Skip to main content
CVE-2026-26190 CRITICAL POC PATCH GHSA Act Now

Unauthenticated API access in Milvus vector database before 2.5.27/2.6.10. TCP port 9091 exposed by default without authentication. EPSS 0.32% with PoC and patch available.

Authentication Bypass AI / ML Milvus Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-26273 CRITICAL POC PATCH Act Now

Critical authentication bypass in Known social publishing platform 1.6.2 and earlier. Broken authentication allows unauthorized access. PoC and patch available.

Information Disclosure Known
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2025-69770 CRITICAL Act Now

Zip slip to RCE in MojoPortal CMS v2.9.0.1 via /DesignTools/SkinList.aspx. Malicious ZIP archives write files outside extraction directory, enabling code execution. CVSS 10.0.

Path Traversal
NVD GitHub
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-26333 CRITICAL Act Now

Unauthenticated .NET Remoting endpoint in Calero VeraSMART before 2022 R1. TCP port 8001 exposes default Object URIs enabling deserialization attacks. EPSS 0.17%.

IIS .NET RCE Verasmart
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-26335 CRITICAL POC Act Now

Static ASP.NET machineKey in Calero VeraSMART before 2022 R1. Hardcoded key enables ViewState deserialization attacks and cookie forgery.

IIS .NET RCE Deserialization Verasmart
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-69633 CRITICAL Act Now

SQL injection in Advanced Popup Creator PrestaShop module 1.1.26-1.2.6. Fixed in 1.2.7.

PHP SQLi
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-23112 CRITICAL PATCH CISA Act Now

Linux kernel NVMe-oF TCP transport lacks proper bounds checking in PDU processing, allowing a local attacker with low privileges to trigger a kernel panic by crafting malicious PDU parameters that exceed scatter-gather list boundaries. The vulnerability enables denial of service through GPF/KASAN errors when invalid memory offsets are dereferenced during data copy operations. No patch is currently available for affected systems.

Linux Memory Corruption Buffer Overflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26221 CRITICAL Act Now

Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe).

RCE Deserialization
NVD
CVSS 4.0
9.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy