Skip to main content
CVE-2026-25516 MEDIUM POC PATCH This Month

Cross-site scripting in NiceGUI's ui.markdown() component allows unauthenticated attackers to inject malicious HTML and JavaScript into applications that render user-controlled markdown content, as the component lacks built-in sanitization unlike other NiceGUI HTML rendering functions. Public exploit code exists for this vulnerability affecting NiceGUI versions before 3.7.0. Applications using ui.markdown() with untrusted input are vulnerable to session hijacking, credential theft, and other client-side attacks.

Python XSS Nicegui
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-25725 CRITICAL PATCH Act Now

Claude Code prior to version 2.1.2 has a CVSS 10.0 sandbox escape in the bubblewrap sandboxing mechanism, allowing code execution outside the intended sandbox boundary.

Privilege Escalation Code Injection RCE Docker Linux +2
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-25632 CRITICAL PATCH Act Now

EPyT-Flow hydraulic simulation package has a CVSS 10.0 insecure deserialization enabling code execution when loading simulation scenario files.

Python Command Injection Deserialization Epyt Flow
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-25592 CRITICAL POC PATCH Act Now

Microsoft Semantic Kernel SDK has a CVSS 9.9 path traversal vulnerability enabling AI agents to access arbitrary files outside their intended scope.

Microsoft Linux Python .NET AI / ML
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-25556 MEDIUM POC PATCH This Month

MuPDF versions 1.23.0 through 1.27.0 are vulnerable to a double-free memory corruption flaw in the display list rendering function that can be triggered through crafted barcode input during exception handling. Applications using MuPDF's barcode decoding feature can crash or potentially experience heap corruption when processing specially crafted files. Public exploit code exists for this vulnerability, and a patch is available.

Denial Of Service Mupdf
NVD VulDB
CVSS 4.0
5.9
EPSS
0.1%
CVE-2026-25763 CRITICAL Act Now

OpenProject has a CVSS 9.9 command injection vulnerability allowing authenticated users to execute OS commands on the project management server.

RCE Openproject
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-25753 CRITICAL Act Now

PlaciPy placement management system 1.0.0 uses a hard-coded password, allowing any attacker who discovers it to gain full system access.

Authentication Bypass Placipy
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25803 CRITICAL Act Now

3DP-MANAGER for 3x-ui has hard-coded credentials (CVSS 9.8) in version 2.0.1 that provide automatic access to the management interface.

Authentication Bypass 3dp Manager
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-1709 CRITICAL PATCH GHSA Act Now

Authentication bypass in the Keylime registrar (versions 7.12.0 and later) lets unauthenticated network attackers perform administrative actions because the registrar fails to enforce client-side mutual TLS. Attackers connecting without a client certificate can list registered agents, read public TPM data, and delete agents - undermining the integrity of the remote-attestation trust chain. EPSS is low (0.04%, 11th percentile) and there is no public exploit identified at time of analysis, but the flaw is trivially reachable (CVSS 9.8) and patched across Red Hat and SUSE channels.

Authentication Bypass Enterprise Linux For Ibm Z Systems Enterprise Linux For Arm 64 Eus Keylime Enterprise Linux For Power Little Endian +5
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-25544 CRITICAL PATCH Act Now

Payload CMS prior to 3.73.0 has a SQL injection vulnerability when querying structured data, enabling database compromise on the headless CMS.

SQLi Payload
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2060 MEDIUM POC This Month

Simple Blood Donor Management System versions up to 1.0 contains a security vulnerability (CVSS 7.3).

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-2057 MEDIUM POC This Month

Medical Center Portal Management System versions up to 1.0 contains a security vulnerability (CVSS 7.3).

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-2018 MEDIUM POC This Month

SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /ramonsys/settings/controller.php allows unauthenticated remote attackers to manipulate database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation enables data exfiltration, modification, and potential service disruption.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-2012 MEDIUM POC This Month

SQL injection in itsourcecode Student Management System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /ramonsys/facultyloading/index.php, potentially enabling unauthorized database access and modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at active risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-2011 MEDIUM POC This Month

SQL injection in itsourcecode Student Management System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /ramonsys/enrollment/controller.php, enabling unauthorized database access and potential data modification. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for affected school institutions.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-2058 MEDIUM POC This Month

SQL injection in CloudClassroom-PHP-Project's /postquerypublic.php endpoint allows unauthenticated remote attackers to manipulate the gnamex parameter and execute arbitrary database queries. Public exploit code is available for this vulnerability, and the vendor has not provided patches despite early disclosure notification. Affected systems using this PHP application up to commit 5dadec098bfbbf3300d60c3494db3fb95b66e7be are at immediate risk of data theft or manipulation.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-2059 MEDIUM POC This Month

Medical Center Portal Management System versions up to 1.0 contains a security vulnerability (CVSS 7.3).

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-2014 MEDIUM POC This Month

SQL injection in itsourcecode Student Management System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /ramonsys/billing/index.php and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could enable data exfiltration, modification, or deletion depending on database permissions.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-2013 MEDIUM POC This Month

SQL injection in itsourcecode Student Management System 1.0 via the ID parameter in /ramonsys/soa/index.php allows unauthenticated remote attackers to manipulate database queries with public exploit code available. The vulnerability enables attackers to read, modify, or delete sensitive educational data without authentication or user interaction. No patch is currently available, leaving affected installations at risk of data compromise.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-24903 MEDIUM POC This Month

OrcaStatLLM Researcher is an LLM Based Research Paper Generator. [CVSS 5.4 MEDIUM]

XSS AI / ML Orcastatllm Researcher
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-25581 MEDIUM POC PATCH This Month

Reflected cross-site scripting in SCEditor prior to version 3.2.1 allows attackers with control over configuration parameters to inject malicious scripts through unsanitized options like emoticons or charset settings. Public exploit code exists for this vulnerability, which affects any application integrating the affected SCEditor versions. A patch is available in version 3.2.1 and later.

XSS Sceditor
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-1337 MEDIUM POC PATCH This Month

Neo4J versions up to 2026.01 contains a vulnerability that allows attackers to XSS if the user opens the logs in a tool that treats them as HTML (CVSS 5.4).

Github XSS Neo4j
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-2062 MEDIUM POC PATCH This Month

Open5GS versions up to 2.7.6 suffer from a null pointer dereference in the PGW S5U Address Handler component that can be triggered remotely without authentication, resulting in denial of service. Public exploit code exists for this vulnerability, and administrators should apply the available patch immediately.

Null Pointer Dereference Open5gs
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-1976 MEDIUM POC This Month

Free5GC versions up to 4.1.0 are vulnerable to a null pointer dereference in the SMF component's SessionDeletionResponse function, allowing unauthenticated remote attackers to cause denial of service. Public exploit code exists for this vulnerability, and no patch is currently available.

Null Pointer Dereference Free5gc
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-1975 MEDIUM POC This Month

Free5GC versions up to 4.1.0 contain a null pointer dereference vulnerability in the identityTriggerType function of pfcp_reports.go that allows remote attackers to cause denial of service without authentication. Public exploit code exists for this vulnerability, and no patch is currently available.

Null Pointer Dereference Free5gc
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-1973 MEDIUM POC This Month

Free5GC versions up to 4.1.0 contain a null pointer dereference in the SMF's establishPfcpSession function that can be triggered remotely without authentication, causing a denial of service. Public exploit code exists for this vulnerability, and no patch is currently available.

Null Pointer Dereference Free5gc
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-1974 MEDIUM POC This Month

Free5GC versions up to 4.1.0 contain a denial of service vulnerability in the SMF component's ResolveNodeIdToIp function that can be exploited remotely without authentication. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected 5G network infrastructure at risk of service disruption.

Golang Denial Of Service Free5gc
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-2055 MEDIUM POC This Month

Information disclosure in D-Link DIR-605L and DIR-619L routers allows unauthenticated remote attackers to access sensitive DHCP client information through an unspecified manipulation of the DHCP Client Information Handler component. Public exploit code exists for this vulnerability, though patches are unavailable since these device models are no longer supported by D-Link.

D-Link Information Disclosure Dir 619l Firmware Dir 605l Firmware
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-2054 MEDIUM POC This Month

D-Link DIR-605L and DIR-619L routers (firmware versions 2.06B01/2.13B01) expose sensitive information through an unauthenticated remote manipulation of the WiFi Setting Handler component. Public exploit code is available for this vulnerability, and affected devices are no longer receiving security updates from D-Link. An attacker can remotely retrieve configuration data without authentication or user interaction.

D-Link Information Disclosure Dir 605l Firmware Dir 619l Firmware
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-2056 MEDIUM POC This Month

D-Link DIR-605L and DIR-619L routers expose sensitive information through the DHCP Connection Status Handler via unauthenticated network requests, with public exploit code available. Affected devices running firmware versions 2.06B01 and 2.13B01 can leak configuration data to remote attackers without authentication, though impact is limited to information disclosure. No patch is available as these router models are end-of-life and no longer supported by D-Link.

D-Link Information Disclosure Dir 605l Firmware Dir 619l Firmware
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-1972 MEDIUM POC This Month

Edimax BR-6208AC firmware versions prior to 2_1.02 contain an authentication bypass in the auth_check_userpass2 function that allows remote attackers to gain access using default credentials through manipulation of username and password parameters. Public exploit code exists for this vulnerability, and the affected product is end-of-life with no vendor patches planned. Organizations still operating this router should immediately restrict network access or plan for replacement.

Information Disclosure Br 6208ac Firmware
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-25757 MEDIUM POC PATCH This Month

Spree versions up to 5.0.8 is affected by authorization bypass through user-controlled key (CVSS 5.3).

Ruby Spree
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-25722 CRITICAL PATCH Act Now

Claude Code prior to version 2.0.57 failed to properly validate MCP tool inputs, allowing malicious MCP servers to inject commands through tool responses.

Code Injection AI / ML Claude Code
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-25804 CRITICAL PATCH Act Now

Antrea Kubernetes networking has an authentication bypass enabling unauthorized access to the Kubernetes network policy infrastructure.

Kubernetes Antrea Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-25752 CRITICAL PATCH Act Now

FUXA SCADA/HMI software has an additional authorization bypass vulnerability enabling unauthenticated access to industrial control visualizations.

SCADA Fuxa
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-1499 HIGH This Week

WP Duplicate WordPress plugin has a missing authorization vulnerability leading to arbitrary file deletion that can destroy the WordPress installation.

WordPress RCE Authentication Bypass Path Traversal File Upload
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2026-24851 HIGH PATCH This Week

Improper policy enforcement in OpenFGA versions 1.8.5 through 1.11.2 (and corresponding Helm Chart and Docker releases) allows authenticated users to bypass authorization checks through specially crafted tuple configurations that mix type-bound public and non-public access policies. An attacker with valid credentials can exploit mismatched tuple assignments to gain unauthorized access to protected resources by leveraging lexicographic object ID ordering in the authorization engine. No patch is currently available.

Docker Openfga Helm Charts Red Hat Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-15566 HIGH This Week

A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. [CVSS 8.8 HIGH]

Nginx Kubernetes RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-64175 HIGH PATCH This Week

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. [CVSS 8.8 HIGH]

Authentication Bypass Gogs Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25647 MEDIUM POC PATCH This Month

Stored XSS in Lute's Markdown rendering engine (versions 1.7.6 and earlier) allows authenticated attackers to inject malicious JavaScript into notes that executes when other users view the rendered content. SiYuan and other applications using vulnerable Lute versions are affected, with public exploit code available. A patch is available and should be applied to prevent session hijacking and credential theft.

Golang XSS Siyuan
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-25593 HIGH PATCH This Week

OpenClaw prior to version 2026.1.20 allows local unauthenticated attackers to execute arbitrary commands as the gateway user by exploiting the WebSocket API to inject malicious command paths through the config.apply function. The vulnerability stems from insufficient validation of the cliPath parameter, which is subsequently used for command discovery without proper sanitization. No patch is currently available for affected versions.

Command Injection AI / ML Openclaw
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-24930 HIGH This Week

UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]

Industrial Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-24926 HIGH This Week

Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]

Buffer Overflow Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-23989 HIGH PATCH This Week

Unauthenticated attackers can bypass public link scope verification in OpenCloud Reva versions prior to 2.42.3 and 2.40.3 through a flaw in GRPC authorization middleware. By exploiting the archiver service, an attacker can create archives containing all resources accessible to the public link creator, resulting in unauthorized information disclosure. A patch is available in versions 2.42.3 and 2.40.3.

Authentication Bypass Opencloud Reva Suse
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-24135 HIGH PATCH This Week

Arbitrary file deletion in Gogs 0.13.3 and earlier allows authenticated repository contributors to exploit a path traversal flaw in the wiki page update function, enabling deletion of arbitrary files on the affected server. An attacker with wiki write access can manipulate the old_title parameter to traverse the filesystem and remove critical files. No patch is currently available for this high-severity vulnerability (CVSS 8.1).

Path Traversal Gogs Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-25793 HIGH PATCH This Week

Nebula is a scalable overlay networking tool. [CVSS 8.1 HIGH]

Information Disclosure Nebula Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-13523 HIGH PATCH This Week

Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connection link that, when visited, renders the attacker's display name without proper sanitization. [CVSS 7.7 HIGH]

Confluence Suse
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-25644 HIGH This Week

DataHub versions prior to 1.3.1.8 are vulnerable to man-in-the-middle attacks during LDAP authentication due to insufficient TLS certificate validation, allowing attackers on the network to intercept and eavesdrop on sensitive authentication credentials. An unauthenticated attacker can downgrade the TLS connection to capture plaintext LDAP credentials without requiring user interaction. No patch is currently available for affected deployments.

TLS LDAP Datahub
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25751 HIGH PATCH This Week

Unauthenticated attackers can retrieve sensitive InfluxDB credentials from FUXA versions through 1.2.9 due to missing authentication controls, enabling direct database access. An attacker exploiting this vulnerability can read, modify, or delete all historical process data and perform denial of service attacks by corrupting the database. FUXA 1.2.10 addresses this issue, but no patch is currently available for affected versions.

SCADA Denial Of Service Information Disclosure Fuxa
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25762 HIGH PATCH This Week

Memory exhaustion in AdonisJS @adonisjs/bodyparser prior to versions 10.1.3 and 11.0.0-next.9 allows unauthenticated remote attackers to trigger denial of service by uploading files that cause unbounded memory accumulation during multipart parsing. The vulnerable multipart handler fails to enforce memory limits while processing file type detection, enabling attackers to exhaust server resources and crash the application. No patch is currently available for affected installations.

Denial Of Service Bodyparser
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy