CVE-2026-28720

Unauthorized modification of settings due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

CVE-2026-28720

Unauthorized modification of settings due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

PT-2026-23761

The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winston disconnect function in all versions up to, and including, 0.0.3. This makes it possible for authenticated...

Ghostfolio SQL注入漏洞

Ghostfolio is an open-source personal wealth management software developed by Ghostfolio. Versions of Ghostfolio prior to 2.244.0 contained a SQL injection vulnerability. This vulnerability stemmed from bypassing symbol validation, which could allow arbitrary SQL commands to be executed through t...

PT-2026-23660

Name of the Vulnerable Software and Affected Versions AppEngine affected versions not specified Description An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical...

CVE-2026-28720

Unauthorized modification of settings due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

CVE-2026-28720

CVE-2026-28720 affects Acronis Cyber Protect 17 (Linux, Windows) before build 41186. Root cause: insufficient authorization checks allowing unauthorized modification of settings. Impact: integrity 낮? (per CVSS: I=LOW, C=NONE, A=NONE), no confidentiality or availability impact stated; attack vecto...

CVE-2026-28720

Unauthorized modification of settings due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

CVE-2026-28720

Unauthorized modification of settings due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

CVE-2026-28456 OpenClaw 2026.1.5 < 2026.2.14 - Arbitrary Code Execution via Unsafe Hook Module Path Handling

OpenClaw versions 2026.1.5 prior to 2026.2.14 contain a vulnerability in the Gateway in which it does not sufficiently constrain configured hook module paths before passing them to dynamic import, allowing code execution. An attacker with gateway configuration modification access can load and...

GHSA-G48C-2WQR-H844 LangGraph checkpoint loading has unsafe msgpack deserialization

LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can modify checkpoint data in the backing store for example, after a database compromise or other privileged write access to the persistence layer, they can...

CVE-2026-23812

A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or...

CVE-2026-1674

The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the savegutenaformsschema function in all versions up to, and including, 1.6.0. This makes...

CVE-2026-2732

The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up to, and including, 4.1.7. This makes it possible for authenticated attackers, with...

EUVD-2026-9790

The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mlaupdatecompatfieldsaction function in all versions up to, and including, 3.33. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2026-3072 Media Library Assistant <= 3.33 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Taxonomy Modification

The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mlaupdatecompatfieldsaction function in all versions up to, and including, 3.33. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2026-3072 Media Library Assistant <= 3.33 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Taxonomy Modification

The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mlaupdatecompatfieldsaction function in all versions up to, and including, 3.33. This makes it possible for authenticated attackers, with Subscriber-level...

OpenClaw 访问控制错误漏洞

OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.12 had a access control vulnerability. This vulnerability stemmed from the Nostr plugin exposing unvalidated HTTP endpoints, which could allow remote attackers to read sensitive configuration file da...

PT-2026-23594

Name of the Vulnerable Software and Affected Versions Acronis Cyber Protect 17 versions prior to build 41186 Description Insufficient authorization checks allow for unauthorized modification of settings. This impacts Acronis Cyber Protect 17 on both Linux and Windows operating systems...

SUSE SLED15 / SLES15 Security Update : busybox (SUSE-SU-2026:0759-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0759-1 advisory. - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization...