PT-2026-23724

Name of the Vulnerable Software and Affected Versions Ibexa & Ciril GROUP eZ Platform / Ciril Platform versions 2.x Description An issue exists in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x related to incorrect access control. This allows unauthenticated attackers to...

Microsoft Azure Functions Information Disclosure Vulnerability

Microsoft Azure Functions is a hosted Platform-as-a-Service PaaS provider from Microsoft Corporation USA that delivers event-driven and scheduled compute resources for Azure cloud services. An information disclosure vulnerability exists in Microsoft Azure Functions, which can be exploited by an...

Ibexa eZ Platform 安全漏洞

Ibexa eZ Platform is a content management system and website building tool provided by the Norwegian company Ibexa. The Ibexa eZ Platform 2.x version has a security vulnerability, which stems from improper access control in the REST API. This vulnerability could allow unverified attackers to acce...

Salzer Maitra SQL注入漏洞

Salzer Maitra is a business management software platform developed by the American company Salzer. Version 1.7.2 of Salzer Maitra contains a SQL injection vulnerability. This vulnerability stems from the mailid parameter in the outmail and inmail modules, which allows for SQL injections...

Acronis Cyber Protect 安全漏洞

Acronis Cyber Protect is an enterprise-oriented integrated network protection solution developed by the Swiss company Acronis. It combines features such as backup, anti-malware, network security, and endpoint management e.g., vulnerability assessment, URL filtering, patch management, etc.. A...

CVE-2026-28726

Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

CVE-2026-28715

Sensitive information disclosure due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

CVE-2026-28715

Sensitive information disclosure due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

CVE-2026-28710

CVE-2026-28710 affects Acronis Cyber Protect 17 on Linux and Windows prior to build 41186. The flaw is due to improper authentication, allowing sensitive information disclosure and manipulation. Public sources (NVD, Red Hat, EUVD, OSV, CIRCL, CNNVD, and PT Security) corroborate the same issue and...

CVE-2025-11791

Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, macOS, Windows before build 41186, Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 41124...

CVE-2026-28484

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Insertion of Sensitive Information Into Sent Data

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the /api/v1/account/forgot-password entripoint. An attacker can obtain sensitive user information, including identifiers, names, email addresses, account...

GHSA-MJQR-5C55-G77H @perfood/couch-auth has an Observable Timing Discrepancy

An Observable Timing Discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel...

EUVD-2026-9829

Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Heartbeat sync loop modules allows Sniffing Attacks. This vulnerability is associated with program files src/hbbshttp/sync.Rs and program routine...

EUVD-2026-9836

Cleartext Transmission of Sensitive Information vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Address book sync API modules allows Sniffing Attacks. This vulnerability is associated with program files Closed source — API endpoint handling...

GHSA-G9W5-QFFC-6762 Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure

Summary The /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data user credentials,...

CVE-2026-30795

Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Heartbeat sync loop modules allows Sniffing Attacks. This vulnerability is associated with program files src/hbbshttp/sync.Rs and program routine...

CVE-2026-30785

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution', Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbbcommon on Windows, MacOS, Linux Password security module, config encryption, machine U...

CVE-2026-30785

RustDesk Client (through version 1.4.5) is affected by CVE-2026-30785 due to a vulnerability described as Prototype Pollution and weak password hashing in the password_security, config, and machine-uid-related code paths (hbb_common and related modules). The issue can allow Retrieve Embedded Sens...

CVE-2026-30795

Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Heartbeat sync loop modules allows Sniffing Attacks. This vulnerability is associated with program files src/hbbshttp/sync.Rs and program routine...