Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 6 March 2026
RSS3216 vulnerabilities published on 6 March 2026
Severity:
Acronis Cyber Protect 17: Unauthorized data access on Linux and Windows
CVE-2026-28724
Unauthorized data access due to insufficient access control validation. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows)...
4.3
Acronis Cyber Protect 17: Unauthorized report deletion risk
CVE-2026-28723
Unauthorized report deletion due to insufficient access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before...
4.3
Acronis Cyber Protect settings can be modified without permission
CVE-2026-28720
Unauthorized modification of settings due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, ...
4.3
Acronis Cyber Protect 17 allows unauthorized access to system resources
CVE-2026-28719
Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows...
4.3
Acronis Cyber Protect: Unauthorized access to system resources
CVE-2026-28709
Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows...
4.3
File.ReadDir on Unix can reveal files outside intended directory
DEBIAN-CVE-2026-27139
On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of...
2.5
Group-Office Installer Allows Malicious Code Injection
CVE-2026-30237
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflect...
2.1
CGA-432f-7mj6-gpqf
CGA-432f-7mj6-gpqf
CGA-gff5-7x3q-xp8v
CGA-gff5-7x3q-xp8v
Apache HTTP Server allows remote attackers to read sensitive files
CGA-j49g-m3c4-p9gr
CVE Withdrawal: No Security Risk Information Available
CVE-2026-3233
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
Unescaped URLs in Meta Tags Can Cause Cross-Site Scripting
DEBIAN-CVE-2026-27142
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attr...
SSL Certificate Verification Can Crash Certain Programs
DEBIAN-CVE-2026-27138
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constr...
Incorrect Email Address Constraints in Certificate Chain Can Cause Validation Failure
DEBIAN-CVE-2026-27137
When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but di...
WordPress URL Parsing Error in Older Versions
DEBIAN-CVE-2026-25679
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs....
QuickJS Interpreter Can Crash with Special Input
DEBIAN-CVE-2025-69654
A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 (2025-12-11),`qjs` i...
Apache HTTP Server Remote Code Execution through Malicious Uploads
Apache HTTP Server Remote Code Execution Vulnerability
BELL-CVE-2026-27142
WordPress Plugin 'Easy Table of Contents' Allows Unauthenticated File Upload
BELL-CVE-2026-27139
Adobe Reader PDF Handling Flaw Allows Remote Code Execution
Oracle WebLogic Vulnerability: Unauthenticated Attack Possible
WordPress Plugin 'WP User Manager' Allows Unauthorized Access
BELL-CVE-2026-25679
Microsoft Office Memory Corruption Vulnerability Allows Remote Code Execution
Apache HTTP Server allows remote code execution via exploit
BELL-CVE-2026-27138
Apache HTTP Server Unrestricted File Access via Specially Crafted HTTP Request
BELL-CVE-2026-27137