Skip to main content
CVE-2026-20127 CRITICAL POC KEV THREAT CERT-EU Emergency

Cisco Catalyst SD-WAN Controller and Manager contain a critical authentication bypass (CVE-2026-20127, CVSS 10.0) in the peering authentication mechanism that allows unauthenticated remote attackers to obtain full administrative privileges. The vulnerability exists because peering authentication does not properly validate credentials, enabling any attacker with network access to take over the SD-WAN management plane and control the entire WAN fabric.

Cisco Authentication Bypass Sd Wan Vsmart Controller Catalyst Sd Wan Manager
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
2.6%
Threat
7.1
CVE-2026-20128 HIGH POC KEV THREAT Act Now

Privilege escalation in Cisco Catalyst SD-WAN Manager (versions prior to 20.18) enables authenticated local attackers with valid vmanage credentials to obtain Data Collection Agent (DCA) user privileges by reading an unprotected credential file from the filesystem. Confirmed actively exploited (CISA KEV) with publicly available exploit code despite low EPSS score (0.02%), indicating targeted attacks rather than widespread scanning. High-privileged initial access requirement (PR:H) and high attack complexity (AC:H) limit exploitability, but scope change (S:C) enables lateral movement to other SD-WAN systems.

Cisco Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
Threat
4.5
CVE-2026-20133 MEDIUM POC KEV THREAT This Month

Insufficient filesystem access controls in Cisco Catalyst SD-WAN Manager expose sensitive operating system information to authenticated remote attackers through API access. An attacker with valid credentials can exploit this vulnerability to read confidential data from the underlying system without requiring user interaction. No patch is currently available for this medium-severity information disclosure vulnerability.

Cisco Information Disclosure
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
Threat
4.3
CVE-2026-22719 HIGH KEV PATCH THREAT Act Now

VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated remote attackers to execute arbitrary commands during support-assisted product migration. KEV-listed with patches available, this vulnerability targets the infrastructure monitoring platform that has visibility into the entire virtualized environment.

VMware Broadcom RCE Command Injection Aria Operations +3
NVD
CVSS 3.1
8.1
EPSS
7.4%
CVE-2026-20122 MEDIUM POC KEV THREAT This Month

Catalyst Sd-Wan Manager contains a vulnerability that allows attackers to overwrite arbitrary files on the affected system and gain vmanage user priv (CVSS 5.4).

Cisco Information Disclosure
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
Threat
4.1
CVE-2026-27636 HIGH POC PATCH Act Now

Remote code execution in FreeScout prior to version 1.8.206 allows authenticated users to upload `.htaccess` files that bypass file upload restrictions, enabling arbitrary code execution on Apache servers with `AllowOverride All` enabled. Public exploit code exists for this vulnerability. The attack requires valid user credentials but affects all FreeScout installations using the vulnerable PHP Laravel framework configuration.

Apache PHP Laravel RCE Freescout
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-27597 CRITICAL POC PATCH GHSA Act Now

Sandbox escape in Enclave JavaScript sandbox before 2.11.1. Enclave is designed for safe AI agent code execution — the escape allows agents to execute arbitrary code outside the sandbox. CVSS 10.0, PoC and patch available.

RCE AI / ML Enclave
NVD GitHub
CVSS 3.1
10.0
EPSS
0.5%
CVE-2026-27728 CRITICAL POC PATCH Act Now

OS command injection in OneUptime monitoring platform before 10.0.7. Authenticated users can execute arbitrary commands on the monitoring server. PoC and patch available.

Command Injection Oneuptime
NVD GitHub
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-27626 CRITICAL POC PATCH Act Now

OS command injection in OliveTin web shell interface through version 3000.10.0. OliveTin provides web-based access to predefined shell commands — the injection allows executing arbitrary commands beyond the whitelist. PoC available.

RCE Command Injection Olivetin Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-27702 CRITICAL POC PATCH Act Now

Unauthorized data access in Budibase low-code platform before 3.30.4 allows unauthenticated users to manipulate internal state. PoC and patch available.

AWS Budibase
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-24849 CRITICAL POC PATCH Act Now

Path traversal in OpenEMR electronic health records before fix allows authenticated users to read arbitrary files on the server, potentially exposing patient health data. PoC and patch available.

PHP Openemr
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-24908 CRITICAL POC PATCH Act Now

SQL injection in OpenEMR electronic health records before fix. Authenticated users can execute arbitrary SQL through the medical records system. PoC and patch available.

SQLi Openemr
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-27637 CRITICAL POC PATCH Act Now

Predictable password reset tokens in FreeScout help desk before 1.8.206. Weak random number generation allows attackers to predict reset tokens and take over accounts. PoC and patch available.

Laravel Freescout
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-27743 CRITICAL POC PATCH Act Now

Unauthenticated SQL injection in SPIP referer_spam plugin before 1.3.0 via the referrer tracking functionality. PoC and patch available.

SQLi Referer Spam
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-27641 CRITICAL POC PATCH Act Now

Path traversal and extension bypass in Flask-Reuploaded file upload library. Allows uploading files with arbitrary extensions to arbitrary directories. PoC and patch available.

Flask RCE Path Traversal Flask Reuploaded
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2624 CRITICAL POC Act Now

Missing authentication for critical functions in ePati Antikor Next Generation firewall. Unauthenticated remote access to firewall management capabilities.

Authentication Bypass Antikor Next Generation Firewall
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25997 CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_clipboard_format_equal before 3.23.0. Clipboard format comparison uses freed memory. Fifth FreeRDP UAF. PoC and patch available.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25953 CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_AppUpdateWindowFromSurface before 3.23.0. Surface-to-window update triggers memory corruption. PoC and patch available.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25952 CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_SetWindowMinMaxInfo before version 3.23.0. X11 client window management triggers memory corruption. PoC and patch available.

Windows Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25959 CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_cliprdr_provide_data clipboard handling before 3.23.0. Clipboard data exchange triggers memory corruption. PoC and patch available.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25955 CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_AppUpdateWindowFromSurface before 3.23.0. Different code path from CVE-2026-25953. PoC and patch available.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-27614 CRITICAL POC PATCH Act Now

Stored XSS in Bugsink error tracking tool before 2.0.13 allows unauthenticated attackers to inject persistent scripts through error event submissions. PoC and patch available.

Ruby Bugsink
NVD GitHub
CVSS 3.1
9.3
EPSS
0.1%
CVE-2026-27699 CRITICAL POC PATCH Act Now

Path traversal in basic-ftp Node.js FTP client library before 5.2.0 allows malicious FTP servers to write files outside the intended download directory. PoC and patch available.

Node.js Path Traversal Basic Ftp Red Hat Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-27575 CRITICAL POC Act Now

Weak password policy in Vikunja task management before 2.0.0 allows users to set trivially guessable passwords. PoC available.

Information Disclosure Vikunja Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-27822 CRITICAL POC PATCH Act Now

Stored XSS in RustFS distributed object storage system before 1.0.0-alpha.83. Malicious JavaScript persists in stored objects and executes when accessed. PoC available.

XSS Rustfs
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-27606 HIGH POC PATCH This Week

Arbitrary file write via path traversal in the Rollup JavaScript module bundler lets an attacker who can influence build inputs write or overwrite files anywhere the build process can reach, escalating to persistent remote code execution by clobbering system or user configuration files. Affected are 4.x releases before 4.59.0 (and the 2.x/3.x lines before 2.80.0 and 3.30.0), where insecure output filename sanitization permits `../` traversal through CLI named inputs, manual chunk aliases, or malicious plugins. Publicly available exploit code exists (GitHub Security Advisory GHSA-mw96-cpmx-2vgc), though no public exploit is identified as active in-the-wild use; EPSS is modest at 0.62% (70th percentile).

RCE Path Traversal Rollup
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.6%
CVE-2026-27727 HIGH POC PATCH This Week

Remote code execution in mchange-commons-java prior to 0.4.0 allows an attacker to download and run arbitrary Java code by forcing an application to dereference a malicious javax.naming.Reference or serialized object that specifies a remote factoryClassLocation. The library ships its own legacy JNDI dereferencing implementation, so applications using it (notably the c3p0 connection pool) remain exploitable even on JDKs hardened with com.sun.jndi.ldap.object.trustURLCodebase=false. Publicly available exploit code exists (Mogwai Labs c3p0 research), though EPSS is low (0.10%, 27th percentile) and the issue is not listed in CISA KEV.

Java Mchange Commons Java Information Disclosure
NVD GitHub
CVSS 4.0
8.9
EPSS
0.1%
CVE-2026-3167 HIGH POC This Week

Unauthenticated attackers can trigger a buffer overflow in the Tenda F453 firmware via the webSiteId parameter in the /goform/webtypelibrary endpoint, enabling remote code execution with full system compromise. Public exploit code is available and actively deployed against affected devices. No patch has been released.

Buffer Overflow F453 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3169 HIGH POC This Week

Buffer overflow in Tenda F453 firmware httpd SafeEmailFilter function allows authenticated remote attackers to achieve complete system compromise through manipulation of the page parameter. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can execute arbitrary code with full system privileges (read, write, execute).

Buffer Overflow F453 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3168 HIGH POC This Week

Unauthenticated attackers can exploit a buffer overflow in the Tenda F453 firmware's NatStaticSetting endpoint to achieve remote code execution by manipulating the page parameter. Public exploit code is available and actively being leveraged in the wild. No patch is currently available, leaving affected devices vulnerable.

Buffer Overflow F453 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3166 HIGH POC This Week

Remote code execution in Tenda F453 firmware version 1.0.0.3 exists through a buffer overflow in the httpd component's RouteStatic function when processing the page parameter. An unauthenticated attacker on the network can exploit this vulnerability to execute arbitrary code with full system privileges. Public exploit code is available and no patch is currently available.

Buffer Overflow F453 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3165 HIGH POC This Week

Remote code execution in Tenda F453 firmware 1.0.0.3 through buffer overflow in the WiFi configuration handler allows authenticated attackers to execute arbitrary code with full system privileges. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects the httpd component's wireless settings function and can be exploited over the network by any authenticated user.

Buffer Overflow F453 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-26965 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 8.8 HIGH]

Buffer Overflow Freerdp Memory Corruption
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-26955 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 8.8 HIGH]

Buffer Overflow Freerdp Memory Corruption
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25131 HIGH POC PATCH This Week

OpenEMR versions prior to 8.0.0 contain a broken access control flaw in the order types management system that allows low-privilege users (such as receptionists) to create and modify procedure types without proper authorization. Public exploit code exists for this vulnerability, which has a CVSS score of 8.8 and could enable unauthorized users to manipulate critical medical procedure data. The vulnerability has been patched in version 8.0.0 and later.

PHP Openemr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-23627 HIGH POC PATCH This Week

SQL injection in OpenEMR's Immunization module prior to version 8.0.0 enables authenticated users to execute arbitrary database queries through unparameterized patient_id inputs. This allows attackers to exfiltrate protected health information, steal credentials, and potentially achieve remote code execution with complete database compromise. Public exploit code exists for this vulnerability; organizations should upgrade to version 8.0.0 immediately.

RCE SQLi Openemr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25746 HIGH POC PATCH This Week

SQL injection in OpenEMR versions before 8.0.0 allows authenticated users to execute arbitrary database queries through the prescription listing feature due to improper input validation. An attacker with valid credentials could exploit this to read, modify, or delete sensitive medical records and patient data. Public exploit code exists for this vulnerability; administrators should upgrade to version 8.0.0 immediately.

SQLi Openemr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-69231 HIGH POC PATCH This Week

OpenEMR is a free and open source electronic health records and medical practice management application. [CVSS 8.7 HIGH]

XSS Privilege Escalation Openemr
NVD GitHub
CVSS 3.1
8.7
EPSS
0.2%
CVE-2026-27696 HIGH POC PATCH This Week

changedetection.io is a free open source web page change detection tool. [CVSS 8.6 HIGH]

SSRF Changedetection
NVD GitHub
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-27627 HIGH POC PATCH This Week

Stored cross-site scripting in Karakeep 0.30.0 allows remote attackers to execute arbitrary JavaScript in users' browsers by injecting malicious HTML through the Reddit metascraper plugin, which bypasses sanitization that is applied to other content sources. The vulnerability exists because the Reddit plugin's HTML output is rendered directly via dangerouslySetInnerHTML without DOMPurify filtering, and public exploit code is available. Version 0.31.0 contains the patch.

XSS Karakeep
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-25164 HIGH POC PATCH This Week

OpenEMR versions prior to 8.0.0 fail to enforce API authorization checks on document and insurance endpoints, allowing any authenticated API client to read and modify all patient PHI regardless of assigned access controls. Public exploit code exists for this vulnerability, which affects healthcare organizations using OpenEMR's REST API. An attacker with valid API credentials can access sensitive medical records and insurance information across the entire patient database.

PHP Openemr
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-24890 HIGH POC PATCH This Week

OpenEMR versions prior to 8.0.0 contain an authorization bypass in the patient portal that allows authenticated users to forge provider signatures by uploading files with admin-signature type parameters for any provider. Public exploit code exists for this vulnerability, which could enable signature forgery on medical documents, creating legal and compliance risks. Upgrade to version 8.0.0 or later to remediate this high-severity flaw.

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-25136 HIGH POC PATCH This Week

Session hijacking in Rucio's WebUI error page allows unauthenticated attackers to steal user login tokens via reflected cross-site scripting in specially crafted URLs, affecting versions prior to 35.8.3, 38.5.4, and 39.3.1. Public exploit code exists for this vulnerability. Users should upgrade to patched versions immediately as no workarounds are available.

XSS Rucio
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-67752 HIGH POC PATCH This Week

OpenEMR is a free and open source electronic health records and medical practice management application. [CVSS 8.1 HIGH]

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-27615 HIGH POC This Week

Adb Explorer contains a vulnerability that allows attackers to set the binary's path to point to a remote network resource, hosted on an attack (CVSS 7.8).

Windows Adb Explorer
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25476 HIGH POC PATCH This Week

OpenEMR prior to version 8.0.0 fails to enforce session expiration when the skip_timeout_reset parameter is present in requests, allowing expired sessions to remain active indefinitely. An attacker with a stolen session cookie can exploit this by continuously sending the skip_timeout_reset parameter to maintain unauthorized access to sensitive health records without being logged out. Public exploit code exists for this vulnerability with a CVSS score of 7.5.

PHP Openemr
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-2416 HIGH POC This Week

Unauthenticated attackers can execute SQL injection attacks against WordPress sites running Geo Mashup plugin versions up to 1.13.17 by manipulating the 'sort' parameter, allowing unauthorized database access and extraction of sensitive information. The vulnerability stems from inadequate input validation and query preparation in the plugin code. No patch is currently available, leaving affected installations at risk until an update is released.

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-26986 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 7.5 HIGH]

Windows Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25942 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 7.5 HIGH]

Buffer Overflow Information Disclosure Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25954 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 7.5 HIGH]

Windows Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy