CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-11792 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 41124. | N/A | NONE | — | 0 |
| CVE-2026-27573 Rejected reason: Further research determined the situation described is not a vulnerability. | N/A | NONE | — | 0 |
| CVE-2026-28254 A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs. | N/A | NONE | — | 0 |
| CVE-2025-66024 The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting (XSS) via the Blog Post Title. The... | N/A | NONE | — | 0 |
| CVE-2026-28711 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | N/A | NONE | — | 0 |
| CVE-2026-1775 The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially craft... | N/A | NONE | — | 0 |
| CVE-2026-1874 Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electri... | N/A | NONE | — | 0 |
| CVE-2026-28712 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | N/A | NONE | — | 0 |
| CVE-2026-28713 Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyber Protect Cloud Agent (VMware) before build 36943, Acronis Cyber Protect 17 (VM... | N/A | NONE | — | 0 |
| CVE-2026-25191 The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory ... | N/A | NONE | — | 0 |
| CVE-2026-28714 Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | N/A | NONE | — | 0 |
| CVE-2026-3089 Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means... | N/A | NONE | — | 0 |
| CVE-2026-1875 Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP all versions allows a remote attacker to cause a denial-of-... | N/A | NONE | — | 0 |
| CVE-2026-28716 Information disclosure and manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | N/A | NONE | — | 0 |
| CVE-2026-1876 Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denia... | N/A | NONE | — | 0 |
| CVE-2026-30840 Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, there is a server-side request forgery vulnerability in notification testers. This issue has been patched... | N/A | NONE | — | 0 |
| CVE-2026-23703 The installer of FinalCode Client provided by Digital Arts Inc. contains an incorrect default permissions vulnerability. A non-administrative user may execute arbitrary code with SYSTEM privilege. | N/A | NONE | — | 0 |
| CVE-2026-27735 Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2026.1.14, the git_add tool did not validate that ... | N/A | NONE | — | 0 |
| CVE-2026-27200 Rejected reason: Further research determined the situation described is not a vulnerability. | N/A | NONE | — | 0 |
| CVE-2026-28256 A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts. | N/A | NONE | — | 0 |
| CVE-2026-28719 Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | N/A | NONE | — | 0 |
| CVE-2026-24732 Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice (Extension:NSFileRepo modules) allows Accessing F... | N/A | NONE | — | 0 |
| CVE-2026-3277 The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an... | N/A | NONE | — | 0 |
| CVE-2026-28720 Unauthorized modification of settings due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | N/A | NONE | — | 0 |
| CVE-2026-20996 Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication. | N/A | NONE | — | 0 |
| CVE-2026-28721 Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | N/A | NONE | — | 0 |
| CVE-2026-28722 Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | N/A | NONE | — | 0 |
| CVE-2026-2244 A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script... | N/A | NONE | — | 0 |
| CVE-2026-27201 Rejected reason: Further research determined the situation described is not a vulnerability. | N/A | NONE | — | 0 |
| CVE-2026-28723 Unauthorized report deletion due to insufficient access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | N/A | NONE | — | 0 |
| CVE-2026-30822 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, unauthenticated users can inject arbitrary values into internal database fields when c... | N/A | NONE | — | 0 |
| CVE-2026-30823 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there is an IDOR vulnerability, leading to account takeover and enterprise feature byp... | N/A | NONE | — | 0 |
| CVE-2025-15498 Pro3W CMS if vulnerable to SQL injection attacks. Improper neutralization of input provided into a login form allows an unauthenticated attacker to bypass authentication and gain administrative privil... | N/A | NONE | — | 0 |
| CVE-2025-11381 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-28724 Unauthorized data access due to insufficient access control validation. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | N/A | NONE | — | 0 |
| CVE-2026-30797 Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, config import modules) allows Application API... | N/A | NONE | — | 0 |
| CVE-2026-30796 Cleartext Transmission of Sensitive Information vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Address book sync API modules) allows Sniffing At... | N/A | NONE | — | 0 |
| CVE-2026-30795 Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop modules) allows Sniffing At... | N/A | NONE | — | 0 |
| CVE-2026-30794 Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (HTTP API client, TLS transport modules) allows Adversary in the... | N/A | NONE | — | 0 |
| CVE-2026-30793 Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, FFI bridge modules) allows Privil... | N/A | NONE | — | 0 |
| CVE-2026-30792 A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Strategy sync, HTTP API client, config options engine modules) allows Application ... | N/A | NONE | — | 0 |
| CVE-2026-30790 Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on W... | N/A | NONE | — | 0 |
| CVE-2026-28725 Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | N/A | NONE | — | 0 |
| CVE-2026-3223 Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer. | N/A | NONE | — | 0 |
| CVE-2026-27830 c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instances. Several c3p0 `ConnectionPoolDataSource` impleme... | N/A | NONE | — | 0 |
| CVE-2025-11382 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-28726 Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | N/A | NONE | — | 0 |
| CVE-2026-30789 Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, And... | N/A | NONE | — | 0 |
| CVE-2026-28727 Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 (macOS) before build 41186, Acronis Cyber Protect Cloud Agent (macOS) ... | N/A | NONE | — | 0 |
| CVE-2026-3233 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.