Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
14,585 matching · page 127/292Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-28716(opens NVD record) | Medium | 4.4 | Information disclosure and manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | Mar 6, 2026 |
| CVE-2026-28715(opens NVD record) | Medium | 6.5 | Sensitive information disclosure due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | Mar 6, 2026 |
| CVE-2026-28714(opens NVD record) | Medium | 4.8 | Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | Mar 6, 2026 |
| CVE-2026-28712(opens NVD record) | Medium | 6.3 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | Mar 6, 2026 |
| CVE-2026-28711(opens NVD record) | Medium | 6.3 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | Mar 6, 2026 |
| CVE-2026-28710(opens NVD record) | Critical | 9.8 | Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | Mar 6, 2026 |
| CVE-2026-28709(opens NVD record) | Medium | 4.3 | Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | Mar 6, 2026 |
| CVE-2025-30413(opens NVD record) | Medium | 4.4 | Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186. | Mar 6, 2026 |
| CVE-2025-11792(opens NVD record) | High | 7.3 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 41124. | Mar 6, 2026 |
| CVE-2025-11791(opens NVD record) | High | 7.1 | Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124. | Mar 6, 2026 |
| CVE-2025-11790(opens NVD record) | Medium | 4.4 | Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124. | Mar 6, 2026 |
| CVE-2026-26125(opens NVD record) | High | 8.6 | Payment Orchestrator Service Elevation of Privilege Vulnerability | Mar 5, 2026 |
| CVE-2026-26124(opens NVD record) | Medium | 6.7 | '.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. | Mar 5, 2026 |
| CVE-2026-26122(opens NVD record) | Medium | 6.5 | Initialization of a resource with an insecure default in Azure Compute Gallery allows an authorized attacker to disclose information over a network. | Mar 5, 2026 |
| CVE-2026-23651(opens NVD record) | Medium | 6.7 | Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. | Mar 5, 2026 |
| CVE-2026-21536(opens NVD record) | Critical | 9.8 | Microsoft Devices Pricing Program Remote Code Execution Vulnerability | Mar 5, 2026 |
| CVE-2026-3047(opens NVD record) | High | 8.8 | A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions. | Mar 5, 2026 |
| CVE-2026-3009(opens NVD record) | High | 8.1 | A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider. | Mar 5, 2026 |
| CVE-2026-30798(opens NVD record) | High | 7.5 | Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop, strategy processing modules) allows Protocol Manipulation. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines stop-service handler in heartbeat loop. This issue affects RustDesk Client: through 1.4.8. | Mar 5, 2026 |
| CVE-2026-30797(opens NVD record) | High | 8.1 | Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, config import modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files flutter/lib/common.Dart and program routines importConfig() via URI handler. This issue affects RustDesk Client: through 1.4.5. | Mar 5, 2026 |
| CVE-2026-30796(opens NVD record) | High | 7.5 | Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Address book sync, Heartbeat sync loop modules) allows Sniffing Attacks. The client places the preset address-book password verbatim into the heartbeat sync JSON body (src/hbbs_http/sync.rs). Over an intact HTTPS session it is not exposed in transit, but it is a reusable shared secret rather than a zero-knowledge proof, so it is recovered by any party that becomes the API endpoint - under the automatic invalid-certificate TLS downgrade (CVE-2026-30794) or a re-homed/rogue API server (CVE-2026-30797) - and the leaked credential then authorizes the server-side address book. This vulnerability is associated with program files src/hbbs_http/sync.rs and program routines heartbeat sync body builder (emits preset-address-book-password). This issue affects RustDesk Client: through 1.4.8. | Mar 5, 2026 |
| CVE-2026-30795(opens NVD record) | High | 7.5 | Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop modules) allows Sniffing Attacks. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines Heartbeat JSON payload construction (preset-address-book-password). This issue affects RustDesk Client: through 1.4.5. | Mar 5, 2026 |
| CVE-2026-30793(opens NVD record) | Critical | 9.8 | Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, FFI bridge modules) allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart, src/flutter_ffi.Rs and program routines URI handler for rustdesk://password/, bind.MainSetPermanentPassword(). This issue affects RustDesk Client: through 1.4.5. | Mar 5, 2026 |
| CVE-2026-30792(opens NVD record) | High | 8.1 | A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Strategy sync, HTTP API client, config options engine modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files src/hbbs_http/sync.Rs, hbb_common/src/config.Rs and program routines Strategy merge loop in sync.Rs, Config::set_options(). This issue affects RustDesk Client: through 1.4.8. | Mar 5, 2026 |
| CVE-2026-30789(opens NVD record) | Critical | 9.8 | Use of Password Hash With Insufficient Computational Effort, Improper Restriction of Excessive Authentication Attempts vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Password Brute Forcing. The authentication proof is SHA256(SHA256(password + salt) + challenge), where both the salt and the challenge are generated entirely by the server with no client-side nonce, and the hash uses no slow key-derivation function. A rogue or on-path API/relay server (see CVE-2026-30794 / CVE-2026-30797) can issue a chosen salt and challenge, capture the resulting proof, and recover the password offline. The capture-replay claim (CWE-294) is withdrawn: the challenge is regenerated per connection (challenge = Config::get_auto_password(6)), so a captured proof is not replayable against the legitimate server. The 1.4.7 OTP brute-force limiter and the existing LOGIN_FAILURES counter constrain only ONLINE attempts and do not address offline recovery. This vulnerability is associated with program files src/client.rs and program routines handle_hash(), handle_login_from_ui() (login proof construction). This issue affects RustDesk Client: through 1.4.8. | Mar 5, 2026 |
| CVE-2026-30785(opens NVD record) | Medium | 5.5 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbb_common on Windows, MacOS, Linux (Password security module, config encryption, machine UID modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files hbb_common/src/password_security.Rs, hbb_common/src/config.Rs, hbb_common/src/lib.Rs (get_uuid), machine-uid/src/lib.Rs and program routines symmetric_crypt(), encrypt_str_or_original(), decrypt_str_or_original(), get_uuid(), get_machine_id(). This issue affects RustDesk Client: through 1.4.5. | Mar 5, 2026 |
| CVE-2026-30783(opens NVD record) | Critical | 9.8 | A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop, config management modules) allows Privilege Abuse. This vulnerability is associated with program files src/rendezvous_mediator.Rs, src/hbbs_http/sync.Rs and program routines API sync loop, api-server config handling. This issue affects RustDesk Client: through 1.4.8. | Mar 5, 2026 |
| CVE-2026-3598(opens NVD record) | High | 7.5 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Config string generation, web console export modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program routines Config export/generation routines. This issue affects RustDesk Server Pro: through 1.7.5. | Mar 5, 2026 |
| CVE-2026-30791(opens NVD record) | High | 7.5 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Config import, URI scheme handler, CLI --config modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files flutter/lib/common.Dart, hbb_common/src/config.Rs and program routines parseRustdeskUri(), importConfig(). This issue affects RustDesk Client: through 1.4.5. | Mar 5, 2026 |
| CVE-2026-28551(opens NVD record) | Medium | 4.7 | Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability. | Mar 5, 2026 |
| CVE-2026-28549(opens NVD record) | Medium | 6.6 | Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability. | Mar 5, 2026 |
| CVE-2026-28548(opens NVD record) | High | 7.1 | Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Mar 5, 2026 |
| CVE-2026-28547(opens NVD record) | Medium | 6.8 | Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. | Mar 5, 2026 |
| CVE-2026-28546(opens NVD record) | Medium | 5.9 | Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. | Mar 5, 2026 |
| CVE-2026-28542(opens NVD record) | High | 7.3 | Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability. | Mar 5, 2026 |
| CVE-2026-28552(opens NVD record) | Medium | 6.5 | Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability. | Mar 5, 2026 |
| CVE-2026-28550(opens NVD record) | Medium | 4.0 | Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability. | Mar 5, 2026 |
| CVE-2026-28545(opens NVD record) | Medium | 5.9 | Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. | Mar 5, 2026 |
| CVE-2026-28544(opens NVD record) | Medium | 6.2 | Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. | Mar 5, 2026 |
| CVE-2026-28543(opens NVD record) | Medium | 4.4 | Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability. | Mar 5, 2026 |
| CVE-2026-28541(opens NVD record) | Medium | 4.0 | Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of this vulnerability may affect availability. | Mar 5, 2026 |
| CVE-2026-28540(opens NVD record) | Medium | 4.0 | Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Mar 5, 2026 |
| CVE-2026-28539(opens NVD record) | Medium | 6.2 | Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Mar 5, 2026 |
| CVE-2026-28538(opens NVD record) | Medium | 5.9 | Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability. | Mar 5, 2026 |
| CVE-2026-28537(opens NVD record) | Medium | 5.1 | Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability. | Mar 5, 2026 |
| CVE-2025-66319(opens NVD record) | Low | 3.3 | Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity. | Mar 5, 2026 |
| CVE-2026-28536(opens NVD record) | Critical | 9.6 | Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | Mar 5, 2026 |
| CVE-2026-26034(opens NVD record) | High | 7.8 | UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Incorrect Default Permissions (CWE-276) vulnerability that allows an attacker to execute arbitrary code with SYSTEM privileges by causing the application to load a specially crafted DLL. | Mar 5, 2026 |
| CVE-2026-26033(opens NVD record) | Medium | 6.7 | UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unquoted Search Path or Element (CWE-428) vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges. | Mar 5, 2026 |
| CVE-2026-22052(opens NVD record) | Medium | 4.3 | ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission. | Mar 5, 2026 |