem request fails for some reason (e.g. damaged encrypted file,...

Information Disclosure Cryptomator
NVD GitHub VulDB
CVSS 3.1
2.2
EPSS
0.0%
CVE-2026-3616 LOW Monitor

SQL injection in DefaultFunction Jeson CRM 1.0.0 allows authenticated attackers to manipulate the ID parameter in /modules/customers/edit.php and execute arbitrary SQL queries, potentially compromising data confidentiality and integrity. Public exploit code exists for this vulnerability, and no patch is currently available despite the identified fix commit hash.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3610 LOW Monitor

Reflected cross-site scripting in HSC Cybersecurity Mailinspector through version 5.3.2-3 allows remote attackers to inject malicious scripts via the error_description parameter in the URL handler component. Public exploit code exists for this vulnerability, which could enable attackers to steal session cookies or perform actions on behalf of authenticated users. Users should upgrade to version 5.4.0 or apply the available hotfix immediately.

PHP XSS
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy