Total
1528 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-28725 | 2026-03-06 | N/A | 5.5 MEDIUM | ||
| Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | |||||
| CVE-2025-30413 | 2026-03-06 | N/A | 4.4 MEDIUM | ||
| Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186. | |||||
| CVE-2025-11790 | 2026-03-06 | N/A | 4.4 MEDIUM | ||
| Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124. | |||||
| CVE-2026-29188 | 2026-03-05 | N/A | 9.1 CRITICAL | ||
| File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.1, a broken access control vulnerability in the TUS protocol DELETE endpoint allows authenticated users with only Create permission to delete arbitrary files and directories within their scope, bypassing the intended Delete permission restriction. Any multi-user deployment where administrators explicitly restrict file deletion for certain users is affected. This issue has been patched in version 2.61.1. | |||||
| CVE-2026-29126 | 2026-03-05 | N/A | N/A | ||
| Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC) SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges (local privilege escalation and persistence) via modification of a root-owned, world-writable BusyBox udhcpc DHCP event script, which is executed when a DHCP lease is obtained, renewed, or lost. | |||||
| CVE-2026-29125 | 2026-03-05 | N/A | N/A | ||
| IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local user, allowing DNS resolver tampering that can redirect network communications, facilitate man-in-the-middle attacks, and cause denial of service. | |||||
| CVE-2025-70341 | 1 App-auto-patch | 1 App-auto-patch | 2026-03-05 | N/A | 7.8 HIGH |
| Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files. | |||||
| CVE-2025-14604 | 1 Ibm | 1 Storage Scale | 2026-03-04 | N/A | 6.6 MEDIUM |
| IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors. | |||||
| CVE-2025-70342 | 2026-03-04 | N/A | 6.6 MEDIUM | ||
| erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe. | |||||
| CVE-2026-24732 | 2026-03-04 | N/A | N/A | ||
| Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice (Extension:NSFileRepo modules) allows Accessing Functionality Not Properly Constrained by ACLs, Bypassing Electronic Locks and Access Controls.This issue affects BlueSpice: from 5.1 through 5.1.3, from 5.2 through 5.2.0. HINT: Versions provided apply to BlueSpice MediaWiki releases. For Extension:NSFileRepo the affected versions are 3.0 < 3.0.5 | |||||
| CVE-2026-2637 | 2026-03-03 | N/A | N/A | ||
| iBoysoft NTFS for Mac contains a local privilege escalation vulnerability in its privileged helper daemon ntfshelperd. The daemon exposes an NSConnection service that runs as root without implementing any authentication or authorization checks. This issue affects iBoysoft NTFS: 8.0.0. | |||||
| CVE-2026-2915 | 2026-03-03 | N/A | N/A | ||
| HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was remediated with HP System Event Utility version 3.2.16. | |||||
| CVE-2025-14979 | 2026-03-03 | N/A | N/A | ||
| AirVPN Eddie on MacOS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects Eddie: 2.24.6. | |||||
| CVE-2026-21902 | 2026-03-03 | N/A | 9.8 CRITICAL | ||
| An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root. The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port. With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device. Please note that this service is enabled by default as no specific configuration is required. This issue affects Junos OS Evolved on PTX Series: * 25.4 versions before 25.4R1-S1-EVO, 25.4R2-EVO. This issue does not affect Junos OS Evolved versions before 25.4R1-EVO. This issue does not affect Junos OS. | |||||
| CVE-2026-26095 | 1 Owlcyberdefense | 3 Opds-100, Opds-1000, Opds-talon | 2026-02-27 | N/A | 5.5 MEDIUM |
| Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | |||||
| CVE-2026-26096 | 1 Owlcyberdefense | 3 Opds-100, Opds-1000, Opds-talon | 2026-02-27 | N/A | 5.5 MEDIUM |
| Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | |||||
| CVE-2026-26100 | 1 Owlcyberdefense | 3 Opds-100, Opds-1000, Opds-talon | 2026-02-27 | N/A | 5.5 MEDIUM |
| Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | |||||
| CVE-2026-26101 | 1 Owlcyberdefense | 3 Opds-100, Opds-1000, Opds-talon | 2026-02-27 | N/A | 7.8 HIGH |
| Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | |||||
| CVE-2026-26102 | 1 Owlcyberdefense | 3 Opds-100, Opds-1000, Opds-talon | 2026-02-27 | N/A | 7.8 HIGH |
| Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | |||||
| CVE-2019-25344 | 1 Wondershare | 1 Mobilego | 2026-02-26 | N/A | 7.8 HIGH |
| Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators group with full system access. | |||||