Skip to main content
CVE-2026-27951 MEDIUM POC PATCH This Month

An integer overflow in FreeRDP's Stream_EnsureCapacity function prior to version 3.23.0 can trigger an endless blocking loop, causing denial of service on affected client and server implementations. This vulnerability primarily impacts 32-bit systems with sufficient physical memory and has public exploit code available. Administrators should upgrade to FreeRDP 3.23.0 or later to remediate this issue.

Integer Overflow Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-25138 MEDIUM POC PATCH This Month

Rucio's WebUI login endpoint prior to versions 35.8.3, 38.5.4, and 39.3.1 discloses whether usernames exist through differential error messages, enabling unauthenticated attackers to enumerate valid accounts. Public exploit code exists for this username enumeration vulnerability. The issue affects all unpatched Rucio installations and requires upgrading to the fixed versions.

Information Disclosure Rucio
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-3185 MEDIUM POC PATCH This Month

Authorization bypass in Sz Boot Parent up to version 1.3.2-beta allows unauthenticated remote attackers to access arbitrary messages through manipulation of the messageId parameter in the /api/admin/sys-message/ endpoint. Public exploit code exists for this vulnerability, enabling attackers to query messages beyond their authorization scope. Upgrade to version 1.3.3-beta or later to remediate, which implements message ownership verification.

Authentication Bypass Sz Boot Parent
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-27608 CRITICAL PATCH Act Now

Broken authorization in Parse Dashboard's AI Agent endpoint (POST /apps/:appId/agent) lets any authenticated user reach apps they are not scoped to and lets read-only users escalate to full read-write control. Present in versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the endpoint omits per-app authorization checks and hands read-only users the full master key, so an attacker can swap the app ID in the URL to act against other tenants and supply write permissions to perform write/delete operations. No public exploit is identified at time of analysis, and the EPSS probability is very low (0.03%), but it is trivially exploitable by any logged-in low-privilege user where the agent feature is enabled.

Authentication Bypass Parse Dashboard
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-3145 MEDIUM POC PATCH This Month

Memory corruption in libvips up to version 8.18.0 affects the matrix file loading functionality, allowing local attackers with user privileges to corrupt memory through crafted input files. Public exploit code is available for this vulnerability, and a patch has been released to remediate the issue.

Memory Corruption Libvips
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-0704 CRITICAL Act Now

Path traversal in Octopus Deploy allows removing files and file contents on the host through API manipulation. Enables data destruction on the deployment server.

Path Traversal Octopus Server
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-1242 CRITICAL Act Now

Hardcoded credentials extractable through API responses and mobile app reverse engineering in an enterprise application. Administrative credentials are exposed in multiple channels.

IoT
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-27493 CRITICAL PATCH Act Now

Second-order expression injection in n8n workflow automation before 2.10.1/2.9.3/1.123.22. Crafted workflow data triggers expression evaluation leading to code execution. Patch available.

RCE AI / ML N8n
NVD GitHub
CVSS 3.1
9.0
EPSS
0.2%
CVE-2025-68277 MEDIUM POC PATCH This Month

Openemr versions up to 7.0.4 is affected by user interface (ui) misrepresentation of critical information (CVSS 5.0).

Information Disclosure Openemr
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-27148 HIGH PATCH This Week

Cross-site WebSocket hijacking leading to persistent XSS and Remote Code Execution affects Storybook's dev server prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10. Because the dev server's story create/save WebSocket handlers fail to validate the connection origin and do not sanitize the componentFilePath field, a malicious website silently injects WebSocket messages into a developer's locally running instance to plant XSS or execute code; publicly exposed dev servers can be hit directly by any unauthenticated attacker. No public exploit identified at time of analysis, and EPSS is low at 0.17% (38th percentile), but the high CVSS 4.0 score of 8.9 and confirmed RCE impact make this a meaningful developer-workstation risk.

RCE XSS Storybook
NVD GitHub
CVSS 4.0
8.9
EPSS
0.2%
CVE-2026-27498 HIGH PATCH This Week

Remote code execution in n8n workflow automation platform allows authenticated users with workflow creation or modification permissions to execute arbitrary shell commands by chaining file write operations with git functions to manipulate configuration files. Versions prior to 2.2.0 and 1.123.8 are affected, and administrators should upgrade immediately or restrict workflow editing permissions to trusted users only.

RCE AI / ML N8n
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-25743 MEDIUM POC PATCH This Month

Stored XSS in OpenEMR prior to version 8.0.0 allows authenticated users with "Forms administration" role to inject malicious JavaScript into patient encounter forms, which executes when other users with the same role view the affected data. Public exploit code exists for this vulnerability. The issue is resolved in version 8.0.0.

XSS Openemr
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2026-1929 HIGH This Week

Remote code execution in Advanced Woo Labels plugin for WordPress through version 2.37 allows authenticated users with Contributor access or higher to execute arbitrary PHP functions and system commands via an unsanitized callback parameter in an AJAX handler. The vulnerability stems from improper use of call_user_func_array() without adequate input validation or capability restrictions. No patch is currently available for this high-severity flaw affecting WordPress environments.

WordPress PHP RCE
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-26984 HIGH This Week

Remote code execution in LORIS neuroimaging platform allows authenticated users with sufficient privileges to bypass path traversal protections and upload malicious files to arbitrary server locations. An attacker can leverage the uploaded file to achieve code execution on the underlying system, though read-only server configurations may prevent actual execution. The vulnerability affects versions prior to 26.0.5, 27.0.2, and 28.0.0, with no patch currently available.

RCE Path Traversal Loris
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-27745 HIGH PATCH This Week

Remote code execution in SPIP's interface_traduction_objets plugin prior to version 2.2.2 allows authenticated editors to execute arbitrary code by injecting malicious content into unfiltered form fields that bypass output protection mechanisms. The vulnerability exploits how underscore-prefixed fields circumvent SPIP's security filters and are processed through the template engine without sanitization. An attacker with editor-level privileges can leverage this to achieve full code execution within the web server context.

RCE Interface Traduction Objets
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-27497 HIGH PATCH This Week

Authenticated users with workflow modification permissions in n8n versions prior to 2.10.1, 2.9.3, and 1.123.22 can exploit the Merge node's SQL query mode to execute arbitrary code and write files on the server. This high-severity vulnerability (CVSS 8.8) affects the AI/ML and workflow automation platform, allowing attackers with legitimate access to achieve complete system compromise. No patch is currently available, and administrators should restrict workflow permissions or disable the Merge node as temporary mitigations.

RCE SQLi AI / ML N8n
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-20126 HIGH This Week

Catalyst Sd-Wan Manager contains a vulnerability that allows attackers to an authenticated, local attacker with low privileges to gain root privileges on (CVSS 8.8).

Cisco Catalyst Sd Wan Manager
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-27747 HIGH PATCH This Week

SQL injection in the SPIP interface_traduction_objets plugin before version 2.2.2 allows authenticated editors to execute arbitrary database queries through unsanitized input in translation request parameters. Attackers can exploit this to read, modify, or delete database contents, or cause denial of service. A patch is available and should be applied immediately to affected installations.

PHP SQLi Denial Of Service Interface Traduction Objets
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-28193 HIGH This Week

Authenticated users in JetBrains YouTrack versions prior to 2025.3.121962 can bypass authorization controls to access the app permissions endpoint, potentially allowing privilege escalation or unauthorized modification of application settings. This vulnerability requires valid login credentials but has no complexity requirements, enabling attackers with low-level access to gain high-impact capabilities including confidentiality and integrity violations. No patch is currently available.

Authentication Bypass Youtrack
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3201 MEDIUM POC PATCH This Month

Wireshark 4.6.0-4.6.3 and 4.4.0-4.4.13 can be crashed through memory exhaustion in the USB HID protocol dissector when processing malformed packets. A local attacker with the ability to trigger packet analysis can cause a denial of service condition, and public exploit code exists for this vulnerability. No patch is currently available.

Denial Of Service Wireshark Red Hat Suse
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-25941 MEDIUM POC PATCH This Month

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 4.3 MEDIUM]

Denial Of Service Information Disclosure Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-25554 HIGH This Week

JWT authentication bypass in OpenSIPS 3.1 through 3.6.3 lets remote attackers impersonate arbitrary identities by exploiting a SQL injection in the auth_jwt module's jwt_db_authorize() function. The flaw affects only deployments where the module runs with db_mode enabled against a SQL database backend; the tag claim is read from the JWT and placed into a SQL query before the token signature is verified, so no valid signing key is needed. EPSS is low (0.07%, 20th percentile) and there is no public exploit identified at time of analysis, but the auth-bypass impact makes it a meaningful risk for exposed VoIP infrastructure.

SQLi
NVD GitHub VulDB
CVSS 4.0
8.3
EPSS
0.1%
CVE-2026-27609 HIGH PATCH This Week

Cross-site request forgery in Parse Dashboard (versions 7.3.0-alpha.42 through 9.0.0-alpha.7) lets a remote attacker abuse the unprotected AI Agent endpoint (POST /apps/:appId/agent), which lacks CSRF protection and a session-bound token. By luring an authenticated dashboard operator to a malicious web page, the attacker forces agent requests to execute under the victim's session, driving state-changing operations against managed Parse Server apps. There is no public exploit identified at time of analysis, EPSS risk is negligible (0.02%), and the issue is fixed in 9.0.0-alpha.8.

CSRF Parse Dashboard
NVD GitHub VulDB
CVSS 4.0
8.3
EPSS
0.0%
CVE-2025-67601 HIGH PATCH This Week

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the -cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts. [CVSS 8.3 HIGH]

Authentication Bypass Rancher Suse
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-27700 HIGH PATCH This Week

Hono is a Web application framework that provides support for any JavaScript runtime. [CVSS 8.2 HIGH]

AWS Hono
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-3179 HIGH This Week

Arbitrary file write vulnerability in Data Master ADM versions 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.2.RE51 allows remote or man-in-the-middle attackers to bypass filename sanitization in FTP backup operations and place malicious files outside the intended directory. An attacker can exploit this path traversal flaw to overwrite critical system files and potentially execute code with elevated privileges. No patch is currently available, and exploitation requires moderate attack complexity but no user interaction.

RCE Privilege Escalation Path Traversal Data Master
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2026-27607 HIGH PATCH This Week

Insufficient input validation in RustFS versions 1.0.0-alpha.56 through 1.0.0-alpha.82 allows authenticated attackers to circumvent presigned POST upload policy restrictions, bypassing content-length-range, starts-with, and Content-Type controls. An attacker can exploit this to upload oversized files, write to arbitrary object keys, and spoof file types, resulting in storage exhaustion and potential unauthorized data access.

Code Injection Rustfs
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-3172 HIGH POC PATCH This Week

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 versions up to 0.8.1 is affected by integer underflow (CVSS 8.1).

Buffer Overflow Denial Of Service AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-26985 HIGH This Week

Authenticated users in LORIS 24.0.0 through 28.0.0 can exploit a path traversal vulnerability to read arbitrary configuration files containing hardcoded database and service credentials. An attacker with valid application access and appropriate permissions can leverage publicly available source code to easily craft requests that expose these sensitive files, potentially enabling lateral movement to backend systems. No patch is currently available for affected versions.

Path Traversal Loris
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-0752 HIGH This Week

GitLab CE/EE versions 16.2 through 18.9.0 are vulnerable to cross-site scripting (XSS) in the Mermaid sandbox UI, allowing unauthenticated attackers to inject arbitrary scripts under specific conditions. The vulnerability affects multiple release branches and currently has no available patch, requiring users to upgrade to patched versions 18.7.5, 18.8.5, or 18.9.1 and later. An attacker could exploit this to perform malicious actions in the context of other users' sessions, potentially compromising sensitive data or account security.

Gitlab
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-22720 HIGH PATCH This Week

Stored XSS in VMware Aria Operations allows authenticated users with benchmark creation privileges to inject malicious scripts and execute arbitrary administrative actions within the platform. This vulnerability affects VMware, Broadcom, and Telco Cloud Infrastructure products with a CVSS score of 8.0, requiring user interaction to trigger the attack. Patches are available through VMSA-2026-0001.

VMware Broadcom XSS Telco Cloud Infrastructure Telco Cloud Platform +2
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-2914 HIGH This Week

Unauthorized privilege escalation in CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and earlier allows local authenticated users to elevate privileges by exploiting flaws in the elevation dialog mechanism. An attacker with local access and valid credentials could bypass privilege controls to gain elevated system access. No patch is currently available for this high-severity vulnerability (CVSS 7.8).

Privilege Escalation Endpoint Privilege Manager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20048 HIGH This Week

Improper SNMP request parsing in Cisco Nexus 9000 Series switches running ACI mode allows authenticated remote attackers to trigger kernel panics and device reloads by sending specially crafted queries to specific MIBs. An attacker with valid SNMP read-only community credentials can exploit this vulnerability across SNMP versions 1, 2c, and 3 to achieve denial of service. No patch is currently available for this vulnerability.

Cisco Linux SNMP Denial Of Service
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2026-27706 HIGH This Week

Plane versions before 1.2.2 contain a server-side request forgery vulnerability in the "Add Link" feature that allows authenticated users to send arbitrary GET requests to internal networks and retrieve full response bodies. An attacker with basic user privileges can exploit this to steal sensitive data from internal services and cloud metadata endpoints. No patch is currently available.

SSRF Plane
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-1916 HIGH This Week

Unauthenticated attackers can forge authentication tokens in the WPGSI: Spreadsheet Integration plugin for WordPress (versions up to 3.8.3) due to missing capability checks and weak token validation that relies only on Base64-encoded, unsigned user data. This allows remote attackers to create, modify, and delete arbitrary WordPress posts and pages without authentication. No patch is currently available.

WordPress
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27950 HIGH PATCH This Week

FreeRDP versions prior to 3.23.0 contain an incomplete fix for a heap-use-after-free vulnerability that affects only the SDL2 code path, where freed memory pointers are not properly nulled, allowing an unauthenticated attacker to trigger a denial of service condition. Users running FreeRDP with SDL2 backends remain vulnerable despite the advisory claiming the issue was resolved. Upgrade to version 3.23.0 or later to obtain the complete fix.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27704 HIGH This Week

The Dart and Flutter SDKs provide software development kits for the Dart programming language. [CVSS 7.5 HIGH]

Path Traversal Flutter Dart Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-14511 HIGH This Week

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted files to the container registry event endpoint under certain conditions. [CVSS 7.5 HIGH]

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27628 HIGH PATCH This Week

Pypdf versions up to 6.7.2 is affected by loop with unreachable exit condition (infinite loop) (CVSS 7.5).

Python Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-1388 HIGH This Week

Gitlab versions up to 18.7.5 is affected by inefficient regular expression complexity (redos) (CVSS 7.5).

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-1662 HIGH This Week

Gitlab versions up to 18.7.5 is affected by allocation of resources without limits or throttling (CVSS 7.5).

Gitlab Jira Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27850 HIGH This Week

Misconfigured firewall rules in Meraki MR9600 (1.0.4.205530) and MX4200 (1.0.13.210200) routers accept WAN connections on source port 5222, allowing unauthenticated remote attackers to access services normally restricted to the local network. An attacker can leverage this to gain unauthorized access to sensitive internal services and information. No patch is currently available to remediate this vulnerability.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27640 HIGH This Week

tfplan2md versions before 1.26.1 fail to properly mask sensitive values in Terraform plan reports across multiple rendering paths, causing credentials and other confidential data to be exposed in plaintext markdown output instead of being redacted. Administrators and developers using affected versions to generate infrastructure reports may inadvertently expose secrets to unauthorized parties with access to the generated documentation. No patch is currently available for this high-severity information disclosure vulnerability affecting Azure and Terraform workflows.

Azure Tfplan2md
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22866 HIGH MAL This Week

Improper RSA signature validation in Ethereum Name Service (ENS) versions 1.6.2 and earlier allows attackers to forge DNS signatures for domains under .cc and .name TLDs, enabling unauthorized domain claims on ENS without actual DNS ownership. The vulnerability exploits Bleichenbacher's 2006 attack against RSA keys with low public exponents (e=3), which are used by these two TLDs' Key Signing Keys. No patch is currently available, leaving affected domains vulnerable to takeover attacks.

Information Disclosure Ethereum Name Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-20051 HIGH This Week

Cisco Nexus 3600 and 9500-R switches are vulnerable to Layer 2 traffic loops when processing maliciously crafted EVPN frames, allowing unauthenticated adjacent attackers to trigger a denial of service condition by overwhelming network bandwidth. An attacker can exploit this logic error in Layer 2 ingress packet processing by sending crafted Ethernet frames, causing VxLAN traffic loops that drop all data plane traffic. No patch is currently available for this vulnerability.

Cisco Denial Of Service
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-20033 HIGH This Week

Cisco Nexus 9000 Series Fabric Switches in ACI mode contains a vulnerability that allows attackers to cause the device to reload unexpectedly, resulting in a DoS condition (CVSS 7.4).

Cisco Denial Of Service
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-20010 HIGH This Week

Cisco NX-OS devices can be forced to reload through a crafted LLDP packet sent by an adjacent, unauthenticated attacker, causing a denial of service condition. The vulnerability stems from improper frame field validation in the LLDP process, exploitable only from directly connected network segments. No patch is currently available for affected systems.

Cisco Denial Of Service
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-3146 LOW POC PATCH Monitor

A vulnerability has been found in libvips up to 8.18.0. The impacted element is the function vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. [CVSS 3.3 LOW]

Null Pointer Dereference Libvips
NVD VulDB GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-26103 HIGH PATCH This Week

Improper authorization in the udisks D-Bus API allows local unprivileged users to manipulate LUKS encryption headers on block devices with root privileges, potentially destroying encryption keys and rendering volumes inaccessible. An attacker with local access can exploit this to cause permanent data loss through denial-of-service. No patch is currently available for this vulnerability.

Authentication Bypass Enterprise Linux Udisks
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-27610 HIGH PATCH This Week

Privilege escalation via cache key collision in Parse Dashboard (npm parse-dashboard) versions 7.3.0-alpha.42 through 9.0.0-alpha.7 allows an authenticated read-only user to obtain the full master key. The flaw lives in ConfigKeyCache, which reuses one cache entry for both the master key and the read-only master key when those keys are function-typed; under a timing race a read-only session can read back the cached full master key (or a regular user the read-only key). Exploitation requires an authenticated dashboard session and a non-default configuration (function-typed keys plus the agent block); no public exploit identified at time of analysis and EPSS is low (0.05%), but the GitHub Security Advisory and patch commit confirm the issue.

Information Disclosure Parse Dashboard
NVD GitHub VulDB
CVSS 4.0
7.0
EPSS
0.1%
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy