Skip to main content
CVE-2026-20127 CRITICAL POC KEV THREAT CERT-EU Emergency

Cisco Catalyst SD-WAN Controller and Manager contain a critical authentication bypass (CVE-2026-20127, CVSS 10.0) in the peering authentication mechanism that allows unauthenticated remote attackers to obtain full administrative privileges. The vulnerability exists because peering authentication does not properly validate credentials, enabling any attacker with network access to take over the SD-WAN management plane and control the entire WAN fabric.

Cisco Authentication Bypass Sd Wan Vsmart Controller Catalyst Sd Wan Manager
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
2.6%
Threat
7.1
CVE-2026-27597 CRITICAL POC PATCH GHSA Act Now

Sandbox escape in Enclave JavaScript sandbox before 2.11.1. Enclave is designed for safe AI agent code execution — the escape allows agents to execute arbitrary code outside the sandbox. CVSS 10.0, PoC and patch available.

RCE AI / ML Enclave
NVD GitHub
CVSS 3.1
10.0
EPSS
0.5%
CVE-2026-27728 CRITICAL POC PATCH Act Now

OS command injection in OneUptime monitoring platform before 10.0.7. Authenticated users can execute arbitrary commands on the monitoring server. PoC and patch available.

Command Injection Oneuptime
NVD GitHub
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-27626 CRITICAL POC PATCH Act Now

OS command injection in OliveTin web shell interface through version 3000.10.0. OliveTin provides web-based access to predefined shell commands — the injection allows executing arbitrary commands beyond the whitelist. PoC available.

RCE Command Injection Olivetin Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-27702 CRITICAL POC PATCH Act Now

Unauthorized data access in Budibase low-code platform before 3.30.4 allows unauthenticated users to manipulate internal state. PoC and patch available.

AWS Budibase
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-24849 CRITICAL POC PATCH Act Now

Path traversal in OpenEMR electronic health records before fix allows authenticated users to read arbitrary files on the server, potentially exposing patient health data. PoC and patch available.

PHP Openemr
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-24908 CRITICAL POC PATCH Act Now

SQL injection in OpenEMR electronic health records before fix. Authenticated users can execute arbitrary SQL through the medical records system. PoC and patch available.

SQLi Openemr
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-27637 CRITICAL POC PATCH Act Now

Predictable password reset tokens in FreeScout help desk before 1.8.206. Weak random number generation allows attackers to predict reset tokens and take over accounts. PoC and patch available.

Laravel Freescout
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-27743 CRITICAL POC PATCH Act Now

Unauthenticated SQL injection in SPIP referer_spam plugin before 1.3.0 via the referrer tracking functionality. PoC and patch available.

SQLi Referer Spam
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-27641 CRITICAL POC PATCH Act Now

Path traversal and extension bypass in Flask-Reuploaded file upload library. Allows uploading files with arbitrary extensions to arbitrary directories. PoC and patch available.

Flask RCE Path Traversal Flask Reuploaded
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2624 CRITICAL POC Act Now

Missing authentication for critical functions in ePati Antikor Next Generation firewall. Unauthenticated remote access to firewall management capabilities.

Authentication Bypass Antikor Next Generation Firewall
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25997 CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_clipboard_format_equal before 3.23.0. Clipboard format comparison uses freed memory. Fifth FreeRDP UAF. PoC and patch available.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25953 CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_AppUpdateWindowFromSurface before 3.23.0. Surface-to-window update triggers memory corruption. PoC and patch available.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25952 CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_SetWindowMinMaxInfo before version 3.23.0. X11 client window management triggers memory corruption. PoC and patch available.

Windows Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25959 CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_cliprdr_provide_data clipboard handling before 3.23.0. Clipboard data exchange triggers memory corruption. PoC and patch available.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25955 CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_AppUpdateWindowFromSurface before 3.23.0. Different code path from CVE-2026-25953. PoC and patch available.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-27614 CRITICAL POC PATCH Act Now

Stored XSS in Bugsink error tracking tool before 2.0.13 allows unauthenticated attackers to inject persistent scripts through error event submissions. PoC and patch available.

Ruby Bugsink
NVD GitHub
CVSS 3.1
9.3
EPSS
0.1%
CVE-2026-27699 CRITICAL POC PATCH Act Now

Path traversal in basic-ftp Node.js FTP client library before 5.2.0 allows malicious FTP servers to write files outside the intended download directory. PoC and patch available.

Node.js Path Traversal Basic Ftp Red Hat Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-27575 CRITICAL POC Act Now

Weak password policy in Vikunja task management before 2.0.0 allows users to set trivially guessable passwords. PoC available.

Information Disclosure Vikunja Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-27822 CRITICAL POC PATCH Act Now

Stored XSS in RustFS distributed object storage system before 1.0.0-alpha.83. Malicious JavaScript persists in stored objects and executes when accessed. PoC available.

XSS Rustfs
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-27577 CRITICAL PATCH Act Now

Additional expression evaluation exploits in n8n before 2.10.1/2.9.3/1.123.22. Fourth distinct code execution path through the expression engine. Patch available.

RCE Code Injection Command Injection Node.js N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-27495 CRITICAL PATCH Act Now

Code injection in n8n workflow automation before 2.10.1/2.9.3/1.123.22 allows authenticated users to execute arbitrary code by creating or editing workflows with malicious expressions. Third n8n RCE CVE in this release.

Code Injection RCE AI / ML N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-27494 CRITICAL PATCH Act Now

Python sandbox escape in n8n workflow automation before 2.10.1/2.9.3/1.123.22. Users who can modify workflows can escape the Python Code node sandbox for full host compromise on instances using internal Task Runners.

Python AI / ML N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-27595 CRITICAL PATCH Act Now

Unauthenticated arbitrary database read/write in Parse Dashboard's AI Agent endpoint (POST /apps/:appId/agent) lets remote attackers operate against any connected Parse Server using the master key. Affected builds span the 7.3.0-alpha.42 through 9.0.0-alpha.7 pre-releases, but only deployments that have explicitly enabled the opt-in agent feature are exposed. No public exploit identified at time of analysis, and EPSS is very low (0.04%), but the chained authentication/CSRF/authorization gaps make exploitation trivial where the feature is configured.

CSRF Parse Dashboard Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
9.9
EPSS
0.0%
CVE-2025-62878 CRITICAL PATCH Act Now

Path traversal in Kubernetes PersistentVolume creation via pathPattern parameter allows creating volumes in arbitrary host filesystem locations. CVSS 9.9 with scope change.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-27744 CRITICAL PATCH Act Now

Unauthenticated RCE in SPIP tickets plugin before 4.3.3 via code injection. Allows executing arbitrary PHP code without authentication. Patch available.

RCE Tickets
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-20129 CRITICAL Act Now

Authentication bypass in Cisco Catalyst SD-WAN Manager API allows unauthenticated remote access to the management platform. Separate vulnerability from the peering auth bypass (CVE-2026-20127).

Cisco Catalyst Sd Wan Manager
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-27613 CRITICAL PATCH Act Now

Unauthenticated command injection in TinyWeb HTTP/HTTPS server for Win32 before 2.01 allows remote attackers to execute arbitrary commands. Patch available.

PHP RCE Tinyweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25785 CRITICAL Act Now

Path traversal in Lanscope Endpoint Manager Sub-Manager Server version 9.4.7.3 and earlier allows access to files outside restricted directories on managed endpoints.

Path Traversal Lanscope Endpoint Manager
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2026-27849 CRITICAL Act Now

OS command injection via TLS-SRP update functionality. Third TLS-SRP injection CVE — command injection through the credential update mechanism.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-27848 CRITICAL Act Now

OS command injection via TLS-SRP handshake. Similar to CVE-2026-27847 but targeting command execution through the SRP authentication process.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-27847 CRITICAL Act Now

SQL injection via TLS-SRP handshake. Attacker can inject SQL through the SRP username field during TLS handshake, compromising any application using TLS-SRP authentication.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-69771 CRITICAL Act Now

Arbitrary file upload via subtitle loading in asbplayer v1.13.0 allows execution of malicious files through crafted subtitle files.

File Upload RCE Asbplayer
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-21902 CRITICAL Act Now

Incorrect permission assignment on critical resources in Juniper Networks On-Box Anomaly detection framework. Allows unauthorized modification of anomaly detection configuration, potentially disabling security monitoring.

Juniper Information Disclosure
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.3%
CVE-2026-27608 CRITICAL PATCH Act Now

Broken authorization in Parse Dashboard's AI Agent endpoint (POST /apps/:appId/agent) lets any authenticated user reach apps they are not scoped to and lets read-only users escalate to full read-write control. Present in versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the endpoint omits per-app authorization checks and hands read-only users the full master key, so an attacker can swap the app ID in the URL to act against other tenants and supply write permissions to perform write/delete operations. No public exploit is identified at time of analysis, and the EPSS probability is very low (0.03%), but it is trivially exploitable by any logged-in low-privilege user where the agent feature is enabled.

Authentication Bypass Parse Dashboard
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-0704 CRITICAL Act Now

Path traversal in Octopus Deploy allows removing files and file contents on the host through API manipulation. Enables data destruction on the deployment server.

Path Traversal Octopus Server
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-1242 CRITICAL Act Now

Hardcoded credentials extractable through API responses and mobile app reverse engineering in an enterprise application. Administrative credentials are exposed in multiple channels.

IoT
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-27493 CRITICAL PATCH Act Now

Second-order expression injection in n8n workflow automation before 2.10.1/2.9.3/1.123.22. Crafted workflow data triggers expression evaluation leading to code execution. Patch available.

RCE AI / ML N8n
NVD GitHub
CVSS 3.1
9.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy