๐จ CVE-2023-45243
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
๐@cveNotify
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
๐@cveNotify
Acronis
Acronis Advisory Database - Acronis
Acronis Advisory Database. Find information about the latest security advisories and updates for Acronis products.
๐จ CVE-2023-48684
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
๐@cveNotify
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
๐@cveNotify
Acronis
Acronis Advisory Database - Acronis
Acronis Advisory Database. Find information about the latest security advisories and updates for Acronis products.
๐จ CVE-2025-30409
Denial of service due to allocation of resources without limits. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904, Acronis Cyber Protect 17 (Windows) before build 41186.
๐@cveNotify
Denial of service due to allocation of resources without limits. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904, Acronis Cyber Protect 17 (Windows) before build 41186.
๐@cveNotify
Acronis
Acronis Advisory Database - Acronis
Acronis Advisory Database. Find information about the latest security advisories and updates for Acronis products.
๐จ CVE-2025-30415
Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40077, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
๐@cveNotify
Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40077, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
๐@cveNotify
Acronis
Acronis Advisory Database - Acronis
Acronis Advisory Database. Find information about the latest security advisories and updates for Acronis products.
๐จ CVE-2025-11790
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.
๐@cveNotify
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.
๐@cveNotify
Acronis
Acronis Advisory Database - Acronis
Acronis Advisory Database. Find information about the latest security advisories and updates for Acronis products.
๐จ CVE-2025-11791
Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.
๐@cveNotify
Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.
๐@cveNotify
Acronis
Acronis Advisory Database - Acronis
Acronis Advisory Database. Find information about the latest security advisories and updates for Acronis products.
๐จ CVE-2025-11792
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 41124.
๐@cveNotify
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 41124.
๐@cveNotify
Acronis
Acronis Advisory Database - Acronis
Acronis Advisory Database. Find information about the latest security advisories and updates for Acronis products.
๐จ CVE-2025-30413
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
๐@cveNotify
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
๐@cveNotify
Acronis
Acronis Advisory Database - Acronis
Acronis Advisory Database. Find information about the latest security advisories and updates for Acronis products.
๐จ CVE-2026-22552
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.
๐@cveNotify
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.
๐@cveNotify
ePower
Electric Car Charger Support - ePower
Where can I charge my car? What does it cost to charge my electric car? What are the main incentives to buying an electric car?
๐จ CVE-2026-24912
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable
a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.
๐@cveNotify
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable
a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.
๐@cveNotify
ePower
Electric Car Charger Support - ePower
Where can I charge my car? What does it cost to charge my electric car? What are the main incentives to buying an electric car?
๐จ CVE-2026-27770
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
๐@cveNotify
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
๐@cveNotify
ePower
Electric Car Charger Support - ePower
Where can I charge my car? What does it cost to charge my electric car? What are the main incentives to buying an electric car?
๐จ CVE-2026-27778
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.
๐@cveNotify
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.
๐@cveNotify
ePower
Electric Car Charger Support - ePower
Where can I charge my car? What does it cost to charge my electric car? What are the main incentives to buying an electric car?
๐จ CVE-2026-28709
Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
๐@cveNotify
Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
๐@cveNotify
Acronis
Acronis Advisory Database - Acronis
Acronis Advisory Database. Find information about the latest security advisories and updates for Acronis products.
๐จ CVE-2026-3610
A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this issue is some unknown functionality of the file /mailinspector/mliUserValidation.php of the component URL Handler. The manipulation of the argument error_description results in cross site scripting. The attack may be performed from remote. The exploit has been made public and could be used. Upgrading to version 5.4.0 can resolve this issue. You should upgrade the affected component. The vendor was contacted early and responded very professional: "We have already implemented the fix and made a hotfix available to affected customers, ensuring mitigation while the official release 5.4.0 has not yet been published. This allows customers to address the issue immediately, outside the regular release cycle."
๐@cveNotify
A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this issue is some unknown functionality of the file /mailinspector/mliUserValidation.php of the component URL Handler. The manipulation of the argument error_description results in cross site scripting. The attack may be performed from remote. The exploit has been made public and could be used. Upgrading to version 5.4.0 can resolve this issue. You should upgrade the affected component. The vendor was contacted early and responded very professional: "We have already implemented the fix and made a hotfix available to affected customers, ensuring mitigation while the official release 5.4.0 has not yet been published. This allows customers to address the issue immediately, outside the regular release cycle."
๐@cveNotify
๐จ CVE-2026-3612
A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function sub_405AF4 of the file /cgi-bin/adm.cgi of the component OTA Online Upgrade. This manipulation of the argument firmware_url causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.
๐@cveNotify
A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function sub_405AF4 of the file /cgi-bin/adm.cgi of the component OTA Online Upgrade. This manipulation of the argument firmware_url causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.
๐@cveNotify
GitHub
WAVLINK-NU516-V240425/firmware_url.md at main ยท Wlz1112/WAVLINK-NU516-V240425
Contribute to Wlz1112/WAVLINK-NU516-V240425 development by creating an account on GitHub.
๐จ CVE-2025-54236
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
๐@cveNotify
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
๐@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Commerce | APSB25-88
๐จ CVE-2026-3613
A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the function sub_401A0C of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
๐@cveNotify
A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the function sub_401A0C of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
๐@cveNotify
GitHub
WAVLINK-NU516-V240425/ipaddr_Stack Buffer Overflow.md at main ยท Wlz1112/WAVLINK-NU516-V240425
Contribute to Wlz1112/WAVLINK-NU516-V240425 development by creating an account on GitHub.
๐จ CVE-2026-3616
A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. The patch is named f0e991870e9d33701cca3a1d0fd4eec135af01a6. It is suggested to install a patch to address this issue.
๐@cveNotify
A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. The patch is named f0e991870e9d33701cca3a1d0fd4eec135af01a6. It is suggested to install a patch to address this issue.
๐@cveNotify
GitHub
Add files via upload ยท DefaultFuction/Jeson-Customer-Relationship-Management-System@f0e9918
Contribute to DefaultFuction/Jeson-Customer-Relationship-Management-System development by creating an account on GitHub.
๐จ CVE-2025-48544
In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
๐จ CVE-2025-48631
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
๐จ CVE-2024-31328
In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify