Skip to main content
CVE-2026-22688 CRITICAL POC PATCH Act Now

WeKnora LLM framework (before 0.2.5) allows authenticated users to inject MCP stdio commands that the server executes as subprocesses. PoC available, patch available.

Command Injection AI / ML Weknora Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.3%
CVE-2026-21898 HIGH POC This Week

CryptoLib versions prior to 1.4.3 contain an out-of-bounds read vulnerability in the Crypto_AOS_ProcessSecurity function that allows remote attackers to crash spacecraft communications systems when parsing malformed AOS frame hashes. Public exploit code exists for this vulnerability affecting cFS deployments that rely on SDLS-EP for spacecraft-to-ground station security. The vulnerability has high severity due to its denial of service impact on critical space communications infrastructure, and no patch is currently available.

Buffer Overflow Information Disclosure Cryptolib
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-22704 HIGH POC PATCH This Week

Stored cross-site scripting (XSS) in HAX CMS versions 11.0.6 through 24.x allows authenticated attackers to inject malicious scripts that execute in other users' browsers, potentially leading to account takeover. Public exploit code exists for this vulnerability affecting both PHP and Node.js deployments. Users should upgrade to version 25.0.0 or later to remediate the issue.

PHP Node.js Haxcms Nodejs
NVD GitHub Exploit-DB VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-22607 HIGH POC PATCH This Week

Fickling's static analyzer through version 0.1.6 fails to properly classify the cProfile module as unsafe during pickle analysis, causing malicious pickles leveraging cProfile.run() to be marked as SUSPICIOUS rather than OVERTLY_MALICIOUS. Organizations using Fickling as a security gate for deserialization decisions may be deceived into executing attacker-controlled code. Public exploit code exists for this vulnerability, and patches are available in version 0.1.7 and later.

Python Deserialization AI / ML Fickling
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-22606 HIGH POC PATCH This Week

Fickling's incomplete pickle analysis allows attackers to bypass security checks by using Python's runpy module to execute arbitrary code. Versions through 0.1.6 misclassify dangerous runpy-based payloads as merely suspicious rather than malicious, enabling code execution on systems that rely on Fickling to validate pickle safety. Public exploit code exists for this vulnerability, though a patch is available in version 0.1.7.

Python Deserialization AI / ML Fickling
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-22609 HIGH POC PATCH This Week

Fickling's static analyzer before version 0.1.7 fails to detect several dangerous Python modules in pickled objects, enabling attackers to craft malicious pickles that bypass safety checks and achieve arbitrary code execution. This vulnerability affects users relying on Fickling to validate untrusted serialized Python objects for safety. Public exploit code exists for this HIGH severity vulnerability, though a patch is available in version 0.1.7 and later.

Python Deserialization AI / ML Fickling
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-22699 HIGH POC PATCH This Week

RustCrypto Elliptic Curves versions 0.14.0-pre.0 and 0.14.0-rc.0 are vulnerable to denial-of-service when decrypting SM2 public key encryption, as invalid curve points with syntactically valid coordinates cause an unhandled panic during point validation. Public exploit code exists for this vulnerability, affecting applications that use the SM2 implementation. A remote attacker can crash the cryptographic service by sending specially crafted ciphertext with malformed elliptic curve points.

Code Injection Sm2 Elliptic Curve
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-22697 HIGH POC This Week

CryptoLib versions prior to 1.4.3 contain a heap buffer overflow in the KMC crypto service's Base64 decoder, where oversized input strings can write beyond allocated buffer boundaries when processing KMC JSON responses. An attacker with network access to the KMC service can trigger this vulnerability to crash the spacecraft-ground station communication process or potentially execute arbitrary code. Public exploit code exists for this vulnerability, and no patch is currently available.

Buffer Overflow Denial Of Service Cryptolib
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-22700 HIGH POC PATCH This Week

RustCrypto's SM2 elliptic curve implementation in versions 0.14.0-pre.0 and 0.14.0-rc.0 is vulnerable to denial-of-service through improper input validation in the decrypt() function, allowing remote attackers to crash affected applications by submitting malformed or undersized ciphertext that triggers unhandled panics. Public exploit code exists for this vulnerability, though a patch is available.

Industrial Denial Of Service Sm2 Elliptic Curve
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-22026 HIGH POC PATCH This Week

CryptoLib versions prior to 1.4.3 are vulnerable to denial of service through unbounded memory allocation in the KMC crypto service client's HTTP response handling. A malicious or compromised KMC server can trigger excessive memory consumption by sending arbitrarily large responses, causing the client process to crash. Public exploit code exists for this vulnerability affecting spacecraft communications secured by SDLS-EP.

Buffer Overflow Cryptolib
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-22589 HIGH POC PATCH This Week

Spree versions up to 4.10.2 is affected by authorization bypass through user-controlled key (CVSS 7.5).

Ruby Spree
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-22698 HIGH POC PATCH This Week

SM2 elliptic curve implementations in RustCrypto versions 0.14.0-pre.0 and 0.14.0-rc.0 suffer from a critical entropy reduction flaw where ephemeral nonce generation requests only 32 bits instead of 256 bits of randomness, degrading encryption security from 128-bit to 16-bit strength. Public exploit code exists, allowing attackers to recover the nonce and decrypt ciphertexts using only the public key and encrypted message. A patch is available for affected deployments.

Information Disclosure Sm2 Elliptic Curve
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22023 HIGH POC PATCH This Week

CryptoLib versions prior to 1.4.3 contain an out-of-bounds heap read in the cryptography_aead_encrypt() function, affecting spacecraft communications secured via the SDLS-EP protocol. Public exploit code exists for this vulnerability, allowing remote attackers to trigger a denial of service condition without authentication. The vulnerability impacts systems using CryptoLib for ground-to-spacecraft communications and has been patched in version 1.4.3.

Buffer Overflow Information Disclosure Cryptolib
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-15503 MEDIUM POC This Month

Operation And Maintenance Security Management System versions up to 3.0.8. is affected by improper access control (CVSS 7.3).

File Upload Authentication Bypass Operation And Maintenance Security Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
5.5%
CVE-2026-22773 MEDIUM POC PATCH This Month

Vllm versions up to 0.12.0 is affected by allocation of resources without limits or throttling (CVSS 6.5).

Denial Of Service AI / ML Vllm Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-22610 HIGH PATCH CISA GHSA Act Now

Cross-site scripting in Angular's Template Compiler allows attackers to inject arbitrary JavaScript through unsanitized href and xlink:href attributes on SVG <script> elements bound to untrusted data. Affects Angular versions prior to 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, with no public exploit identified at time of analysis despite a very low EPSS score of 0.01%. Patched releases are available from the Angular project, and exploitation requires the victim application to dynamically bind user-controlled values to those specific SVG script attributes.

XSS Angular
NVD GitHub HeroDevs VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-22689 MEDIUM POC PATCH This Month

Mailpit versions up to 1.28.2 contains a vulnerability that allows attackers to intercept sensitive data such as email contents, headers, and server statistics (CVSS 6.5).

Industrial Mailpit Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-65091 CRITICAL PATCH Act Now

XWiki Full Calendar Macro (before 2.4.5) has SQL injection accessible to guest users via the Calendar.JSONService page. Maximum CVSS 10.0 with scope change. Patch available.

SQLi Denial Of Service Full Calendar Macro
NVD GitHub
CVSS 3.1
10.0
EPSS
0.2%
CVE-2026-22027 MEDIUM POC PATCH This Month

Heap buffer overflow in CryptoLib versions prior to 1.4.3 allows a high-privileged local attacker to corrupt adjacent memory by supplying oversized hex strings in MariaDB SA fields without capacity validation. Public exploit code exists for this vulnerability affecting spacecraft communication security implementations. The flaw enables denial of service and potential code execution through heap memory manipulation.

MariaDB Cryptolib
NVD GitHub
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-21900 MEDIUM POC PATCH This Month

CryptoLib versions prior to 1.4.3 suffer from an out-of-bounds heap read in the cryptography_encrypt() function when processing malformed JSON metadata from KMC servers, allowing remote attackers to trigger a denial of service condition. The vulnerability stems from improper buffer boundary checking during string parsing in spacecraft-ground station communications secured by the SDLS-EP protocol. Public exploit code exists for this medium-severity flaw, though a patch is available.

Buffer Overflow Information Disclosure Cryptolib
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-22687 MEDIUM POC PATCH This Month

WeKnora versions before 0.2.5 allow unauthenticated attackers to bypass database query restrictions through prompt injection techniques when the Agent service is enabled, enabling unauthorized access to sensitive data. Public exploit code exists for this vulnerability, which affects the framework's document understanding and semantic retrieval capabilities. A patch is available in version 0.2.5 and later.

SQLi AI / ML Weknora Suse
NVD GitHub
CVSS 3.1
5.6
EPSS
0.1%
CVE-2025-15502 MEDIUM POC This Month

Operation And Maintenance Security Management System versions up to 3.0.8. is affected by command injection (CVSS 7.3).

Command Injection Operation And Maintenance Security Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.4%
CVE-2026-0821 MEDIUM POC PATCH This Month

Heap-based buffer overflow in QuickJS up to version 0.11.0 within the js_typed_array_constructor function allows unauthenticated remote attackers to corrupt memory and potentially execute arbitrary code. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. Affected users should apply patch c5d80831e51e48a83eab16ea867be87f091783c5 immediately.

Buffer Overflow Quickjs
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-22703 MEDIUM POC PATCH This Month

Cosign's bundle verification mechanism fails to properly validate that embedded Rekor entries reference the correct artifact digest, signature, and public key, allowing an attacker with a compromised signing identity to forge valid bundles and bypass transparency log verification. A malicious actor could exploit this to create counterfeit signatures that pass validation checks, affecting users relying on Cosign for container and binary code signing verification. Public exploit code exists for this vulnerability; patches are available in versions 2.6.2 and 3.0.4.

Authentication Bypass Cosign Red Hat Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-22693 MEDIUM POC PATCH This Month

HarfBuzz text shaping engine versions prior to 12.3.0 crash when the SubtableUnicodesCache::create function attempts to dereference a null pointer returned by failed memory allocation, enabling denial of service in applications processing untrusted font data. Public exploit code exists for this vulnerability. A patch is available in version 12.3.0 and later.

Null Pointer Dereference Harfbuzz Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-22024 MEDIUM POC PATCH This Month

CryptoLib versions prior to 1.4.3 leak approximately 400 bytes of memory with each call to the cryptography_encrypt() function due to unfreed buffers, allowing remote attackers to conduct denial-of-service attacks against spacecraft-to-ground communications by exhausting available memory through sustained traffic. Public exploit code exists for this vulnerability. The issue is resolved in version 1.4.3 and later.

Denial Of Service Cryptolib
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-61686 CRITICAL PATCH Act Now

React Router (@react-router/node 7.0.0-7.9.3) has a path traversal in file-based session storage when using unsigned cookies. Attackers can manipulate session file paths to read or write arbitrary files on the server.

Path Traversal React Router Node Remix Run Deno Remix Run Node
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-22600 CRITICAL PATCH Act Now

OpenProject (before 16.6.4) has a local file read vulnerability through SVG-based ImageMagick exploitation in the PDF export feature. Authenticated users can read server files by uploading malicious SVGs disguised as PNGs. Patch available.

Information Disclosure Openproject
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-22685 HIGH PATCH This Week

DevToys versions 2.0.0.0 through 2.0.8.x are vulnerable to path traversal attacks during extension package installation, allowing attackers to write files outside the intended directory by crafting malicious NUPKG archives with directory traversal sequences. An attacker can exploit this to overwrite arbitrary files with DevToys process privileges, potentially enabling code execution or system compromise on affected systems. The vulnerability is patched in version 2.0.9.0.

Path Traversal Devtoys
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-21899 MEDIUM POC This Month

CryptoLib versions prior to 1.4.3 contain an out-of-bounds read vulnerability in the base64urlDecode function that dereferences memory before validating input parameters, potentially causing a denial of service in spacecraft communications secured by SDLS-EP. Affected systems running cFS with vulnerable CryptoLib versions could crash when processing malformed base64 input. Public exploit code exists for this vulnerability, though no patch is currently available.

Denial Of Service Cryptolib
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-21884 HIGH PATCH This Week

React Router is a router for React. In @remix-run/react version prior to 2.17.3. [CVSS 8.2 HIGH]

XSS React Router Remix Run React
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-62235 HIGH PATCH This Week

Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. [CVSS 8.1 HIGH]

Apache Authentication Bypass Nimble
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-22595 HIGH PATCH This Week

Ghost CMS versions 5.121.0-5.130.5 and 6.0.0-6.10.3 incorrectly allow Staff Token authentication to access endpoints restricted to Staff Session authentication, enabling authenticated Admin/Owner-role users to perform unauthorized actions. An attacker with valid Staff Token credentials for elevated roles could bypass authentication restrictions and access sensitive endpoints not intended for token-based access. Patches are available in versions 5.130.6 and 6.11.0.

Node.js Ghost
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-22594 HIGH PATCH This Week

Ghost CMS versions 5.105.0-5.130.5 and 6.0.0-6.10.3 contain an authentication bypass in their two-factor authentication implementation that allows authenticated staff members to circumvent email-based 2FA requirements. An attacker with valid staff credentials can exploit this flaw to gain unauthorized access to administrative functions without completing the required second authentication factor. Patches are available in versions 5.130.6 and 6.11.0.

Node.js Ghost
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-22612 HIGH PATCH This Week

Fickling versions prior to 0.1.7 fail to properly detect malicious pickle payloads due to inadequate handling of the "builtins" module, allowing attackers to bypass security analysis and potentially execute arbitrary code. This vulnerability affects Python environments using vulnerable versions of Fickling for pickle inspection and static analysis. An attacker can craft specially designed pickle files that evade detection mechanisms, compromising the integrity of pickle validation workflows.

Python AI / ML Fickling
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-22608 HIGH PATCH This Week

Fickling before version 0.1.7 allows local attackers to achieve arbitrary code execution through Python pickle deserialization by chaining unblocked ctypes and pydoc modules, bypassing the tool's safety scanner which incorrectly reports malicious files as LIKELY_SAFE. An attacker with user interaction can exploit this vulnerability to execute code with the privileges of the Python process. A patch is available in version 0.1.7 and later.

Python RCE Deserialization AI / ML Fickling
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-22025 LOW POC PATCH Monitor

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. [CVSS 3.7 LOW]

Denial Of Service Cryptolib
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-59057 HIGH PATCH This Week

React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. [CVSS 7.6 HIGH]

XSS React Router Remix Run React
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-53477 HIGH PATCH This Week

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. [CVSS 7.5 HIGH]

Apache Null Pointer Dereference Nimble
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-13457 HIGH This Week

WooCommerce Square (WordPress plugin) versions up to 5.1.1 is affected by authorization bypass through user-controlled key (CVSS 7.5).

WordPress PHP
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-52435 HIGH PATCH This Week

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange. [CVSS 7.5 HIGH]

Apache Nimble
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22777 HIGH PATCH This Week

Comfyui-Manager versions up to 3.39.2 contains a vulnerability that allows attackers to security setting tampering or modification of application behavior (CVSS 7.5).

Code Injection Comfyui Manager
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-21897 HIGH This Week

Out-of-bounds write in CryptoLib's SDLS-EP implementation allows unauthenticated network attackers to corrupt the gvcid_counter variable by writing beyond array bounds during parameter registration, potentially disrupting spacecraft-to-ground station communications security. Affected systems running CryptoLib versions prior to 1.4.3 are vulnerable to manipulation of parameter lookup logic without authentication or user interaction. No patch is currently available for this vulnerability affecting NASA's core Flight System deployments.

Buffer Overflow Cryptolib
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-22601 HIGH This Week

Arbitrary command execution in OpenProject versions 16.6.1 and below allows authenticated administrators to execute system commands by manipulating the sendmail binary path configuration and triggering a test email function. An admin-level attacker can leverage this to achieve full system compromise with high impact on confidentiality, integrity, and availability. No patch is currently available, and exploitation requires high privileges but no user interaction.

Command Injection RCE Openproject
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-22596 MEDIUM PATCH This Month

SQL injection in Ghost's Admin API members/events endpoint enables authenticated administrators to execute arbitrary database queries, affecting versions 5.90.0-5.130.5 and 6.0.0-6.10.3. An attacker with valid Admin API credentials could exploit this to extract, modify, or delete sensitive data stored in the Ghost database. Patches are available in versions 5.130.6 and 6.11.0.

Node.js Ghost
NVD GitHub
CVSS 3.1
6.7
EPSS
0.1%
CVE-2026-22603 MEDIUM PATCH This Month

OpenProject versions prior to 16.6.2 fail to implement rate-limiting on the unauthenticated password-change endpoint, allowing attackers to conduct brute-force attacks against known user accounts without triggering lockout mechanisms. An attacker can systematically guess passwords using common wordlists and achieve full account compromise, potentially escalating privileges depending on the victim's role within the application. A patch is available in version 16.6.2.

Privilege Escalation Openproject
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68470 MEDIUM PATCH This Month

React-Router versions up to 6.30.1 is affected by url redirection to untrusted site (open redirect) (CVSS 6.5).

React React Router Red Hat
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-22030 MEDIUM PATCH This Month

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. [CVSS 6.5 MEDIUM]

React CSRF React Router Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-14555 MEDIUM This Month

The Countdown Timer - Widget Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdevart_countdown' shortcode in all versions up to, and including, 2.7.7 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-14506 MEDIUM This Month

The ConvertForce Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gutenberg block's `entrance_animation` attribute in all versions up to, and including, 0.0.7. This is due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy