Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Get CVEs that hit your stack — not 200/day

Pick your technologies, get a weekly digest by email. Free, no spam.

React Python Postgres +200 more

React Next.js Python Postgres AWS +200 more

Trending Now See all

Critical Watch See all

Weekly Report See all

1053 CVE Records Published This Week May 18 – May 25, 2026

Weekly Vulnerability Briefing: 1510 CVEs, 128 Critical, 2 KEV Entries May 11 – May 18, 2026

1,796 CVEs Published: 742 Critical/High, 3 KEV, 204 Unpatched May 04 – May 11, 2026

1,125 CVEs Published: Auth Bypass in cPanel Actively Exploited (KEV) Apr 27 – May 04, 2026

Week 16/2026: 1,427 CVEs (+21%), 492 CRITICAL/HIGH, 146 POCs, 237 Unpatched Apr 20 – Apr 27, 2026

1,180 CVEs: Totolink Router Command Injection Campaign Dominates Week Apr 13 – Apr 20, 2026

Vulnerability Surge: 1,516 CVEs, 111 Critical, Router Command Injection Wave Apr 06 – Apr 13, 2026

1,224 CVEs Published: 498 Critical/High, 280 Unpatched, 2 KEV Entries Mar 30 – Apr 06, 2026

Threat Landscape 30/03-06/04/2026: Chrome Zero-Day, TrueConf Supply Chain, ShareFile Kill Chain

ICT Providers at Risk

View all

Last 30 days

Upcoming Zero-Day Disclosures 396 366 overdue

View all

to view ZDI disclosures

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Incoming 20

Pre-NVD – not yet scored

CVE-2026-48711 sshfs <= 3.7.5 symlink CVE-2026-48827 Apache MINA SSHD CVE-2026-42539 Open Redirect CVE-2026-42540 Sba-Adv-20260128-01 CVE-2026-42329 Open Redirect CVE-2026-42543 Sba-Adv-20260128-03 CVE-2026-42547 Sba-Adv-20260128-05 CVE-2026-42538 Open Redirect

ZDI Disclosures – Jul 28 20 58d

View all

ZDI-CAN-29492 7.8

HIGH Foxit

Foxit is a widely-used PDF software company, and this high-severity vulnerability (CVSS 7.8) requires local access and user interaction but requires no authentication, potentially allowing an attacker to achieve complete compromise of confidentiality, integrity, and availability on an affected system. The attack vector is local, meaning an attacker would need some level of access to the target machine, but could escalate privileges or damage files without prior credentials. Security teams should monitor for exploitation attempts targeting Foxit products and prepare patches for deployment once the vendor deadline of July 28, 2026 approaches.

Potential Privilege Escalation

ZDI-CAN-29790 8.5

HIGH Linux

Linux is the open-source operating system kernel used across servers, desktops, and embedded systems worldwide. This high-severity vulnerability (CVSS 8.5) can be exploited remotely by an authenticated attacker with moderate complexity, potentially compromising confidentiality, integrity, and availability across multiple systems. Security teams should prepare for patches following the July 28, 2026 deadline and monitor for any public exploits targeting this authentication-dependent network vector.

Linux Linux Kernel Potential RCE

ZDI-CAN-29838 6.4

MEDIUM LiteLLM

LiteLLM is an open-source library that provides a unified interface for large language model APIs. This medium-severity vulnerability (CVSS 6.4) can be exploited remotely by authenticated users without user interaction, potentially allowing attackers to gain limited access to confidential information and make unauthorized changes, though system availability is not affected. Security teams should monitor for this issue and prepare patches once the vendor deadline of July 28, 2026 passes, as authenticated attackers on their networks could potentially leverage this flaw for privilege escalation or data exposure.

Python AI / ML

ZDI-CAN-29299 7.5

HIGH OpenPrinting

OpenPrinting is a widely-used open-source printing system commonly integrated into Linux distributions and enterprise print servers. This high-severity vulnerability (CVSS 7.5) can be exploited remotely without authentication, though it requires user interaction and specific conditions to succeed, with potential for complete compromise of confidentiality, integrity, and availability. Security teams should monitor for patches from their Linux vendors and print service providers by the July 2026 deadline and review any printing-related services exposed to network access.

Linux OpenSSL Potential RCE

ZDI-CAN-29413 7.5

HIGH Linux

A high-severity vulnerability (CVSS 7.5) has been discovered in Linux that requires local access and high-level privileges to exploit, but can result in complete compromise of system confidentiality, integrity, and availability with cross-system impact. The attack is difficult to execute and requires no user interaction once an attacker has elevated privileges on the target system. Security teams should monitor for patches following the vendor deadline of July 28, 2026, and prioritize systems where high-privileged users may be compromised or untrusted.

Linux Linux Kernel

ZDI-CAN-29491 7.8

HIGH Foxit

Foxit is a well-known software company specializing in PDF readers and document management solutions. This high-severity vulnerability (CVSS 7.8) requires local access and user interaction to exploit, but once successful grants an attacker high-level control over confidentiality, integrity, and availability of the affected system with no authentication needed. Security teams should monitor for patches after the July 28, 2026 deadline and watch for exploitation attempts targeting Foxit users, particularly in environments where local file access or document opening could be weaponized.

Potential Privilege Escalation

ZDI-CAN-29663 7.4

HIGH oFono

oFono is an open-source telephony framework for Linux that manages mobile broadband and voice communication. This vulnerability has a high severity rating of 7.4 and requires local access to exploit, with no authentication or user interaction needed, but could allow an attacker to compromise confidentiality, integrity, and availability of the system. Security teams should monitor for patches following the July 28, 2026 vendor deadline and prioritize updates for systems running oFono, particularly on devices where local access could be gained.

Linux Potential Privilege Escalation

ZDI-CAN-29495 7.8

HIGH Foxit

Foxit is a well-known software company that develops PDF readers and document management solutions widely used in enterprise environments. This high-severity vulnerability requires local access and user interaction but requires no authentication, and if exploited could allow an attacker to gain complete control over confidentiality, integrity, and availability of the affected system. Security teams should monitor for patches from Foxit by the July 2026 deadline and prioritize updates for systems where users regularly open untrusted PDF documents.

Potential Privilege Escalation

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — May 31, 2026

25 CVEs tracked today. 0 Critical, 9 High, 4 Medium, 12 Low.

CVE-2026-10178 HIGH CVSS 7.3
SQL injection in code-projects Online Music Site 1.0 allows remote unauthenticated attackers to manipulate the ID parameter of /Administrator/PHP/AdminEditAlbum.php to inject arbitrary SQL queries. Publicly available exploit code exists (disclosed via VulDB submission 819912 and a GitHub issue), though there is no CISA KEV listing and no EPSS data provided to gauge exploitation probability. The vulnerability carries a CVSS 7.3 score reflecting low complexity and no authentication requirement, but only partial CIA impact.

PHP SQLi Online Music Site
CVE-2026-10165 HIGH CVSS 7.4
Stack-based buffer overflow in the Edimax BR-6478AC 1.23 wireless router enables authenticated remote attackers to corrupt memory by sending a crafted pppUserName parameter to the /goform/formWanTcpipSetup endpoint. Publicly available exploit code exists (published via VulDB and a Notion writeup), elevating this from a theoretical issue to a practical threat, though no CISA KEV listing or active exploitation has been confirmed. The CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact on the device itself, with exploitation requiring only low-level authentication.

Buffer Overflow Stack Overflow
CVE-2026-10164 HIGH CVSS 7.4
Remote buffer overflow in the Edimax BR-6478AC 1.23 wireless router allows authenticated attackers to corrupt memory via the formUSBFolder POST handler by supplying oversized ShareName or SelectName arguments. Publicly available exploit code exists (hosted on a Notion page referenced by VulDB), and the CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact on the device with low privileges required. No CISA KEV listing, so this is best treated as a publicly weaponizable bug awaiting a vendor response.

Buffer Overflow
CVE-2026-10163 HIGH CVSS 7.4
Buffer overflow in the Edimax BR-6478AC v1.23 wireless router allows authenticated remote attackers to corrupt memory by sending oversized UserName or Password values to the /goform/formUSBAccount endpoint. Publicly available exploit code exists for this issue, raising the practical risk despite the requirement for low-level credentials, though no active exploitation has been confirmed via CISA KEV.

Buffer Overflow
CVE-2026-10162 HIGH CVSS 7.4
Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows authenticated remote attackers to corrupt memory via the webpage parameter in the formSetPassword handler at /goform/formSetPassword, with publicly available exploit code increasing risk. The vendor has formally declined to patch this end-of-life device (EOL since 2009), making any deployment permanently vulnerable. CVSS 4.0 rates this 7.4 (High) with proven exploit maturity, though no CISA KEV listing exists at this time.

Buffer Overflow Stack Overflow
CVE-2026-10161 HIGH CVSS 7.4
Stack-based buffer overflow in TRENDnet TEW-432BRP router (firmware 3.10B20) allows authenticated remote attackers to corrupt memory via the status_statistic parameter in the /goform/formResetStatistic endpoint, potentially leading to code execution or device compromise. Publicly available exploit code exists on GitHub, and the vendor has confirmed the product is end-of-life (EOL since 2009) and will not be patched. No CISA KEV listing or EPSS data is provided in the input, so widespread exploitation status is unconfirmed.

Buffer Overflow Stack Overflow
CVE-2026-10160 HIGH CVSS 7.4
Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 wireless router allows authenticated remote attackers to corrupt memory via the start_wizard parameter in the /goform/formSetEnableWizard endpoint. Publicly available exploit code exists, and the vendor has confirmed they will not issue a fix because the device has been end-of-life since 2009. EPSS data was not provided, and the CVE is not listed in CISA KEV, but the combination of trivial exploitability and no forthcoming patch makes this a permanent risk for any still-deployed units.

Buffer Overflow Stack Overflow
CVE-2026-10159 HIGH CVSS 7.4
Stack-based buffer overflow in the TRENDnet TEW-432BRP wireless router (firmware 3.10B20) allows authenticated remote attackers to corrupt memory via the current_page parameter handled by the formSysLog function at /goform/formSysLog, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists, and the vendor has explicitly declined to issue a fix because the product has been end-of-life since 2009. Affected deployments are unsupported legacy hardware with no remediation path other than replacement.

Buffer Overflow Stack Overflow
CVE-2026-10158 HIGH CVSS 7.4
Stack-based buffer overflow in the TRENDnet TEW-432BRP 3.10B20 wireless router's web interface allows authenticated remote attackers to corrupt memory by sending a crafted server_name parameter to the formPortFw handler at /goform/formPortFw, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists, and the vendor has explicitly refused to issue a fix because the product has been end-of-life since 2009.

Buffer Overflow Stack Overflow
CVE-2026-10177 MEDIUM CVSS 6.3
Server-side request forgery in Aider-AI Aider 0.86.3 allows authenticated remote attackers to make the application issue arbitrary HTTP requests to internal network resources, including cloud infrastructure metadata endpoints such as the AWS EC2 instance metadata service at 169.254.169.254. The URL scraping component accepts user-supplied URLs without validating whether the destination resolves to private RFC1918 or link-local address space, enabling an attacker to proxy requests through the Aider host. No public exploit identified at time of analysis meets KEV criteria, but publicly available exploit code exists via GitHub issue #5075, and the upstream fix (PR #5137) awaits formal acceptance into a release.

SSRF Aider
CVE-2026-10167 MEDIUM CVSS 5.5
Authentication bypass in OUSL-GROUP-BrinaryBrains School Student Management System allows unauthenticated remote attackers to manipulate the 'role' argument in the sign_auth_cookie function, forging or escalating authentication cookies without valid credentials. All commits up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6 are affected, publicly available exploit code exists (confirmed by CVSS E:P and a public GitHub issue), and no patch is available as the project has not responded to disclosure. Despite a moderate CVSS 4.0 score of 5.5, the combination of zero-barrier remote exploitation and absent vendor remediation represents material unmitigated risk for any organization running this system.

PHP Authentication Bypass School Student Management System
CVE-2026-10157 MEDIUM CVSS 5.5
Authentication bypass in Open5GS versions up to 2.7.6 allows remote attackers to manipulate UE security capabilities through the AMF's NGAP PathSwitchRequest message handler in src/amf/ngap-handler.c. The flaw stems from the AMF blindly overwriting locally stored UE 5G security capabilities with values received from a target gNB during a path switch, violating 3GPP TS 33.501 6.7.3.1, and publicly available exploit code exists though no public exploit identified as actively exploited at time of analysis.

Authentication Bypass
CVE-2026-8382 MEDIUM CVSS 5.3
Authorization bypass in Advanced Custom Fields (ACF®) plugin for WordPress versions up to and including 6.8.1 allows unauthenticated remote attackers to overwrite the post_title and post_content of any post bound to a publicly accessible acf_form() instance. The attack requires no credentials, no user interaction, and low complexity - exploitable by anyone who can reach a page rendering a public-facing ACF front-end form. This vulnerability is not listed in the CISA KEV catalog and no public exploit code has been identified at time of analysis, but the zero-barrier attack path makes content integrity on exposed WordPress sites a real concern.

WordPress Authentication Bypass
CVE-2026-10176 LOW CVSS 2.1
SQL injection in Aider-AI Aider 0.86.3's Code Generation Workflow component allows authenticated remote attackers with low privileges to manipulate internal SQL queries, resulting in partial compromise of confidentiality, integrity, and availability. A publicly available proof-of-concept exploit exists via GitHub issue #5077, raising near-term exploitation risk despite the medium CVSS score of 6.3. The vendor has not yet responded to the responsible disclosure and no patch has been released, leaving users without an official remediation path.

SQLi
CVE-2026-10175 LOW CVSS 2.1
Code injection in Aider-AI Aider 0.86.3 Architect Mode enables authenticated remote attackers to execute arbitrary code via the `editor_coder.run` function in `auth.py`. A public proof-of-concept exploit is available via GitHub issue #5058, lowering the barrier to exploitation. No vendor patch exists as the project has not responded to the responsible disclosure, leaving all users of the affected version exposed with no official remediation path.

RCE Code Injection
CVE-2026-10174 LOW CVSS 2.1
Protection mechanism failure in Aider-AI Aider 0.86.3 exposes git pre-commit hook bypass via manipulation of the `git-commit-verify` argument in `aider/args.py`, allowing authenticated remote attackers to commit code without triggering pre-commit security controls. The CVSS temporal score includes E:P (proof-of-concept exploit publicly available, linked to GitHub issue #5057), and the vendor has not yet responded to the responsible disclosure. No public KEV listing exists, and the report confidence (RC:R) remains at 'Reasonable' rather than 'Confirmed', indicating the vendor has not acknowledged the finding.

Information Disclosure
CVE-2026-10173 LOW CVSS 2.1
Cross-site scripting in Orthanc Explorer 2 versions up to and including 1.12.0 enables remote attackers to inject arbitrary JavaScript into the browser sessions of users who load a crafted URL, via the unsanitized `remote-source` query parameter processed by the StudyList.vue URL Handler. The CVSS 4.3 rating (AV:N/AC:L/PR:N/UI:R/S:U) reflects that no authentication is required of the attacker but victim interaction with a malicious link is necessary - a classic reflected XSS profile. Publicly available exploit code exists per VulDB and a referenced GitHub issue, and an upstream patch commit has been issued, though no officially tagged patched release has been independently confirmed from the canonical repository.

XSS
CVE-2026-10172 LOW CVSS 2.1
Unrestricted file upload in Bdtask Multi-Store Inventory Management System 1.0 enables authenticated remote attackers to upload arbitrary file types - including PHP webshells - through the Component Module's Upload function, leading to potential remote code execution on the host server. The vulnerability resides in application/modules/dashboard/controllers/Module.php where the Upload function performs insufficient file type validation. A public proof-of-concept exploit has been released on GitHub, elevating the practical risk beyond the moderate CVSS 6.3 score. No vendor patch has been identified at time of analysis.

PHP File Upload
CVE-2026-10171 LOW CVSS 2.0
SQL injection in code-projects Online Music Site 1.0 exposes the administrator backend endpoint /Administrator/PHP/AdminUpdateAlbum.php to database manipulation via an unsanitized ID parameter. Exploitation requires high-privilege (administrator) credentials per CVSS PR:H, meaning only authenticated admins - or attackers who have already compromised an admin account - can trigger the flaw. A public proof-of-concept has been disclosed via GitHub, but no CISA KEV listing exists, and no public exploitation activity has been confirmed at this time.

PHP SQLi
CVE-2026-10170 LOW CVSS 2.1
SQL injection in code-projects Visitor Management System 1.0 exposes the `/vms/php/phone_0.php` endpoint to database manipulation via the unsanitized `phone` parameter, exploitable by authenticated remote attackers. A publicly available exploit chain on GitHub (by Xmyronn) explicitly demonstrates escalation from this SQL injection to remote code execution, elevating the real-world severity beyond the CVSS 6.3 base score. No public exploit identified at time of analysis as actively exploited (not in CISA KEV), but the published RCE chain makes this a meaningful risk for any internet-exposed deployment.

PHP SQLi
CVE-2026-10169 LOW CVSS 2.9
Weak password recovery in the BrinaryBrains School Student Management System (OUSL-GROUP-BrinaryBrains) exposes its Forgot Password endpoint to remote manipulation of the email argument, enabling attackers to abuse the flawed recovery mechanism and achieve limited unauthorized account integrity impact. The CVSS 4.0 score of 2.9 reflects high attack complexity (AC:H), constraining real-world exploitability despite publicly available exploit code (E:P). No active exploitation has been confirmed via CISA KEV, and the vendor has not responded to the coordinated disclosure as of the time of reporting.

PHP Information Disclosure School Student Management System
CVE-2026-10168 LOW CVSS 2.1
Resource injection in the OUSL-GROUP-BrinaryBrains School Student Management System allows authenticated remote attackers to manipulate the param1 argument in the marks function of Parents.php, improperly controlling resource identifiers to access unauthorized academic records. The CVSS 4.0 score is 2.1, reflecting low-privilege authentication requirements (PR:L) and limited scope impact; a publicly available proof-of-concept exploit has been disclosed via a GitHub issue. No vendor patch exists - the project uses continuous delivery rolling releases and has not responded to the responsible disclosure report.

PHP Information Disclosure School Student Management System
CVE-2026-10166 LOW CVSS 2.1
Command injection in Edimax BR-6478AC firmware 1.23 allows a remotely authenticated attacker to execute arbitrary OS commands by manipulating the `rootAPmac` parameter in a POST request to the `/goform/formWlbasic` endpoint. The vulnerable function `formWlbasic` passes unsanitized input directly to a system-level command, a pattern common in consumer embedded router firmware. A public proof-of-concept exploit has been disclosed, lowering the technical bar for exploitation; no vendor-released patch has been identified at time of analysis.

Command Injection
CVE-2026-10156 LOW CVSS 2.1
Uncontrolled resource consumption in Open5GS up to version 2.7.7 allows remote low-privileged attackers to degrade availability of the NRF (Network Repository Function) component by sending crafted requests to the nf-instances SBI endpoint. The vulnerability triggers runaway resource allocation through the nf_info_pool argument in the handle_amf_info function, resulting in a denial-of-service condition against the NRF's NF instance registration and discovery services. A publicly available proof-of-concept exploit exists (E:P in CVSS 4.0 vector), though no public exploit identified at time of analysis has been confirmed by CISA KEV; the upstream issue is flagged as already-fixed.

Denial Of Service
CVE-2026-10155 LOW CVSS 2.0
SQL injection in Bdtask Multi-Store Inventory Management System 1.0 exposes backend database contents through the Accounts Report Handler's date-range search functionality. The vulnerability resides in the accounts_report_search function (Accounts.php), where the dtpToDate argument is passed to a SQL query without sanitization, allowing an authenticated high-privileged user to read, modify, or partially disrupt database data. Publicly available exploit code exists (CVSS 4.0 E:P), though the high-privilege prerequisite significantly limits the realistic attacker population; the vulnerability is not listed in CISA KEV.

PHP SQLi

Track CVEs for your stack Sign up free →

Today's Vulnerabilities Vulnerabilities