Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,779
Quick preset (or use dates below)
Clear Filters
Showing 10,441 - 10,460 of 14,604 CVEs
CVE-2026-28712 MEDIUM - 6.3

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.

Vendor: Acronis
Product: Acronis Cyber Protect 17
Published: Mar 06, 2026
Source: NVD
CVE-2026-28711 MEDIUM - 6.3

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.

Vendor: Acronis
Product: Acronis Cyber Protect 17
Published: Mar 06, 2026
Source: NVD
CVE-2026-28709 MEDIUM - 4.3

Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Vendor: Acronis
Product: Acronis Cyber Protect 17
Published: Mar 06, 2026
Source: NVD
CVE-2026-27770 MEDIUM - 6.5

Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

Vendor: ePower
Product: epower.ie
Published: Mar 06, 2026
Source: NVD
CVE-2025-30413 MEDIUM - 4.4

Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.

Vendor: Acronis
Product: Acronis Cyber Protect Cloud Agent, Acronis Cyber Protect 17
Published: Mar 06, 2026
Source: NVD
CVE-2025-11791 MEDIUM - 5.5

Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.

Vendor: Acronis
Product: Acronis Cyber Protect 17, Acronis Cyber Protect Cloud Agent
Published: Mar 06, 2026
Source: NVD
CVE-2025-11790 MEDIUM - 4.4

Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.

Vendor: Acronis
Product: Acronis Cyber Protect Cloud Agent
Published: Mar 06, 2026
Source: NVD
CVE-2026-26124 MEDIUM - 6.7

'.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.

Published: Mar 05, 2026
Source: NVD
CVE-2026-26122 MEDIUM - 6.5

Initialization of a resource with an insecure default in Azure Compute Gallery allows an authorized attacker to disclose information over a network.

Published: Mar 05, 2026
Source: NVD
CVE-2026-23651 MEDIUM - 6.7

Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.

Published: Mar 05, 2026
Source: NVD
CVE-2026-2593 MEDIUM - 6.4

The Greenshift โ€“ animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `_gspb_post_css` post meta value and the `dynamicAttributes` block attribute in all versions up to, and including, 12.8.5 due to insufficient input sanitization and output esc...

Published: Mar 05, 2026
Source: NVD
CVE-2026-29612 MEDIUM - 5.5

OpenClaw versions prior to 2026.2.14 decode base64-backed media inputs into buffers before enforcing decoded-size budget limits, allowing attackers to trigger large memory allocations. Remote attackers can supply oversized base64 payloads to cause memory pressure and denial of service.

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-29611 MEDIUM - 6.2

OpenClaw versions prior to 2026.2.14 contain a local file inclusion vulnerability in BlueBubbles extension (must be installed and enabled) media path handling that allows attackers to read arbitrary files from the local filesystem. The sendBlueBubblesMedia function fails to validate mediaPath parame...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-29606 MEDIUM - 4.8

OpenClaw versions prior to 2026.2.14 contain a webhook signature-verification bypass in the voice-call extension that allows unauthenticated requests when the tunnel.allowNgrokFreeTierLoopbackBypass option is explicitly enabled. An external attacker can send forged requests to the publicly reachable...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-28486 MEDIUM - 6.1

OpenClaw versions 2026.1.16-2 prior to 2026.2.14 contain a path traversal vulnerability in archive extraction during installation commands that allows arbitrary file writes outside the intended directory. Attackers can craft malicious archives that, when extracted via skills install, hooks install, ...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-28482 MEDIUM - 6.5

OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to read...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-28481 MEDIUM - 5.3

OpenClaw versions 2026.1.30 and earlier, contain an information disclosure vulnerability, patched in 2026.2.1, in the MS Teams attachment downloader (optional extension must be enabled) that leaks bearer tokens to allowlisted suffix domains. When retrying downloads after receiving 401 or 403 respons...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-28480 MEDIUM - 6.5

OpenClaw versions prior to 2026.2.14 contain an authorization bypass vulnerability where Telegram allowlist matching accepts mutable usernames instead of immutable numeric sender IDs. Attackers can spoof identity by obtaining recycled usernames to bypass allowlist restrictions and interact with bots...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-28477 MEDIUM - 5.9

OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vulnerability in the manual Chutes login flow that allows attackers to bypass CSRF protection. An attacker can convince a user to paste attacker-controlled OAuth callback data, enabling credential substitution and token pe...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-28476 MEDIUM - 5.3

OpenClaw versions prior to 2026.2.14 contain a server-side request forgery vulnerability in the optional Tlon Urbit extension that accepts user-provided base URLs for authentication without proper validation. Attackers who can influence the configured Urbit URL can induce the gateway to make HTTP re...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD