CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-27005 Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25888 Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability vi... | 8.8 | HIGH | β | 0 |
| CVE-2026-25887 Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability vi... | 7.2 | HIGH | β | 0 |
| CVE-2026-25877 Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the application performs authorization checks bas... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-29093 WWBN AVideo is an open source video platform. Prior to version 24.0, the official docker-compose.yml publishes the memcached service on host port 11211 (0.0.0.0:11211) with no authentication, while th... | 8.1 | HIGH | β | 0 |
| CVE-2026-29046 TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables (HTTP_*). The parser ... | 8.2 | HIGH | β | 0 |
| CVE-2026-29041 Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The ... | 8.8 | HIGH | β | 0 |
| CVE-2026-28502 WWBN AVideo is an open source video platform. Prior to version 24.0, an authenticated Remote Code Execution (RCE) vulnerability was identified in AVideo related to the plugin upload/import functionali... | 8.8 | HIGH | β | 0 |
| CVE-2026-28501 WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-28497 TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine (_Val) allows an unauthenticated... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-27807 MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities (e.g.... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-25962 MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, inst... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-59544 Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "category_id" parameter which a... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-59543 Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting (XSS) vulnerability. By injecting malicious JavaScript into the course description field, an a... | 9.0 | CRITICAL | β | 0 |
| CVE-2025-59542 Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting (XSS) vulnerability. By injecting malicious JavaScript into the course learning path Settings ... | 9.0 | CRITICAL | β | 0 |
| CVE-2025-59541 Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete projects inside a course without the victimβs consent.... | 8.1 | HIGH | β | 0 |
| CVE-2025-59540 Chamilo is a learning management system. Prior to version 1.11.34, a stored XSS vulnerability exists in Chamilo LMS that allows a staff account to execute arbitrary JavaScript in the browser of higher... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-55289 Chamilo is a learning management system. Prior to version 1.11.34, there is a stored XSS vulnerability in Chamilo LMS (Verison 1.11.32) allows an attacker to inject arbitrary JavaScript into the platf... | 8.8 | HIGH | β | 0 |
| CVE-2026-3616 A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation o... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-3613 A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the function sub_401A0C of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to stack... | 7.2 | HIGH | β | 0 |
| CVE-2026-3612 A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function sub_405AF4 of the file /cgi-bin/adm.cgi of the component OTA Online Upgrade. This manipulation of the argument f... | 7.2 | HIGH | β | 0 |
| CVE-2026-3610 A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this issue is some unknown functionality of the file /mailinspector/mliUserValidation.php of the component URL H... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-2589 The Greenshift β animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup s... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-28727 Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 (macOS) before build 41186, Acronis Cyber Protect Cloud Agent (macOS) ... | N/A | NONE | β | 0 |
| CVE-2026-28726 Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | N/A | NONE | β | 0 |
| CVE-2026-28725 Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | N/A | NONE | β | 0 |
| CVE-2026-28724 Unauthorized data access due to insufficient access control validation. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | N/A | NONE | β | 0 |
| CVE-2026-28723 Unauthorized report deletion due to insufficient access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | N/A | NONE | β | 0 |
| CVE-2026-28722 Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | N/A | NONE | β | 0 |
| CVE-2026-28721 Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | N/A | NONE | β | 0 |
| CVE-2026-28720 Unauthorized modification of settings due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | N/A | NONE | β | 0 |
| CVE-2026-28719 Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | N/A | NONE | β | 0 |
| CVE-2026-28718 Denial of service due to insufficient input validation in authentication logging. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | 7.5 | HIGH | β | 0 |
| CVE-2026-28717 Local privilege escalation due to improper directory permissions. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | N/A | NONE | β | 0 |
| CVE-2026-28716 Information disclosure and manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | N/A | NONE | β | 0 |
| CVE-2026-28715 Sensitive information disclosure due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-28714 Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | N/A | NONE | β | 0 |
| CVE-2026-28713 Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyber Protect Cloud Agent (VMware) before build 36943, Acronis Cyber Protect 17 (VM... | N/A | NONE | β | 0 |
| CVE-2026-28712 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | N/A | NONE | β | 0 |
| CVE-2026-28711 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | N/A | NONE | β | 0 |
| CVE-2026-28710 Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-28709 Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | 4.3 | MEDIUM | β | 0 |
| CVE-2026-27778 The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by... | 7.5 | HIGH | β | 0 |
| CVE-2026-27770 Charging station authentication identifiers are publicly accessible via web-based mapping platforms. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-24912 The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predic... | 7.3 | HIGH | β | 0 |
| CVE-2026-22552 WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can con... | 9.4 | CRITICAL | β | 0 |
| CVE-2025-30413 Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber P... | 4.4 | MEDIUM | β | 0 |
| CVE-2025-11792 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 41124. | N/A | NONE | β | 0 |
| CVE-2025-11791 Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Ac... | 7.1 | HIGH | β | 0 |
| CVE-2025-11790 Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124. | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.