Skip to main content
CVE-2026-26318 HIGH POC PATCH This Week

Command injection in systeminformation versions before 5.31.0 allows local attackers with user privileges to execute arbitrary system commands through unsanitized output parsing in the versions() function. Public exploit code exists for this vulnerability, which provides complete system compromise capabilities including information disclosure, modification, and denial of service. Upgrade to version 5.31.0 or later to remediate.

Node.js Command Injection Systeminformation
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-25232 HIGH POC PATCH This Week

Gogs is an open source self-hosted Git service. [CVSS 8.8 HIGH]

SSH Privilege Escalation Gogs Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25755 HIGH POC PATCH This Week

PDF object injection in the jsPDF JavaScript library (npm package 'jspdf', versions prior to 4.2.0) lets an attacker who controls the string passed to the addJS method break out of the PDF JavaScript string delimiter and inject arbitrary PDF dictionary objects, including auto-executing Additional Actions (/AA). Any user who later opens the generated PDF in a JavaScript-capable viewer executes the injected actions, affecting confidentiality, integrity and availability of their document session. Publicly available exploit code exists (a documented payload is published in the GitHub advisory), but EPSS is very low (0.04%, 10th percentile) and the issue is not in CISA KEV.

RCE Code Injection Jspdf
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-24834 HIGH POC PATCH This Week

Privilege escalation in Kata Containers (versions prior to 3.27.0) running on the Cloud Hypervisor backend lets a sufficiently-privileged container user write to the guest micro-VM's root filesystem and gain arbitrary code execution as root inside that VM. The root cause is that the read-only DAX/virtio-pmem rootfs image is never actually enforced read-only, so guest writes to /dev/pmem0 are observed by the guest. Publicly available exploit detail exists (GitHub Security Advisory GHSA-wwj6-vghv-5p64), though EPSS exploitation probability is negligible (0.01%) and it is not on CISA KEV.

RCE Kata Containers
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25535 HIGH POC PATCH This Week

Denial of service in jsPDF (npm package, all versions prior to 4.2.0) lets an attacker who can supply image input to the `addImage` or `html` methods crash the host process. A malicious GIF whose header declares enormous width/height values forces the bundled omggif decoder to attempt allocation of an oversized pixel buffer, producing out-of-memory errors. Publicly available exploit code exists (no active exploitation reported in CISA KEV), and the EPSS probability is low at 0.05%.

Denial Of Service Jspdf
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-26286 HIGH POC This Week

SillyTavern versions before 1.16.0 contain a server-side request forgery (SSRF) vulnerability in the asset download endpoint that allows authenticated users to make arbitrary HTTP requests from the server and access internal services, cloud metadata, and private network resources. Public exploit code exists for this vulnerability, which can be mitigated by upgrading to version 1.16.0 or configuring domain whitelisting in the config.yaml file.

SSRF AI / ML Sillytavern
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-26280 HIGH POC PATCH This Week

Command injection in the systeminformation Node.js library (versions prior to 5.30.8) lets attackers run arbitrary OS commands on Linux hosts through the wifiNetworks() function. While the iface argument is sanitized on the first call, the setTimeout retry path (triggered when the initial scan returns no results) re-invokes getWifiNetworkListIw() with the original unsanitized value, which reaches execSync('iwlist <iface> scan'). Any application that forwards user-controlled input to si.wifiNetworks() can be coerced into executing commands with the Node.js process privileges; publicly available exploit code exists, though EPSS risk is low (0.08%, 24th percentile) and it is not on the CISA KEV list.

Node.js Command Injection Systeminformation
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-26200 HIGH POC PATCH This Week

Heap buffer overflow in HDF5 versions prior to 1.14.4-2 allows attackers to trigger denial-of-service or potentially achieve code execution by crafting malicious h5 files. The vulnerability affects any system parsing untrusted HDF5 data files and has public exploit code available. A patch is not yet available, leaving affected deployments at risk.

RCE Buffer Overflow Heap Overflow Hdf5
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27013 HIGH POC PATCH This Week

Stored XSS in Fabric.js prior to version 7.2.0 allows attackers to inject arbitrary SVG elements and event handlers when user-supplied JSON is loaded and exported via toSVG(), affecting applications that process collaborative designs, imports, or CMS plugins. Public exploit code exists for this vulnerability. Applications rendering the SVG output in browsers are vulnerable to arbitrary JavaScript execution.

RCE XSS Fabric.Js
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-1581 HIGH POC This Week

Unauthenticated attackers can exploit time-based SQL injection in wpForo Forum plugin for WordPress versions up to 2.4.14 through the 'wpfob' parameter to extract sensitive database information. The vulnerability stems from insufficient input sanitization and improper SQL query preparation, allowing attackers to inject arbitrary SQL commands without authentication. No patch is currently available.

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-26202 HIGH POC PATCH This Week

Penpot before version 2.13.2 contains a path traversal vulnerability in the font creation endpoint that allows authenticated users with team edit permissions to read arbitrary files from the server filesystem. By supplying local file paths such as `/etc/passwd` as font data, attackers can retrieve sensitive files including system configuration, application secrets, and credentials. Public exploit code exists for this vulnerability, which could enable further server compromise depending on the Penpot process permissions.

Path Traversal Information Disclosure Penpot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-26278 HIGH POC PATCH This Week

Fast XML Parser versions 4.1.3 through 5.3.5 are vulnerable to XML entity expansion attacks that allow remote attackers to cause denial of service by forcing unbounded entity expansion with minimal payload sizes. Public exploit code exists for this vulnerability, enabling attackers to freeze or severely degrade application performance. Upgrade to version 5.3.6 or disable entity processing using the `processEntities: false` option to mitigate the risk.

Fast Xml Parser Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-26201 HIGH POC PATCH This Week

emp3r0r C2 framework versions prior to 3.21.2 crash due to unsynchronized concurrent map access in Go goroutines, allowing attackers with network access to trigger denial of service against the C2 infrastructure. Public exploit code exists for this vulnerability. The issue is resolved in version 3.21.2 and later.

Linux Golang Denial Of Service Emp3r0r Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-26267 HIGH POC PATCH This Week

Function name collision in Rs Soroban SDK versions prior to 22.0.10, 23.5.2, and 25.1.1 causes the #[contractimpl] macro to invoke incorrect functions when both trait and inherent implementations share identical function names, allowing attackers to exploit logic flaws through public exploit code. Smart contract developers using affected versions risk silent execution of unintended code paths that could compromise contract integrity and security guarantees. Patches are available for all vulnerable versions.

Authentication Bypass Rs Soroban Sdk
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27114 HIGH POC This Week

Nanazip versions up to 6.0.1630.0 is affected by loop with unreachable exit condition (infinite loop) (CVSS 7.5).

Denial Of Service Nanazip
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25474 HIGH POC PATCH This Week

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSecret` is not configured, allowing attackers with network access to the webhook endpoint to forge Telegram messages and trigger unintended bot actions. Public exploit code exists for this vulnerability. Affected deployments must upgrade to version 2026.2.1 or later, or ensure the webhook endpoint is not reachable by untrusted networks.

Authentication Bypass AI / ML Openclaw
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-26193 HIGH POC PATCH GHSA This Week

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. [CVSS 7.3 HIGH]

XSS AI / ML Open Webui
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-26192 HIGH POC PATCH GHSA This Week

Stored XSS in Open WebUI prior to version 0.7.0 allows authenticated users to inject malicious HTML payloads into chat document metadata, which execute in the browser when citations are previewed or viewed in shared chats. Public exploit code exists for this vulnerability, and an attacker with login access can compromise any user who interacts with their weaponized chat documents. Upgrade to version 0.7.0 or later to remediate.

XSS AI / ML Open Webui
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-25926 HIGH POC This Week

Notepad++ versions before 8.9.2 allow local code execution through an unsafe search path vulnerability that permits attackers to hijack the Windows Explorer executable if they control the process working directory. A user with local access running the affected application could be tricked into executing a malicious explorer.exe, leading to arbitrary code execution with application privileges. Public exploit code exists for this vulnerability and no patch is currently available.

Windows
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2019-25419 HIGH POC This Week

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the schedule endpoint. [CVSS 7.2 HIGH]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2019-25422 HIGH POC This Week

Comodo Dome Firewall 2.7.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the vpnfw endpoint. [CVSS 7.2 HIGH]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2019-25405 HIGH POC This Week

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the newLicense parameter. [CVSS 7.2 HIGH]

XSS Dome Firewall
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-0974 HIGH This Week

The Orderable WordPress plugin through version 1.20.0 fails to properly verify user permissions on plugin installation functions, enabling authenticated subscribers to install malicious plugins and achieve remote code execution. An attacker with minimal WordPress account privileges can exploit this capability check bypass to gain full server compromise without administrator credentials. No patch is currently available for this vulnerability (CVSS 8.8).

WordPress RCE Authentication Bypass
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-26323 HIGH PATCH This Week

Arbitrary command execution in OpenClaw versions 2026.1.8 through 2026.2.13 allows attackers to execute shell commands when developers or CI systems run the update-clawtributors.ts maintenance script on repositories containing malicious commit metadata. The vulnerability stems from unsanitized interpolation of git author emails into shell commands via execSync, exploitable only by those with access to the development environment or source repository. Version 2026.2.14 patches the issue.

Node.js Github Command Injection AI / ML Openclaw
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-26337 HIGH This Week

Arbitrary file read and server-side request forgery in Hyland Alfresco Transformation Service (and the underlying Alfresco Transform Core, including 5.3.0-alpha1) allow unauthenticated remote attackers to read arbitrary files and coerce the server into making outbound requests via absolute path traversal. Hyland has published a coordinated security advisory (CVE-2026-26337/26338/26339). No public exploit has been identified at time of analysis and the EPSS probability is low (0.12%), but the network-facing, unauthenticated nature makes this a meaningful exposure for internet-reachable transform components.

SSRF Path Traversal Alfresco Transform Core Alfresco Transform Service
NVD
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-26358 HIGH This Week

Dell Unisphere for PowerMax 10.2 lacks proper authorization checks, allowing authenticated remote attackers to bypass access controls and gain unauthorized administrative capabilities. This missing authorization vulnerability (CWE-862) affects users who have any valid account credentials on affected systems. No patch is currently available, making this a critical risk for organizations operating vulnerable PowerMax installations.

Authentication Bypass Dell Unisphere For Powermax
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-23544 HIGH This Week

Unsafe deserialization in Codetipi Valenti through version 5.6.3.5 enables authenticated attackers to inject arbitrary objects and achieve remote code execution. An attacker with valid credentials can exploit this vulnerability to execute malicious commands with the privileges of the affected application. No patch is currently available.

Deserialization
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-12821 HIGH This Week

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. [CVSS 8.8 HIGH]

WordPress RCE CSRF PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-12845 HIGH This Week

The Tablesome Table - Contact Form DB - WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the get_table_data() function in versions 0.5.4 to 1.2.1. [CVSS 8.8 HIGH]

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-26359 HIGH This Week

Dell Unisphere for PowerMax 10.2 contains a path traversal vulnerability that allows authenticated remote attackers to overwrite arbitrary files on the system. This HIGH severity flaw (CVSS 8.8) requires only low privileges and network access to exploit, potentially enabling complete system compromise. No patch is currently available for this vulnerability.

Information Disclosure Dell Unisphere For Powermax
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-4521 HIGH This Week

The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_profile() function in versions 2.1.5 to 2.1.9. [CVSS 8.8 HIGH]

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-13603 HIGH This Week

WP AUDIO GALLERY (WordPress plugin) versions up to 2.0. is affected by missing authorization (CVSS 8.8).

WordPress PHP
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-0912 HIGH This Week

Privilege escalation in WordPress Toret Manager plugin through version 1.2.7 allows authenticated subscribers to modify arbitrary site options due to missing capability checks in the trman_save_option functions. An attacker can exploit this to change the default registration role to administrator and enable user registration, granting themselves admin access to the vulnerable site. No patch is currently available.

WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-15560 HIGH This Week

An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. [CVSS 8.8 HIGH]

MSSQL SQLi Worktime
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-12107 HIGH This Week

Identity Server versions up to 5.11.0 contains a vulnerability that allows attackers to a malicious actor with admin privilege to inject and execute arbitrary template (CVSS 8.4).

RCE Identity Server
NVD
CVSS 3.1
8.4
EPSS
0.4%
CVE-2026-21535 HIGH PATCH This Week

Microsoft Teams contains an access control vulnerability that enables unauthenticated remote attackers to extract sensitive information without user interaction. The flaw affects Teams deployments and carries a high severity rating, though no patch is currently available. Exploitation requires only network access with no additional prerequisites, making this a significant risk for organizations using the platform.

Microsoft Teams
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-27475 HIGH This Week

Arbitrary code execution in SPIP before 4.4.9 through insecure deserialization of untrusted serialized objects in the table_valeur filter and DATA iterator. An attacker with prior access or leveraging a separate vulnerability to inject malicious serialized data can trigger arbitrary object instantiation and achieve remote code execution. No patch is currently available, and the vulnerability persists despite SPIP's standard security protections.

Deserialization Spip
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-26016 HIGH PATCH This Week

Missing authorization validation in Pterodactyl Wings prior to version 1.12.1 allows authenticated nodes to access and manipulate servers across different nodes without proper ownership verification. An attacker with a valid node secret token can retrieve sensitive installation scripts, alter server installation states, and modify transfer statuses for servers they should not have access to. The vulnerability requires network access and valid node credentials but carries high impact due to potential exposure of secrets and cross-node server manipulation.

Information Disclosure Panel
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-26360 HIGH This Week

Dell Unisphere for PowerMax versions 10.2 suffer from a path traversal vulnerability (CWE-73) that allows authenticated remote attackers to delete arbitrary files on affected systems. An attacker with low-level privileges can exploit this flaw without user interaction to achieve denial of service or system compromise. No patch is currently available for this high-severity issue (CVSS 8.1).

Information Disclosure Dell Unisphere For Powermax
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-26362 HIGH This Week

Dell Unisphere for PowerMax 10.2 contains a relative path traversal flaw that allows authenticated remote attackers to modify critical system files without user interaction. The vulnerability affects systems with low-privileged user accounts and carries high integrity and availability impact, though no patch is currently available. With an EPSS score of 0.1%, exploitation likelihood remains low despite the HIGH severity rating.

Path Traversal Unisphere For Powermax
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-25940 HIGH PATCH This Week

jsPDF versions prior to 4.2.0 allow attackers to inject arbitrary PDF objects including malicious JavaScript through unsanitized input to the Acroform module, which executes when users interact with form elements. An attacker who can control input passed to vulnerable API members can achieve code execution on the victim's system. The vulnerability is fixed in jsPDF 4.2.0 and can be mitigated by sanitizing all user input before passing it to affected Acroform properties and methods.

Jspdf Code Injection
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-22267 HIGH This Week

Dell PowerProtect Data Manager versions prior to 19.22 contain an incorrect privilege assignment flaw that allows remote attackers with low-level credentials to escalate their privileges on affected systems. The vulnerability requires network access and valid authentication but no user interaction, making it exploitable by insiders or attackers who have obtained legitimate credentials. No patch is currently available.

Information Disclosure Dell Powerprotect Data Manager
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-15561 HIGH This Week

An attacker can exploit the update behavior of the WorkTime monitoring daemon to elevate privileges on the local system to NT Authority\SYSTEM. A malicious executable must be named  WTWatch.exe and dropped in the C:\ProgramData\wta\ClientExe directory, which is writable by "Everyone". [CVSS 7.8 HIGH]

Privilege Escalation Worktime
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-4960 HIGH This Week

The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. [CVSS 7.8 HIGH]

macOS AWS Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25418 HIGH This Week

SQL injection in Bit Form through version 2.21.10 enables authenticated attackers with high privileges to execute arbitrary database queries, potentially exposing sensitive data. The vulnerability requires administrative credentials but has no available patch, leaving affected installations at risk until an update is released.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-25378 HIGH This Week

Blind SQL injection in Nelio AB Testing plugin version 8.2.4 and earlier enables authenticated attackers with high privileges to execute arbitrary SQL queries against the database. An attacker with administrative access could exploit this vulnerability to extract sensitive data or manipulate database contents, though availability impact is limited. No patch is currently available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-23805 HIGH This Week

SQL injection in Yoren Chang Media Search Enhanced through version 0.9.1 enables unauthenticated remote attackers to execute arbitrary SQL queries and extract sensitive data from the underlying database. With high privileges required for exploitation, an authenticated attacker with administrative access can manipulate SQL commands to compromise data confidentiality while causing minor service disruption. No patch is currently available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-26322 HIGH PATCH This Week

OpenClaw versions prior to 2026.2.14 fail to validate the gatewayUrl parameter in the Gateway tool, allowing authenticated users or operators to redirect WebSocket connections to arbitrary targets and potentially access internal resources. This vulnerability requires authentication and the ability to invoke specific tool calls, limiting exposure to trusted users and automated systems rather than anonymous attackers. An attacker with these privileges could establish unauthorized outbound connections from the OpenClaw host, compromising confidentiality and potentially enabling further network-based attacks.

SSRF AI / ML Openclaw
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-27343 HIGH This Week

PHP Local File Inclusion in Airtifact versions up to 1.2.91 permits authenticated attackers to read arbitrary files on the server through improper validation of include/require statements. With low privileges required and no user interaction necessary, an attacker can leverage this vulnerability to access sensitive configuration files or application source code. No patch is currently available for this vulnerability.

PHP LFI
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27052 HIGH This Week

villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer is affected by php remote file inclusion (CVSS 7.5).

WordPress PHP LFI Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy