6.7
CVE-2026-33271 - Local Privilege Escalation via Insecure Folder Permissions in Acronis True Image (before build 4290β¦
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902.
6.7
CVE-2026-27774 - Local Privilege Escalation via DLL Hijacking in Acronis True Image
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902.
6.7
CVE-2026-28728 -
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902.
6.3
CVE-2026-5360 - Free5GC aper type confusion
A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The explβ¦
2.5
CVE-2026-35388 - OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions
OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.
3.1
CVE-2026-35387 - OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage
OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.
5.9
CVE-2026-34830 - Rack: Rack::Sendfile regex injection via HTTP_X_ACCEL_MAPPING header allows arbitrary file reads thβ¦
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfile#map_accel_path interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not escβ¦
7.5
CVE-2026-34829 - Rack: Denial of Service via Unbounded Multipart File Upload Without Content-Length
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENT_LENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transferβ¦
5.3
CVE-2026-34826 - Rack: Unbounded Range Count in get_byte_ranges Enables DoS
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.get_byte_ranges parses the HTTP Range header without limiting the number of individual byte ranges. Although the existing fix for CVE-2024-26141 rejects ranges whose total byte coverage exceeds theβ¦
5.3
CVE-2026-5355 - Trendnet TEW-657BRM setup.cgi vpn_drop os command injection
A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpn_drop of the file /setup.cgi. The manipulation of the argument policy_name leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the β¦