Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
33,373 matching · page 168/668Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-26018(opens NVD record) | High | 7.5 | CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2. | Mar 6, 2026 |
| CVE-2026-26017(opens NVD record) | High | 7.7 | CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2. | Mar 6, 2026 |
| CVE-2026-23925(opens NVD record) | High | 8.1 | An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even with write permissions. | Mar 6, 2026 |
| CVE-2026-29074(opens NVD record) | High | 7.5 | SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files. From version 2.1.0 to before version 2.8.1, from version 3.0.0 to before version 3.3.3, and before version 4.0.1, SVGO accepts XML with custom entities, without guards against entity expansion or recursion. This can result in a small XML file (811 bytes) stalling the application and even crashing the Node.js process with JavaScript heap out of memory. This issue has been patched in versions 2.8.1, 3.3.3, and 4.0.1. | Mar 6, 2026 |
| CVE-2026-29049(opens NVD record) | Medium | 4.3 | melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP client timeout (pkg/renovate/cache/cache.go). An attacker-controlled URI in a melange config can cause unbounded disk writes, exhausting disk on the build runne. Version 0.43.4 contains a patch. | Mar 6, 2026 |
| CVE-2026-28726(opens NVD record) | Medium | 4.3 | Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | Mar 6, 2026 |
| CVE-2026-28725(opens NVD record) | Medium | 5.5 | Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | Mar 6, 2026 |
| CVE-2026-28724(opens NVD record) | Medium | 4.3 | Unauthorized data access due to insufficient access control validation. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | Mar 6, 2026 |
| CVE-2026-28723(opens NVD record) | Medium | 4.3 | Unauthorized report deletion due to insufficient access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | Mar 6, 2026 |
| CVE-2026-28722(opens NVD record) | High | 7.3 | Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | Mar 6, 2026 |
| CVE-2026-28721(opens NVD record) | High | 7.3 | Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | Mar 6, 2026 |
| CVE-2026-28720(opens NVD record) | Medium | 4.3 | Unauthorized modification of settings due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | Mar 6, 2026 |
| CVE-2026-28719(opens NVD record) | Medium | 4.3 | Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | Mar 6, 2026 |
| CVE-2026-28718(opens NVD record) | High | 7.5 | Denial of service due to insufficient input validation in authentication logging. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | Mar 6, 2026 |
| CVE-2026-28717(opens NVD record) | Medium | 5.0 | Local privilege escalation due to improper directory permissions. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | Mar 6, 2026 |
| CVE-2026-28716(opens NVD record) | Medium | 4.4 | Information disclosure and manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | Mar 6, 2026 |
| CVE-2026-28715(opens NVD record) | Medium | 6.5 | Sensitive information disclosure due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | Mar 6, 2026 |
| CVE-2026-28714(opens NVD record) | Medium | 4.8 | Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | Mar 6, 2026 |
| CVE-2026-28712(opens NVD record) | Medium | 6.3 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | Mar 6, 2026 |
| CVE-2026-28711(opens NVD record) | Medium | 6.3 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | Mar 6, 2026 |
| CVE-2026-28710(opens NVD record) | Critical | 9.8 | Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | Mar 6, 2026 |
| CVE-2026-28709(opens NVD record) | Medium | 4.3 | Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | Mar 6, 2026 |
| CVE-2025-30413(opens NVD record) | Medium | 4.4 | Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186. | Mar 6, 2026 |
| CVE-2025-11792(opens NVD record) | High | 7.3 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 41124. | Mar 6, 2026 |
| CVE-2025-11791(opens NVD record) | High | 7.1 | Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124. | Mar 6, 2026 |
| CVE-2025-11790(opens NVD record) | Medium | 4.4 | Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124. | Mar 6, 2026 |
| CVE-2026-26125(opens NVD record) | High | 8.6 | Payment Orchestrator Service Elevation of Privilege Vulnerability | Mar 5, 2026 |
| CVE-2026-26124(opens NVD record) | Medium | 6.7 | '.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. | Mar 5, 2026 |
| CVE-2026-26122(opens NVD record) | Medium | 6.5 | Initialization of a resource with an insecure default in Azure Compute Gallery allows an authorized attacker to disclose information over a network. | Mar 5, 2026 |
| CVE-2026-23651(opens NVD record) | Medium | 6.7 | Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. | Mar 5, 2026 |
| CVE-2026-21536(opens NVD record) | Critical | 9.8 | Microsoft Devices Pricing Program Remote Code Execution Vulnerability | Mar 5, 2026 |
| CVE-2026-3047(opens NVD record) | High | 8.8 | A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions. | Mar 5, 2026 |
| CVE-2026-3009(opens NVD record) | High | 8.1 | A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider. | Mar 5, 2026 |
| CVE-2026-30798(opens NVD record) | High | 7.5 | Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop, strategy processing modules) allows Protocol Manipulation. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines stop-service handler in heartbeat loop. This issue affects RustDesk Client: through 1.4.8. | Mar 5, 2026 |
| CVE-2026-30797(opens NVD record) | High | 8.1 | Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, config import modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files flutter/lib/common.Dart and program routines importConfig() via URI handler. This issue affects RustDesk Client: through 1.4.5. | Mar 5, 2026 |
| CVE-2026-30796(opens NVD record) | High | 7.5 | Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Address book sync, Heartbeat sync loop modules) allows Sniffing Attacks. The client places the preset address-book password verbatim into the heartbeat sync JSON body (src/hbbs_http/sync.rs). Over an intact HTTPS session it is not exposed in transit, but it is a reusable shared secret rather than a zero-knowledge proof, so it is recovered by any party that becomes the API endpoint - under the automatic invalid-certificate TLS downgrade (CVE-2026-30794) or a re-homed/rogue API server (CVE-2026-30797) - and the leaked credential then authorizes the server-side address book. This vulnerability is associated with program files src/hbbs_http/sync.rs and program routines heartbeat sync body builder (emits preset-address-book-password). This issue affects RustDesk Client: through 1.4.8. | Mar 5, 2026 |
| CVE-2026-30795(opens NVD record) | High | 7.5 | Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop modules) allows Sniffing Attacks. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines Heartbeat JSON payload construction (preset-address-book-password). This issue affects RustDesk Client: through 1.4.5. | Mar 5, 2026 |
| CVE-2026-30793(opens NVD record) | Critical | 9.8 | Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, FFI bridge modules) allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart, src/flutter_ffi.Rs and program routines URI handler for rustdesk://password/, bind.MainSetPermanentPassword(). This issue affects RustDesk Client: through 1.4.5. | Mar 5, 2026 |
| CVE-2026-30792(opens NVD record) | High | 8.1 | A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Strategy sync, HTTP API client, config options engine modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files src/hbbs_http/sync.Rs, hbb_common/src/config.Rs and program routines Strategy merge loop in sync.Rs, Config::set_options(). This issue affects RustDesk Client: through 1.4.8. | Mar 5, 2026 |
| CVE-2026-30789(opens NVD record) | Critical | 9.8 | Use of Password Hash With Insufficient Computational Effort, Improper Restriction of Excessive Authentication Attempts vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Password Brute Forcing. The authentication proof is SHA256(SHA256(password + salt) + challenge), where both the salt and the challenge are generated entirely by the server with no client-side nonce, and the hash uses no slow key-derivation function. A rogue or on-path API/relay server (see CVE-2026-30794 / CVE-2026-30797) can issue a chosen salt and challenge, capture the resulting proof, and recover the password offline. The capture-replay claim (CWE-294) is withdrawn: the challenge is regenerated per connection (challenge = Config::get_auto_password(6)), so a captured proof is not replayable against the legitimate server. The 1.4.7 OTP brute-force limiter and the existing LOGIN_FAILURES counter constrain only ONLINE attempts and do not address offline recovery. This vulnerability is associated with program files src/client.rs and program routines handle_hash(), handle_login_from_ui() (login proof construction). This issue affects RustDesk Client: through 1.4.8. | Mar 5, 2026 |
| CVE-2026-30785(opens NVD record) | Medium | 5.5 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbb_common on Windows, MacOS, Linux (Password security module, config encryption, machine UID modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files hbb_common/src/password_security.Rs, hbb_common/src/config.Rs, hbb_common/src/lib.Rs (get_uuid), machine-uid/src/lib.Rs and program routines symmetric_crypt(), encrypt_str_or_original(), decrypt_str_or_original(), get_uuid(), get_machine_id(). This issue affects RustDesk Client: through 1.4.5. | Mar 5, 2026 |
| CVE-2026-30783(opens NVD record) | Critical | 9.8 | A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop, config management modules) allows Privilege Abuse. This vulnerability is associated with program files src/rendezvous_mediator.Rs, src/hbbs_http/sync.Rs and program routines API sync loop, api-server config handling. This issue affects RustDesk Client: through 1.4.8. | Mar 5, 2026 |
| CVE-2026-3598(opens NVD record) | High | 7.5 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Config string generation, web console export modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program routines Config export/generation routines. This issue affects RustDesk Server Pro: through 1.7.5. | Mar 5, 2026 |
| CVE-2026-30791(opens NVD record) | High | 7.5 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Config import, URI scheme handler, CLI --config modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files flutter/lib/common.Dart, hbb_common/src/config.Rs and program routines parseRustdeskUri(), importConfig(). This issue affects RustDesk Client: through 1.4.5. | Mar 5, 2026 |
| CVE-2026-28551(opens NVD record) | Medium | 4.7 | Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability. | Mar 5, 2026 |
| CVE-2026-28549(opens NVD record) | Medium | 6.6 | Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability. | Mar 5, 2026 |
| CVE-2026-28548(opens NVD record) | High | 7.1 | Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Mar 5, 2026 |
| CVE-2026-28547(opens NVD record) | Medium | 6.8 | Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. | Mar 5, 2026 |
| CVE-2026-28546(opens NVD record) | Medium | 5.9 | Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. | Mar 5, 2026 |
| CVE-2026-28542(opens NVD record) | High | 7.3 | Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability. | Mar 5, 2026 |