Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 6 March 2026
RSS3216 vulnerabilities published on 6 March 2026
Severity:
Talishar: Any User Can Access Game Features Without Logging In
CVE-2026-28428
Talishar is a fan-made Flesh and Blood project. Prior to commit a9c218e, an authentication bypass vulnerability in Talishar's game endpoint validation...
5.3
Greenshift Plugin Exposes Sensitive API Keys in Backup Files
CVE-2026-2589
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and inc...
5.3
Group-Office: Malicious Code Can Run in Your Browser
CVE-2026-30238
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflect...
5.1
QuickCMS allows attackers to trick users into making unintended changes
CVE-2026-1468
QuickCMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. An attacker can craft special website, which when visited by the victi...
5.1
Zabbix: Unauthorized Host Creation via API with User Role Permissions
CVE-2026-23925
An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lea...
5.1
Binutils: Malicious input file crashes objdump with endless output
CVE-2025-69644
An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malforme...
5.0
Gokapi File Sharing Server: Unprivileged Users Can Create API Keys
CVE-2026-29060
GHSA-m2hx-wjxc-9fp4
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a registered user without privil...
5.0
Acronis Cyber Protect 17: Unrestricted access to sensitive files on Windows
CVE-2026-28717
Local privilege escalation due to improper directory permissions. The following products are affected: Acronis Cyber Protect 17 (Windows) before build...
5.0
Parse Server: Malicious File Upload and Deletion via readOnlyMasterKey
CVE-2026-30228
GHSA-xfh7-phr7-gr2x
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.5 and 9.5.0-alpha.3, the...
6.9
MarkUs allows instructors to upload malicious YAML files before version 2.9.4
CVE-2026-27807
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload ...
4.9
Acronis Cyber Protect Leaks Sensitive Encryption Keys
CVE-2026-28714
Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before bu...
4.8
B2BKing Premium Can Redirect Users to Phishing Sites
CVE-2026-28106
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kings Plugins B2BKing Premium allows Phishing.This issue affects B2BKing Premium:...
4.7
Gokapi login page accepts malicious requests without proper security checks
CVE-2026-29084
GHSA-hcff-qv74-7hr4
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the login flow accepts credentia...
4.6
Acronis Cyber Protect 17 on Linux and Windows fails to check user access
CVE-2026-28716
Information disclosure and manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Wi...
4.4
Acronis Agent Fails to Delete Credentials After Plan Revocation
CVE-2025-30413
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, m...
4.4
Acronis Agent: Credentials not deleted after plan revocation
CVE-2025-11790
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, m...
4.4
OliveTin: Authorized Users Can See Sensitive Info
CVE-2026-30233
GHSA-jf73-858c-54pg
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization flaw in OliveTin allows authenti...
4.3
OliveTin: Privilege Escalation via Authentication Context Confusion
CVE-2026-30225
GHSA-p443-p7w5-2f7f
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability...
4.3
Unauthenticated attackers can create admin accounts on Precurio Intranet Portal 2.0
CVE-2018-25168
Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user a...
5.3
Unsecured Access Control in Rank Math SEO PRO Allows Unauthorized Changes
CVE-2026-28080
Missing Authorization vulnerability in Rank Math Rank Math SEO PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue ...
4.3
Melange: Unbounded Disk Writes from Malicious Build Configs
CVE-2026-29049
GHSA-7rp8-r62p-q6wc
melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cache downloads URIs from build co...
4.3
WordPress WP eCommerce Plugin Can Be Tricked by Attackers
CVE-2026-1128
The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could allow attackers to make a logged...
4.3
Chamilo learning management system: Update unauthorized access
CVE-2025-59544
Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorizat...
6.9
HSC Cybersecurity Mailinspector: Remote Code Injection via Malicious Input
CVE-2026-3610
A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this issue is some unknown functionality of the file /mailinsp...
5.3
Acronis Cyber Protect Exposes Sensitive Data on Windows and Linux
CVE-2026-28726
Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before...
4.3