Skip to main content
CVE-2026-20128 HIGH POC KEV THREAT Act Now

Privilege escalation in Cisco Catalyst SD-WAN Manager (versions prior to 20.18) enables authenticated local attackers with valid vmanage credentials to obtain Data Collection Agent (DCA) user privileges by reading an unprotected credential file from the filesystem. Confirmed actively exploited (CISA KEV) with publicly available exploit code despite low EPSS score (0.02%), indicating targeted attacks rather than widespread scanning. High-privileged initial access requirement (PR:H) and high attack complexity (AC:H) limit exploitability, but scope change (S:C) enables lateral movement to other SD-WAN systems.

Cisco Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
Threat
4.5
CVE-2026-22719 HIGH KEV PATCH THREAT Act Now

VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated remote attackers to execute arbitrary commands during support-assisted product migration. KEV-listed with patches available, this vulnerability targets the infrastructure monitoring platform that has visibility into the entire virtualized environment.

VMware Broadcom RCE Command Injection Aria Operations +3
NVD
CVSS 3.1
8.1
EPSS
7.4%
CVE-2026-27636 HIGH POC PATCH Act Now

Remote code execution in FreeScout prior to version 1.8.206 allows authenticated users to upload `.htaccess` files that bypass file upload restrictions, enabling arbitrary code execution on Apache servers with `AllowOverride All` enabled. Public exploit code exists for this vulnerability. The attack requires valid user credentials but affects all FreeScout installations using the vulnerable PHP Laravel framework configuration.

Apache PHP Laravel RCE Freescout
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-27606 HIGH POC PATCH This Week

Arbitrary file write via path traversal in the Rollup JavaScript module bundler lets an attacker who can influence build inputs write or overwrite files anywhere the build process can reach, escalating to persistent remote code execution by clobbering system or user configuration files. Affected are 4.x releases before 4.59.0 (and the 2.x/3.x lines before 2.80.0 and 3.30.0), where insecure output filename sanitization permits `../` traversal through CLI named inputs, manual chunk aliases, or malicious plugins. Publicly available exploit code exists (GitHub Security Advisory GHSA-mw96-cpmx-2vgc), though no public exploit is identified as active in-the-wild use; EPSS is modest at 0.62% (70th percentile).

RCE Path Traversal Rollup
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.6%
CVE-2026-27727 HIGH POC PATCH This Week

Remote code execution in mchange-commons-java prior to 0.4.0 allows an attacker to download and run arbitrary Java code by forcing an application to dereference a malicious javax.naming.Reference or serialized object that specifies a remote factoryClassLocation. The library ships its own legacy JNDI dereferencing implementation, so applications using it (notably the c3p0 connection pool) remain exploitable even on JDKs hardened with com.sun.jndi.ldap.object.trustURLCodebase=false. Publicly available exploit code exists (Mogwai Labs c3p0 research), though EPSS is low (0.10%, 27th percentile) and the issue is not listed in CISA KEV.

Java Mchange Commons Java Information Disclosure
NVD GitHub
CVSS 4.0
8.9
EPSS
0.1%
CVE-2026-3167 HIGH POC This Week

Unauthenticated attackers can trigger a buffer overflow in the Tenda F453 firmware via the webSiteId parameter in the /goform/webtypelibrary endpoint, enabling remote code execution with full system compromise. Public exploit code is available and actively deployed against affected devices. No patch has been released.

Buffer Overflow F453 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3169 HIGH POC This Week

Buffer overflow in Tenda F453 firmware httpd SafeEmailFilter function allows authenticated remote attackers to achieve complete system compromise through manipulation of the page parameter. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can execute arbitrary code with full system privileges (read, write, execute).

Buffer Overflow F453 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3168 HIGH POC This Week

Unauthenticated attackers can exploit a buffer overflow in the Tenda F453 firmware's NatStaticSetting endpoint to achieve remote code execution by manipulating the page parameter. Public exploit code is available and actively being leveraged in the wild. No patch is currently available, leaving affected devices vulnerable.

Buffer Overflow F453 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3166 HIGH POC This Week

Remote code execution in Tenda F453 firmware version 1.0.0.3 exists through a buffer overflow in the httpd component's RouteStatic function when processing the page parameter. An unauthenticated attacker on the network can exploit this vulnerability to execute arbitrary code with full system privileges. Public exploit code is available and no patch is currently available.

Buffer Overflow F453 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3165 HIGH POC This Week

Remote code execution in Tenda F453 firmware 1.0.0.3 through buffer overflow in the WiFi configuration handler allows authenticated attackers to execute arbitrary code with full system privileges. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects the httpd component's wireless settings function and can be exploited over the network by any authenticated user.

Buffer Overflow F453 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-26965 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 8.8 HIGH]

Buffer Overflow Freerdp Memory Corruption
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-26955 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 8.8 HIGH]

Buffer Overflow Freerdp Memory Corruption
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25131 HIGH POC PATCH This Week

OpenEMR versions prior to 8.0.0 contain a broken access control flaw in the order types management system that allows low-privilege users (such as receptionists) to create and modify procedure types without proper authorization. Public exploit code exists for this vulnerability, which has a CVSS score of 8.8 and could enable unauthorized users to manipulate critical medical procedure data. The vulnerability has been patched in version 8.0.0 and later.

PHP Openemr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-23627 HIGH POC PATCH This Week

SQL injection in OpenEMR's Immunization module prior to version 8.0.0 enables authenticated users to execute arbitrary database queries through unparameterized patient_id inputs. This allows attackers to exfiltrate protected health information, steal credentials, and potentially achieve remote code execution with complete database compromise. Public exploit code exists for this vulnerability; organizations should upgrade to version 8.0.0 immediately.

RCE SQLi Openemr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25746 HIGH POC PATCH This Week

SQL injection in OpenEMR versions before 8.0.0 allows authenticated users to execute arbitrary database queries through the prescription listing feature due to improper input validation. An attacker with valid credentials could exploit this to read, modify, or delete sensitive medical records and patient data. Public exploit code exists for this vulnerability; administrators should upgrade to version 8.0.0 immediately.

SQLi Openemr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-69231 HIGH POC PATCH This Week

OpenEMR is a free and open source electronic health records and medical practice management application. [CVSS 8.7 HIGH]

XSS Privilege Escalation Openemr
NVD GitHub
CVSS 3.1
8.7
EPSS
0.2%
CVE-2026-27696 HIGH POC PATCH This Week

changedetection.io is a free open source web page change detection tool. [CVSS 8.6 HIGH]

SSRF Changedetection
NVD GitHub
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-27627 HIGH POC PATCH This Week

Stored cross-site scripting in Karakeep 0.30.0 allows remote attackers to execute arbitrary JavaScript in users' browsers by injecting malicious HTML through the Reddit metascraper plugin, which bypasses sanitization that is applied to other content sources. The vulnerability exists because the Reddit plugin's HTML output is rendered directly via dangerouslySetInnerHTML without DOMPurify filtering, and public exploit code is available. Version 0.31.0 contains the patch.

XSS Karakeep
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-25164 HIGH POC PATCH This Week

OpenEMR versions prior to 8.0.0 fail to enforce API authorization checks on document and insurance endpoints, allowing any authenticated API client to read and modify all patient PHI regardless of assigned access controls. Public exploit code exists for this vulnerability, which affects healthcare organizations using OpenEMR's REST API. An attacker with valid API credentials can access sensitive medical records and insurance information across the entire patient database.

PHP Openemr
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-24890 HIGH POC PATCH This Week

OpenEMR versions prior to 8.0.0 contain an authorization bypass in the patient portal that allows authenticated users to forge provider signatures by uploading files with admin-signature type parameters for any provider. Public exploit code exists for this vulnerability, which could enable signature forgery on medical documents, creating legal and compliance risks. Upgrade to version 8.0.0 or later to remediate this high-severity flaw.

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-25136 HIGH POC PATCH This Week

Session hijacking in Rucio's WebUI error page allows unauthenticated attackers to steal user login tokens via reflected cross-site scripting in specially crafted URLs, affecting versions prior to 35.8.3, 38.5.4, and 39.3.1. Public exploit code exists for this vulnerability. Users should upgrade to patched versions immediately as no workarounds are available.

XSS Rucio
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-67752 HIGH POC PATCH This Week

OpenEMR is a free and open source electronic health records and medical practice management application. [CVSS 8.1 HIGH]

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-27615 HIGH POC This Week

Adb Explorer contains a vulnerability that allows attackers to set the binary's path to point to a remote network resource, hosted on an attack (CVSS 7.8).

Windows Adb Explorer
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25476 HIGH POC PATCH This Week

OpenEMR prior to version 8.0.0 fails to enforce session expiration when the skip_timeout_reset parameter is present in requests, allowing expired sessions to remain active indefinitely. An attacker with a stolen session cookie can exploit this by continuously sending the skip_timeout_reset parameter to maintain unauthorized access to sensitive health records without being logged out. Public exploit code exists for this vulnerability with a CVSS score of 7.5.

PHP Openemr
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-2416 HIGH POC This Week

Unauthenticated attackers can execute SQL injection attacks against WordPress sites running Geo Mashup plugin versions up to 1.13.17 by manipulating the 'sort' parameter, allowing unauthorized database access and extraction of sensitive information. The vulnerability stems from inadequate input validation and query preparation in the plugin code. No patch is currently available, leaving affected installations at risk until an update is released.

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-26986 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 7.5 HIGH]

Windows Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25942 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 7.5 HIGH]

Buffer Overflow Information Disclosure Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25954 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 7.5 HIGH]

Windows Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-50180 HIGH POC PATCH This Week

esm.sh is a no-build content delivery network (CDN) for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. [CVSS 7.5 HIGH]

SSRF Esm.Sh Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27730 HIGH POC PATCH This Week

esm.sh versions up to 137 contain an SSRF vulnerability in the `/http(s)` fetch route that allows remote attackers to bypass hostname validation through DNS alias domains and access internal localhost services. Public exploit code exists for this vulnerability, and no patches are currently available. This affects users of esm.sh CDN services and any applications relying on the affected versions.

DNS SSRF Esm.Sh Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25733 HIGH POC PATCH This Week

Stored XSS in Rucio's WebUI Custom Rules function allows authenticated attackers to inject malicious JavaScript that persists in the backend and executes when other users view affected pages, enabling session hijacking or unauthorized actions. Versions prior to 35.8.3, 38.5.4, and 39.3.1 are vulnerable, and public exploit code exists. Patches are available in the affected version branches.

XSS Rucio
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-27616 HIGH POC This Week

Stored cross-site scripting (XSS) in Vikunja prior to version 2.0.0 allows authenticated attackers to steal authentication tokens by uploading malicious SVG files containing JavaScript that executes when accessed directly. The vulnerability exists because the application fails to sanitize SVG content before storage and renders it inline under the application origin, enabling token theft from localStorage. Public exploit code exists for this vulnerability and no patch is currently available for affected versions.

File Upload XSS Vikunja Suse
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-27819 HIGH POC This Week

Vikunja before version 2.0.0 contains a path traversal vulnerability in its backup restoration function that fails to validate file paths in ZIP archives, allowing attackers with high privileges to write arbitrary files to the host system. Public exploit code exists for this vulnerability, and malformed archives can trigger a denial of service that permanently wipes the database before crashing the application. The flaw affects Vikunja and the underlying Go platform, with no patch currently available.

Golang Denial Of Service Vikunja Suse
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-27624 HIGH POC PATCH This Week

Coturn TURN/STUN server contains an access control bypass that allows remote attackers to reach blocked internal addresses by exploiting IPv4-mapped IPv6 address handling in permission and channel binding requests. The vulnerability bypasses "denied-peer-ip" restrictions designed to block loopback ranges, enabling an attacker to interact with internal services that should be unreachable. Public exploit code exists for this flaw, and a patch is available in version 4.9.0 and later.

Authentication Bypass Coturn Suse
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-25927 HIGH POC This Week

Openemr versions up to 8.0.0 is affected by authorization bypass through user-controlled key (CVSS 7.1).

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-27692 HIGH POC PATCH This Week

iccDEV provides a set of libraries and tools for working with ICC color management profiles. [CVSS 7.1 HIGH]

Denial Of Service Iccdev
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-27148 HIGH PATCH This Week

Cross-site WebSocket hijacking leading to persistent XSS and Remote Code Execution affects Storybook's dev server prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10. Because the dev server's story create/save WebSocket handlers fail to validate the connection origin and do not sanitize the componentFilePath field, a malicious website silently injects WebSocket messages into a developer's locally running instance to plant XSS or execute code; publicly exposed dev servers can be hit directly by any unauthenticated attacker. No public exploit identified at time of analysis, and EPSS is low at 0.17% (38th percentile), but the high CVSS 4.0 score of 8.9 and confirmed RCE impact make this a meaningful developer-workstation risk.

RCE XSS Storybook
NVD GitHub
CVSS 4.0
8.9
EPSS
0.2%
CVE-2026-27498 HIGH PATCH This Week

Remote code execution in n8n workflow automation platform allows authenticated users with workflow creation or modification permissions to execute arbitrary shell commands by chaining file write operations with git functions to manipulate configuration files. Versions prior to 2.2.0 and 1.123.8 are affected, and administrators should upgrade immediately or restrict workflow editing permissions to trusted users only.

RCE AI / ML N8n
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-1929 HIGH This Week

Remote code execution in Advanced Woo Labels plugin for WordPress through version 2.37 allows authenticated users with Contributor access or higher to execute arbitrary PHP functions and system commands via an unsanitized callback parameter in an AJAX handler. The vulnerability stems from improper use of call_user_func_array() without adequate input validation or capability restrictions. No patch is currently available for this high-severity flaw affecting WordPress environments.

WordPress PHP RCE
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-26984 HIGH This Week

Remote code execution in LORIS neuroimaging platform allows authenticated users with sufficient privileges to bypass path traversal protections and upload malicious files to arbitrary server locations. An attacker can leverage the uploaded file to achieve code execution on the underlying system, though read-only server configurations may prevent actual execution. The vulnerability affects versions prior to 26.0.5, 27.0.2, and 28.0.0, with no patch currently available.

RCE Path Traversal Loris
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-27745 HIGH PATCH This Week

Remote code execution in SPIP's interface_traduction_objets plugin prior to version 2.2.2 allows authenticated editors to execute arbitrary code by injecting malicious content into unfiltered form fields that bypass output protection mechanisms. The vulnerability exploits how underscore-prefixed fields circumvent SPIP's security filters and are processed through the template engine without sanitization. An attacker with editor-level privileges can leverage this to achieve full code execution within the web server context.

RCE Interface Traduction Objets
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-27497 HIGH PATCH This Week

Authenticated users with workflow modification permissions in n8n versions prior to 2.10.1, 2.9.3, and 1.123.22 can exploit the Merge node's SQL query mode to execute arbitrary code and write files on the server. This high-severity vulnerability (CVSS 8.8) affects the AI/ML and workflow automation platform, allowing attackers with legitimate access to achieve complete system compromise. No patch is currently available, and administrators should restrict workflow permissions or disable the Merge node as temporary mitigations.

RCE SQLi AI / ML N8n
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-20126 HIGH This Week

Catalyst Sd-Wan Manager contains a vulnerability that allows attackers to an authenticated, local attacker with low privileges to gain root privileges on (CVSS 8.8).

Cisco Catalyst Sd Wan Manager
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-27747 HIGH PATCH This Week

SQL injection in the SPIP interface_traduction_objets plugin before version 2.2.2 allows authenticated editors to execute arbitrary database queries through unsanitized input in translation request parameters. Attackers can exploit this to read, modify, or delete database contents, or cause denial of service. A patch is available and should be applied immediately to affected installations.

PHP SQLi Denial Of Service Interface Traduction Objets
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-28193 HIGH This Week

Authenticated users in JetBrains YouTrack versions prior to 2025.3.121962 can bypass authorization controls to access the app permissions endpoint, potentially allowing privilege escalation or unauthorized modification of application settings. This vulnerability requires valid login credentials but has no complexity requirements, enabling attackers with low-level access to gain high-impact capabilities including confidentiality and integrity violations. No patch is currently available.

Authentication Bypass Youtrack
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25554 HIGH This Week

JWT authentication bypass in OpenSIPS 3.1 through 3.6.3 lets remote attackers impersonate arbitrary identities by exploiting a SQL injection in the auth_jwt module's jwt_db_authorize() function. The flaw affects only deployments where the module runs with db_mode enabled against a SQL database backend; the tag claim is read from the JWT and placed into a SQL query before the token signature is verified, so no valid signing key is needed. EPSS is low (0.07%, 20th percentile) and there is no public exploit identified at time of analysis, but the auth-bypass impact makes it a meaningful risk for exposed VoIP infrastructure.

SQLi
NVD GitHub VulDB
CVSS 4.0
8.3
EPSS
0.1%
CVE-2026-27609 HIGH PATCH This Week

Cross-site request forgery in Parse Dashboard (versions 7.3.0-alpha.42 through 9.0.0-alpha.7) lets a remote attacker abuse the unprotected AI Agent endpoint (POST /apps/:appId/agent), which lacks CSRF protection and a session-bound token. By luring an authenticated dashboard operator to a malicious web page, the attacker forces agent requests to execute under the victim's session, driving state-changing operations against managed Parse Server apps. There is no public exploit identified at time of analysis, EPSS risk is negligible (0.02%), and the issue is fixed in 9.0.0-alpha.8.

CSRF Parse Dashboard
NVD GitHub VulDB
CVSS 4.0
8.3
EPSS
0.0%
CVE-2025-67601 HIGH PATCH This Week

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the -cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts. [CVSS 8.3 HIGH]

Authentication Bypass Rancher Suse
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-27700 HIGH PATCH This Week

Hono is a Web application framework that provides support for any JavaScript runtime. [CVSS 8.2 HIGH]

AWS Hono
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-3179 HIGH This Week

Arbitrary file write vulnerability in Data Master ADM versions 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.2.RE51 allows remote or man-in-the-middle attackers to bypass filename sanitization in FTP backup operations and place malicious files outside the intended directory. An attacker can exploit this path traversal flaw to overwrite critical system files and potentially execute code with elevated privileges. No patch is currently available, and exploitation requires moderate attack complexity but no user interaction.

RCE Privilege Escalation Path Traversal Data Master
NVD
CVSS 3.1
8.1
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy