Skip to main content
CVE-2026-26009 CRITICAL Act Now

Command injection in Catalyst game server management platform. Install scripts in server templates allow injecting OS commands. EPSS 0.29%.

RCE
NVD GitHub
CVSS 3.1
9.9
EPSS
0.3%
CVE-2026-2095 CRITICAL Act Now

Authentication bypass in Flowring Agentflow workflow system allows unauthenticated remote attackers to exploit specific functions. EPSS 0.63%.

Authentication Bypass Agentflow
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-0488 CRITICAL Act Now

Unauthorized code execution in SAP CRM and SAP S/4HANA Scripting Editor. Authenticated attacker exploits generic function module call to execute unauthorized ABAP code. CVSS 9.9.

SAP Netweaver Application Server Abap Webclient Ui Framework
NVD
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-21531 CRITICAL PATCH Act Now

Deserialization of untrusted data in Azure SDK allows unauthorized code execution over a network. EPSS 0.32%.

Azure Deserialization Azure Conversation Authoring Client Library
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-2096 CRITICAL Act Now

Missing authentication in Flowring Agentflow allows unauthenticated attackers to read, modify, and delete data. Second auth bypass CVE.

Authentication Bypass AI / ML Agentflow
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-23906 CRITICAL PATCH Act Now

Authentication bypass in Apache Druid versions 0.17.0 through 35.x. Affects all versions prior to 36.0.0 when specific prerequisites are met.

Apache DNS LDAP Authentication Bypass Druid
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-11242 CRITICAL Act Now

SSRF vulnerability in Teknolist Okulistik application allows server-side requests to internal resources.

SSRF
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25993 CRITICAL PATCH Act Now

SQL injection in EverShop e-commerce platform during category update/deletion event handling. Path/request_path values injected unsanitized into SQL. Patch available.

SQLi Evershop
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-1774 CRITICAL PATCH Act Now

Prototype pollution in CASL Ability authorization library versions 2.4.0 through 6.7.4. Can lead to authorization bypass in applications using CASL for access control.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-0509 CRITICAL Act Now

Unauthorized Remote Function Call execution in SAP NetWeaver ABAP. Low-privileged users can execute background RFCs without proper authorization checks. CVSS 9.6.

SAP Netweaver As Abap Kernel Netweaver As Abap Krnl64nuc Netweaver As Abap Krnl64uc
NVD
CVSS 3.1
9.6
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy