Skip to main content
CVE-2025-69985 CRITICAL POC Act Now

Authentication bypass in FUXA SCADA/HMI system 1.2.8 and prior leading to Remote Code Execution. Unauthenticated attackers can execute arbitrary code on industrial control HMI systems. EPSS 0.64% with PoC available.

Node.js RCE Authentication Bypass Fuxa
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-26342 CRITICAL POC Act Now

Persistent authentication token in Tattile ANPR cameras firmware 1.181.5 and prior. Authentication tokens never expire, enabling indefinite session reuse. PoC available.

Authentication Bypass Vega33 Firmware Basic Mk2 Firmware Axle Counter Firmware Vega53 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-27590 CRITICAL POC PATCH Act Now

FastCGI path splitting vulnerability in Caddy before 2.11.1 allows request smuggling or path confusion when proxying to FastCGI backends (PHP-FPM). EPSS 0.19% with PoC available.

PHP TLS RCE Caddy Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-26341 CRITICAL POC Act Now

Default credentials in Tattile Smart+, Vega, and Basic ANPR camera families firmware 1.181.5 and prior. License plate recognition cameras ship with known default credentials. PoC available.

Authentication Bypass Vega11 Firmware Axle Counter Firmware Vega33 Firmware Anpr Mobile Firmware +2
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2796 CRITICAL POC PATCH Act Now

JIT miscompilation in Firefox WebAssembly before 148. The JIT compiler generates incorrect Wasm code, enabling type confusion. PoC available.

Mozilla Memory Corruption Information Disclosure Thunderbird
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-26198 CRITICAL POC PATCH Act Now

SQL injection in Ormar async ORM for Python versions 0.9.9 through 0.22.0. Aggregate queries pass unsanitized input to SQL, enabling database compromise through the ORM abstraction. PoC and patch available.

Python Ormar
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-27586 CRITICAL POC PATCH Act Now

TLS error swallowing in Caddy web server before 2.11.1 allows bypassing client certificate authentication. Errors in ClientCAs handling are silenced, potentially accepting invalid client certificates. PoC available.

TLS Caddy Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-27588 CRITICAL POC PATCH Act Now

Host header case sensitivity bypass in Caddy before 2.11.1. Virtual host routing can be bypassed by using alternate casing in the Host header. PoC available.

TLS Caddy Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-27587 CRITICAL POC PATCH Act Now

Case sensitivity bypass in Caddy web server path matching before 2.11.1. HTTP path matchers can be bypassed using alternate casing on case-insensitive filesystems. PoC available.

TLS Caddy Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-26331 HIGH POC PATCH This Week

yt-dlp is a command-line audio/video downloader. [CVSS 8.8 HIGH]

Python Command Injection Yt Dlp Red Hat Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2026-27483 HIGH POC PATCH GHSA This Week

Remote code execution in MindsDB prior to version 25.9.1.1 allows authenticated attackers to bypass file upload restrictions through path traversal in the /api/files endpoint. An attacker can exploit insufficient filename validation to write arbitrary files to any location on the server, achieving command execution. Public exploit code exists for this vulnerability.

Path Traversal AI / ML Mindsdb
NVD GitHub Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-25545 HIGH POC PATCH This Week

Astro web framework versions prior to 9.5.4 contain a server-side request forgery vulnerability in error page handling that allows unauthenticated remote attackers to bypass Host header validation and redirect requests to internal services or cloud metadata endpoints. By manipulating the Host header when accessing prerendered error pages, attackers can read response bodies from internal URLs, cloud metadata services, or localhost resources. Public exploit code exists for this vulnerability, which affects applications using custom error pages without proper Host validation.

SSRF Astrojs Node
NVD GitHub
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-26340 HIGH POC This Week

Unauthenticated RTSP stream access in multiple Tattile and Vega firmware versions allows remote attackers to view live video and audio feeds without credentials, exposing surveillance data across affected devices. Public exploit code exists for this vulnerability, which impacts Axle Counter, Vega11, Vega53, Vega33, and Anpr Mobile firmware lineups version 1.181.5 and earlier. No patch is currently available for this high-severity issue.

Authentication Bypass Axle Counter Firmware Vega11 Firmware Vega53 Firmware Anpr Mobile Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-25802 HIGH POC PATCH This Week

New API LLM gateway versions before 0.10.8-alpha.9 are vulnerable to stored cross-site scripting through the MarkdownRenderer component, which fails to sanitize script tags in model outputs. An authenticated attacker with user interaction can inject malicious scripts that execute in other users' browsers, potentially compromising session data or performing unauthorized actions. Public exploit code exists for this vulnerability, though a patch is available.

XSS AI / ML New Api Suse
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-69252 HIGH POC PATCH This Week

free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 have a NULL Pointer Dereference vulnerability. [CVSS 7.5 HIGH]

Null Pointer Dereference Denial Of Service Udm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-25899 HIGH POC PATCH This Week

Unbounded memory allocation in Fiber v3 (prior to 3.1.0) allows unauthenticated remote attackers to trigger denial of service by sending a malicious fiber_flash cookie that forces deserialization of up to 85GB of memory. All v3 endpoints are vulnerable regardless of flash message usage, and public exploit code exists. No patch is currently available.

Deserialization Fiber Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-67445 HIGH POC This Week

X5000R Firmware versions up to 9.1.0cu.2415_b20250515 is affected by uncontrolled resource consumption (CVSS 7.5).

Denial Of Service X5000r Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-69250 HIGH POC PATCH This Week

free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. [CVSS 7.5 HIGH]

Code Injection Udm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27584 HIGH POC PATCH This Week

Actual is a local-first personal finance tool. [CVSS 7.5 HIGH]

Authentication Bypass Information Disclosure Actual
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27642 HIGH POC PATCH This Week

Remote attackers can inject control characters into the SUPI parameter of free5GC UDM versions up to 1.4.1, causing URL parsing failures that leak sensitive system error details and enable service fingerprinting. Public exploit code exists for this vulnerability affecting the Nudm_UEAU service across all vulnerable deployments. A patch is available and should be applied immediately, as no application-level workaround exists.

Code Injection Udm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-26025 HIGH POC This Week

free5GC SMF versions up to 1.4.1 crash when receiving malformed PFCP SessionReportRequest packets on UDP port 8805, allowing unauthenticated remote attackers to cause denial of service. Public exploit code exists for this vulnerability, and no official patch is currently available, requiring organizations to implement network-level mitigations such as ACL restrictions or PFCP message inspection.

Industrial Smf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-26024 HIGH POC This Week

free5GC SMF versions up to 1.4.1 crash when processing malformed PFCP SessionReportRequest messages on the UDP/8805 interface, allowing unauthenticated remote attackers to cause denial of service. Public exploit code exists for this vulnerability, and no upstream patch is currently available. Organizations running affected SMF instances should restrict PFCP interface access to trusted UPF nodes and implement network-level filtering of malformed requests.

Industrial Smf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25882 HIGH POC PATCH This Week

Fiber web framework versions 2 and 3 are vulnerable to denial of service attacks when processing requests to routes containing more than 30 parameters, enabling remote attackers to crash affected applications without authentication. The vulnerability stems from insufficient validation during route registration and unbounded array writes in request matching logic. Public exploit code exists for this high-severity flaw, though patches are available in Fiber v2.52.12 and v3.1.0.

Denial Of Service Fiber Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25501 HIGH POC This Week

free5GC SMF versions up to 1.4.1 crash when processing malformed PFCP SessionReportRequest messages on the PFCP interface, allowing unauthenticated remote attackers to cause denial of service via nil pointer dereference. Public exploit code exists for this vulnerability and no upstream patch is currently available. Network operators should restrict PFCP interface access to trusted UPF sources and consider implementing message validation at network boundaries.

Industrial Smf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25891 HIGH POC PATCH This Week

Fiber web framework versions 3.0.0 and earlier on Windows contain a path traversal vulnerability that allows remote attackers to bypass static file middleware protections and read arbitrary files from the server. Public exploit code exists for this vulnerability, which affects applications using the vulnerable Fiber versions. The issue has been patched in Fiber v3.1.0.

Windows Path Traversal Fiber Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25603 MEDIUM POC This Month

Path traversal in Linksys MR9600 and MX4200 firmware allows attackers with physical access to mount arbitrary USB drive partitions into the file system, potentially enabling root-level code execution. Public exploit code exists for this vulnerability, and no patch is currently available. Affected versions include MR9600 1.0.4.205530 and MX4200 1.0.13.210200.

Path Traversal Mx4200 Firmware Mr9600 Firmware
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-27585 MEDIUM POC PATCH This Month

Caddy versions prior to 2.11.1 fail to sanitize backslashes in file path matching, allowing attackers to bypass path-based security controls through specially crafted requests. The vulnerability affects systems with specific Caddy configurations and has public exploit code available. Exploitation requires network access with no authentication, resulting in limited information disclosure or modification of restricted resources.

TLS Caddy Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-25591 MEDIUM POC PATCH This Month

Denial of service in New API's `/api/token/search` endpoint allows authenticated users to exhaust database resources through SQL wildcard injection in unescaped search parameters. An attacker can craft malicious search patterns that trigger expensive queries, causing service unavailability. Public exploit code exists for this medium-severity vulnerability affecting versions prior to 0.10.8-alpha.10.

Denial Of Service AI / ML New Api Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-26981 MEDIUM POC PATCH GHSA This Month

OpenEXR versions 3.3.0-3.3.6 and 3.4.0-3.4.4 are vulnerable to a heap buffer overflow in file parsing due to improper integer handling when processing malformed EXR files, allowing attackers to trigger a denial of service through memory-mapped streams. Public exploit code exists for this vulnerability. Patched versions 3.3.7 and 3.4.5 are available.

Buffer Overflow Openexr Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27129 MEDIUM POC PATCH This Month

Craft CMS versions 4.5.0 through 4.16.18 and 5.0.0 through 5.8.22 contain an SSRF bypass in GraphQL Asset mutations where IPv6-only hostnames bypass the security blocklist, allowing authenticated users with GraphQL asset editing permissions to perform server-side request forgery attacks. Public exploit code exists for this vulnerability, which is a regression of a previously patched SSRF issue. Authenticated users with appropriate GraphQL schema permissions can exploit this to access internal resources or perform requests to arbitrary IPv6 addresses.

SSRF Craft Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27589 MEDIUM POC PATCH This Month

Caddy versions prior to 2.11.1 allow unauthenticated cross-origin requests to the admin API when origin enforcement is disabled, enabling attackers to remotely reconfigure the server through malicious web content loaded in a victim's browser. Public exploit code exists for this vulnerability, which can be leveraged to modify HTTP server behavior and admin listener settings without user knowledge. The vulnerability affects Caddy and TLS implementations, with no patch currently available for affected versions.

TLS Caddy Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27127 MEDIUM POC PATCH This Month

DNS rebinding attacks in Craft CMS 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22 allow authenticated attackers to bypass SSRF protections in GraphQL asset mutations by exploiting a Time-of-Check-Time-of-Use race condition between DNS validation and HTTP requests. Attackers with appropriate GraphQL schema permissions can access blocked IP addresses and internal resources that should be restricted. Public exploit code exists for this vulnerability, which represents a bypass of the previous CVE-2025-68437 fix.

DNS SSRF Race Condition Craft Cms
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-22553 CRITICAL Act Now

OS command injection in InSAT MasterSCADA BUK-TS through MMadmServ web interface. Unauthenticated RCE on SCADA management server. EPSS 1.26%.

SCADA RCE Command Injection Masterscada
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2026-2761 CRITICAL PATCH Act Now

Second sandbox escape in Firefox WebRender component. CVSS 10.0 — independent path from CVE-2026-2760 to escape the content process sandbox.

Information Disclosure Mozilla Thunderbird
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-2768 CRITICAL PATCH Act Now

Sandbox escape via IndexedDB in Firefox before 148 and Thunderbird. CVSS 10.0 — the Storage: IndexedDB component allows escaping the content process sandbox.

Authentication Bypass Mozilla Thunderbird
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-2778 CRITICAL PATCH Act Now

Sandbox escape via DOM Core & HTML component in Firefox before 148. CVSS 10.0 — fifth sandbox escape in this release.

Mozilla Buffer Overflow Thunderbird
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-2776 CRITICAL PATCH Act Now

Sandbox escape via Telemetry component in Firefox external software before 148. CVSS 10.0 — fourth sandbox escape in this release, through the telemetry subsystem.

Buffer Overflow Mozilla Thunderbird
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-2760 CRITICAL PATCH Act Now

Sandbox escape via boundary violation in Firefox WebRender graphics component. CVSS 10.0 — allows escaping the content sandbox to execute code with elevated privileges.

Information Disclosure Mozilla Thunderbird
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-26222 CRITICAL Act Now

Insecure .NET Remoting deserialization in Altec DocLink (Beyond Limits) 4.0.336.0. Exposed TCP endpoints allow unauthenticated remote code execution via .NET Remoting deserialization attacks.

.NET RCE Denial Of Service Altec Doclink
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2026-27729 MEDIUM POC PATCH This Month

Memory exhaustion denial of service in Astro 9.0.0 through 9.5.3 allows remote attackers to crash server processes by sending oversized POST requests to server action endpoints without size restrictions. The framework buffers entire request bodies into memory with no limits, enabling a single large request to exhaust heap memory on affected deployments. Public exploit code exists for this vulnerability, which is particularly impactful in containerized environments where repeated crashes trigger persistent restart loops.

Denial Of Service Astrojs Node
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-11165 CRITICAL Act Now

Sandbox escape in dotCMS Velocity scripting engine (VTools) allows authenticated users to execute arbitrary SQL. CVSS 9.9 with scope change — affects one of the largest Java CMS platforms.

Tomcat Java Dotcms
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-21410 CRITICAL Act Now

SQL injection in InSAT MasterSCADA BUK-TS through the main web interface. ICS/SCADA system with unauthenticated SQL injection enabling full database compromise.

SCADA RCE SQLi Masterscada
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-13942 CRITICAL Act Now

Command injection in Zyxel EX3510-B0 router UPnP functionality via firmware versions through 5.17. Allows remote code execution through the UPnP service.

Zyxel Command Injection Wx5610 B0 Firmware Ee6510 10 Firmware Px3321 T1 Firmware +15
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-14577 CRITICAL Act Now

PHP function injection in Slican NCP/IPL/IPM/IPU VOIP devices allows unauthenticated remote attackers to execute arbitrary PHP functions. Network telecommunications equipment vulnerability.

PHP Ipu 14 Firmware Ipm 032 Firmware Ipl 256 Firmware Ncp Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2793 CRITICAL PATCH Act Now

Memory safety bugs in Firefox ESR 115.32, ESR 140.7, and Firefox 147. Broader set of memory corruption issues than CVE-2026-2792.

Memory Corruption Mozilla Buffer Overflow RCE Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2792 CRITICAL PATCH Act Now

Memory safety bugs in Firefox ESR 140.7 and Firefox 147 with evidence of memory corruption and potential code execution exploitability.

Memory Corruption Mozilla Buffer Overflow RCE Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2788 CRITICAL PATCH Act Now

Boundary error in Firefox Audio/Video GMP (Gecko Media Plugins) component before 148. Media plugin processing triggers memory corruption.

Buffer Overflow Mozilla
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2773 CRITICAL PATCH Act Now

Boundary error in Firefox Web Audio component before 148. Crafted audio processing triggers memory corruption.

Buffer Overflow Mozilla Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2771 CRITICAL PATCH Act Now

Undefined behavior in Firefox DOM Core & HTML component before 148. Can lead to memory corruption and potential code execution.

Buffer Overflow Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2764 CRITICAL PATCH Act Now

JIT miscompilation causing use-after-free in Firefox JavaScript JIT compiler before 148. JIT bugs are highly exploitable due to their deterministic nature.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy