Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 6 March 2026
RSS3241 vulnerabilities published on 6 March 2026
Severity:
changedetection.io: Unvalidated XPath Expressions Expose File Access
CVE-2026-29039
GHSA-6fmw-82m7-jq6p
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to s...
8.8
PJSIP: A security risk in event subscription handling before version 2.17
CVE-2026-28799
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJ...
8.7
Home-Gallery.org: Unrestricted Access to Sensitive System Files
CVE-2026-28679
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Prior to version 1.21.0, when a user requests a downlo...
7.5
Talishar: User Can Access Unauthorized Game Files
CVE-2026-28429
Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871, a Path Traversal vulnerability was identified in the gameName parameter. Whil...
7.5
Chartbrew: Unauthenticated Access to Team/Project Chart Data
CVE-2026-27603
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4,...
8.7
Acronis Cyber Protect 17 authentication logging can be exploited
CVE-2026-28718
Denial of service due to insufficient input validation in authentication logging. The following products are affected: Acronis Cyber Protect 17 (Linux...
7.5
Unrestricted Authentication Requests in WebSocket API May Enable Denial-of-Service Attacks
CVE-2026-27778
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow a...
8.7
Red Hat Delve Security Update Fixes Authentication Bypass Flaw
RHSA-2026:3842
7.4
Charging Station Sessions Can Be Hijacked via Predictable IDs
CVE-2026-27764
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session...
6.9
Charging Station Identifiers Not Secure, Allows Session Hijacking
CVE-2026-20748
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session...
6.9
Acronis Cyber Protect 17 (Windows) allows local users to gain elevated privileges
CVE-2026-28722
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41...
7.3
Acronis Cyber Protect 17 (Windows) allows attackers to gain elevated privileges
CVE-2026-28721
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41...
7.3
Charging Station Identifiers Not Securely Used in WebSockets
CVE-2026-24912
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session...
6.9
Acronis Cyber Protect Cloud Agent on Windows: Unauthorized Code Execution
CVE-2025-11792
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before...
7.3
Parse Server allows read-only credentials to access user data
CVE-2026-30229
GHSA-79wj-8rqv-jvp5
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.6 and 9.5.0-alpha.4, the...
8.5
Parse Server allows unauthorized access to sensitive data and operations
CVE-2026-29182
GHSA-vc89-5g3r-cmhh
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.4 and 9.4.1-alpha.3, Par...
8.6
Chartbrew: Unpatched Charts Can Let Hackers Run Code on Your Server
CVE-2026-25887
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1,...
7.2
Wavlink WL-NU516U1: Remote Attack Possible Through Login Page
CVE-2026-3613
A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the function sub_401A0C of the file /cgi-bin/login.cgi. Such ...
7.3
Wavlink Router Firmware Upgrade Remote Command Injection
CVE-2026-3612
A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function sub_405AF4 of the file /cgi-bin/adm.cgi of the component OTA O...
7.3
Facturation System 1.0 allows hackers to access sensitive database info
CVE-2018-25191
Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malic...
7.1
Maitra 1.7.2 allows attackers to access sensitive data and control the database
CVE-2018-25180
Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code ...
7.1
Galaxy Forces MMORPG 0.5.8: Attackers can steal sensitive database info
CVE-2018-25165
Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting m...
7.1
Acronis Cyber Protect Cloud Agent and Cyber Protect 17: Default Admin Passwords Exposed
CVE-2026-28713
Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyber Protect Cloud Agent (VMware...
7.1
Acronis Cyber Protect: Unauthorized Access to Sensitive Data
CVE-2025-11791
Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect...
7.1
Red Hat Linux Patches Multiple Security Holes in the Linux Kernel
RHSA-2026:3886
7.0