THREAT ALERT

EMERGENCY CVE-2026-1731 9.8 BeyondTrust Remote Support (RS) and older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability (CVE-2026-1731) that allows unauthenticated attackers to execute OS commands through specially crafted requests. With EPSS 66% and KEV listing with public PoC, this vulnerability is devastating because these products are specifically designed for privileged remote access — compromising them grants attackers access to the most sensitive systems in an organization. | EMERGENCY CVE-2020-37123 9.8 Remote code execution via OS command injection in Pinger 1.0 allows attackers to inject shell commands through the ping target parameter. EPSS 12.2% indicates significant exploitation likelihood. PoC available. | ACT NOW CVE-2026-25512 8.8 Authenticated attackers can execute arbitrary commands on Group-Office servers through unsanitized user input in the email attachment endpoint, where shell metacharacters are directly passed to system execution functions. The vulnerability affects Group-Office versions prior to 6.8.150, 25.0.82, and 26.0.5, and public exploit code exists. Organizations should apply available patches immediately as this is actively exploitable by authenticated users. | ACT NOW CVE-2025-15556 7.5 Notepad++ versions prior to 8.8.9 contain an update integrity verification vulnerability (CVE-2025-15556) when using the WinGUp updater. The update mechanism fails to cryptographically verify downloaded metadata and installers, allowing man-in-the-middle attackers to serve malicious executables during the update process. KEV-listed, this supply chain risk affects one of the most widely used text editors on Windows. | EMERGENCY CVE-2026-1340 9.8 Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that allows unauthenticated attackers to achieve remote code execution on the mobile device management server. Compromising the MDM server provides access to all managed mobile device configurations, policies, and potentially the ability to push malicious profiles to enrolled devices. | ACT NOW CVE-2026-1281 9.8 Ivanti Endpoint Manager Mobile (EPMM) contains a critical code injection vulnerability (CVE-2026-1281, CVSS 9.8) that allows unauthenticated remote attackers to execute arbitrary code. With EPSS 64.8% and KEV listing, this vulnerability in the mobile device management platform threatens the security of every managed mobile device in the organization, as EPMM has the ability to push configurations, certificates, and apps to enrolled devices. | EMERGENCY CVE-2025-40551 9.8 SolarWinds Web Help Desk contains an unauthenticated Java deserialization vulnerability (CVE-2025-40551, CVSS 9.8) that enables remote code execution. With EPSS 80.6% and KEV listing, this is the more severe of two concurrent WHD vulnerabilities, allowing attackers to execute arbitrary commands on the host server without any credentials. | ACT NOW CVE-2025-40536 8.1 SolarWinds Web Help Desk contains a security control bypass vulnerability (CVE-2025-40536) that allows unauthenticated attackers to access restricted functionality. With EPSS 69% and KEV listing, this CVSS 8.1 vulnerability is particularly concerning given SolarWinds' history of being targeted in supply chain attacks and the sensitive IT service data typically stored in help desk systems. | EMERGENCY CVE-2026-24858 9.8 Fortinet FortiAnalyzer and FortiManager contain a critical authentication bypass vulnerability (CVE-2026-24858, CVSS 9.8) that allows unauthenticated remote attackers to gain administrative access through an alternate authentication path. With EPSS 2.8% but KEV listing confirming active exploitation, this vulnerability threatens the security management infrastructure that organizations rely on to protect their networks. | ACT NOW CVE-2026-21509 7.8 Microsoft Office contains a security feature bypass (CVE-2026-21509, CVSS 7.8) where reliance on untrusted inputs in security decisions allows local attackers to bypass protections designed to prevent execution of malicious content. KEV-listed with EPSS 9.3%, this vulnerability enables attackers to circumvent Office security features like Protected View or macro restrictions through crafted documents. | EMERGENCY CVE-2026-24423 9.8 SmarterTools SmarterMail prior to build 9511 contains a second critical vulnerability (CVE-2026-24423) — an unauthenticated remote code execution flaw in the ConnectToHub API method. An attacker can redirect the SmarterMail server to connect to a malicious HTTP endpoint that serves OS commands for execution. KEV-listed with EPSS 29%, this is chainable with CVE-2026-23760 for complete server compromise. | EMERGENCY CVE-2026-23760 9.8 SmarterTools SmarterMail prior to build 9511 contains a critical authentication bypass in the password reset API (CVE-2026-23760) that allows unauthenticated attackers to reset system administrator passwords without verification. With EPSS 65% and KEV listing, this trivially exploitable vulnerability enables complete email server takeover, compromising all hosted mailboxes and organizational communications. | ACT NOW CVE-2026-20045 8.2 Cisco Unified Communications Manager and related products contain a code injection vulnerability (CVE-2026-20045) that allows unauthenticated remote attackers to execute arbitrary code. This KEV-listed vulnerability affects the core enterprise voice/video infrastructure including Unified CM, IM&P, Unity Connection, and Webex Calling Dedicated Instance, making it a high-priority threat for organizations dependent on Cisco collaboration tools. | ACT NOW CVE-2026-24061 9.8 GNU Inetutils telnetd through version 2.7 contains a critical authentication bypass that allows remote attackers to gain root access by setting the USER environment variable to '-f root' during TELNET negotiation. With EPSS 75% and KEV listing, this trivially exploitable vulnerability (CVE-2026-24061) has been widely weaponized. Public PoC is available and patches exist. | EMERGENCY CVE-2026-20963 9.8 Microsoft Office SharePoint contains a deserialization vulnerability (CVE-2026-20963) that allows authenticated users to execute arbitrary code over the network through crafted serialized objects. KEV-listed with public PoC, this CVSS 8.8 vulnerability enables any SharePoint user to escalate to server-level code execution, making it a critical threat for organizations relying on SharePoint for document management and collaboration. | ACT NOW CVE-2026-22200 7.5 Arbitrary file disclosure in osTicket 1.18.x before 1.18.3 and 1.17.x before 1.17.7 allows unauthenticated attackers to read sensitive server files by injecting malicious PHP filter expressions into ticket descriptions that are processed during PDF export. The vulnerability exploits insufficient sanitization in the mPDF library integration, enabling attackers to embed arbitrary file contents as images in generated PDFs when exporting tickets. Public exploit code exists and the issue affects default configurations where guest ticket creation is enabled. | EMERGENCY CVE-2026-21891 9.4 ZimaOS (fork of CasaOS) through 1.5.0 has an authentication bypass where passwords for system service accounts are not properly validated during login. Attackers can access the system using known service account names with any password. PoC available, EPSS 13.6%. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — February 06, 2026

172 CVEs tracked today. 21 Critical, 56 High, 80 Medium, 11 Low.

CVE-2026-1731 CRITICAL CVSS 9.8
BeyondTrust Remote Support (RS) and older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability (CVE-2026-1731) that allows unauthenticated attackers to execute OS commands through specially crafted requests. With EPSS 66% and KEV listing with public PoC, this vulnerability is devastating because these products are specifically designed for privileged remote access — compromising them grants attackers access to the most sensitive systems in an organization.

RCE Remote Support Privileged Remote Access
CVE-2026-25804 CRITICAL CVSS 9.1
Antrea Kubernetes networking has an authentication bypass enabling unauthorized access to the Kubernetes network policy infrastructure.

Kubernetes Antrea Suse
CVE-2026-25803 CRITICAL CVSS 9.8
3DP-MANAGER for 3x-ui has hard-coded credentials (CVSS 9.8) in version 2.0.1 that provide automatic access to the management interface.

Authentication Bypass 3dp Manager
CVE-2026-25763 CRITICAL CVSS 9.9
OpenProject has a CVSS 9.9 command injection vulnerability allowing authenticated users to execute OS commands on the project management server.

RCE Openproject
CVE-2026-25753 CRITICAL CVSS 9.8
PlaciPy placement management system 1.0.0 uses a hard-coded password, allowing any attacker who discovers it to gain full system access.

Authentication Bypass Placipy
CVE-2026-25752 CRITICAL CVSS 9.1
FUXA SCADA/HMI software has an additional authorization bypass vulnerability enabling unauthenticated access to industrial control visualizations.

Scada Fuxa
CVE-2026-25725 CRITICAL CVSS 10.0
Claude Code prior to version 2.1.2 has a CVSS 10.0 sandbox escape in the bubblewrap sandboxing mechanism, allowing code execution outside the intended sandbox boundary.

Privilege Escalation Code Injection RCE Docker Linux
CVE-2026-25722 CRITICAL CVSS 9.1
Claude Code prior to version 2.0.57 failed to properly validate MCP tool inputs, allowing malicious MCP servers to inject commands through tool responses.

Code Injection AI / ML Claude Code
CVE-2026-25643 CRITICAL CVSS 9.1
Frigate NVR has a command injection vulnerability (CVSS 9.1) allowing authenticated attackers to execute OS commands on the network video recorder.

Command Injection RCE Frigate
CVE-2026-25641 CRITICAL CVSS 10.0
SandboxJS has a fifth CVSS 10.0 escape via a TOCTOU race condition in sandbox validation, allowing code to slip through during the check-execute gap.

Information Disclosure Sandboxjs
CVE-2026-25632 CRITICAL CVSS 10.0
EPyT-Flow hydraulic simulation package has a CVSS 10.0 insecure deserialization enabling code execution when loading simulation scenario files.

Python Command Injection Deserialization Epyt Flow
CVE-2026-25592 CRITICAL CVSS 9.9
Microsoft Semantic Kernel SDK has a CVSS 9.9 path traversal vulnerability enabling AI agents to access arbitrary files outside their intended scope.

Microsoft Linux Python Dotnet AI / ML
CVE-2026-25587 CRITICAL CVSS 10.0
SandboxJS has a fourth CVSS 10.0 sandbox escape through Map's safe prototype being used as a gateway to inject arbitrary code.

Code Injection RCE Sandboxjs
CVE-2026-25586 CRITICAL CVSS 10.0
SandboxJS has a third CVSS 10.0 sandbox escape via Map prototype shadowing that allows complete sandbox bypass.

Information Disclosure Sandboxjs
CVE-2026-25544 CRITICAL CVSS 9.8
Payload CMS prior to 3.73.0 has a SQL injection vulnerability when querying structured data, enabling database compromise on the headless CMS.

SQLi Payload
CVE-2026-25520 CRITICAL CVSS 10.0
SandboxJS has a second CVSS 10.0 sandbox escape where function return values aren't properly sanitized, allowing code execution outside the sandbox.

RCE Sandboxjs
CVE-2026-21643 CRITICAL CVSS 9.8
A product has a SQL injection vulnerability enabling unauthenticated database compromise through improperly neutralized SQL commands.

Fortinet SQLi
CVE-2026-2017 CRITICAL CVSS 9.8
IP-COM W30AP wireless access point up to firmware 1.0.0.11 has a buffer overflow that allows remote attackers to execute code or crash the device.

Buffer Overflow Stack Overflow W30ap Firmware
CVE-2026-1709 CRITICAL CVSS 9.4
Keylime attestation framework since version 7.12.0 has a TLS authentication flaw where the registrar doesn't enforce client-side certificate validation.

Authentication Bypass Enterprise Linux For Ibm Z Systems Enterprise Linux For Arm 64 Eus Keylime Enterprise Linux For Power Little Endian
CVE-2025-64111 CRITICAL CVSS 9.8
Gogs self-hosted Git service v0.13.3 has a command injection vulnerability enabling remote code execution through crafted repository operations.

Command Injection Gogs Suse
CVE-2019-25298 CRITICAL CVSS 9.1
html5_snmp 1.11 has multiple SQL injection vulnerabilities allowing attackers to manipulate SNMP monitoring database queries.

Snmp SQLi Html5 Snmp
CVE-2026-25793 HIGH CVSS 8.1
Nebula is a scalable overlay networking tool. [CVSS 8.1 HIGH]

Information Disclosure Nebula Redhat Suse
CVE-2026-25762 HIGH CVSS 7.5
Memory exhaustion in AdonisJS @adonisjs/bodyparser prior to versions 10.1.3 and 11.0.0-next.9 allows unauthenticated remote attackers to trigger denial of service by uploading files that cause unbounded memory accumulation during multipart parsing. The vulnerable multipart handler fails to enforce memory limits while processing file type detection, enabling attackers to exhaust server resources and crash the application. No patch is currently available for affected installations.

Denial Of Service Bodyparser
CVE-2026-25758 HIGH CVSS 7.5
Spree Commerce's guest checkout feature contains an insecure direct object reference (IDOR) flaw that allows unauthenticated attackers to access other customers' personally identifiable information by manipulating address parameters during transaction processing. Public exploit code exists for this vulnerability, which affects all guest checkout flows across multiple Spree versions. Patches are available for versions 4.10.3, 5.0.8, 5.1.10, 5.2.7, and 5.3.2.

Ruby Dns Spree
CVE-2026-25754 HIGH CVSS 7.2
AdonisJS is a TypeScript-first web framework. versions up to 10.1.3 is affected by improperly controlled modification of object prototype attributes (prototype pollution) (CVSS 7.2).

Prototype Pollution Information Disclosure Bodyparser
CVE-2026-25751 HIGH CVSS 7.5
Unauthenticated attackers can retrieve sensitive InfluxDB credentials from FUXA versions through 1.2.9 due to missing authentication controls, enabling direct database access. An attacker exploiting this vulnerability can read, modify, or delete all historical process data and perform denial of service attacks by corrupting the database. FUXA 1.2.10 addresses this issue, but no patch is currently available for affected versions.

Scada Denial Of Service Information Disclosure Fuxa
CVE-2026-25732 HIGH CVSS 7.5
Path traversal in NiceGUI before 3.7.0 allows remote attackers to write arbitrary files outside intended directories by exploiting unsanitized filename metadata in the FileUpload.name property, potentially leading to remote code execution when developers incorporate this value directly into file paths. Public exploit code exists for this vulnerability, affecting applications using common patterns like concatenating user-supplied filenames with upload directories. Developers are only protected if they use fixed paths, generate filenames server-side, or explicitly sanitize user input.

Python RCE Path Traversal Nicegui
CVE-2026-25731 HIGH CVSS 7.8
calibre is an e-book manager. [CVSS 7.8 HIGH]

RCE Calibre Redhat Suse
CVE-2026-25650 HIGH CVSS 7.5
Unauthenticated attackers can exploit arbitrary attribute access in MCP Salesforce Connector versions prior to 0.1.10 to extract sensitive Salesforce authentication tokens. This vulnerability requires only network access with no user interaction, enabling complete disclosure of credentials used for Salesforce API integration. Organizations using affected versions should upgrade to 0.1.10 immediately.

Information Disclosure AI / ML Mcp Salesforce Connector
CVE-2026-25644 HIGH CVSS 7.5
DataHub versions prior to 1.3.1.8 are vulnerable to man-in-the-middle attacks during LDAP authentication due to insufficient TLS certificate validation, allowing attackers on the network to intercept and eavesdrop on sensitive authentication credentials. An unauthenticated attacker can downgrade the TLS connection to capture plaintext LDAP credentials without requiring user interaction. No patch is currently available for affected deployments.

Tls Ldap Datahub
CVE-2026-25640 HIGH CVSS 7.1
Pydantic AI versions 1.34.0 through 1.50.x contain a path traversal vulnerability in the web UI that allows unauthenticated attackers to inject arbitrary JavaScript by manipulating the CDN version parameter in a malicious URL. When a victim visits the crafted link, attacker-controlled code executes in their browser, enabling theft of chat history and other sensitive client-side data. No patch is currently available.

Python Path Traversal AI / ML Pydantic Ai Redhat
CVE-2026-25636 HIGH CVSS 8.2
Calibre 9.1.0 and earlier contains a path traversal vulnerability in EPUB conversion that allows malicious EPUB files to corrupt or modify arbitrary files writable by the Calibre process. The vulnerability exploits improper handling of CipherReference URIs in encryption metadata, enabling attackers to write outside the intended extraction directory. Public exploit code exists for this high-severity issue, which is patched in version 9.2.0.

Path Traversal Calibre Redhat Suse
CVE-2026-25635 HIGH CVSS 8.6
Remote code execution in Calibre prior to version 9.2.0 through a path traversal flaw in the CHM reader allows local attackers to write arbitrary files with user permissions, enabling payload execution via the Windows Startup folder. Public exploit code exists for this vulnerability. Windows users should upgrade to Calibre 9.2.0 or later to remediate the risk.

Windows RCE Path Traversal Calibre Redhat
CVE-2026-25634 HIGH CVSS 7.8
Stack buffer overlap in iccDEV's color profile processing library prior to version 2.3.1.4 enables local attackers with user interaction to achieve arbitrary code execution through malicious ICC color management profiles. The vulnerability exists in the CIccTagMultiProcessElement::Apply() function where SrcPixel and DestPixel buffers overlap, and public exploit code is currently available. A patch has been released in version 2.3.1.4 to address this issue.

Buffer Overflow Iccdev
CVE-2026-25628 HIGH CVSS 8.5
Arbitrary file append vulnerability in Qdrant vector database versions 1.9.3 through 1.15.x allows authenticated users with minimal read-only privileges to write to arbitrary files through an unsanitized log file path parameter in the /logger endpoint. Public exploit code exists for this vulnerability, enabling attackers to corrupt system files or inject malicious content with high impact to confidentiality, integrity, and availability. The issue is resolved in version 1.16.0.

Information Disclosure AI / ML Qdrant
CVE-2026-25593 HIGH CVSS 8.4
OpenClaw prior to version 2026.1.20 allows local unauthenticated attackers to execute arbitrary commands as the gateway user by exploiting the WebSocket API to inject malicious command paths through the config.apply function. The vulnerability stems from insufficient validation of the cliPath parameter, which is subsequently used for command discovery without proper sanitization. No patch is currently available for affected versions.

Command Injection AI / ML Openclaw
CVE-2026-25580 HIGH CVSS 8.6
Pydantic AI versions 0.0.26 through 1.55.x contain a server-side request forgery vulnerability in URL download functionality that allows remote attackers to make arbitrary HTTP requests to internal network resources when applications process untrusted message history. Public exploit code exists for this vulnerability, which could enable attackers to access internal services or cloud credentials. Applications must upgrade to version 1.56.0 or later to remediate the issue.

Python SSRF AI / ML Pydantic Ai Redhat
CVE-2026-25556 HIGH CVSS 7.5
MuPDF versions 1.23.0 through 1.27.0 are vulnerable to a double-free memory corruption flaw in the display list rendering function that can be triggered through crafted barcode input during exception handling. Applications using MuPDF's barcode decoding feature can crash or potentially experience heap corruption when processing specially crafted files. Public exploit code exists for this vulnerability, and a patch is available.

Denial Of Service Mupdf Redhat Suse
CVE-2026-25533 HIGH CVSS 8.8
Enclave versions up to 2.10.1 is affected by loop with unreachable exit condition (infinite loop) (CVSS 8.8).

Denial Of Service RCE AI / ML Enclave
CVE-2026-24930 HIGH CVSS 8.4
UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]

Industrial Harmonyos
CVE-2026-24926 HIGH CVSS 8.4
Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]

Buffer Overflow Harmonyos
CVE-2026-24925 HIGH CVSS 7.3
Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 7.3 HIGH]

Buffer Overflow Heap Overflow Harmonyos
CVE-2026-24851 HIGH CVSS 8.8
Improper policy enforcement in OpenFGA versions 1.8.5 through 1.11.2 (and corresponding Helm Chart and Docker releases) allows authenticated users to bypass authorization checks through specially crafted tuple configurations that mix type-bound public and non-public access policies. An attacker with valid credentials can exploit mismatched tuple assignments to gain unauthorized access to protected resources by leveraging lexicographic object ID ordering in the authorization engine. No patch is currently available.

Docker Openfga Helm Charts Redhat Suse
CVE-2026-24135 HIGH CVSS 8.1
Arbitrary file deletion in Gogs 0.13.3 and earlier allows authenticated repository contributors to exploit a path traversal flaw in the wiki page update function, enabling deletion of arbitrary files on the affected server. An attacker with wiki write access can manipulate the old_title parameter to traverse the filesystem and remove critical files. No patch is currently available for this high-severity vulnerability (CVSS 8.1).

Path Traversal Gogs Suse
CVE-2026-23989 HIGH CVSS 8.2
Unauthenticated attackers can bypass public link scope verification in OpenCloud Reva versions prior to 2.42.3 and 2.40.3 through a flaw in GRPC authorization middleware. By exploiting the archiver service, an attacker can create archives containing all resources accessible to the public link creator, resulting in unauthorized information disclosure. A patch is available in versions 2.42.3 and 2.40.3.

Authentication Bypass Opencloud Reva Suse
CVE-2026-21626 HIGH CVSS 7.5
Easydiscuss fails to enforce access control restrictions on custom forum post fields when outputting data in JSON format, allowing unauthenticated remote attackers to retrieve sensitive information that should be restricted. This information disclosure vulnerability affects users whose forum configurations rely on field-level access controls. No patch is currently available for affected installations.

Information Disclosure Easydiscuss
CVE-2026-2103 HIGH CVSS 7.1
Syteline Erp versions up to 10.0.8803.16889 is affected by use of hard-coded cryptographic key (CVSS 7.1).

Information Disclosure Syteline Erp
CVE-2026-2070 HIGH CVSS 8.8
Remote code execution in UTT 520W firmware versions up to 1.7.7-180627 through a buffer overflow in the /goform/formPolicyRouteConf endpoint allows authenticated attackers to execute arbitrary commands on affected devices. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. The flaw stems from improper bounds checking in the GroupName parameter handling.

Buffer Overflow 520w Firmware
CVE-2026-2068 HIGH CVSS 8.8
Remote code execution in UTT 520W firmware 1.7.7-180627 allows authenticated attackers to execute arbitrary code via a buffer overflow in the ServerIp parameter of the /goform/formSyslogConf endpoint. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure attempts. The attack requires network access and valid credentials but executes with full system privileges.

Buffer Overflow 520w Firmware
CVE-2026-2067 HIGH CVSS 8.8
Remote code execution in UTT 520W firmware through a buffer overflow in the /goform/formTimeGroupConfig endpoint allows authenticated attackers to achieve complete system compromise via manipulation of the year1 parameter. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification. The high CVSS score of 8.8 reflects the combination of network accessibility, low attack complexity, and full impact on confidentiality, integrity, and availability.

Buffer Overflow 520w Firmware
CVE-2026-2066 HIGH CVSS 8.8
Remote code execution in UTT 520W firmware versions up to 1.7.7-180627 via stack buffer overflow in the /goform/formIpGroupConfig endpoint allows authenticated attackers to achieve complete system compromise. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early disclosure notification. Affected devices are remotely exploitable with no user interaction required.

Buffer Overflow 520w Firmware
CVE-2026-2060 HIGH CVSS 7.3
Simple Blood Donor Management System versions up to 1.0 contains a security vulnerability (CVSS 7.3).

PHP SQLi Simple Blood Donor Management System
CVE-2026-2059 HIGH CVSS 7.3
Medical Center Portal Management System versions up to 1.0 contains a security vulnerability (CVSS 7.3).

PHP SQLi Medical Center Portal Management System
CVE-2026-2058 HIGH CVSS 7.3
SQL injection in CloudClassroom-PHP-Project's /postquerypublic.php endpoint allows unauthenticated remote attackers to manipulate the gnamex parameter and execute arbitrary database queries. Public exploit code is available for this vulnerability, and the vendor has not provided patches despite early disclosure notification. Affected systems using this PHP application up to commit 5dadec098bfbbf3300d60c3494db3fb95b66e7be are at immediate risk of data theft or manipulation.

PHP SQLi Cloudclassroom Php Project
CVE-2026-2057 HIGH CVSS 7.3
Medical Center Portal Management System versions up to 1.0 contains a security vulnerability (CVSS 7.3).

PHP SQLi Medical Center Portal Management System
CVE-2026-2018 HIGH CVSS 7.3
SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /ramonsys/settings/controller.php allows unauthenticated remote attackers to manipulate database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation enables data exfiltration, modification, and potential service disruption.

PHP SQLi School Management System
CVE-2026-2014 HIGH CVSS 7.3
SQL injection in itsourcecode Student Management System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /ramonsys/billing/index.php and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could enable data exfiltration, modification, or deletion depending on database permissions.

PHP SQLi School Management System
CVE-2026-2013 HIGH CVSS 7.3
SQL injection in itsourcecode Student Management System 1.0 via the ID parameter in /ramonsys/soa/index.php allows unauthenticated remote attackers to manipulate database queries with public exploit code available. The vulnerability enables attackers to read, modify, or delete sensitive educational data without authentication or user interaction. No patch is currently available, leaving affected installations at risk of data compromise.

PHP SQLi School Management System
CVE-2026-2012 HIGH CVSS 7.3
SQL injection in itsourcecode Student Management System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /ramonsys/facultyloading/index.php, potentially enabling unauthorized database access and modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at active risk.

PHP SQLi School Management System
CVE-2026-2011 HIGH CVSS 7.3
SQL injection in itsourcecode Student Management System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /ramonsys/enrollment/controller.php, enabling unauthorized database access and potential data modification. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for affected school institutions.

PHP SQLi School Management System
CVE-2026-1499 HIGH CVSS 8.8
WP Duplicate WordPress plugin has a missing authorization vulnerability leading to arbitrary file deletion that can destroy the WordPress installation.

WordPress RCE Authentication Bypass Path Traversal File Upload
CVE-2025-70963 HIGH CVSS 7.6
Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. [CVSS 7.6 HIGH]

Authentication Bypass Information Disclosure Gophish Suse
CVE-2025-69214 HIGH CVSS 8.8
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajax_select.php endpoint when handling the componenti operation. [CVSS 8.8 HIGH]

PHP SQLi Openstamanager
CVE-2025-69212 HIGH CVSS 8.8
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M (signed XML) file decoding functionality. [CVSS 8.8 HIGH]

Command Injection Openstamanager
CVE-2025-68621 HIGH CVSS 7.4
Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. [CVSS 7.4 HIGH]

Authentication Bypass Trilium
CVE-2025-64175 HIGH CVSS 8.8
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. [CVSS 8.8 HIGH]

Authentication Bypass Gogs Suse
CVE-2025-15566 HIGH CVSS 8.8
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. [CVSS 8.8 HIGH]

Nginx Kubernetes RCE
CVE-2025-13523 HIGH CVSS 7.7
Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connection link that, when visited, renders the attacker's display name without proper sanitization. [CVSS 7.7 HIGH]

Confluence Suse
CVE-2019-25305 HIGH CVSS 7.8
JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and execute malicious code with elevated system permissions. [CVSS 7.8 HIGH]

Code Injection
CVE-2019-25304 HIGH CVSS 7.8
SecurosCtrlService contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 7.8).

Information Disclosure
CVE-2019-25303 HIGH CVSS 7.1
TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. [CVSS 7.1 HIGH]

SQLi
CVE-2019-25302 HIGH CVSS 7.8
DsiWMIService contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 7.8).

Information Disclosure
CVE-2019-25300 HIGH CVSS 7.1
thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database information. [CVSS 7.1 HIGH]

SQLi
CVE-2019-25299 HIGH CVSS 7.1
RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. [CVSS 7.1 HIGH]

Linux SQLi
CVE-2019-25293 HIGH CVSS 7.8
BstHdLogRotatorSvc service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
CVE-2019-25292 HIGH CVSS 7.8
Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. [CVSS 7.8 HIGH]

RCE
CVE-2019-25266 HIGH CVSS 7.8
Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. [CVSS 7.8 HIGH]

RCE
CVE-2026-25760 MEDIUM CVSS 6.5
Authenticated operators in Sliver C2 framework versions prior to 1.6.11 can read arbitrary files on the server through a path traversal vulnerability in the website content subsystem, potentially exposing sensitive credentials, configurations, and cryptographic keys. Public exploit code exists for this vulnerability. The issue is resolved in version 1.6.11 and later.

Wireguard Path Traversal Sliver Suse
CVE-2026-25757 MEDIUM CVSS 5.3
Spree versions up to 5.0.8 is affected by authorization bypass through user-controlled key (CVSS 5.3).

Ruby Spree
CVE-2026-25749 MEDIUM CVSS 6.6
Heap buffer overflow in Vim's tag file resolution allows local attackers with user privileges to corrupt heap memory and crash the application or potentially execute code by supplying a malicious 'helpfile' option value. The vulnerability exists in the get_tagfname() function which fails to validate the length of user-controlled input before copying it into a fixed-size buffer. Public exploit code exists for this issue affecting Vim prior to version 9.1.2132, though a patch is available.

Buffer Overflow Vim Redhat Suse
CVE-2026-25729 MEDIUM CVSS 6.5
DeepAudit is a multi-agent system for code vulnerability discovery. [CVSS 6.5 MEDIUM]

Authentication Bypass AI / ML Deepaudit
CVE-2026-25727 MEDIUM CVSS 6.5
The Rust time library versions 0.3.6 through 0.3.46 are vulnerable to denial of service through stack exhaustion when processing maliciously crafted RFC 2822 formatted input. An unauthenticated attacker can trigger recursive parsing of deprecated RFC 2822 features to exhaust stack memory and crash applications using affected versions. A patch implementing recursion depth limits is available in version 0.3.47 and later.

Denial Of Service Time Redhat Suse
CVE-2026-25723 MEDIUM CVSS 6.5
Claude Code versions prior to 2.0.55 insufficiently validate piped sed commands, permitting authenticated users to circumvent file write protections and deposit files in restricted directories including .claude folders and locations outside project scope. An attacker with access to the "accept edits" feature can exploit this to write malicious content to sensitive areas of the system. A patch is available in version 2.0.55 and later.

Code Injection AI / ML Claude Code
CVE-2026-25651 MEDIUM CVSS 6.1
Client-certificate-auth middleware for Node.js versions 0.2.1 and 0.3.0 fails to validate the Host header when redirecting HTTP requests to HTTPS, enabling attackers to craft malicious redirects that direct users to arbitrary domains. Public exploit code exists for this open redirect vulnerability, and no patch is currently available for affected versions.

Node.js Tls Open Redirect Client Certificate Auth
CVE-2026-25647 MEDIUM CVSS 4.6
Stored XSS in Lute's Markdown rendering engine (versions 1.7.6 and earlier) allows authenticated attackers to inject malicious JavaScript into notes that executes when other users view the rendered content. SiYuan and other applications using vulnerable Lute versions are affected, with public exploit code available. A patch is available and should be applied to prevent session hijacking and credential theft.

Golang XSS Siyuan
CVE-2026-25642 MEDIUM CVSS 4.3
HedgeDoc prior to version 1.10.6 allows attackers to bypass content security policies on files served from the /uploads/ endpoint, enabling them to host malicious interactive content such as fake login forms via SVG files. This network-based attack requires user interaction but can lead to credential theft or social engineering attacks. A patch is available in version 1.10.6.

File Upload XSS Hedgedoc
CVE-2026-25631 MEDIUM CVSS 6.5
Improper credential domain validation in n8n's HTTP Request node prior to version 1.121.0 enables authenticated attackers to redirect requests containing credentials to unintended domains, risking credential theft for users with wildcard domain patterns in their allowed domains configuration. The vulnerability requires valid authentication and has a low exploitation probability, with no public exploit currently available.

Code Injection N8n
CVE-2026-25597 MEDIUM CVSS 5.3
Prestashop versions up to 8.2.4 contains a vulnerability that allows attackers to determine whether a customer account exists in the system by measuring response (CVSS 5.3).

Information Disclosure Prestashop
CVE-2026-25581 MEDIUM CVSS 5.4
Reflected cross-site scripting in SCEditor prior to version 3.2.1 allows attackers with control over configuration parameters to inject malicious scripts through unsanitized options like emoticons or charset settings. Public exploit code exists for this vulnerability, which affects any application integrating the affected SCEditor versions. A patch is available in version 3.2.1 and later.

XSS Sceditor
CVE-2026-25574 MEDIUM CVSS 5.4
Cross-collection IDOR in Payload CMS before v3.74.0 allows authenticated users to read and delete preferences from other authentication collections when numeric user IDs overlap in PostgreSQL or SQLite deployments. This vulnerability affects multi-auth environments where default auto-increment IDs create collisions across separate user collections. An attacker with valid credentials in one authentication domain can access and manipulate sensitive preference data belonging to users in different authentication domains.

PostgreSQL SQLi Payload
CVE-2026-25516 MEDIUM CVSS 6.1
Cross-site scripting in NiceGUI's ui.markdown() component allows unauthenticated attackers to inject malicious HTML and JavaScript into applications that render user-controlled markdown content, as the component lacks built-in sanitization unlike other NiceGUI HTML rendering functions. Public exploit code exists for this vulnerability affecting NiceGUI versions before 3.7.0. Applications using ui.markdown() with untrusted input are vulnerable to session hijacking, credential theft, and other client-side attacks.

Python XSS Nicegui
CVE-2026-25123 MEDIUM CVSS 5.3
Homarr versions prior to 1.52.0 contain an unauthenticated SSRF vulnerability in the widget.app.ping endpoint that accepts arbitrary URLs and performs server-side requests, allowing remote attackers to scan ports and probe internal networks without authentication. The vulnerability enables attackers to infer open versus closed ports through HTTP status codes and response timing, establishing a reliable reconnaissance primitive. No patch is currently available for affected deployments.

SSRF Homarr
CVE-2026-24931 MEDIUM CVSS 5.9
Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 5.9).

Privilege Escalation Harmonyos
CVE-2026-24929 MEDIUM CVSS 5.9
Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]

Industrial Harmonyos
CVE-2026-24928 MEDIUM CVSS 5.8
Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.8 MEDIUM]

Buffer Overflow Harmonyos Emui
CVE-2026-24927 MEDIUM CVSS 5.5
Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.5 MEDIUM]

Use After Free Emui Harmonyos
CVE-2026-24924 MEDIUM CVSS 6.1
Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 6.1).

Privilege Escalation Harmonyos
CVE-2026-24923 MEDIUM CVSS 6.3
Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 6.3).

Privilege Escalation Harmonyos
CVE-2026-24922 MEDIUM CVSS 6.9
Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.9 MEDIUM]

Buffer Overflow Harmonyos
CVE-2026-24921 MEDIUM CVSS 4.8
Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. [CVSS 4.8 MEDIUM]

Buffer Overflow Information Disclosure Harmonyos
CVE-2026-24920 MEDIUM CVSS 6.2
Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]

Privilege Escalation Emui Harmonyos
CVE-2026-24919 MEDIUM CVSS 6.0
Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.0 MEDIUM]

Buffer Overflow Emui Harmonyos
CVE-2026-24918 MEDIUM CVSS 6.8
Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.8 MEDIUM]

Denial Of Service Harmonyos Emui
CVE-2026-24917 MEDIUM CVSS 6.5
UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.5 MEDIUM]

Use After Free Emui Harmonyos
CVE-2026-24916 MEDIUM CVSS 5.9
Identity authentication bypass vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.9 MEDIUM]

Authentication Bypass Harmonyos
CVE-2026-24915 MEDIUM CVSS 6.2
Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. [CVSS 6.2 MEDIUM]

Buffer Overflow Information Disclosure Harmonyos
CVE-2026-24914 MEDIUM CVSS 4.0
Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.0 MEDIUM]

Use After Free Harmonyos
CVE-2026-24903 MEDIUM CVSS 5.4
OrcaStatLLM Researcher is an LLM Based Research Paper Generator. [CVSS 5.4 MEDIUM]

XSS AI / ML Orcastatllm Researcher
CVE-2026-24776 MEDIUM CVSS 4.3
OpenProject versions prior to 17.0.2 fail to validate meeting section ownership during drag-and-drop operations, allowing authenticated users to inject agenda items into unrelated meetings. While attackers cannot access unauthorized meeting content, they can add arbitrary agenda items to other meetings to cause confusion or disrupt meeting organization. A patch is available in version 17.0.2.

Authentication Bypass Openproject
CVE-2026-24419 MEDIUM CVSS 6.5
SQL injection in OpenSTAManager v2.9.8 and earlier allows authenticated attackers to extract sensitive data through the Prima Nota module's unvalidated id_documenti parameter. Public exploit code exists for this vulnerability, which bypasses input validation on comma-separated values used in SQL IN() clauses to leak information via XPATH error-based techniques. The vulnerability affects PHP-based deployments and currently has no available patch.

PHP SQLi Openstamanager
CVE-2026-24418 MEDIUM CVSS 6.5
OpenSTAManager versions 2.9.8 and earlier are vulnerable to SQL injection in the Payment Schedule module's bulk operations handler, where inadequate input validation on record IDs allows authenticated attackers to execute arbitrary SQL queries and extract sensitive data via error-based techniques. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid user credentials but can expose confidential information from the application database.

SQLi Openstamanager
CVE-2026-24417 MEDIUM CVSS 6.5
OpenSTAManager v2.9.8 and earlier allow authenticated attackers to conduct time-based SQL injection attacks through the global search functionality, enabling extraction of sensitive data from the underlying database. The vulnerability stems from insufficient input validation on the search term parameter used in SQL LIKE clauses across multiple search handlers. Public exploit code exists for this vulnerability, and no patch is currently available.

SQLi Openstamanager
CVE-2026-24416 MEDIUM CVSS 6.5
OpenSTAManager v2.9.8 and earlier allows authenticated remote attackers to extract sensitive data through time-based SQL injection in the article pricing handler due to insufficient input sanitization of the idarticolo parameter. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can infer database contents through carefully timed SQL queries without requiring user interaction.

SQLi Openstamanager
CVE-2026-24050 MEDIUM CVSS 5.4
Stored cross-site scripting in Zulip Server versions 5.0 through 11.4 allows authenticated attackers to execute arbitrary JavaScript through malicious group or channel names when administrators interact with user profile management features. An attacker with the ability to create or modify groups/channels can inject payloads that execute in the context of an administrator's session, potentially compromising account security or sensitive data. A patch is available in version 11.5.

XSS Zulip Server
CVE-2026-23633 MEDIUM CVSS 6.5
Gogs versions 0.13.3 and earlier are vulnerable to arbitrary file read and write operations through path traversal in the Git hook editing functionality, affecting self-hosted installations. An authenticated attacker with high privileges can exploit this vulnerability to access or modify files outside the intended directory. Public exploit code exists for this vulnerability, and no patch is currently available.

Path Traversal Gogs Suse
CVE-2026-23632 MEDIUM CVSS 6.5
Gogs versions 0.13.3 and earlier fail to enforce write permissions on the repository contents endpoint, allowing attackers with read-only access to modify files, create commits, and execute git push operations. An authenticated user possessing only read permissions can bypass authorization checks and gain unauthorized write access to repository contents. This affects self-hosted Gogs instances and has no patch currently available for affected versions.

Authentication Bypass Gogs Suse
CVE-2026-23623 MEDIUM CVSS 5.3
Collabora Online is a collaborative online office suite based on LibreOffice technology. [CVSS 5.3 MEDIUM]

Authentication Bypass
CVE-2026-22592 MEDIUM CVSS 6.5
Denial of service in Gogs 0.13.3 and earlier allows authenticated users to crash the application by deleting repository files before synchronization. Public exploit code exists for this vulnerability, affecting self-hosted Git service deployments. A patch is available in versions 0.13.4 and 0.14.0+dev.

Denial Of Service Gogs Suse
CVE-2026-2065 MEDIUM CVSS 6.3
Smart Pixelator 2.0's Bluetooth Low Energy interface lacks proper authentication controls, allowing unauthenticated attackers on the local network to manipulate device functionality and potentially compromise confidentiality and integrity. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification.

Authentication Bypass Smart Pixelator Firmware
CVE-2026-2063 MEDIUM CVSS 4.7
D-Link DIR-823X routers are vulnerable to remote command injection through the Web Management Interface's /goform/set_ac_server endpoint, allowing unauthenticated attackers to execute arbitrary OS commands. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. A patch is not currently available, leaving affected devices exposed until remediation.

D-Link Command Injection Dir 823x Firmware
CVE-2026-2062 MEDIUM CVSS 5.3
Open5GS versions up to 2.7.6 suffer from a null pointer dereference in the PGW S5U Address Handler component that can be triggered remotely without authentication, resulting in denial of service. Public exploit code exists for this vulnerability, and administrators should apply the available patch immediately.

Null Pointer Dereference Open5gs
CVE-2026-2061 MEDIUM CVSS 4.7
D-Link DIR-823X firmware versions up to 250416 contain an OS command injection vulnerability in the IPv6 configuration endpoint that allows authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires administrative privileges but can be executed over the network with no user interaction required.

D-Link Command Injection Dir 823x Firmware
CVE-2026-2056 MEDIUM CVSS 5.3
D-Link DIR-605L and DIR-619L routers expose sensitive information through the DHCP Connection Status Handler via unauthenticated network requests, with public exploit code available. Affected devices running firmware versions 2.06B01 and 2.13B01 can leak configuration data to remote attackers without authentication, though impact is limited to information disclosure. No patch is available as these router models are end-of-life and no longer supported by D-Link.

D-Link Information Disclosure Dir 605l Firmware Dir 619l Firmware
CVE-2026-2055 MEDIUM CVSS 5.3
Information disclosure in D-Link DIR-605L and DIR-619L routers allows unauthenticated remote attackers to access sensitive DHCP client information through an unspecified manipulation of the DHCP Client Information Handler component. Public exploit code exists for this vulnerability, though patches are unavailable since these device models are no longer supported by D-Link.

D-Link Information Disclosure Dir 619l Firmware Dir 605l Firmware
CVE-2026-2054 MEDIUM CVSS 5.3
D-Link DIR-605L and DIR-619L routers (firmware versions 2.06B01/2.13B01) expose sensitive information through an unauthenticated remote manipulation of the WiFi Setting Handler component. Public exploit code is available for this vulnerability, and affected devices are no longer receiving security updates from D-Link. An attacker can remotely retrieve configuration data without authentication or user interaction.

D-Link Information Disclosure Dir 605l Firmware Dir 619l Firmware
CVE-2026-2016 MEDIUM CVSS 5.3
Stack-based buffer overflow in libfastcommon's base64_decode function allows local attackers with user-level privileges to corrupt memory and potentially execute arbitrary code. Public exploit code exists for this vulnerability affecting libfastcommon versions up to 1.0.84. A patch is available and should be applied immediately to mitigate the risk.

Buffer Overflow Stack Overflow Libfastcommon
CVE-2026-2015 MEDIUM CVSS 6.3
I-Educar versions up to 2.10. contains a vulnerability that allows attackers to improper authorization (CVSS 6.3).

PHP I Educar
CVE-2026-2010 MEDIUM CVSS 4.2
Improper authorization in Sanluan PublicCMS versions up to 4.0.202506.d, 5.202506.d, and 6.202506.d allows authenticated attackers to manipulate the paymentId parameter in the Trade Payment Handler, potentially leading to integrity and availability impacts. Public exploit code exists for this vulnerability, though exploitation requires high complexity and specific conditions. A patch is available and should be applied promptly to affected Java-based deployments.

Java Publiccms
CVE-2026-2009 MEDIUM CVSS 6.3
Gas Agency Management System versions up to 1.0 contains a vulnerability that allows attackers to improper access controls (CVSS 6.3).

PHP Gas Agency Management System
CVE-2026-2008 MEDIUM CVSS 6.3
Code injection in Fermat's eqn_chart function allows authenticated remote attackers to execute arbitrary code by manipulating equation arguments. Public exploit code exists for this vulnerability, and the developers have not yet released a patch despite early notification. The attack requires valid credentials but no user interaction, affecting all versions up to the latest rolling release commit.

Code Injection Fermat
CVE-2026-2000 MEDIUM CVSS 4.7
Remote command injection in DCN DCME-320 web management interface allows authenticated attackers to execute arbitrary commands through manipulation of the ip_list parameter in the bridge configuration function. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor. The attack requires high-level privileges but can be executed over the network without user interaction.

PHP Command Injection Dcme 320 Firmware
CVE-2026-1979 MEDIUM CVSS 5.3
Use-after-free memory corruption in mruby up to version 3.4.0 within the JMPNOT-to-JMPIF optimization logic allows local attackers with user-level privileges to corrupt memory and potentially execute arbitrary code. Public exploit code exists for this vulnerability, and a patch is available. Affected systems should apply the available security update promptly.

Ruby Use After Free Mruby Suse
CVE-2026-1978 MEDIUM CVSS 5.3
NanoCMS versions up to 0.4 contain an information disclosure vulnerability in the User Information Handler component that exposes sensitive data from the /data/pagesdata.txt file through unauthenticated remote requests. Public exploit code exists for this vulnerability, which allows attackers to retrieve partial confidential information without authentication. Users should update to a patched version or implement strict access controls on the affected file until an official patch is available.

Information Disclosure Nanocms
CVE-2026-1977 MEDIUM CVSS 6.3
Unauthenticated code injection in isaacwasserman mcp-vegalite-server's visualize_data function allows remote attackers with valid credentials to execute arbitrary code by manipulating the vegalite_specification parameter. Public exploit code exists for this vulnerability. No patch is currently available, and the project has not responded to early notification of the issue.

Code Injection
CVE-2026-1976 MEDIUM CVSS 5.3
Free5GC versions up to 4.1.0 are vulnerable to a null pointer dereference in the SMF component's SessionDeletionResponse function, allowing unauthenticated remote attackers to cause denial of service. Public exploit code exists for this vulnerability, and no patch is currently available.

Null Pointer Dereference Free5gc
CVE-2026-1975 MEDIUM CVSS 5.3
Free5GC versions up to 4.1.0 contain a null pointer dereference vulnerability in the identityTriggerType function of pfcp_reports.go that allows remote attackers to cause denial of service without authentication. Public exploit code exists for this vulnerability, and no patch is currently available.

Null Pointer Dereference Free5gc
CVE-2026-1974 MEDIUM CVSS 5.3
Free5GC versions up to 4.1.0 contain a denial of service vulnerability in the SMF component's ResolveNodeIdToIp function that can be exploited remotely without authentication. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected 5G network infrastructure at risk of service disruption.

Golang Denial Of Service Free5gc
CVE-2026-1973 MEDIUM CVSS 5.3
Free5GC versions up to 4.1.0 contain a null pointer dereference in the SMF's establishPfcpSession function that can be triggered remotely without authentication, causing a denial of service. Public exploit code exists for this vulnerability, and no patch is currently available.

Null Pointer Dereference Free5gc
CVE-2026-1972 MEDIUM CVSS 5.3
Edimax BR-6208AC firmware versions prior to 2_1.02 contain an authentication bypass in the auth_check_userpass2 function that allows remote attackers to gain access using default credentials through manipulation of username and password parameters. Public exploit code exists for this vulnerability, and the affected product is end-of-life with no vendor patches planned. Organizations still operating this router should immediately restrict network access or plan for replacement.

Information Disclosure Br 6208ac Firmware
CVE-2026-1909 MEDIUM CVSS 6.4
Stored XSS in WaveSurfer-WP plugin through improper sanitization of the audio shortcode 'src' attribute allows authenticated users with Contributor access or higher to inject malicious scripts into WordPress pages. When site visitors access affected pages, the injected scripts execute in their browsers, potentially compromising user sessions or stealing sensitive data. No patch is currently available for versions up to 2.8.3.

WordPress XSS
CVE-2026-1888 MEDIUM CVSS 6.4
Authenticated WordPress users with Contributor access or higher can inject persistent malicious scripts into pages through the Docus - YouTube Video Playlist plugin (versions up to 1.0.6) via improper handling of shortcode attributes. These injected scripts execute in the browsers of any visitor to the affected pages, potentially compromising user sessions and data. No patch is currently available for this stored XSS vulnerability.

WordPress XSS
CVE-2026-1808 MEDIUM CVSS 6.4
Stored cross-site scripting in the Orange Confort+ accessibility toolbar WordPress plugin through version 0.7 allows authenticated contributors and higher-privileged users to inject malicious scripts via the ocplus_button shortcode's style parameter due to inadequate input sanitization. When other users visit pages containing the injected content, the arbitrary scripts execute in their browsers, potentially compromising sessions or stealing sensitive data.

WordPress XSS
CVE-2026-1785 MEDIUM CVSS 4.3
The Code Snippets WordPress plugin through version 3.9.4 lacks nonce validation on cloud snippet operations, allowing unauthenticated attackers to conduct cross-site request forgery attacks against logged-in administrators. By tricking an admin into visiting a malicious page, attackers can force unauthorized downloads or updates of cloud snippets. No patch is currently available for this vulnerability.

WordPress CSRF
CVE-2026-1769 MEDIUM CVSS 5.3
Stored cross-site scripting in Xerox CentreWare Web through version 7.0.6 enables attackers to inject malicious scripts that persist on the application and execute in users' browsers. An attacker with local access and user interaction can compromise confidentiality and potentially modify data within the CentreWare environment. No patch is currently available; upgrading to version 7.2.2.25 or later is recommended as a mitigation.

Windows XSS Centreware Web
CVE-2026-1401 MEDIUM CVSS 6.4
Stored XSS in WordPress Tune Library plugin versions up to 1.6.3 allows authenticated users with Subscriber access to inject malicious scripts via CSV import due to inadequate input sanitization and output escaping. Attackers can execute arbitrary JavaScript in the context of any user viewing affected pages through the [tune-library] shortcode. No patch is currently available and exploitation requires valid WordPress credentials.

WordPress XSS
CVE-2026-1337 MEDIUM CVSS 5.4
Neo4J versions up to 2026.01 contains a vulnerability that allows attackers to XSS if the user opens the logs in a tool that treats them as HTML (CVSS 5.4).

Github XSS Neo4j
CVE-2026-1293 MEDIUM CVSS 6.4
Authenticated contributors and above can inject malicious scripts into WordPress pages through the Yoast SEO plugin (versions up to 26.8) by exploiting inadequate sanitization of the yoast-schema block attribute. When site visitors access affected pages, the injected scripts execute in their browsers, potentially compromising user data or session security. No patch is currently available for this stored cross-site scripting vulnerability.

WordPress XSS
CVE-2026-1279 MEDIUM CVSS 6.4
The Employee Directory plugin for WordPress through version 1.2.1 contains a stored cross-site scripting vulnerability in the search_employee_directory shortcode due to inadequate input validation on the form_title parameter. Authenticated users with Contributor privileges or higher can inject malicious scripts that persist in pages and execute in browsers of any user viewing the affected content. No patch is currently available.

WordPress XSS
CVE-2026-1252 MEDIUM CVSS 6.4
Stored XSS in the Events Listing Widget plugin for WordPress (versions ≤1.3.4) allows authenticated users with Author privileges or higher to inject malicious scripts through the Event URL parameter due to inadequate input validation. An attacker exploiting this vulnerability can execute arbitrary JavaScript in pages viewed by other users. No patch is currently available for this medium-severity vulnerability.

WordPress XSS
CVE-2026-1228 MEDIUM CVSS 4.3
plugin versions up to 1.3.3 is affected by authorization bypass through user-controlled key (CVSS 4.3).

WordPress
CVE-2026-0598 MEDIUM CVSS 4.2
Insufficient authorization checks in Ansible Lightspeed API conversation endpoints allow authenticated users to access and modify conversations belonging to other users. An attacker with valid credentials can exploit this to read sensitive conversation data and manipulate AI-generated outputs from other users' sessions. No patch is currently available.

Information Disclosure AI / ML Redhat
CVE-2026-0521 MEDIUM CVSS 6.1
Reflected XSS in TYDAC AG MAP+ 3.4.0 PDF export allows unauthenticated attackers to execute arbitrary JavaScript in victim browsers through malicious URLs, with public exploit code available. An attacker can deliver such links via email or social engineering to compromise user sessions and steal sensitive data. No patch is currently available.

XSS
CVE-2025-69216 MEDIUM CVSS 6.5
OpenSTAManager is an open source management software for technical assistance and invoicing. [CVSS 6.5 MEDIUM]

PHP SQLi Openstamanager
CVE-2025-13818 MEDIUM CVSS 6.7
Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent [CVSS 6.7 MEDIUM]

Privilege Escalation Management Agent
CVE-2025-10753 MEDIUM CVSS 5.3
The OAuth Single Sign On - SSO (OAuth Client) plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 6.26.14. [CVSS 5.3 MEDIUM]

WordPress PHP
CVE-2019-25301 MEDIUM CVSS 6.4
Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. [CVSS 6.4 MEDIUM]

PHP XSS
CVE-2019-25294 MEDIUM CVSS 6.1
html5_snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in add_router_operation.php. [CVSS 6.1 MEDIUM]

PHP Snmp XSS Html5 Snmp
CVE-2026-25764 LOW CVSS 3.5
OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. [CVSS 3.5 LOW]

XSS
CVE-2026-25724 LOW CVSS 2.3
Claude Code versions prior to 2.1.7 allow unauthorized file access by bypassing deny rules through symbolic link traversal, enabling attackers to read restricted files that administrators explicitly blocked. An attacker with access to the system can exploit this vulnerability to access sensitive files like /etc/passwd by leveraging symlinks that point to denied resources. This vulnerability affects AI/ML tools using Claude Code and currently has no available patch.

Information Disclosure
CVE-2026-23741 NONE
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file.

Industrial
CVE-2026-23740 NONE
Asterisk is an open source private branch exchange and telephony toolkit.

Linux
CVE-2026-23739 LOW CVSS 2.0
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the ast_xml_open() function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing. Specifically, it invokes xmlReadFile() with the XML_PARSE_NOENT flag and later processes XIncludes via xmlXIncludeProcess().If any untrusted or user-supplied XML file is passed to this function, it can ...

XXE
CVE-2026-23738 LOW CVSS 3.5
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using ast_str_append. [CVSS 3.5 LOW]

XSS
CVE-2026-22254 NONE
Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization.

PHP Laravel
CVE-2026-2069 LOW CVSS 3.3
A flaw has been found in ggml-org llama.cpp versions up to 55 is affected by buffer overflow (CVSS 3.3).

Buffer Overflow Stack Overflow
CVE-2026-2064 LOW CVSS 3.5
A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. [CVSS 3.5 LOW]

PHP XSS
CVE-2026-1998 LOW CVSS 3.3
A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. [CVSS 3.3 LOW]

Python Memory Corruption
CVE-2026-1991 LOW CVSS 3.3
A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. [CVSS 3.3 LOW]

Null Pointer Dereference
CVE-2026-1990 LOW CVSS 3.3
A security vulnerability has been detected in oatpp versions up to 1.3.1. is affected by improper resource shutdown or release (CVSS 3.3).

Null Pointer Dereference
CVE-2026-1971 LOW CVSS 2.4
A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wiz_WISP24gmanual of the file wiz_WISP24gmanual.asp. [CVSS 2.4 LOW]

XSS
CVE-2026-1727 None
The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL.
CVE-2025-15320 LOW CVSS 3.3
Tanium addressed a denial of service vulnerability in Tanium Client. [CVSS 3.3 LOW]

Denial Of Service

Today's Vulnerabilities Vulnerabilities