9.3
CVE-2026-41940 - WebPros cPanel and WHM Authentication Bypass via Login Flow
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
6.9
CVE-2026-7386 - fatbobman mail-mcp-bridge mail_mcp_server.py path traversal
A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affected is an unknown function of the file src/mail_mcp_server.py. Executing a manipulation of the argument message_ids can lead to path traversal. The attack can be executed remotely. The exploit has been published and may be used. Uβ¦
8.8
CVE-2026-6849 - OS Command Injection in TUBITAK BILGEM's Pardus OS My Computer
Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection. This issue affects Pardus OS My Computer: from <=0.7.5 before 0.8.0.
9.6
CVE-2026-5166 - Path Traversal in TUBITAK BILGEM's Pardus Software Center
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal. This issue affects Pardus Software Center: before 0.6.4.
6.9
CVE-2026-7384 - ezequiroga mcp-bases research_server.py search_papers path traversal
A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function search_papers of the file research_server.py. Performing a manipulation of the argument topic results in path traversal. Remote exploitatβ¦
8.8
CVE-2026-5161 - Improper Authentication in TUBITAK BILGEM's Pardus About
Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus About: before 1.2.2.
8.4
CVE-2026-7111 - Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend tβ¦
Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, getline, and getline_all methods invoke registered callbacks (for example after_parse, before_print, orβ¦
8.8
CVE-2026-5141 - Improper Access Control in TUBITAK BILGEM's Pardus Software Center
Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process. This issue affects Pardus Software Center: from 1.0.2 before 1.0.3.
7.8
CVE-2026-41220 - Improper Input Validation Allowing Local Privilege Escalation in Acronis DeviceLock DLP and Cyber Pβ¦
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183.
7.8
CVE-2026-41952 -
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183.