Google Chrome's CSS engine contains a use-after-free vulnerability (CVE-2026-2441, CVSS 8.8) that allows remote attackers to execute arbitrary code within the browser sandbox through crafted HTML pages. KEV-listed with public PoC, this vulnerability enables drive-by exploitation when users visit malicious or compromised websites.
FileZen contains an OS command injection vulnerability (CVE-2026-25108, CVSS 8.8) that allows authenticated users to execute arbitrary commands when the Antivirus Check Option is enabled. KEV-listed with EPSS 18.6%, this vulnerability in the Japanese file-sharing appliance has been actively exploited in campaigns targeting organizations in Japan and Asia-Pacific.
LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges (User role) can directly access the admin backend by logging in through /admin/login. [CVSS 8.8 HIGH]
Unauthenticated remote attackers can crash BACnet Stack prior to versions 1.5.0rc4 and 1.4.3rc2 by sending a malformed WriteProperty request that triggers an integer underflow during APDU decoding, resulting in an out-of-bounds memory read. Public exploit code exists for this vulnerability. The issue affects embedded systems running vulnerable versions of the BACnet protocol stack library.
Tandoor Recipes prior to 2.5.1 contains a blind server-side request forgery vulnerability in the Cookmate recipe import feature that allows authenticated users to bypass URL validation after HTTP redirects, enabling attacks against internal networks and cloud metadata services. An attacker with standard user privileges can leverage this flaw to scan internal ports, access sensitive metadata, or discover the server's real IP address. Public exploit code exists for this vulnerability.
An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. [CVSS 7.5 HIGH]
An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request message. [CVSS 7.5 HIGH]
A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. [CVSS 7.5 HIGH]
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. [CVSS 7.5 HIGH]
An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response. [CVSS 7.4 HIGH]
A use-after-free vulnerability in the Linux kernel's netfilter nf_tables module allows local attackers with unprivileged access to cause memory corruption and denial of service through an inverted logic check in catchall map element activation during failed transactions. The flaw occurs in nft_map_catchall_activate() which incorrectly processes already-active elements instead of inactive ones, potentially leading to privilege escalation or system crash. No patch is currently available.
Flexcity versions before 1.0.36 contain an authentication bypass vulnerability that allows authenticated users to escalate their privileges through an alternate access path. An attacker with valid credentials can exploit this flaw to gain unauthorized elevated access to the system. No patch is currently available.
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36. [CVSS 8.8 HIGH]
The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srm_restore_options_defaults' function in all versions up to, and including, 3.1.19. [CVSS 8.8 HIGH]
Flexcity versions up to 1.0.36. is affected by authorization bypass through user-controlled key (CVSS 8.3).
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed. [CVSS 8.2 HIGH]
Authenticated users in lakeFS prior to version 1.77.0 can exploit path traversal vulnerabilities in the local block adapter to read and write files outside their intended storage boundaries by bypassing insufficient prefix validation checks. An attacker with valid credentials can manipulate object identifiers and path sequences to access sibling directories and storage namespaces they should not have access to. A patch is available in version 1.77.0 and later.
Caido versions prior to 0.55.0 can be bypassed using a crafted X-Forwarded-Host header to circumvent domain whitelist restrictions, allowing unauthenticated remote attackers to reach non-whitelisted domains through port 8080. This vulnerability affects all users of the web security auditing toolkit and could enable attackers to exfiltrate data or attack internal systems. No patch is currently available for affected versions.
Cursor versions before 2.5 allow sandbox escape through improper .git configuration file protections, enabling malicious prompts or agents to write git hooks that execute arbitrary code when git commands are triggered. An attacker can achieve remote code execution without user interaction since git automatically executes these hooks, potentially compromising systems where Cursor is used for AI-assisted development. A patch is available in version 2.5.
ADB Explorer on Windows versions prior to Beta 0.9.26020 allows local attackers to achieve remote code execution by crafting a malicious App.txt settings file that exploits insecure JSON deserialization with enabled type name handling. An attacker can inject a gadget chain payload into the configuration file that executes arbitrary code when the application launches and processes settings. No patch is currently available for affected versions.
Local privilege escalation in Calero VeraSMART versions before 2026 R1 stems from hardcoded AES encryption keys embedded in Veramark.Framework.dll that protect service account credentials stored in app.settings. An attacker with local system access can extract these static keys, decrypt the stored passwords, and use the recovered credentials to authenticate as the service account, potentially gaining elevated privileges depending on that account's permissions. No patch is currently available for this vulnerability.
A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication.
A State Pollution vulnerability was discovered in the TON Virtual Machine (TVM) before v2025.04. The issue exists in the RUNVM instruction logic (VmState::run_child_vm), which is responsible for initializing child virtual machines. [CVSS 7.5 HIGH]
A Denial of Service (DoS) vulnerability was discovered in the TON Lite Server before v2024.09. [CVSS 7.5 HIGH]
A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before accessing it. [CVSS 7.5 HIGH]
A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. [CVSS 7.5 HIGH]
WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. [CVSS 7.3 HIGH]
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. [CVSS 7.3 HIGH]
Stored XSS in the PixelYourSite WordPress plugin through versions 11.2.0 allows unauthenticated attackers to inject malicious scripts via the 'pysTrafficSource' and 'pys_landing_page' parameters due to inadequate input sanitization and output escaping. When users visit pages containing injected payloads, the scripts execute in their browsers, potentially compromising sessions and stealing sensitive data. No patch is currently available, leaving all affected installations vulnerable.
Stored XSS in WordPress PixelYourSite PRO plugin versions up to 12.4.0.2 allows unauthenticated attackers to inject malicious scripts through the 'pysTrafficSource' and 'pys_landing_page' parameters due to insufficient input validation and output encoding. When site visitors access pages containing injected payloads, the malicious scripts execute in their browsers, potentially enabling session hijacking, credential theft, or malware distribution. No patch is currently available for this vulnerability.