THREAT ALERT

ACT NOW CVE-2026-21509 7.8 Microsoft Office contains a security feature bypass (CVE-2026-21509, CVSS 7.8) where reliance on untrusted inputs in security decisions allows local attackers to bypass protections designed to prevent execution of malicious content. KEV-listed with EPSS 9.3%, this vulnerability enables attackers to circumvent Office security features like Protected View or macro restrictions through crafted documents. | EMERGENCY CVE-2026-24423 9.8 SmarterTools SmarterMail prior to build 9511 contains a second critical vulnerability (CVE-2026-24423) — an unauthenticated remote code execution flaw in the ConnectToHub API method. An attacker can redirect the SmarterMail server to connect to a malicious HTTP endpoint that serves OS commands for execution. KEV-listed with EPSS 29%, this is chainable with CVE-2026-23760 for complete server compromise. | EMERGENCY CVE-2026-23760 9.8 SmarterTools SmarterMail prior to build 9511 contains a critical authentication bypass in the password reset API (CVE-2026-23760) that allows unauthenticated attackers to reset system administrator passwords without verification. With EPSS 65% and KEV listing, this trivially exploitable vulnerability enables complete email server takeover, compromising all hosted mailboxes and organizational communications. | ACT NOW CVE-2026-20045 8.2 Cisco Unified Communications Manager and related products contain a code injection vulnerability (CVE-2026-20045) that allows unauthenticated remote attackers to execute arbitrary code. This KEV-listed vulnerability affects the core enterprise voice/video infrastructure including Unified CM, IM&P, Unity Connection, and Webex Calling Dedicated Instance, making it a high-priority threat for organizations dependent on Cisco collaboration tools. | ACT NOW CVE-2026-24061 9.8 GNU Inetutils telnetd through version 2.7 contains a critical authentication bypass that allows remote attackers to gain root access by setting the USER environment variable to '-f root' during TELNET negotiation. With EPSS 75% and KEV listing, this trivially exploitable vulnerability (CVE-2026-24061) has been widely weaponized. Public PoC is available and patches exist. | EMERGENCY CVE-2026-20963 9.8 Microsoft Office SharePoint contains a deserialization vulnerability (CVE-2026-20963) that allows authenticated users to execute arbitrary code over the network through crafted serialized objects. KEV-listed with public PoC, this CVSS 8.8 vulnerability enables any SharePoint user to escalate to server-level code execution, making it a critical threat for organizations relying on SharePoint for document management and collaboration. | ACT NOW CVE-2026-22200 7.5 Arbitrary file disclosure in osTicket 1.18.x before 1.18.3 and 1.17.x before 1.17.7 allows unauthenticated attackers to read sensitive server files by injecting malicious PHP filter expressions into ticket descriptions that are processed during PDF export. The vulnerability exploits insufficient sanitization in the mPDF library integration, enabling attackers to embed arbitrary file contents as images in generated PDFs when exporting tickets. Public exploit code exists and the issue affects default configurations where guest ticket creation is enabled. | EMERGENCY CVE-2026-21891 9.4 ZimaOS (fork of CasaOS) through 1.5.0 has an authentication bypass where passwords for system service accounts are not properly validated during login. Attackers can access the system using known service account names with any password. PoC available, EPSS 13.6%. | ACT NOW CVE-2025-66376 7.2 Zimbra Collaboration Suite (ZCS) 10.x contains a stored XSS vulnerability in the Classic UI that allows attackers to execute arbitrary JavaScript through CSS @import directives in HTML emails. KEV-listed, this vulnerability (CVE-2025-66376) enables session hijacking and account takeover when administrators or users view malicious emails, making it a high-value target for email-based espionage campaigns. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — January 26, 2026

115 CVEs tracked today. 6 Critical, 28 High, 45 Medium, 11 Low.

CVE-2016-15057 CRITICAL CVSS 9.9
Command injection in Apache Continuum (unsupported). EPSS 37.9% indicates active exploitation of this legacy CI/CD system. No patch available — product is end-of-life.

Apache Command Injection Continuum
CVE-2026-24436 CRITICAL CVSS 9.8
Missing rate limiting and account lockout on Tenda W30E V2 authentication endpoints. Brute-force attacks are unrestricted.

Authentication Bypass W30e Firmware
CVE-2026-24429 CRITICAL CVSS 9.8
Default credentials in Tenda W30E V2 router firmware through V16.01.0.19. Known default password enables full administrative access.

Information Disclosure W30e Firmware
CVE-2026-24400 CRITICAL CVSS 9.1
XXE (XML External Entity) injection in AssertJ Java testing library from 1.4.0 to before 3.27.7 allows reading arbitrary files when parsing XML assertions. Patch available.

Java SSRF XXE Denial Of Service Assertj
CVE-2026-22709 CRITICAL CVSS 9.8
Sandbox escape in vm2 Node.js sandbox before 3.10.2 via Promise.prototype.then/catch callback sanitization bypass. PoC and patch available.

Node.js Vm2
CVE-2026-21509 HIGH CVSS 7.8
Microsoft Office contains a security feature bypass (CVE-2026-21509, CVSS 7.8) where reliance on untrusted inputs in security decisions allows local attackers to bypass protections designed to prevent execution of malicious content. KEV-listed with EPSS 9.3%, this vulnerability enables attackers to circumvent Office security features like Protected View or macro restrictions through crafted documents.

Microsoft 365 Apps Office Office Long Term Servicing Channel
CVE-2025-70982 CRITICAL CVSS 9.9
Access control bypass in SpringBlade v4.5.0 importUser function allows low-privileged users to import sensitive user data and escalate privileges. PoC available.

Spring Java Privilege Escalation Information Disclosure Authentication Bypass
CVE-2026-24470 HIGH CVSS 8.1
Skipper versions up to 0.24.0 contains a vulnerability that allows attackers to list targets of an ExternalName and allow list via regular expressions (CVSS 8.1).

Kubernetes Skipper Suse
CVE-2026-24440 HIGH CVSS 8.8
Unauthenticated password modification in Tenda W30E V2 firmware through the maintenance interface allows authenticated users to reset account credentials without password verification, potentially enabling privilege escalation or account takeover on affected devices. The vulnerability affects firmware versions up to V16.01.0.19(5037) and currently lacks an available patch.

Authentication Bypass W30e Firmware
CVE-2026-24430 HIGH CVSS 7.5
Shenzhen Tenda W30E V2 firmware through V16.01.0.19(5037) transmits administrative credentials in plaintext over unencrypted HTTP from the maintenance interface, allowing unauthenticated network attackers to intercept and obtain account credentials. Affected devices lack authentication requirements for accessing this interface, making credential theft trivial for anyone on the same network. No patch is currently available for this vulnerability.

Information Disclosure W30e Firmware
CVE-2026-24428 HIGH CVSS 8.8
Tenda W30E V2 firmware through version 16.01.0.19(5037) allows authenticated users with low privileges to escalate to administrator by exploiting broken authorization in the user management API, enabling password changes for admin accounts without proper access controls. An attacker with any valid user account can bypass web interface restrictions and gain full administrative access to the device. No patch is currently available for this vulnerability.

Authentication Bypass W30e Firmware
CVE-2026-24123 HIGH CVSS 7.4
BentoML versions prior to 1.4.34 allow path traversal attacks through improperly validated file path fields in bentofile.yaml configurations, enabling attackers to embed arbitrary files from the victim's system into bento archives during the build process. This vulnerability can be exploited to exfiltrate sensitive data such as credentials, SSH keys, and environment variables into supply chain artifacts that may be pushed to registries or deployed in production environments. A patch is available in version 1.4.34.

Python Docker Path Traversal AI / ML Bentoml
CVE-2026-23864 HIGH CVSS 7.5
Uncontrolled resource consumption in React Server Components (react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack) allows unauthenticated remote attackers to trigger denial of service through malformed requests to Server Function endpoints, causing server crashes, memory exhaustion, or CPU spikes. Applications using these packages are at risk of availability disruption. No patch is currently available; immediate mitigation and monitoring are recommended.

React Denial Of Service Redhat
CVE-2026-1443 HIGH CVSS 7.3
SQL injection in Online Music Site 1.0's AdminDeleteUser.php allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker can leverage this to compromise data confidentiality, integrity, and availability.

PHP SQLi Online Music Site
CVE-2026-1428 HIGH CVSS 8.8
WellChoose's Single Sign-On Portal System contains an OS command injection vulnerability that allows authenticated users to execute arbitrary commands on the affected server. Attackers with valid credentials can exploit this flaw to achieve remote code execution with full system privileges. No patch is currently available for this high-severity vulnerability.

Command Injection Single Sign On Portal System
CVE-2026-1427 HIGH CVSS 8.8
The WellChoose Single Sign-On Portal System contains an OS command injection vulnerability that allows authenticated users to execute arbitrary commands on the affected server. An attacker with valid credentials can bypass input validation to inject malicious OS commands, achieving full system compromise with high impact to confidentiality, integrity, and availability. No patch is currently available for this vulnerability.

Command Injection Single Sign On Portal System
CVE-2026-1422 HIGH CVSS 7.3
SQL injection in the login page of code-projects Online Examination System 1.0 allows unauthenticated remote attackers to manipulate the User parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and affects confidentiality, integrity, and availability of the affected system.

PHP SQLi Online Examination System
CVE-2026-1420 HIGH CVSS 8.8
Unauthenticated attackers can trigger a buffer overflow in Tenda AC23 firmware version 16.03.07.52 through the wpapsk_crypto parameter in /goform/WifiExtraSet, enabling remote code execution with full system compromise. Public exploit code is available and actively used in the wild, yet no patch has been released by the vendor. All AC23 devices running the affected firmware version are at immediate risk of complete takeover.

Buffer Overflow Ac23 Firmware
CVE-2026-1412 HIGH CVSS 7.3
Operation And Maintenance Security Management System versions up to 3.0.12. contains a security vulnerability (CVSS 7.3).

Command Injection Operation And Maintenance Security Management System
CVE-2026-1284 HIGH CVSS 7.8
Arbitrary code execution in SOLIDWORKS eDrawings 2025-2026 via out-of-bounds write when parsing specially crafted EPRT files. An attacker can exploit this vulnerability by distributing a malicious file that executes code with user privileges upon opening. No patch is currently available.

Buffer Overflow RCE
CVE-2026-1283 HIGH CVSS 7.8
Arbitrary code execution in SOLIDWORKS eDrawings 2025-2026 via heap overflow when parsing malicious EPRT files allows attackers to gain full system compromise upon user interaction. The vulnerability requires local file access and user action to trigger, making it a significant risk for organizations using affected SOLIDWORKS versions. No patch is currently available.

Buffer Overflow Heap Overflow
CVE-2026-0810 HIGH CVSS 7.1
The gix-date library's TimeBuf component can produce invalid UTF-8 strings that corrupt its internal safety mechanisms, triggering undefined behavior in downstream processing. This local privilege escalation vulnerability affecting gix-date has public exploit code available and can cause application crashes or unexpected behavior when a local attacker supplies malformed input. No patch is currently available to remediate this issue.

Information Disclosure Gix Date Redhat
CVE-2025-67274 HIGH CVSS 7.5
An issue in continuous.software aangine v.2025.2 allows a remote attacker to obtain sensitive information via the excel-integration-service template download module, integration-persistence-service job listing module, portfolio-item-service data retrieval module endpoints [CVSS 7.5 HIGH]

Information Disclosure Aangine
CVE-2025-59473 HIGH CVSS 7.2
SQL Injection vulnerability in the Structure for Admin authenticated user [CVSS 7.2 HIGH]

SQLi Expressionengine
CVE-2025-59106 HIGH CVSS 8.8
The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. [CVSS 8.8 HIGH]

Information Disclosure Dormakaba Access Manager 9200 K7 Firmware Dormakaba Access Manager 9200 K5 Firmware Dormakaba Access Manager 9290 K7 Firmware Dormakaba Access Manager 9230 K7 Firmware
CVE-2025-27821 HIGH CVSS 7.3
Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. This issue affects Apache Hadoop: from 3.2.0 before 3.4.2. [CVSS 7.3 HIGH]

Apache Hadoop
CVE-2025-14756 HIGH CVSS 8.8
Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or full compromise. [CVSS 8.8 HIGH]

TP-Link Command Injection Archer Mr600 Firmware
CVE-2025-14459 HIGH CVSS 8.5
A flaw was found in KubeVirt Containerized Data Importer (CDI). This vulnerability allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism. [CVSS 8.5 HIGH]

Authentication Bypass Redhat
CVE-2025-14316 HIGH CVSS 7.1
The AhaChat Messenger Marketing WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin [CVSS 7.1 HIGH]

WordPress XSS PHP
CVE-2020-36959 HIGH CVSS 7.8
IDT PC Audio 1.0.6499.0 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
CVE-2020-36958 HIGH CVSS 7.8
KiteService Windows service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

Windows
CVE-2020-36957 HIGH CVSS 7.8
PDF Complete 3.5.310.2002 contains an unquoted service path vulnerability in its pdfsvc.exe service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges. [CVSS 7.8 HIGH]

Code Injection
CVE-2020-36953 HIGH CVSS 7.8
MTAgentService contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
CVE-2020-36952 HIGH CVSS 7.8
IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. [CVSS 7.8 HIGH]

Information Disclosure
CVE-2026-24476 MEDIUM CVSS 5.4
Stored XSS in Shaarli versions before 0.16.0 allows authenticated attackers to inject malicious HTML by crafting tags starting with a double quote character, which breaks out of input tag validation on the homepage. An attacker with login credentials can exploit this to execute arbitrary JavaScript in victims' browsers with the victim's interaction. A patch is available in version 0.16.0 and public exploit code exists.

XSS Shaarli
CVE-2026-24439 MEDIUM CVSS 6.5
Tenda W30E firmware versions through V16.01.0.19(5037) omit the X-Content-Type-Options: nosniff header from web management interfaces, enabling MIME type confusion attacks. An unauthenticated remote attacker can exploit this to inject malicious scripts that browsers may execute as legitimate content, potentially compromising the integrity and confidentiality of management traffic. No patch is currently available for this vulnerability.

XSS W30e Firmware
CVE-2026-24437 MEDIUM CVSS 5.5
Tenda W30E V2 firmware through version 16.01.0.19(5037) fails to implement proper cache-control headers on sensitive administrative responses, allowing a local authenticated attacker to retrieve cached credentials from the browser's storage. This high-confidentiality impact vulnerability has no available patch and affects users on vulnerable firmware versions.

Authentication Bypass W30e Firmware
CVE-2026-24435 MEDIUM CVSS 6.5
Tenda W30E firmware through V16.01.0.19(5037) is vulnerable to CORS misconfiguration that permits authenticated administrative endpoints to accept credentialed cross-origin requests from arbitrary origins. An authenticated attacker can exploit this vulnerability to perform unauthorized actions on affected devices by tricking administrators into visiting malicious web pages. No patch is currently available for this vulnerability.

Information Disclosure W30e Firmware
CVE-2026-24433 MEDIUM CVSS 5.4
Tenda W30E V2 firmware through V16.01.0.19(5037) fails to properly sanitize user input during account creation, allowing authenticated attackers to inject persistent malicious scripts that execute in administrators' browsers when accessing management pages. This stored XSS vulnerability enables session hijacking, credential theft, and unauthorized configuration changes with low complexity exploitation requiring only user interaction from an admin. No patch is currently available for affected devices.

XSS W30e Firmware
CVE-2026-24432 MEDIUM CVSS 4.3
Tenda W30E V2 firmware through V16.01.0.19(5037) lacks CSRF protections on administrative functions, enabling attackers to hijack authenticated admin sessions and modify configuration settings or reset administrator credentials. An attacker can craft malicious requests that execute with the privileges of a logged-in administrator when visited in their browser. No patch is currently available for this vulnerability.

