Skip to main content
CVE-2026-23098 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's netrom subsystem allows local attackers with user privileges to cause a denial of service or potentially execute code by triggering a double-free condition in the nr_route_frame() function when nr_neigh->ax25 is NULL. The vulnerability requires local access and user-level privileges to exploit, with no patch currently available.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-0945 HIGH PATCH This Week

The Drupal Role Delegation module versions 1.3.0 through 1.5.0 contains an unsafe privilege definition vulnerability that permits authenticated users with delegation permissions to escalate their privileges within the application. An attacker with limited account access could exploit this flaw to gain elevated permissions and modify system settings or access restricted functionality. No patch is currently available for this vulnerability.

Privilege Escalation Role Delegation
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-0538 HIGH This Week

Arbitrary code execution in Autodesk 3ds Max occurs when the application parses a maliciously crafted GIF file, triggering an out-of-bounds write (CWE-787) in its image-handling code. The flaw lets an attacker run code in the context of the user running 3ds Max; no public exploit identified at time of analysis and EPSS estimates exploitation probability at just 0.03%.

Buffer Overflow RCE Memory Corruption 3ds Max
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0661 HIGH This Week

Arbitrary code execution in Autodesk 3ds Max occurs when the application parses a maliciously crafted RGB image file, resulting in a CWE-787 out-of-bounds write that corrupts memory and lets an attacker run code in the context of the user running 3ds Max. No public exploit identified at time of analysis, and the EPSS probability is only 0.01%, but the CVSS base score of 8.4 reflects the high impact when a victim is convinced to open a weaponized asset file.

Memory Corruption Buffer Overflow RCE 3ds Max
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0537 HIGH This Week

Arbitrary code execution in Autodesk 3ds Max occurs when the application parses a maliciously crafted RGB image file, triggering an out-of-bounds write (CWE-787) that corrupts memory in the running process. Exploitation requires a victim to open the malicious file locally, but no public exploit has been identified at time of analysis and EPSS rates real-world exploitation likelihood at just 0.01%. The flaw was reported by Autodesk PSIRT and is tracked under advisory ADSK-SA-2026-0002.

Memory Corruption Buffer Overflow RCE 3ds Max
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0660 HIGH This Week

Stack-based buffer overflow in Autodesk 3ds Max enables arbitrary code execution when the application parses a maliciously crafted GIF file, running attacker code in the context of the current user process. The flaw carries a CVSS 8.4 (High) rating due to local attack vector but full confidentiality, integrity, and availability impact, with no public exploit identified at time of analysis and a very low EPSS probability (0.01%) reflecting the file-open user-interaction model typical of DCC software.

Buffer Overflow Stack Overflow RCE 3ds Max
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-24843 HIGH PATCH This Week

Melange versions 0.11.3 through 0.40.2 suffer from a path traversal vulnerability in the retrieveWorkspace function that fails to validate tar entry paths, allowing an attacker with control over a QEMU guest VM's tar stream to write arbitrary files outside the intended workspace directory on the host system. An attacker exploiting this vulnerability could achieve arbitrary file write capabilities on the host machine, potentially leading to system compromise. A patch is available in version 0.40.3 and later.

Path Traversal Melange Suse
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-25055 HIGH PATCH This Week

n8n is an open source workflow automation platform. [CVSS 8.1 HIGH]

SSH RCE AI / ML N8n
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-25519 HIGH PATCH This Week

OpenSlides versions prior to 4.2.29 allow unauthorized authentication bypass for SAML-synchronized users through the local login form by using the victim's username with a hardcoded trivial password. An attacker can gain complete access to any SAML user account without knowing their actual credentials, potentially compromising sensitive assembly management data including agendas, motions, and election information. A patch is available in version 4.2.29 and should be applied immediately to all affected instances.

Authentication Bypass Openslides
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-69621 HIGH This Week

file import process of Comic Book Reader v1.0.95 contains a vulnerability that allows attackers to overwrite critical internal files, potentially leading to arbitrary code executi (CVSS 6.5).

RCE
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-24844 HIGH PATCH This Week

melange allows users to build apk packages using declarative pipelines. [CVSS 7.9 HIGH]

Command Injection RCE Melange Suse
NVD GitHub
CVSS 3.1
7.9
EPSS
0.0%
CVE-2026-23078 HIGH PATCH This Week

A buffer overflow in the Linux kernel's ALSA scarlett2 USB driver allows local attackers with user privileges to corrupt memory and potentially execute code by triggering improper endianness conversion during audio device configuration retrieval. The vulnerability stems from incorrect size validation that causes the function to access more bytes than allocated when processing multiple configuration elements. No patch is currently available for this vulnerability affecting Linux systems with Scarlett audio interfaces.

Linux Buffer Overflow Memory Corruption Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23074 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's teql qdisc implementation allows local attackers with low privileges to trigger memory corruption and cause denial of service or potential code execution by improperly nesting teql as a non-root qdisc when it is designed to operate only as a root qdisc. The flaw exists due to missing validation of qdisc constraints and currently has no available patch. This affects all Linux systems using the vulnerable kernel versions.

Linux Information Disclosure Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23105 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23089 HIGH POC PATCH This Week

A use-after-free vulnerability in the Linux kernel's ALSA USB audio mixer can be triggered by local attackers with low privileges when mixer initialization fails, causing the kernel to access freed memory during sound card registration and potentially leading to information disclosure or denial of service. The flaw affects Linux systems with USB audio devices and remains unpatched, exploitable without user interaction after initial access to the system.

Linux Use After Free Memory Corruption Information Disclosure Linux Kernel +2
NVD VulDB GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23083 HIGH PATCH This Week

Local privilege escalation in the Linux kernel's FOU (Foo-over-UDP) tunnel implementation allows authenticated local users to trigger a memory leak and denial of service by setting the FOU_ATTR_IPPROTO attribute to zero, causing network packets to remain unfreed in memory. This vulnerability affects all Linux systems with the vulnerable kernel code and requires local access to exploit. No patch is currently available for this high-severity issue.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23073 HIGH PATCH This Week

The RSI911x WiFi driver in the Linux kernel fails to allocate sufficient memory for virtual interface driver data, causing out-of-bounds writes to the ieee80211_vif structure and memory corruption. A local attacker with low privileges can exploit this to corrupt kernel memory and potentially execute arbitrary code. No patch is currently available.

Linux Memory Corruption Buffer Overflow Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25546 HIGH PATCH This Week

Remote code execution in Godot MCP prior to version 0.1.1 results from unsafe shell command execution when processing user-supplied project paths. An unauthenticated attacker can inject shell metacharacters through multiple tools (create_scene, add_node, load_sprite, etc.) to execute arbitrary commands with the privileges of the MCP server process. No patch is currently available for affected deployments.

RCE Command Injection Godot Mcp
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0659 HIGH This Week

Malicious USD files trigger an out-of-bounds write vulnerability in Autodesk Arnold and 3ds Max, enabling arbitrary code execution within the affected application when a user loads or imports the crafted file. Local attackers with user interaction can exploit this to gain full system compromise with the privileges of the running process. No patch is currently available.

Buffer Overflow RCE
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23092 HIGH PATCH This Week

Local stack buffer overflow in the Linux kernel's AD3552R DAC driver allows a local authenticated attacker to write beyond allocated buffer boundaries through improper bounds checking in the ad3552r_hs_write_data_source function. An attacker with local access can trigger out-of-bounds writes on the stack, potentially leading to privilege escalation or denial of service. No patch is currently available for this vulnerability.

Linux Memory Corruption Buffer Overflow Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23077 HIGH PATCH This Week

Linux kernel memory corruption via use-after-free (UAF) in virtual memory area (VMA) handling allows local attackers with user privileges to cause denial of service or potentially execute code by triggering incorrect VMA merges during mremap() operations on faulted and unfaulted memory regions. The vulnerability stems from improper handling of anonymous VMA merges when remapping memory adjacent to unfaulted pages. No patch is currently available for this high-severity issue affecting the Linux kernel.

Linux Memory Corruption Information Disclosure Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23068 HIGH PATCH This Week

Double-free vulnerability in the Linux kernel's spi-sprd-adi driver allows local attackers with low privileges to cause a denial of service or potentially execute code by triggering a probe error path that improperly frees the SPI controller structure twice. The vulnerability exists in error handling where devm_spi_register_controller() is paired with manual spi_controller_put() calls, causing the kernel to attempt freeing the same memory region twice when device registration fails. No patch is currently available.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23066 HIGH PATCH This Week

A local privilege escalation in the Linux kernel's rxrpc subsystem allows authenticated users to trigger use-after-free or reference count underflow conditions by exploiting improper queue management in the recvmsg() function when MSG_DONTWAIT is specified. An attacker with local access can cause denial of service or potentially execute arbitrary code by corrupting the recvmsg queue through repeated calls that unconditionally requeue already-queued items. No patch is currently available for this medium-severity vulnerability (CVSS 5.5).

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25143 HIGH PATCH This Week

Melange versions 0.10.0 through 0.40.2 allow unauthenticated command injection through the patch pipeline, enabling attackers to execute arbitrary shell commands on build hosts by injecting shell metacharacters into patch-related inputs such as series paths and filenames. This vulnerability affects users who build APK packages using melange build or melange license-check operations, particularly in CI/CD environments where build inputs may be controlled by untrusted sources. A patch is available in version 0.40.3 and later.

Command Injection RCE Melange Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0662 HIGH This Week

Arbitrary code execution in Autodesk 3ds Max occurs when users open max files from maliciously crafted project directories that exploit an untrusted search path vulnerability. Local attackers can leverage this to execute arbitrary code with the privileges of the current user without requiring special permissions or interaction beyond opening a file. No patch is currently available for this high-severity vulnerability affecting 3ds Max users.

Privilege Escalation RCE 3ds Max
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20983 HIGH This Week

Android versions up to 14.0 contains a vulnerability that allows attackers to launch arbitrary activity with Samsung Dialer privilege (CVSS 7.8).

Samsung Android
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20979 HIGH This Week

Android versions up to 15.0 contains a vulnerability that allows attackers to launch arbitrary activity with Settings privilege (CVSS 7.8).

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0536 HIGH This Week

Autodesk 3ds Max is vulnerable to arbitrary code execution when processing maliciously crafted GIF files due to a stack-based buffer overflow (CVE-2026-0536, CVSS 7.8). Local attackers can exploit this vulnerability by tricking users into opening a malicious GIF file to execute code with the privileges of the 3ds Max process. No patch is currently available.

Buffer Overflow Stack Overflow 3ds Max
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61917 HIGH PATCH This Week

n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the task runner allowed untrusted code to allocate uninitialized memory. [CVSS 7.7 HIGH]

Node.js Information Disclosure N8n
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-25157 HIGH PATCH This Week

OpenClaw AI assistant versions prior to 2026.1.29 contain two command injection vulnerabilities: unescaped user input in SSH project paths allows remote code execution on SSH hosts, and insufficient validation of SSH target parameters enables local command execution through malicious flag injection. An attacker can exploit these flaws to achieve arbitrary code execution either remotely via SSH or locally on the system running OpenClaw.

SSH Command Injection AI / ML Openclaw
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-20119 HIGH This Week

Unauthenticated remote attackers can crash Cisco TelePresence Collaboration Endpoint and RoomOS devices by sending specially crafted text through meeting invitations or similar channels, exploiting insufficient input validation in the text rendering subsystem. The vulnerability requires no user interaction and causes device reloads resulting in denial of service. No patch is currently available.

Cisco Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25121 HIGH PATCH This Week

Apko versions up to 1.1.1 contains a vulnerability that allows attackers to build and publish OCI container images built from apk packages (CVSS 7.5).

Golang Path Traversal Apko Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-15285 HIGH This Week

The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkBlogAuthentication() and checkCategoryAuthentication() functions in all versions up to, and including, 2.2.1. [CVSS 7.5 HIGH]

WordPress Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-23897 HIGH PATCH This Week

Apollo Server's standalone mode (versions 2.0.0-3.13.0, 4.2.0-4.12.x, and 5.0.0-5.3.x) is vulnerable to denial of service attacks when processing GraphQL requests with non-standard character set encodings, allowing unauthenticated remote attackers to crash the service. This vulnerability only affects direct usage of startStandaloneServer and does not impact applications using Apollo Server through integration packages. No patch is currently available.

Denial Of Service Apollo Server
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-15268 HIGH This Week

The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL Injection via the 'infility_get_data' API action in all versions up to, and including, 2.14.46. [CVSS 7.5 HIGH]

WordPress SQLi PHP
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24735 HIGH PATCH This Week

Answer contains a vulnerability that allows attackers to retrieve restricted or sensitive information (CVSS 7.5).

Apache Answer Suse
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25140 HIGH PATCH This Week

Apko versions 0.14.8 through 1.1.0 are vulnerable to denial of service when processing APK packages from untrusted repositories due to missing decompression limits in the ExpandApk function. An attacker controlling a compromised APK repository can provide a malicious small, highly-compressed package that expands into a massive tar stream, exhausting disk space and CPU resources on the build host. The vulnerability affects Golang and Apko products and has been patched in version 1.1.1.

Golang Denial Of Service Apko Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-21893 HIGH PATCH This Week

n8n versions 0.187.0 through 1.120.2 contain a command injection vulnerability in the community package installation feature that allows authenticated administrators to execute arbitrary system commands on the host. The vulnerability requires high privilege access and specific conditions to exploit but carries high risk due to potential complete system compromise. A patch is available in version 1.120.3.

Command Injection N8n
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2026-23099 HIGH PATCH This Week

The Linux kernel bonding driver fails to validate device types before enabling 802.3AD mode, allowing local privileged attackers to trigger out-of-bounds memory reads via malformed hardware address operations. This vulnerability affects systems running vulnerable Linux kernel versions and could lead to denial of service or information disclosure. No patch is currently available for this high-severity vulnerability.

Linux Buffer Overflow Information Disclosure Google
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-23076 HIGH PATCH This Week

Out-of-bounds array access in the Linux kernel's ctxfi audio mixer driver allows local attackers with user privileges to read sensitive memory or cause denial of service through improper loop index initialization in the amixer_index() and sum_index() functions. The vulnerability stems from uninitialized conf field handling that enables array bounds bypass with no user interaction required. No patch is currently available for this high-severity issue affecting all Linux distributions.

Linux Buffer Overflow Information Disclosure Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-25536 HIGH PATCH This Week

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. [CVSS 7.1 HIGH]

Race Condition Information Disclosure Mcp Typescript Sdk
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-20980 MEDIUM This Month

Android versions up to 14.0 contains a vulnerability that allows attackers to execute arbitrary commands (CVSS 6.8).

RCE Android
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-14740 MEDIUM This Month

Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. [CVSS 6.7 MEDIUM]

Windows Docker Race Condition RCE
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20981 MEDIUM This Month

Arbitrary command execution with system privileges in Android's FacAtFunction component allows a privileged physical attacker to bypass input validation controls prior to the February 2026 Security Maintenance Release 1. An adversary with physical access and elevated privileges can exploit this vulnerability to execute arbitrary commands at the system level. No patch is currently available.

RCE Android
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-25540 MEDIUM This Month

Mastodon versions prior to 4.3.19, 4.4.13, and 4.5.6 are vulnerable to web cache poisoning in ActivityPub endpoints when AUTHORIZED_FETCH is enabled, allowing cached responses to be served across different user contexts regardless of request signing. An attacker could exploit this to view content intended for non-blocked accounts or cause blocked users to receive empty responses meant for them, potentially bypassing access controls. No patch is currently available for affected deployments.

Information Disclosure Mastodon
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-0948 MEDIUM PATCH This Month

The Microsoft Entra ID SSO Login module for Drupal before version 1.0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to escalate privileges through an alternate authentication channel. An attacker can exploit this flaw to gain unauthorized access with elevated permissions on affected Drupal installations. No patch is currently available, and the vulnerability has low exploit probability (EPSS 0.1%).

Drupal Privilege Escalation Authentication Bypass Microsoft Entra Id Sso Login
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-51451 MEDIUM This Month

Concert versions up to 2.1.0 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 6.5).

IBM XSS Concert
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-22044 MEDIUM This Month

Authenticated users in GLPI versions 0.85 through 10.0.22 can exploit a SQL injection vulnerability to read sensitive data from the application database. The vulnerability requires valid credentials and network access but does not allow data modification or denial of service. Version 10.0.23 contains the fix, though no patch is currently available for affected deployments.

SQLi Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-0572 MEDIUM This Month

Unauthenticated attackers can modify WordPress plugin settings in WebPurify Profanity Filter up to version 4.0.2 due to missing authorization checks on the options-saving function. This allows unauthorized configuration changes without requiring user authentication or interaction. No patch is currently available for this vulnerability.

WordPress
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-15260 MEDIUM This Month

Loyalty Points and Rewards for WooCommerce versions up to 5.6.0. is affected by missing authorization (CVSS 6.5).

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy