THREAT ALERT

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — February 21, 2026

73 CVEs tracked today. 5 Critical, 36 High, 27 Medium, 5 Low.

CVE-2026-27574 CRITICAL CVSS 9.9
Code injection in OneUptime monitoring via custom JS monitor using vm module. PoC and patch available.

Node.js Redis Oneuptime
CVE-2026-27471 CRITICAL CVSS 9.1
Missing authorization in ERPNext ERP before 15.98.0/16.6.0. Patch available.

Authentication Bypass Erpnext
CVE-2026-27211 CRITICAL CVSS 10.0
Arbitrary host file exfiltration from Cloud Hypervisor VMM versions 34.0-50.0. CVSS 10.0. Patch available.

Kvm Linux Information Disclosure Path Traversal Docker
CVE-2026-27197 CRITICAL CVSS 9.1
SAML authentication bypass in Sentry 21.12.0 through 26.1.0.

Authentication Bypass Sentry
CVE-2026-27194 CRITICAL CVSS 9.8
RCE in D-Tale pandas data visualizer before 3.20.0 via /save-column-filter. Patch available.

RCE AI / ML D Tale
CVE-2026-27579 HIGH CVSS 7.4
CollabPlatform's misconfigured CORS policy allows credentialed cross-origin requests from attacker-controlled domains, enabling unauthorized access to sensitive user account data including email addresses, account identifiers, and MFA status. All versions of the application are affected by this vulnerability, which remains unpatched and exploitable through simple web-based attacks requiring user interaction.

CSRF Information Disclosure
CVE-2026-27488 HIGH CVSS 7.3
OpenClaw versions 2026.2.17 and earlier allow unauthenticated remote attackers to access internal and metadata endpoints through unprotected cron webhook delivery mechanisms that lack SSRF validation. An attacker can exploit this to reach private services and endpoints that should be restricted, potentially leading to information disclosure or lateral movement within the infrastructure. A patch is available in version 2026.2.19.

SSRF AI / ML Openclaw
CVE-2026-27487 HIGH CVSS 7.6
OpenClaw AI assistant on macOS versions 2026.2.13 and earlier is vulnerable to command injection through the credential refresh mechanism, which improperly handles user-controlled OAuth tokens when constructing shell commands for Keychain operations. An authenticated attacker with local access could exploit this to execute arbitrary OS commands with the privileges of the application user. The vulnerability has been patched in version 2026.2.14.

macOS Command Injection AI / ML Openclaw
CVE-2026-27479 HIGH CVSS 7.7
Wallos versions 4.6.0 and below allow authenticated attackers to perform Server-Side Request Forgery attacks through the logo upload feature by exploiting HTTP redirects that bypass IP validation checks, enabling access to internal resources and cloud metadata endpoints. Public exploit code exists for this vulnerability, and an available patch should be applied immediately to prevent unauthorized disclosure of sensitive configuration and credentials.

SSRF Wallos
CVE-2026-27470 HIGH CVSS 8.8
SQL injection in ZoneMinder's status.php getNearEvents() function allows authenticated users with event management permissions to execute arbitrary database queries through improperly sanitized Event Name and Cause fields in versions 1.36.37 and below or 1.37.61 through 1.38.0. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker could extract sensitive data, modify database contents, or potentially achieve code execution depending on database permissions and configuration.

PHP SQLi Zoneminder
CVE-2026-27466 HIGH CVSS 7.2
BigBlueButton versions 3.0.21 and below allow remote denial of service when ClamAV is configured following official documentation, as the exposed clamd ports (3310, 7357) can be targeted by attackers to send malicious documents that exhaust server resources or crash the scanning service. This vulnerability affects Ubuntu and Docker deployments since standard firewall rules do not restrict container traffic, and public exploit code exists. An unauthenticated remote attacker requires only network access to trigger the denial of service condition.

Ubuntu Docker Denial Of Service Bigbluebutton
CVE-2026-27464 HIGH CVSS 7.7
Metabase versions prior to 0.57.13 and 0.58.x through 0.58.6 allow authenticated users to extract sensitive data including database credentials through template injection in the notification system. An attacker with low privileges can exploit unsafe template evaluation to retrieve confidential information and expose database access credentials. A patch is available in versions 0.57.13 and 0.58.7, or administrators can disable notifications as a temporary mitigation.

Industrial Metabase
CVE-2026-27212 HIGH CVSS 7.8
Prototype pollution in Swiper versions 6.5.1 through 12.1.1 allows local authenticated attackers to manipulate Object.prototype through improperly validated user input, enabling authentication bypass, denial of service, and remote code execution. Public exploit code exists for this vulnerability, which affects applications on Linux and Windows using Node.js or Bun runtimes. A patch is available and should be applied immediately to affected systems processing untrusted input.

Linux Denial Of Service Authentication Bypass Swiper
CVE-2026-27206 HIGH CVSS 8.1
Zumba Json Serializer versions 3.2.2 and below allow unrestricted PHP object instantiation during JSON deserialization, enabling attackers to trigger arbitrary class constructors and magic methods via malicious @type fields. When processing untrusted JSON input, this vulnerability can lead to PHP Object Injection and remote code execution if vulnerable gadget chains are present in the application or its dependencies. The vulnerability affects applications using affected PHP serialization libraries and currently lacks a patched version.

PHP RCE Deserialization
CVE-2026-27203 HIGH CVSS 8.3
eBay API MCP Server's ebay_set_user_tokens tool fails to validate environment variable inputs in the updateEnvFile function, allowing authenticated attackers to inject arbitrary variables into the .env configuration file. An attacker with login credentials can exploit this to overwrite existing configurations, trigger denial of service conditions, or achieve remote code execution through malicious environment variable injection. No patch is currently available for this vulnerability affecting all versions of the AI/ML product.

Denial Of Service AI / ML
CVE-2026-27202 HIGH CVSS 7.5
Arbitrary file read vulnerability in GetSimple CMS affects all versions through its Uploaded Files feature, allowing unauthenticated remote attackers to access sensitive files on affected systems. Public exploit code exists for this vulnerability, and no patch is currently available. The high-severity flaw (CVSS 7.5) poses a significant confidentiality risk to all GetSimple CMS deployments.

Path Traversal Getsimple Cms
CVE-2026-27198 HIGH CVSS 8.8
Formwork CMS versions 2.0.0 through 2.3.3 fail to validate user privileges during account creation, allowing authenticated editors to create admin accounts and gain full CMS control. An attacker with editor-level access can exploit this authorization bypass to escalate privileges without restriction, completely compromising the application. A patch is available in version 2.3.4.

Privilege Escalation Formwork
CVE-2026-27196 HIGH CVSS 8.1
Versions 5.73.8 and below in addition to 6.0.0-alpha.1 versions up to 6.3.1 is affected by cross-site scripting (xss) (CVSS 8.1).

XSS
CVE-2026-27192 HIGH CVSS 8.1
Origin validation bypass in Feathers framework versions 5.0.39 and below allows remote attackers to hijack OAuth tokens by registering domains with a common prefix to legitimate allowed origins, exploiting insufficient string comparison in the getAllowedOrigin() function. An attacker can craft a domain like https://target.com.attacker.com to bypass validation configured for https://target.com and intercept authentication credentials. This affects iOS applications and systems using vulnerable Feathers versions, though exploitation requires specific OAuth flow configurations.

Feathers
CVE-2026-27170 HIGH CVSS 7.1
OpenSift versions 1.1.2-alpha and below allow authenticated attackers to abuse the URL ingest feature's overly permissive server-side request functionality to probe or access private and local network resources from the OpenSift host. The vulnerability requires valid credentials but no user interaction, enabling attackers to enumerate or interact with internal infrastructure not otherwise accessible. No patch is currently available, though version 1.1.3-alpha contains a fix.

Code Injection AI / ML Opensift
CVE-2026-27169 HIGH CVSS 8.9
Stored cross-site scripting in OpenSift versions 1.1.2-alpha and below allows authenticated attackers to execute arbitrary JavaScript in victims' browsers by injecting malicious content into study materials, quizzes, or flashcards that render without proper HTML sanitization. An attacker with the ability to create or modify stored content could perform unauthorized actions within authenticated user sessions. No patch is currently available for this vulnerability.

XSS AI / ML Opensift
CVE-2026-27168 HIGH CVSS 8.8
The SAIL image library contains a heap buffer overflow in its XWD file parser that fails to validate the bytes_per_line value read from untrusted files, allowing attackers to trigger out-of-bounds memory writes during image processing. Public exploit code exists for this vulnerability affecting all versions of SAIL. No patch is currently available, leaving users of this cross-platform image loading library exposed to potential code execution or denial of service attacks.

Buffer Overflow Heap Overflow Sail
CVE-2026-27161 HIGH CVSS 7.5
Unauthenticated attackers can access sensitive files in GetSimple CMS when Apache's AllowOverride directive is disabled, bypassing .htaccess protections that restrict directory access. This configuration is common in hardened and shared hosting environments, exposing authorization credentials, API keys, and cryptographic salts in files like authorization.xml. Public exploit code exists for this vulnerability, and no patch is currently available.

Apache Getsimple Cms
CVE-2026-27134 HIGH CVSS 8.1
Strimzi Kafka Operator versions 0.49.0-0.50.0 incorrectly trusts all intermediate CAs in a multistage certificate chain for mTLS authentication, allowing any user with a certificate signed by any CA in the chain to authenticate to Kafka listeners. This authentication bypass affects only deployments using custom Cluster or Clients CA with multi-level CA chains. No patch is currently available.

Apache Kubernetes Strimzi Kafka Operator Redhat
CVE-2026-26046 HIGH CVSS 7.2
Moodle's TeX filter fails to properly sanitize administrative configuration inputs, enabling command injection on systems with ImageMagick installed. An authenticated administrator can inject arbitrary system commands through a malicious TeX filter setting, achieving code execution with the privileges of the Moodle server process. No patch is currently available, and exploitation requires administrative access but could compromise the entire Moodle installation.

Moodle Command Injection
CVE-2026-26045 HIGH CVSS 7.2
Moodle's backup restore function fails to properly validate malicious backup files, allowing authenticated administrators to achieve remote code execution through crafted file processing. An attacker with restore privileges can exploit this code injection vulnerability to fully compromise the Moodle server. No patch is currently available.

Moodle
CVE-2026-2886 HIGH CVSS 8.8
Stack Overflow and Tenda A21 1.0.0.0 are vulnerable to remote code execution through a stack-based buffer overflow in the device name configuration function, exploitable by authenticated attackers without user interaction. Public exploit code exists for this vulnerability, enabling attackers to achieve complete compromise of affected systems. No patch is currently available.

Buffer Overflow Stack Overflow A21 Firmware
CVE-2026-2885 HIGH CVSS 8.8
Stack-based buffer overflow in D-Link DWR-M960 1.01.07 firmware allows remote authenticated attackers to achieve complete system compromise through crafted input to the IPv6 setup function. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
CVE-2026-2884 HIGH CVSS 8.8
Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution through a malformed submit-url parameter in the WAN interface configuration handler. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can leverage this to gain complete system compromise.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
CVE-2026-2883 HIGH CVSS 8.8
Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows remote attackers with low privileges to achieve complete system compromise through manipulation of the submit-url parameter in the /boafrm/formIpQoS function. Public exploit code exists for this vulnerability and no patch is currently available, creating immediate risk for affected deployments.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
CVE-2026-2882 HIGH CVSS 8.8
Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution by manipulating the submit-url parameter in the /boafrm/formDosCfg function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires low complexity with no user interaction, affecting device confidentiality, integrity, and availability.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
CVE-2026-2881 HIGH CVSS 8.8
Remote code execution in D-Link DWR-M960 firmware through stack-based buffer overflow in the Advanced Firewall Configuration endpoint allows authenticated attackers to achieve complete system compromise. The vulnerability exists in the /boafrm/formFirewallAdv component where improper input validation on the submit-url parameter enables stack overflow attacks. Public exploit code is available and no patch has been released.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
CVE-2026-2877 HIGH CVSS 8.8
Stack-based buffer overflow in Tenda A18 firmware versions up to 15.13.07.13 allows remote attackers with low privileges to achieve code execution through the wpapsk_crypto5g parameter in the /goform/WifiExtraSet endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score (8.8) reflects the combination of remote exploitability and complete system compromise potential.

Buffer Overflow Stack Overflow A18 Firmware
CVE-2026-2876 HIGH CVSS 8.8
Stack overflow in Tenda A18 firmware version 15.13.07.13 allows remote attackers with low privileges to achieve complete system compromise through a malformed deviceList parameter in the /goform/setBlackRule endpoint. Public exploit code is available and the vulnerability remains unpatched, creating significant risk for affected devices.

Buffer Overflow Stack Overflow A18 Firmware
CVE-2026-2874 HIGH CVSS 8.8
Remote code execution in Tenda A21 1.0.0.0 firmware via stack-based buffer overflow in the WiFi settings endpoint allows authenticated attackers to execute arbitrary code with full system privileges. The vulnerability exists in the fast_setting_wifi_set function where unsanitized SSID parameter input can overflow the stack, and public exploit code is currently available. No patch has been released for this high-severity vulnerability affecting both the A21 firmware and Stack Overflow products.

Buffer Overflow Stack Overflow A21 Firmware
CVE-2026-2873 HIGH CVSS 8.8
Stack-based buffer overflow in Tenda A21 firmware allows remote attackers with valid credentials to achieve complete system compromise through malicious input to the schedStartTime/schedEndTime parameters in the openSchedWifi function. Public exploit code exists for this vulnerability, and no patch is currently available. This affects confidentiality, integrity, and availability with high severity (CVSS 8.8).

Buffer Overflow Stack Overflow A21 Firmware
CVE-2026-2872 HIGH CVSS 8.8
Stack-based buffer overflow in Tenda A21 1.0.0.0 MAC filtering configuration allows remote authenticated attackers to achieve full system compromise through malicious devName/mac parameters. Public exploit code exists for this vulnerability, which remains unpatched. The flaw affects the set_device_name function in the /goform/setBlackRule endpoint with high exploitability due to network accessibility and low attack complexity.

Buffer Overflow Stack Overflow A21 Firmware
CVE-2026-2871 HIGH CVSS 8.8
Remote code execution in Tenda A21 1.0.0.0 firmware results from a stack buffer overflow in the SetIpMacBind function accessible via the /goform/SetIpMacBind endpoint, allowing unauthenticated remote attackers to execute arbitrary code with high integrity and availability impact. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for affected devices.

Dns Buffer Overflow Stack Overflow A21 Firmware
CVE-2026-2870 HIGH CVSS 8.8
Remote code execution in Tenda A21 firmware through a stack buffer overflow in the QoS bandwidth configuration endpoint allows unauthenticated attackers to execute arbitrary code with full system privileges. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects the set_qosMib_list function when processing unsanitized input, enabling network-based attacks from authenticated users or potentially lower-privileged roles.

Buffer Overflow Stack Overflow A21 Firmware
CVE-2026-2867 HIGH CVSS 7.3
Vehicle Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

PHP SQLi Vehicle Management System
CVE-2026-2865 HIGH CVSS 7.3
SQL injection in the Agri Trading Online Shopping System 1.0 admin panel allows unauthenticated remote attackers to manipulate product parameters and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects the HTTP POST request handler in admin/productcontroller.php and enables data exfiltration, modification, and potential denial of service.

PHP SQLi Agri Trading Online Shopping System
CVE-2026-27576 MEDIUM CVSS 4.0
OpenClaw versions 2026.2.17 and earlier fail to enforce payload size limits in the ACP bridge, allowing local clients to trigger denial of service through excessively large prompt inputs that consume system resources. This vulnerability primarily impacts IDE integrations and other local ACP clients that may inadvertently send oversized text blocks. The issue has been patched in version 2026.2.19.

Denial Of Service AI / ML Openclaw
CVE-2026-27492 MEDIUM CVSS 4.7
Email content leakage in Lettermint Node.js SDK versions 1.5.0 and below allows local authenticated users to intercept sensitive email data when a single client instance sends multiple messages, as email properties are not properly cleared between sends. Applications using transactional email flows with reused client instances risk exposing recipient addresses and message content to unintended parties. The vulnerability has been patched in version 1.5.1.

Node.js Lettermint
CVE-2026-27486 MEDIUM CVSS 5.3
OpenClaw CLI versions 2026.2.13 and earlier terminate processes based on command-line pattern matching without verifying process ownership, allowing unrelated processes to be killed on shared hosts. An attacker or unprivileged user on a multi-tenant system could leverage this to disrupt services or cause denial of service by triggering process cleanup routines that match their target applications. The vulnerability has been patched in version 2026.2.14.

Information Disclosure AI / ML Openclaw
CVE-2026-27485 MEDIUM CVSS 4.4
Openclaw contains a vulnerability that allows attackers to potential unintentional disclosure of local files from the packaging machine int (CVSS 4.4).

Information Disclosure AI / ML Openclaw
CVE-2026-27484 MEDIUM CVSS 4.3
Unauthorized Discord moderation actions in OpenClaw versions 2026.2.17 and below allow non-admin users to execute timeouts, kicks, and bans by spoofing sender identity parameters in tool-driven requests. The vulnerability affects deployments where Discord moderation is enabled and the bot has necessary guild permissions, enabling privilege escalation through identity manipulation. A patch is available in version 2026.2.18.

Authentication Bypass AI / ML Openclaw
CVE-2026-27482 MEDIUM CVSS 5.9
Ray dashboard versions 2.53.0 and below lack proper authentication on DELETE endpoints, allowing unauthenticated attackers to terminate Serve instances or remove jobs through DNS rebinding or same-network attacks. Public exploit code exists for this vulnerability, which impacts Ray deployments with dashboards exposed to network access. Administrators should upgrade to Ray 2.54.0 or higher to remediate the availability risk.

Dns AI / ML Ray
CVE-2026-27480 MEDIUM CVSS 5.3
Static Web Server versions up to 2.40.1 contains a vulnerability that allows attackers to identify valid users by exploiting early responses for invalid usernames, enabli (CVSS 5.3).

Information Disclosure Static Web Server
CVE-2026-27469 MEDIUM CVSS 6.1
Stored cross-site scripting in Isso's comment server allows unauthenticated attackers to inject malicious JavaScript through improperly escaped website and comment fields, enabling session hijacking or credential theft when victims interact with affected comments. The vulnerability stems from insufficient HTML escaping that leaves quotes unescaped in href attributes and comment edit endpoints, permitting arbitrary event handler injection. No patch is currently available for Python deployments.

Python XSS
CVE-2026-27458 MEDIUM CVSS 5.4
Stored XSS in LinkAce 2.4.2 and below allows authenticated users to inject malicious JavaScript through improperly sanitized list descriptions in the Atom feed endpoint, which executes in browsers via native SVG elements without requiring an RSS reader. An attacker can exploit this to perform actions on behalf of victims visiting the feed URL, with public exploit code already available. A patch is available to remediate this cross-site scripting vulnerability affecting the self-hosted link archiving application.

XSS Linkace
CVE-2026-27452 MEDIUM CVSS 5.3
Asn1 Ts library versions 11.0.5 and below expose sensitive data through unintended ArrayBuffer leakage during INTEGER decoding operations in BER/DER codec processing. Applications using affected versions could inadvertently disclose memory contents to remote attackers without requiring authentication or user interaction. A patch is available in version 11.0.6 and later.

Information Disclosure Asn1 Ts
CVE-2026-27210 MEDIUM CVSS 6.1
Pannellum 2.5.0 through 2.5.6 allows arbitrary JavaScript execution through improperly sanitized hotspot configuration attributes in JSON files, enabling stored XSS attacks against users viewing panorama viewers with malicious configurations. An attacker can craft a malicious config file that executes code automatically upon page load without user interaction, potentially allowing page defacement or credential theft. A patch is available to address this vulnerability.

XSS Pannellum
CVE-2026-27205 MEDIUM CVSS 4.3
Flask versions 3.1.2 and earlier fail to set proper cache headers when the session object is accessed through certain methods like the Python `in` operator, allowing cached responses containing user-specific session data to be served to other users. An attacker can exploit this to access sensitive information from cached responses if the application runs behind a caching proxy that doesn't ignore Set-Cookie headers. This requires the vulnerable application to lack explicit Cache-Control headers and access session data in ways that bypass normal cache-control logic.

Python Flask Redhat Suse
CVE-2026-27199 MEDIUM CVSS 5.3
Werkzeug versions 3.1.5 and below on Windows fail to properly filter reserved device names in the safe_join function when paths contain multiple segments, allowing attackers to craft requests that trigger indefinite hangs by targeting special device names like NUL. Remote attackers can exploit this denial-of-service vulnerability against applications using send_from_directory to serve user-specified files. A patch is available in version 3.1.6.

Windows Werkzeug Suse
CVE-2026-27193 MEDIUM CVSS 5.3
Feathersjs versions 5.0.39 and below store unencrypted HTTP headers in base64-encoded session cookies, allowing attackers with network access to decode and retrieve sensitive internal infrastructure details such as API keys, service tokens, and internal IP addresses. Authenticated users can exploit this vulnerability in deployments behind reverse proxies or API gateways to gain unauthorized access to sensitive information. A patch is available for affected installations.

Information Disclosure Feathers
CVE-2026-27191 MEDIUM CVSS 6.1
Feathersjs versions 5.0.39 and below contain an open redirect vulnerability in the redirect query parameter that fails to properly validate user-supplied values, enabling attackers to inject authority into URLs and steal access tokens through URL manipulation. An unauthenticated remote attacker can exploit this by crafting a malicious redirect URL that causes the victim's browser to send the access token to an attacker-controlled domain, resulting in account takeover. A patch is available for affected installations.

Open Redirect Feathers
CVE-2026-27189 MEDIUM CVSS 6.6
OpenShift versions 1.1.2-alpha and below suffer from a race condition in local JSON persistence that allows authenticated local users to corrupt data stores or cause loss of updates across sessions, study materials, quizzes, and authentication records. The vulnerability stems from non-atomic and insufficiently synchronized file operations that can be exploited through concurrent access to the application's local storage. No patch is currently available.

Race Condition AI / ML Opensift
CVE-2026-27147 MEDIUM CVSS 5.4
GetSimple CMS allows authenticated users to upload SVG files containing malicious JavaScript through the administrative interface, which executes in browsers when the files are accessed due to insufficient sanitization. Public exploit code exists for this stored XSS vulnerability, and no patch is currently available, leaving all GetSimple CMS versions at risk.

XSS Getsimple Cms
CVE-2026-27146 MEDIUM CVSS 4.5
Arbitrary file upload in GetSimple CMS results from missing CSRF protection on the administrative upload endpoint, allowing an attacker to silently inject files through a malicious webpage visited by an authenticated admin. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker needs only to trick an authenticated user into visiting a crafted page to compromise the application.

CSRF Getsimple Cms
CVE-2026-26047 MEDIUM CVSS 6.5
Moodle's TeX formula editor fails to enforce adequate execution time limits when processing mimetex content, enabling authenticated users to craft malicious formulas that exhaust server resources. This resource exhaustion vulnerability can degrade application performance or trigger denial-of-service conditions without requiring user interaction or privilege escalation.

Moodle
CVE-2026-2894 MEDIUM CVSS 5.3
Funadmin versions up to 7.1.0-rc4 contain an information disclosure vulnerability in the password recovery function that allows unauthenticated remote attackers to access sensitive user data. Public exploit code is available for this vulnerability, and the vendor has not released a patch despite early notification. The low CVSS score of 5.3 reflects limited impact, though organizations running affected versions should implement compensating controls until an update is available.

Information Disclosure Funadmin
CVE-2026-2864 MEDIUM CVSS 5.4
Path traversal in the pictureDelete function of feng_ha_ha/megagao ssm-erp and production_ssm allows authenticated remote attackers to manipulate the picName parameter and access arbitrary files on the system. Public exploit code exists for this vulnerability. No patch is currently available, and the developers have not responded to the disclosure.

Java Path Traversal
CVE-2026-2863 MEDIUM CVSS 5.4
Path traversal in the FileServiceImpl.deleteFile function of feng_ha_ha/megagao ssm-erp and production_ssm allows authenticated attackers to manipulate file deletion operations remotely. Public exploit code exists for this vulnerability, and the developer has not yet addressed the reported issue. An attacker with valid credentials could delete or access arbitrary files on the affected system.

Java Path Traversal
CVE-2026-2861 MEDIUM CVSS 5.3
Information disclosure in Foswiki versions up to 2.1.10 allows unauthenticated remote attackers to access sensitive data through the Changes/Viewfile/Oops component. Public exploit code exists for this vulnerability. Upgrading to version 2.1.11 or later resolves the issue.

Information Disclosure Foswiki
CVE-2026-2860 MEDIUM CVSS 6.3
Improper authorization in the EmployeeController.java file of feng_ha_ha/megagao ssm-erp and production_ssm allows authenticated remote attackers to gain unauthorized access to sensitive data or modify system information. Public exploit code exists for this vulnerability, and the developers have not yet provided a patch despite early notification. Java-based deployments of these products are vulnerable to this medium-severity attack requiring valid credentials.

Java
CVE-2026-1787 MEDIUM CVSS 4.8
Unauthenticated attackers can delete migrated courses in WordPress sites running LearnPress Export Import versions up to 4.1.0 due to missing capability checks in the data deletion function, provided Tutor LMS is also installed. This allows unauthorized data loss with low complexity exploitation requiring network access. No patch is currently available for this medium-severity vulnerability.

WordPress
CVE-2025-65995 MEDIUM CVSS 6.5
When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values (such as secrets), they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. [CVSS 6.5 MEDIUM]

Information Disclosure AI / ML Airflow
CVE-2025-14339 MEDIUM CVSS 6.5
The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to unauthorized form deletion in all versions up to, and including, 2.0.7. [CVSS 6.5 MEDIUM]

WordPress PHP
CVE-2026-27467 LOW CVSS 2.0
BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. [CVSS 2.0 LOW]

Information Disclosure
CVE-2026-2895 LOW CVSS 3.7
A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forget_code/vercode results in weak password recovery. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about...

PHP
CVE-2026-2889 LOW CVSS 3.3
A vulnerability was detected in CCExtractor versions up to 0.96.5. is affected by buffer overflow (CVSS 3.3).

Use After Free
CVE-2026-2887 LOW CVSS 3.3
A security vulnerability has been detected in aardappel lobster up to 2025.4. This impacts the function lobster::TypeName in the library dev/src/lobster/idents.h. [CVSS 3.3 LOW]

Denial Of Service
CVE-2026-2869 LOW CVSS 3.3
A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetc_varset of the file src/core/specials.c of the component handleattr Handler. [CVSS 3.3 LOW]

Buffer Overflow

Today's Vulnerabilities Vulnerabilities