Skip to main content
CVE-2026-1162 CRITICAL POC Act Now

UTT HiPER 810 router firmware 1.7.4 has a stack buffer overflow in the /goform/setNat endpoint's strcpy function, enabling remote attackers to execute arbitrary code.

Buffer Overflow 810 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-23852 CRITICAL POC PATCH Act Now

SiYuan personal knowledge management system prior to 3.5.4 has a stored XSS vulnerability (CVSS 9.6) that allows code execution through crafted knowledge base entries.

RCE XSS Siyuan
NVD GitHub
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-23841 CRITICAL POC Act Now

Movary has a third input validation vulnerability that allows authenticated users to delete arbitrary files from the server, potentially causing data loss or service disruption.

XSS Movary
NVD GitHub
CVSS 3.1
9.3
EPSS
0.2%
CVE-2026-23840 CRITICAL POC Act Now

Movary has a second input validation vulnerability allowing authenticated users to write arbitrary files on the server, enabling code execution through web shell upload.

XSS Movary
NVD GitHub
CVSS 3.1
9.3
EPSS
0.1%
CVE-2026-23839 CRITICAL POC Act Now

Movary movie tracking application has an input validation flaw that allows authenticated users to read arbitrary files from the server, potentially exposing configuration files and secrets.

XSS Movary
NVD GitHub
CVSS 3.1
9.3
EPSS
0.1%
CVE-2026-23836 CRITICAL PATCH Act Now

HotCRP conference review software version 3.1 has an inadequate input sanitization flaw (CVSS 9.9) that allows authenticated users to execute arbitrary code on the server through crafted submissions.

PHP Hotcrp
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-22797 CRITICAL PATCH Act Now

OpenStack keystonemiddleware 10.5 through 10.9 has an authentication spoofing vulnerability (CVSS 9.9) allowing attackers to bypass Keystone token validation and access any OpenStack service as any user.

Authentication Bypass
NVD VulDB
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-23837 CRITICAL PATCH Act Now

MyTube self-hosted video downloader has an authorization bypass (CVSS 9.8) that allows unauthenticated access to administrative functions in versions 1.7.65 and prior.

Nginx Mytube
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-23944 CRITICAL PATCH Act Now

Arcane Docker management interface prior to 1.13.2 has missing authentication, allowing unauthenticated attackers to manage Docker containers, images, and networks on the host.

Docker Arcane
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-0610 CRITICAL Act Now

Devolutions Server 2025.3.1 through 2025.3.6 contains a SQL injection vulnerability in the remote sessions component that allows attackers to manipulate database queries.

SQLi Devolutions Server
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-1181 CRITICAL Act Now

Altium 365 workspace endpoints had overly permissive CORS policies that allow unauthorized cross-origin access to workspace data, potentially exposing proprietary PCB designs and engineering data.

Authentication Bypass
NVD
CVSS 3.1
9.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy