5009 matches found
PT-2026-30027
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report...
PT-2026-30009
Impact On macOS, app.moveToApplicationsFolder used an AppleScript fallback path that did not properly handle certain characters in the application bundle path. Under specific conditions, a crafted launch path could lead to arbitrary AppleScript execution when the user accepted the...
ZOHO ManageEngine Exchange reporter Plus 安全漏洞
ZOHO ManageEngine Exchange Reporter Plus is a web-based Microsoft Exchange reporting, auditing, and monitoring software developed by ZOHO Corporation. Previous versions of ZOHO ManageEngine Exchange Reporter Plus, including version 5802, contained security vulnerabilities due to cross-site...
PT-2026-30028
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report...
ZOHO ManageEngine Exchange reporter Plus 安全漏洞
ZOHO ManageEngine Exchange Reporter Plus is a web-based Microsoft Exchange reporting, auditing, and monitoring software developed by ZOHO Corporation. Previous versions of ZOHO ManageEngine Exchange Reporter Plus, including version 5802, contained security vulnerabilities. These vulnerabilities...
EUVD-2026-18424
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image Windows before build 42902...
CVE-2026-33271
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image Windows before build 42902...
CVE-2026-33271
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image Windows before build 42902...
CVE-2026-33271
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image Windows before build 42902...
CVE-2026-33271
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image Windows before build 42902...
CVE-2026-33271
CVE-2026-33271 is an observed local privilege escalation in Acronis True Image (Windows) before build 42902, caused by insecure folder permissions. The issue enables elevation of privileges from a local attacker. CVSSv3 metrics indicate a Local attack vector, High impact on Confidentiality, Integ...
EUVD-2026-18229
SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed b...
CVE-2026-26928
SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed b...
CVE-2026-26928
CVE-2026-26928 affects SzafirHost. The vulnerability arises because the application does not verify the hash or the vendor’s digital signature for uploaded DLL/SO/JNILIB/DYLIB files, while JARs are checked. An attacker can supply a malicious dynamic library that is saved in the user’s temp folder...
CVE-2026-2696
The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS including private posts in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any unauthenticated user can...
PT-2026-29845
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image Windows before build 42902...
Acronis True Image 安全漏洞
Acronis True Image is a renowned data backup and restoration software developed by the Swiss company Acronis. This software can be used to create drive and disk images, and restore them when a clean system is required. Versions of Acronis True Image prior to build 42902 contained security...
CVE-2026-2696 Export All URLs < 5.1 - Unauthenticated Sensitive Data Exposure
The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS including private posts in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any unauthenticated user can...
CVE-2026-28528
BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GETFOLDERITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit insufficient bounds...
Duplicate Advisory: OpenClaw: Workspace plugin auto-discovery allowed code execution from cloned repositories
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-99qw-6mr3-36qr. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust...