Skip to main content
CVE-2025-50180 HIGH POC PATCH This Week

esm.sh is a no-build content delivery network (CDN) for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. [CVSS 7.5 HIGH]

SSRF Esm.Sh Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27730 HIGH POC PATCH This Week

esm.sh versions up to 137 contain an SSRF vulnerability in the `/http(s)` fetch route that allows remote attackers to bypass hostname validation through DNS alias domains and access internal localhost services. Public exploit code exists for this vulnerability, and no patches are currently available. This affects users of esm.sh CDN services and any applications relying on the affected versions.

DNS SSRF Esm.Sh Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25733 HIGH POC PATCH This Week

Stored XSS in Rucio's WebUI Custom Rules function allows authenticated attackers to inject malicious JavaScript that persists in the backend and executes when other users view affected pages, enabling session hijacking or unauthorized actions. Versions prior to 35.8.3, 38.5.4, and 39.3.1 are vulnerable, and public exploit code exists. Patches are available in the affected version branches.

XSS Rucio
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-27616 HIGH POC This Week

Stored cross-site scripting (XSS) in Vikunja prior to version 2.0.0 allows authenticated attackers to steal authentication tokens by uploading malicious SVG files containing JavaScript that executes when accessed directly. The vulnerability exists because the application fails to sanitize SVG content before storage and renders it inline under the application origin, enabling token theft from localStorage. Public exploit code exists for this vulnerability and no patch is currently available for affected versions.

File Upload XSS Vikunja Suse
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-27819 HIGH POC This Week

Vikunja before version 2.0.0 contains a path traversal vulnerability in its backup restoration function that fails to validate file paths in ZIP archives, allowing attackers with high privileges to write arbitrary files to the host system. Public exploit code exists for this vulnerability, and malformed archives can trigger a denial of service that permanently wipes the database before crashing the application. The flaw affects Vikunja and the underlying Go platform, with no patch currently available.

Golang Denial Of Service Vikunja Suse
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-27624 HIGH POC PATCH This Week

Coturn TURN/STUN server contains an access control bypass that allows remote attackers to reach blocked internal addresses by exploiting IPv4-mapped IPv6 address handling in permission and channel binding requests. The vulnerability bypasses "denied-peer-ip" restrictions designed to block loopback ranges, enabling an attacker to interact with internal services that should be unreachable. Public exploit code exists for this flaw, and a patch is available in version 4.9.0 and later.

Authentication Bypass Coturn Suse
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-25927 HIGH POC This Week

Openemr versions up to 8.0.0 is affected by authorization bypass through user-controlled key (CVSS 7.1).

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-27692 HIGH POC PATCH This Week

iccDEV provides a set of libraries and tools for working with ICC color management profiles. [CVSS 7.1 HIGH]

Denial Of Service Iccdev
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-25930 MEDIUM POC PATCH This Month

Openemr versions up to 8.0.0 is affected by authorization bypass through user-controlled key (CVSS 6.5).

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-25929 MEDIUM POC PATCH This Month

Openemr versions up to 8.0.0 is affected by authorization bypass through user-controlled key (CVSS 6.5).

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-25220 MEDIUM POC PATCH This Month

OpenEMR versions prior to 8.0.0 allow any authenticated user to view all internal messages and notes from other users by exploiting insufficient authorization checks on the Message Center's `show_all` parameter. The vulnerability exists because the application does not verify administrator privileges before returning the complete message list, enabling unauthorized disclosure of sensitive medical communications. Public exploit code exists for this medium-severity information disclosure vulnerability.

PHP Openemr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-25127 MEDIUM POC PATCH This Month

OpenEMR versions prior to 8.0.0 fail to properly enforce permission checks, allowing authenticated users to access sensitive information belonging to other authorized users. The vulnerability requires valid credentials and network access but does not enable data modification or denial of service. Public exploit code exists and a patch is available in version 8.0.0 and later.

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-27598 MEDIUM POC PATCH This Month

Arbitrary file write in Dagu workflow engine up to version 1.16.7 allows authenticated users with DAG write permissions to place malicious YAML files anywhere on the filesystem due to insufficient name validation in the CreateNewDAG API endpoint. Since Dagu executes DAG files as shell commands, an attacker can achieve remote code execution by overwriting existing DAGs or configuration files. Public exploit code exists for this vulnerability, and a patch is available.

RCE Dagu Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-24487 MEDIUM POC PATCH This Month

OpenEMR versions prior to 8.0.0 contain an authorization bypass in the FHIR CareTeam endpoint that allows authenticated users with patient-scoped tokens to retrieve care team information for all patients rather than only their own, potentially exposing Protected Health Information across the entire system. The vulnerability exists because the service fails to enforce patient compartment filtering, and public exploit code is available. Security professionals should prioritize patching to version 8.0.0 or later to prevent unauthorized PHI disclosure.

Information Disclosure Openemr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-27015 MEDIUM POC PATCH This Month

Denial of service in FreeRDP prior to version 3.23.0 allows a malicious RDP server to crash the client application through a missing bounds check in smartcard packet handling. This vulnerability affects users who have explicitly enabled smartcard redirection, and public exploit code exists. The crash is triggered via assertion failure in builds with verbose assert checking enabled, which is the default configuration in FreeRDP 3.22.0.

Denial Of Service Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-25124 MEDIUM POC PATCH This Month

OpenEMR prior to version 8.0.0 allows low-privileged users to export sensitive patient and medical data through the message_list.php report functionality due to missing access controls. The vulnerability affects receptionists and similar roles who can bypass authorization checks to extract entire message databases containing confidential information. Public exploit code exists for this issue, though a patch is available in version 8.0.0 and later.

PHP CSRF Openemr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27611 MEDIUM POC PATCH GHSA This Month

FileBrowser Quantum versions prior to 1.1.3-stable and 1.2.6-beta expose a password bypass vulnerability in shared files, allowing unauthenticated recipients to download protected content by accessing the direct download link embedded in share details. An attacker possessing only the share link can retrieve files without providing the intended password, completely circumventing access controls. Public exploit code exists for this vulnerability, and patches are available in the patched versions.

Information Disclosure Filebrowser Quantum Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24896 MEDIUM POC PATCH This Month

OpenEMR versions before 8.0.0 contain an improper access control flaw in the edih_main.php endpoint that allows any authenticated user, including low-privilege accounts like Receptionists, to retrieve sensitive EDI log files by manipulating the log_select parameter. The vulnerability bypasses role-based access controls that should restrict access through the GUI, enabling unauthorized disclosure of system logs. Public exploit code exists for this issue, which is fixed in version 8.0.0.

PHP Openemr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27691 MEDIUM POC PATCH This Month

iccDEV provides a set of libraries and tools for working with ICC color management profiles. [CVSS 6.2 MEDIUM]

Integer Overflow Denial Of Service Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-24847 MEDIUM POC PATCH This Month

Openemr versions up to 8.0.0 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).

Open Redirect Openemr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-25736 MEDIUM POC PATCH This Month

Stored XSS in Rucio's WebUI Custom RSE Attribute field allows authenticated attackers to inject malicious JavaScript that persists in the backend and executes for any user viewing affected pages, potentially leading to session hijacking or unauthorized actions. Public exploit code exists for this vulnerability, which affects Rucio versions prior to 35.8.3, 38.5.4, and 39.3.1. No patch is currently available for all affected versions.

XSS Rucio
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-25735 MEDIUM POC PATCH This Month

Stored XSS in Rucio's WebUI Identity Name field allows authenticated attackers to inject malicious scripts that execute in users' browsers, enabling session hijacking or unauthorized actions. The vulnerability affects versions prior to 35.8.3, 38.5.4, and 39.3.1, and public exploit code exists. Administrators should upgrade immediately as no patch availability timeline has been announced for unpatched versions.

XSS Rucio
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-25734 MEDIUM POC PATCH This Month

Stored XSS in Rucio's WebUI RSE metadata allows authenticated attackers to inject malicious scripts that execute in users' browsers when viewing affected pages, potentially leading to session hijacking or unauthorized actions. The vulnerability affects Rucio versions prior to 35.8.3, 38.5.4, and 39.3.1, and public exploit code exists. A security update is available in the patched versions listed above.

XSS Rucio
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-27645 MEDIUM POC PATCH This Month

changedetection.io versions before 0.54.1 are vulnerable to reflected cross-site scripting (XSS) via the RSS endpoint, where user-supplied UUID parameters are rendered without HTML encoding in text/html responses, allowing attackers to execute arbitrary JavaScript in users' browsers. Public exploit code exists for this vulnerability. The issue affects Flask-based deployments and is resolved in version 0.54.1.

Flask Changedetection
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-27612 MEDIUM POC PATCH This Month

Reflected XSS in Repostat's RepoCard React component prior to version 1.0.1 allows attackers to execute arbitrary JavaScript in users' browsers when developers pass unsanitized input from URL parameters or other sources to the repo prop. The vulnerability stems from unsafe use of dangerouslySetInnerHTML without input validation, and public exploit code exists. Upgrading to version 1.0.1 or later eliminates the risk by removing dangerouslySetInnerHTML in favor of safe JSX data binding.

Github React XSS Repostat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-27116 MEDIUM POC This Month

Vikunja is an open-source self-hosted task management platform. [CVSS 6.1 MEDIUM]

XSS Vikunja Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-27577 CRITICAL PATCH Act Now

Additional expression evaluation exploits in n8n before 2.10.1/2.9.3/1.123.22. Fourth distinct code execution path through the expression engine. Patch available.

RCE Code Injection Command Injection Node.js N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-27495 CRITICAL PATCH Act Now

Code injection in n8n workflow automation before 2.10.1/2.9.3/1.123.22 allows authenticated users to execute arbitrary code by creating or editing workflows with malicious expressions. Third n8n RCE CVE in this release.

Code Injection RCE AI / ML N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-27494 CRITICAL PATCH Act Now

Python sandbox escape in n8n workflow automation before 2.10.1/2.9.3/1.123.22. Users who can modify workflows can escape the Python Code node sandbox for full host compromise on instances using internal Task Runners.

Python AI / ML N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-27595 CRITICAL PATCH Act Now

Unauthenticated arbitrary database read/write in Parse Dashboard's AI Agent endpoint (POST /apps/:appId/agent) lets remote attackers operate against any connected Parse Server using the master key. Affected builds span the 7.3.0-alpha.42 through 9.0.0-alpha.7 pre-releases, but only deployments that have explicitly enabled the opt-in agent feature are exposed. No public exploit identified at time of analysis, and EPSS is very low (0.04%), but the chained authentication/CSRF/authorization gaps make exploitation trivial where the feature is configured.

CSRF Parse Dashboard Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
9.9
EPSS
0.0%
CVE-2025-62878 CRITICAL PATCH Act Now

Path traversal in Kubernetes PersistentVolume creation via pathPattern parameter allows creating volumes in arbitrary host filesystem locations. CVSS 9.9 with scope change.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-27744 CRITICAL PATCH Act Now

Unauthenticated RCE in SPIP tickets plugin before 4.3.3 via code injection. Allows executing arbitrary PHP code without authentication. Patch available.

RCE Tickets
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-20129 CRITICAL Act Now

Authentication bypass in Cisco Catalyst SD-WAN Manager API allows unauthenticated remote access to the management platform. Separate vulnerability from the peering auth bypass (CVE-2026-20127).

Cisco Catalyst Sd Wan Manager
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-27613 CRITICAL PATCH Act Now

Unauthenticated command injection in TinyWeb HTTP/HTTPS server for Win32 before 2.01 allows remote attackers to execute arbitrary commands. Patch available.

PHP RCE Tinyweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25785 CRITICAL Act Now

Path traversal in Lanscope Endpoint Manager Sub-Manager Server version 9.4.7.3 and earlier allows access to files outside restricted directories on managed endpoints.

Path Traversal Lanscope Endpoint Manager
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2026-27849 CRITICAL Act Now

OS command injection via TLS-SRP update functionality. Third TLS-SRP injection CVE — command injection through the credential update mechanism.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-27848 CRITICAL Act Now

OS command injection via TLS-SRP handshake. Similar to CVE-2026-27847 but targeting command execution through the SRP authentication process.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-27847 CRITICAL Act Now

SQL injection via TLS-SRP handshake. Attacker can inject SQL through the SRP username field during TLS handshake, compromising any application using TLS-SRP authentication.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-69771 CRITICAL Act Now

Arbitrary file upload via subtitle loading in asbplayer v1.13.0 allows execution of malicious files through crafted subtitle files.

File Upload RCE Asbplayer
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-3135 MEDIUM POC This Month

SQL injection in itsourcecode News Portal Project 1.0 via the Category parameter in /admin/add-category.php allows unauthenticated remote attackers to manipulate database queries. Public exploit code is available for this vulnerability, and no patch has been released, leaving affected installations vulnerable to data exfiltration, modification, or deletion. The attack requires no user interaction and can be executed over the network with a CVSS score of 7.3.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3134 MEDIUM POC This Month

SQL injection in itsourcecode News Portal Project 1.0's category editing functionality allows unauthenticated remote attackers to manipulate the Category parameter and execute arbitrary SQL queries. Public exploit code is available for this vulnerability, increasing the likelihood of active exploitation. Currently, no patch is available to remediate this issue.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3133 MEDIUM POC This Month

SQL injection in itsourcecode Document Management System 1.0 login functionality allows unauthenticated remote attackers to manipulate the Username parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires only network access with no user interaction, enabling attackers to potentially read, modify, or delete sensitive data within the application.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3164 MEDIUM POC This Month

SQL injection in the News Portal Project 1.0 /admin/contactus.php endpoint allows unauthenticated remote attackers to manipulate the pagetitle parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could enable data theft, modification, or denial of service against affected installations.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3153 MEDIUM POC This Month

SQL injection in itsourcecode Document Management System 1.0 via the Username parameter in /register.php allows unauthenticated remote attackers to execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems face potential data theft, modification, and denial of service through successful exploitation.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3152 MEDIUM POC This Month

SQL injection in itsourcecode College Management System 1.0 via the teacher_id parameter in /admin/teacher-salary.php enables unauthenticated remote attackers to execute arbitrary database queries and manipulate sensitive payroll data. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects confidentiality, integrity, and availability of the system.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3151 MEDIUM POC This Month

SQL injection in itsourcecode College Management System 1.0's login functionality allows remote attackers to manipulate the email parameter and execute arbitrary SQL queries without authentication. Public exploit code exists for this vulnerability, enabling immediate attack capability against unpatched systems. The flaw permits data disclosure, modification, and potential service disruption with a CVSS score of 7.3.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3148 MEDIUM POC This Month

Simple And Nice Shopping Cart Script versions up to 1.0 contains a security vulnerability (CVSS 7.3).

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-67491 MEDIUM POC PATCH This Month

OpenEMR is a free and open source electronic health records and medical practice management application. Versions 5.0.0.5 through 7.0.3.4 have a stored cross-site scripting vulnerability in the ub04 helper of the billing interface. [CVSS 5.4 MEDIUM]

XSS Openemr
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-27621 MEDIUM POC PATCH This Month

Stored XSS in TypiCMS prior to version 16.1.7 allows authenticated users to upload malicious SVG files that execute JavaScript in administrators' browsers, compromising their sessions through unsanitized file content. Public exploit code exists for this vulnerability affecting Laravel-based TypiCMS installations. The flaw stems from insufficient validation of SVG file contents despite MIME type checks being present.

Laravel XSS Typicms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-21902 CRITICAL Act Now

Incorrect permission assignment on critical resources in Juniper Networks On-Box Anomaly detection framework. Allows unauthorized modification of anomaly detection configuration, potentially disabling security monitoring.

Juniper Information Disclosure
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.3%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy