CVE ID :CVE-2026-30242 Published : March 6, 2026, 10:16 p.m. | 2 hours, 35 minutes ago Description :Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in…
CVE-2026-30230 – Flare: Password‑Protected Thumbnail Bypass
CVE ID :CVE-2026-30230 Published : March 6, 2026, 9:16 p.m. | 3 hours, 34 minutes ago Description :Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2,…
CVE-2026-30229 – Parse Server: Endpoint `/loginAs` allows `readOnlyMasterKey` to gain full read and write access as any user
CVE ID :CVE-2026-30229 Published : March 6, 2026, 9:16 p.m. | 3 hours, 34 minutes ago Description :Parse Server is an open source backend that can be deployed to any infrastructure that can run…
CVE-2026-30223 – OliveTin: JWT Audience Validation Bypass in Local Key and HMAC Modes
CVE ID :CVE-2026-30223 Published : March 6, 2026, 9:16 p.m. | 3 hours, 34 minutes ago Description :OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, when JWT…
CVE-2026-29789 – Vito: Cross-project privilege escalation in workflow site-creation actions allows unauthorized server modification
CVE ID :CVE-2026-29789 Published : March 6, 2026, 9:16 p.m. | 3 hours, 34 minutes ago Description :Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers….
CVE-2026-3612 – Wavlink WL-NU516U1 OTA Online Upgrade adm.cgi sub_405AF4 command injection
CVE ID : CVE-2026-3612 Published : March 6, 2026, 1:15 a.m. | 28 minutes ago Description : A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function sub_405AF4 of the file…
CVE-2026-28710 – Acronis Cyber Protect Authentication Bypass
CVE ID : CVE-2026-28710 Published : March 6, 2026, 12:16 a.m. | 1 hour, 28 minutes ago Description : Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis…
CVE-2026-22552 – ePower epower.ie Missing Authentication for Critical Function
CVE ID : CVE-2026-22552 Published : March 6, 2026, 12:16 a.m. | 1 hour, 28 minutes ago Description : WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate…
CVE-2026-26125 – Payment Orchestrator Service Elevation of Privilege Vulnerability
CVE ID : CVE-2026-26125 Published : March 5, 2026, 11:16 p.m. | 28 minutes ago Description : Payment Orchestrator Service Elevation of Privilege Vulnerability Severity: 8.6 | HIGH Visit the link for more…
CVE-2026-21536 – Microsoft Devices Pricing Program Remote Code Execution Vulnerability
CVE ID : CVE-2026-21536 Published : March 5, 2026, 11:16 p.m. | 28 minutes ago Description : Microsoft Devices Pricing Program Remote Code Execution Vulnerability Severity: 9.8 | CRITICAL Visit the link for…