CSRF W30e Firmware
CVE-2026-24431 MEDIUM CVSS 6.5
Tenda W30E V2 firmware through V16.01.0.19(5037) exposes stored administrative passwords in plaintext on the management interface, allowing any authenticated user to retrieve credentials. This information disclosure affects administrative account security and could enable privilege escalation or lateral movement. No patch is currently available.

Information Disclosure W30e Firmware
CVE-2026-24131 MEDIUM CVSS 5.5
pnpm versions before 10.28.2 fail to validate the `directories.bin` field during package processing, allowing malicious packages to use path traversal (e.g., `../../../../tmp`) to escape the package root and chmod 755 files at arbitrary locations on Unix-like systems. Public exploit code exists for this vulnerability. The issue affects Linux, macOS, and Node.js environments but not Windows due to platform-specific protections.

Linux Windows macOS Node.js Pnpm
CVE-2026-24056 MEDIUM CVSS 6.5
pnpm versions prior to 10.28.2 fail to properly constrain symlink resolution when installing file: and git: dependencies, allowing malicious packages to copy sensitive files from the host system into node_modules and leak credentials. This affects developers using local file dependencies and CI/CD pipelines installing git-based packages, with public exploit code available. The vulnerability enables theft of credentials from locations like ~/.ssh/id_rsa and ~/.npmrc by exploiting symlinks to absolute paths outside the package root.

Node.js Pnpm Redhat Suse
CVE-2026-24003 MEDIUM CVSS 4.3
EVerest is an EV charging software stack. [CVSS 4.3 MEDIUM]

Authentication Bypass Everest
CVE-2026-23890 MEDIUM CVSS 6.5
Pnpm versions up to 10.28.1 contains a vulnerability that allows attackers to overwriting config files, scripts, or other sensitive files (CVSS 6.5).

Node.js Path Traversal Pnpm Redhat Suse
CVE-2026-23889 MEDIUM CVSS 6.5
Path traversal in pnpm's tarball extraction on Windows allows attackers to write files outside the intended package directory by exploiting incomplete path normalization that fails to block backslash-based traversal sequences. Public exploit code exists for this vulnerability, which affects Windows developers and CI/CD pipelines (GitHub Actions, Azure DevOps) and could result in overwriting sensitive configuration files like .npmrc or build configurations. A patch is available in pnpm version 10.28.1 and later.

Windows Node.js Azure Github Path Traversal
CVE-2026-23888 MEDIUM CVSS 6.5
Path traversal in pnpm's binary fetcher (versions prior to 10.28.1) allows attackers to write files outside the intended extraction directory through malicious ZIP entries or crafted prefix values, potentially overwriting critical configuration files and scripts on affected systems. All pnpm users installing packages with binary assets are vulnerable, particularly those in CI/CD pipelines or with custom Node.js binary configurations. Public exploit code exists for this medium-severity vulnerability.

Node.js Path Traversal Pnpm Redhat Suse
CVE-2026-1446 MEDIUM CVSS 5.0
Stored XSS in ArcGIS Pro 3.6.0 and earlier allows local attackers to inject malicious scripts into application dialogs that execute when opened by users with standard local access. No patch is currently available, and exploitation requires user interaction with a specific dialog containing attacker-supplied input. The vulnerability affects the desktop application only and poses a confidentiality and integrity risk without requiring elevated privileges.

XSS Arcgis Pro
CVE-2026-1445 MEDIUM CVSS 4.7
Unrestricted file upload in iJason-Liu Books_Manager allows authenticated attackers with high privileges to upload arbitrary files via the book_cover parameter in the upload_bookCover.php controller. Public exploit code exists for this vulnerability, increasing the risk of exploitation. A patch is not currently available for this rolling-release product.

PHP
CVE-2026-1429 MEDIUM CVSS 5.4
WellChoose's Single Sign-On Portal System contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript into user browsers through social engineering. An attacker could leverage this to steal session tokens, credentials, or perform actions on behalf of targeted users. A patch is not currently available; mitigation requires input validation and output encoding controls.

XSS Single Sign On Portal System
CVE-2026-1425 MEDIUM CVSS 5.6
Stack-based buffer overflow in pymumu SmartDNS versions up to 47.1 within the SVBC Record Parser component allows remote attackers to cause information disclosure and limited integrity/availability impact through specially crafted DNS SVCB/HTTPS records. Exploitation requires high complexity and specific conditions, making practical attacks difficult. No patch is currently available.

Buffer Overflow Stack Overflow
CVE-2026-1424 MEDIUM CVSS 4.7
Unrestricted file upload in PHPGurukul News Portal 1.0's profile picture handler allows remote attackers to upload arbitrary files with high-level privileges. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker could potentially upload malicious files to compromise the application or underlying system.

File Upload Authentication Bypass News Portal
CVE-2026-1423 MEDIUM CVSS 6.3
Unrestricted file upload in code-projects Online Examination System 1.0 via the /admin_pic.php endpoint allows authenticated remote attackers to upload arbitrary files with minimal complexity. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could enable code execution or system compromise depending on server configuration and file handling.

PHP Online Examination System
CVE-2026-1419 MEDIUM CVSS 4.7
Dcs-700L Firmware versions up to 1.03.09 contains a vulnerability that allows attackers to command injection (CVSS 4.7).

D-Link Command Injection Dcs 700l Firmware
CVE-2026-1418 MEDIUM CVSS 5.3
Out-of-bounds write in GPAC's SRT subtitle import functionality (versions up to 2.4.0) allows local attackers with user privileges to corrupt memory and potentially execute arbitrary code. Public exploit code exists for this vulnerability, and a patch is available. Local access is required to exploit this flaw, limiting the attack surface to authenticated users on the affected system.

Buffer Overflow Gpac
CVE-2026-1414 MEDIUM CVSS 6.3
Operation And Maintenance Security Management System versions up to 3.0.12. contains a vulnerability that allows attackers to command injection (CVSS 6.3).

Command Injection Operation And Maintenance Security Management System
CVE-2026-1413 MEDIUM CVSS 6.3
Operation And Maintenance Security Management System versions up to 3.0.12. contains a security vulnerability (CVSS 6.3).

Command Injection Operation And Maintenance Security Management System
CVE-2026-1411 MEDIUM CVSS 6.1
Improper access controls in the UART interface of Beetel 777VR1 firmware (up to version 01.00.09) allow attackers with physical access to bypass authentication mechanisms, though exploitation requires high technical complexity. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

Information Disclosure 777vr1 Firmware
CVE-2026-1410 MEDIUM CVSS 6.4
Missing authentication in the Beetel 777VR1 firmware (versions up to 01.00.09) UART interface allows an attacker with physical access to bypass security controls through a complex exploitation process. Public exploit code exists for this vulnerability, though no patch has been released and the vendor has not responded to disclosure attempts. The attack requires direct device access and significant technical sophistication but could result in complete system compromise.

Authentication Bypass 777vr1 Firmware
CVE-2026-1224 MEDIUM CVSS 4.9
Tanium addressed an uncontrolled resource consumption vulnerability in Discover. [CVSS 4.9 MEDIUM]

Denial Of Service Discover
CVE-2025-70368 MEDIUM CVSS 5.4
Worklenz version 2.1.5 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. [CVSS 5.4 MEDIUM]

XSS Worklenz
CVE-2025-59472 MEDIUM CVSS 5.9
A denial of service vulnerability exists in Next.js versions with Partial Prerendering (PPR) enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the `Next-Resume: 1` header and processes attacker-controlled postponed state data. [CVSS 5.9 MEDIUM]

Node.js Denial Of Service Next.Js Redhat
CVE-2025-59471 MEDIUM CVSS 5.9
A denial of service vulnerability exists in self-hosted Next.js applications that have `remotePatterns` configured for the Image Optimizer. [CVSS 5.9 MEDIUM]

Denial Of Service Next.Js Redhat
CVE-2025-57785 MEDIUM CVSS 6.5
Hiawatha Webserver versions up to 11.7 contains a vulnerability that allows attackers to arbitrary code execution (CVSS 6.5).

RCE Hiawatha Webserver
CVE-2025-57783 MEDIUM CVSS 5.3
Hiawatha versions up to 11.7 contains a vulnerability that allows attackers to request smuggling has been identified in Hiawatha webserver version 11 (CVSS 5.3).

Information Disclosure Hiawatha
CVE-2025-50537 MEDIUM CVSS 5.5
Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. [CVSS 5.5 MEDIUM]

Stack Overflow Eslint Redhat
CVE-2025-14973 MEDIUM CVSS 6.8
The Recipe Card Blocks Lite WordPress plugin before 3.4.13 does not sanitize and escape a parameter before using it in a SQL statement, allowing contributors and above to perform SQL injection attacks. [CVSS 6.8 MEDIUM]

WordPress SQLi PHP
CVE-2025-14969 MEDIUM CVSS 4.3
A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. [CVSS 4.3 MEDIUM]

React Denial Of Service Redhat
CVE-2025-14525 MEDIUM CVSS 6.4
A flaw was found in kubevirt. A user within a virtual machine (VM), if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. [CVSS 6.4 MEDIUM]

Denial Of Service Redhat Suse
CVE-2025-11687 MEDIUM CVSS 6.1
A flaw was found in the gi-docgen. This vulnerability allows arbitrary JavaScript execution in the context of the page - enabling DOM access, session cookie theft and other client-side attacks - via a crafted URL that supplies a malicious value to the q GET parameter (reflected DOM XSS). [CVSS 6.1 MEDIUM]

XSS Suse
CVE-2025-11065 MEDIUM CVSS 5.3
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. [CVSS 5.3 MEDIUM]

Github Information Disclosure Redhat Suse
CVE-2025-9820 MEDIUM CVSS 4.0
A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. [CVSS 4.0 MEDIUM]

Denial Of Service Privilege Escalation RCE Stack Overflow Buffer Overflow
CVE-2025-9522 MEDIUM CVSS 5.3
Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information. [CVSS 5.3 MEDIUM]

SSRF Omada Controller
CVE-2025-9521 MEDIUM CVSS 6.5
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security. [CVSS 6.5 MEDIUM]

Authentication Bypass Omada Controller
CVE-2025-9520 MEDIUM CVSS 6.8
An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account. [CVSS 6.8 MEDIUM]

Authentication Bypass Omada Controller
CVE-2020-36960 MEDIUM CVSS 6.4
Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. [CVSS 6.4 MEDIUM]

XSS
CVE-2020-36956 MEDIUM CVSS 6.4
Openfire 4.6.0 contains a stored cross-site scripting vulnerability in the nodejs plugin that allows attackers to inject malicious scripts through the 'path' parameter. [CVSS 6.4 MEDIUM]

Node.js XSS
CVE-2020-36955 MEDIUM CVSS 6.4
Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. [CVSS 6.4 MEDIUM]

XSS
CVE-2020-36954 MEDIUM CVSS 6.4
Xeroneit Library Management System 3.1 contains a stored cross-site scripting vulnerability in the Book Category feature that allows administrators to inject malicious scripts. Attackers can insert a payload in the Category Name field to execute arbitrary JavaScript code when the page is loaded. [CVSS 6.4 MEDIUM]

XSS
CVE-2026-24656 LOW CVSS 3.7
Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. [CVSS 3.7 LOW]

Apache Deserialization
CVE-2026-24408 NONE
sigstore-python is a Python tool for generating and verifying Sigstore signatures. Prior to version 4.2.0, the sigstore-python OAuth authentication flow is susceptible to Cross-Site Request Forgery.

Python CSRF
CVE-2026-22696 None
dcap-qvl implements the quote verification logic for DCAP (Data Center Attestation Primitives). A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl.

Authentication Bypass
CVE-2026-1444 LOW CVSS 2.4
A vulnerability has been found in iJason-Liu Books_Manager versions up to 298 is affected by cross-site scripting (xss) (CVSS 2.4).

PHP XSS
CVE-2026-1421 LOW CVSS 3.5
A vulnerability has been found in code-projects Online Examination System 1.0. Affected is an unknown function of the component Add Pages. [CVSS 3.5 LOW]

XSS
CVE-2026-1417 LOW CVSS 3.3
A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. [CVSS 3.3 LOW]

Null Pointer Dereference
CVE-2026-1416 LOW CVSS 3.3
A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. [CVSS 3.3 LOW]

Null Pointer Dereference
CVE-2026-1415 LOW CVSS 3.3
A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. [CVSS 3.3 LOW]

Null Pointer Dereference
CVE-2026-1409 LOW CVSS 2.0
A security vulnerability has been detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack on the physical device. The attack's complexity is rated as high. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this di...

Authentication Bypass
CVE-2026-1190 LOW CVSS 3.1
A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. [CVSS 3.1 LOW]

Denial Of Service
CVE-2026-0925 LOW CVSS 2.7
Tanium addressed an improper input validation vulnerability in Discover. [CVSS 2.7 LOW]

Information Disclosure
CVE-2025-71178 None
Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulnerability. During installation, the installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path, which can cause a malicious DLL placed alongside the installer to be loaded instead of the intended system library. A local attacker who can convince a victim to run the installer from a directory containing the attacker-supplied DLL can achieve arbitrary code exe...

Windows RCE
CVE-2025-59109 None
The dormakaba registration units 9002 (PIN Pad Units) have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface.

Information Disclosure
CVE-2025-59108 None
By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced.

Information Disclosure
CVE-2025-59107 None
Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file.

Authentication Bypass
CVE-2025-59105 None
With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption.

Linux Windows Ssh SQLi
CVE-2025-59104 None
With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint (or use the 6-Pin tag-connect cable). Thus, the attacker gains access to the bootloader, where the kernel command line can be changed.

Linux
CVE-2025-59103 None
with the restriction that the password is only randomized if the configured date versions up to 2022. contains a security vulnerability.

Linux Windows Ssh
CVE-2025-59102 None
The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration.

Information Disclosure
CVE-2025-59101 None
Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated.

Information Disclosure
CVE-2025-59100 None
The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots.

SQLi
CVE-2025-59099 None
The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication.

SQLi Denial Of Service Path Traversal
CVE-2025-59098 None
The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket.

Information Disclosure
CVE-2025-59097 None
The exos 9300 application can be used to configure Access Managers (e.g. 92xx, 9230 and 9290).

Authentication Bypass
CVE-2025-59096 None
The default password for the extended admin user mode in the application U9ExosAdmin.exe ("Kaba 9300 Administration") is hard-coded in multiple locations as well as documented in the locally stored user documentation.

Authentication Bypass
CVE-2025-59095 None
The program libraries (DLL) and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll.

Mssql
CVE-2025-59094 None
A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application (d9sysdef.exe).

Privilege Escalation
CVE-2025-59093 None
Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostname and a random string that can be read by every user from the registry.

Dotnet Mssql
CVE-2025-59092 None
An RPC service, which is part of exos 9300, is reachable on port 4000, run by the process FSMobilePhoneInterface.exe. This service is used for interprocess communication between services and the Kaba exos 9300 GUI, containing status information about the Access Managers.

Authentication Bypass
CVE-2025-59091 None
Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 datapoint server running on port 1004 and 1005. This server is used for relaying status information from and to the Access Managers.

Authentication Bypass
CVE-2025-59090 None
On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests.

Authentication Bypass
CVE-2025-57784 LOW CVSS 3.3
Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client. [CVSS 3.3 LOW]

Information Disclosure
CVE-2025-41083 None
Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification of the base URL to trick the victim into sending login credentials to a malicious website.

Information Disclosure
CVE-2025-41082 None
Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers.

Code Injection
CVE-2025-30248 None
DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path.

Windows
CVE-2025-9615 LOW CVSS 3.3
A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. [CVSS 3.3 LOW]

Information Disclosure

Today's Vulnerabilities Vulnerabilities