Skip to main content
CVE-2026-27952 HIGH POC PATCH This Week

Arbitrary code execution in Agenta-API prior to version 0.48.1 allows authenticated users to escape the RestrictedPython sandbox through unsafe whitelisting of the numpy package, enabling execution of arbitrary system commands on the API server. The vulnerability leverages numpy.ma.core.inspect to access Python introspection utilities and bypass sandbox restrictions. Public exploit code exists for this vulnerability, and no patch is currently available.

Python AI / ML Agenta
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-27976 HIGH POC This Week

Zed, a code editor, has an extension installer allows tar/gzip downloads. [CVSS 8.8 HIGH]

RCE Zed
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-28274 HIGH POC This Week

Stored XSS in Initiative project management platform versions before 0.32.4 allows authenticated users with upload permissions to execute arbitrary JavaScript by uploading malicious HTML files that are served without sandboxing under the application's origin. An attacker can exploit this to steal authentication tokens, session cookies, and other sensitive data from other users, or trick them into executing malicious scripts by sharing direct file links. Public exploit code exists and no patch is currently available.

XSS Initiative
NVD GitHub
CVSS 3.1
8.7
EPSS
0.1%
CVE-2026-27509 HIGH POC This Week

Unitree Go2 robots running firmware versions V1.1.7-V1.1.9 and V1.1.11 (EDU) lack authentication controls on the DDS actuator API, allowing network-adjacent attackers to inject and execute arbitrary Python code as root by publishing a crafted message. Public exploit code exists for this vulnerability, which enables persistent code execution through controller keybindings that survive reboots. No patch is currently available.

Python Authentication Bypass
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-28216 HIGH POC This Week

Hoppscotch prior to version 2026.2.0 contains authorization bypass vulnerabilities in its environment management APIs that allow any authenticated user to read, modify, or delete other users' environments without ownership validation. The affected mutations lack proper user identity verification, enabling attackers to access stored API keys, authentication tokens, and secrets contained within targeted environments. Public exploit code exists for this vulnerability and no patch is currently available.

Information Disclosure Hoppscotch
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-28275 HIGH POC This Week

Initiative project management platform versions before 0.32.4 fail to revoke JWT tokens when users change their passwords, allowing authenticated attackers with knowledge of old credentials to maintain API access through unexpired tokens. An attacker can exploit this to access protected endpoints and sensitive project data even after legitimate password changes. Public exploit code exists for this vulnerability.

Information Disclosure Initiative
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-27821 HIGH POC PATCH This Week

Stack buffer overflow in GPAC's NHML file parser (versions up to 26.02.0) allows local attackers to achieve code execution by crafting malicious XML files with oversized xmlHeaderEnd attributes that bypass length validation. The vulnerability stems from unsafe use of strcpy() in src/filters/dmx_nhml.c and affects systems processing untrusted NHML files. Public exploit code exists for this vulnerability, though a patch is available.

Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-26682 HIGH POC This Week

Fastcms versions prior to 0.1.6 contain a code injection vulnerability in the PluginController component that allows local attackers with user-level privileges to execute arbitrary code with full system compromise. Public exploit code exists for this vulnerability, and no patch is currently available. Java environments running affected Fastcms instances are at risk of privilege escalation and complete system takeover.

Java Fastcms
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-1557 HIGH POC This Week

Unauthenticated attackers can exploit a path traversal vulnerability in WP Responsive Images plugin for WordPress (all versions up to 1.0) through the 'src' parameter to read arbitrary files from the server. This allows unauthorized access to sensitive information stored on affected WordPress installations. No patch is currently available.

WordPress Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27959 HIGH POC PATCH This Week

Host header injection in Koa's ctx.hostname API (versions prior to 2.16.4 and 3.1.2) allows remote attackers to inject arbitrary hostnames through malformed Host headers containing @ symbols, affecting applications that use this API for security-sensitive operations like URL generation, password reset links, and email verification. Public exploit code exists for this vulnerability. Applications relying on ctx.hostname for routing decisions or generating user-facing URLs are at risk of credential theft, account compromise, and phishing attacks.

Node.js Koa Code Injection
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27635 HIGH POC This Week

Remote code execution in Manyfold prior to version 0.133.0 allows authenticated users to execute arbitrary commands by uploading a ZIP archive with specially crafted filenames containing shell metacharacters that are passed unsanitized to Ruby backtick execution. The vulnerability affects the model render generation feature and requires an attacker to be logged in, with public exploit code currently available. A patch is available in version 0.133.0 and later.

Ruby RCE Manyfold
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27903 HIGH POC PATCH This Week

Minimatch versions before 3.1.3 through 10.2.3 suffer from catastrophic backtracking in glob pattern matching when processing multiple GLOBSTAR segments, allowing attackers who control glob patterns to trigger exponential time complexity and cause denial of service. Public exploit code exists for this vulnerability, and affected Node.js applications using vulnerable Minimatch versions are at immediate risk. No patch is currently available, requiring users to upgrade to patched versions or implement input validation as a mitigation.

Node.js Minimatch Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27904 HIGH POC PATCH This Week

Minimatch versions prior to 10.2.3 (and earlier affected versions) suffer from ReDoS vulnerabilities in nested extglob patterns that generate regexps with catastrophic backtracking, allowing remote attackers to cause denial of service with minimal input. A 12-byte glob pattern like `*(*(*(a|b)))` combined with an 18-byte non-matching string can hang the application for 7+ seconds, with larger patterns stalling for minutes. Public exploit code exists and no patch is currently available, making this a critical risk for any application using the default minimatch API.

Denial Of Service Minimatch Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27800 HIGH POC This Week

Zed code editor versions prior to 0.224.4 contain a path traversal vulnerability in ZIP extraction that fails to sanitize malicious filenames, allowing attackers to write files outside the intended sandbox directory through crafted extension archives. Public exploit code exists for this vulnerability. An attacker can exploit this by distributing a malicious extension that, when installed, deposits files in arbitrary locations on the affected system.

Path Traversal Zed
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-27638 HIGH POC PATCH This Week

Actual personal finance application prior to version 26.2.1 fails to enforce access controls on multi-user sync API endpoints, allowing any authenticated user to read, modify, or overwrite other users' budget files. Public exploit code exists for this vulnerability. Update to version 26.2.1 or later to remediate.

Authentication Bypass Actual
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-27967 HIGH POC This Week

Zed code editor versions before 0.225.9 fail to properly validate symbolic links in Agent file tools, allowing attackers to read and write arbitrary files outside the project directory and bypass workspace boundary protections. This vulnerability can expose sensitive user data to language models and leak private files despite configured exclusions. Public exploit code exists and no patch is currently available.

Path Traversal AI / ML Zed
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-27830 HIGH PATCH This Week

Remote code execution in c3p0 (a Java JDBC connection-pooling library) before v0.12.0 allows an attacker who can set the `userOverridesAsString` property of a `ConnectionPoolDataSource` - or inject a crafted serialized object or `javax.naming.Reference` - to load and run arbitrary code on the application's CLASSPATH. The flaw stems from storing this writable Java-Bean property as a hex-encoded Java-serialized object, and is amplified by its dependency mchange-commons-java, which mirrored legacy JNDI behavior with ungated support for remote `factoryClassLocation` values, enabling download and execution of attacker-hosted classes. EPSS is low (0.15%) and there is no public exploit identified at time of analysis, though deserialization/JNDI gadget techniques against this library are publicly documented.

Java Deserialization Code Injection RCE
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.1%
CVE-2026-1565 HIGH This Week

Arbitrary file upload in User Frontend plugin for WordPress (versions up to 4.2.8) allows authenticated users with Author-level privileges to bypass file type validation and upload malicious files to the server. This can lead to remote code execution if an attacker uploads executable files to web-accessible directories. The vulnerability remains unpatched and affects all versions through 4.2.8.

WordPress RCE
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-1311 HIGH This Week

Remote code execution in WordPress Worry Proof Backup plugin through path traversal in the backup upload feature allows authenticated users with Subscriber privileges or higher to write arbitrary files, including PHP executables, to the server by uploading specially crafted ZIP archives. The vulnerability affects all versions up to 0.2.4 and currently has no available patch, enabling attackers to achieve full server compromise.

WordPress PHP RCE Path Traversal
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-22206 HIGH This Week

SQL injection in SPIP prior to 4.4.10 enables authenticated users with low privileges to execute arbitrary SQL commands and achieve remote code execution through union-based injection combined with PHP tag processing. The vulnerability affects SPIP and PHP environments, requiring only network access and valid credentials to exploit. No patch is currently available, presenting significant risk to production SPIP installations.

PHP RCE SQLi Spip
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-27899 HIGH PATCH This Week

Privilege escalation in WireGuard Portal prior to version 2.1.3 allows authenticated non-admin users to gain full administrator access by modifying their own user profile with an IsAdmin flag set to true. The vulnerability exists because the server fails to properly validate and restrict the IsAdmin field during profile updates, allowing the privilege change to persist after re-authentication. Affected deployments require immediate patching to version 2.1.3 or later to prevent unauthorized administrative access.

Docker Wireguard Wireguard Portal Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-27961 HIGH PATCH This Week

Authenticated attackers can execute arbitrary code on Agenta API servers through server-side template injection in the evaluator template rendering functionality, affecting self-hosted and managed platform deployments prior to version 0.86.8. The vulnerability requires valid credentials but allows complete compromise of the affected server with high confidentiality, integrity, and availability impact. Organizations running Agenta should upgrade to version 0.86.8 or later immediately.

Code Injection AI / ML Agenta
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-26186 HIGH PATCH This Week

SQL injection in Fleet device management software before version 4.80.1 allows authenticated users to manipulate the order_key parameter and inject arbitrary SQL commands through improper identifier handling in ORDER BY clauses. An attacker with valid credentials can exploit this vulnerability to perform blind SQL injection attacks, potentially extracting sensitive database information or causing denial of service through resource exhaustion. No patch is currently available for this high-severity vulnerability affecting MySQL implementations.

MySQL SQLi Denial Of Service Fleet Suse
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-27969 HIGH PATCH This Week

Path traversal in Vitess backup manifest handling allows authenticated attackers with access to backup storage to write arbitrary files to any location during restore operations, potentially achieving remote code execution on production MySQL deployments. An attacker can manipulate backup manifests to extract files outside intended directories, gaining unauthorized access to sensitive data and the ability to execute arbitrary commands in the production environment. Patches are available for versions 23.0.3 and 22.0.4.

MySQL Path Traversal Vitess Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-26938 HIGH This Week

Kibana versions up to 9.3.0 contains a vulnerability that allows attackers to read arbitrary files from the Kibana server filesystem, and perform Server-Side (CVSS 8.6).

SSRF Code Injection Kibana
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-3071 HIGH This Week

Arbitrary code execution in Flair's LanguageModel class (versions 0.4.1 and later) allows local attackers to execute arbitrary commands by crafting malicious ML model files that exploit unsafe deserialization. Affected users loading untrusted models from external sources face complete system compromise with no patch currently available. This vulnerability impacts all AI/ML applications using Flair's model loading functionality.

Deserialization AI / ML
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-71057 HIGH This Week

Improper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME_1.00 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user. [CVSS 8.2 HIGH]

D-Link Authentication Bypass
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-1779 HIGH This Week

Unauthenticated attackers can bypass authentication in the WordPress User Registration & Membership plugin (versions up to 5.1.2) due to flawed logic in the user registration function, allowing them to gain unauthorized access to newly created accounts. The vulnerability requires specific conditions but poses a high risk due to the network-accessible nature of the attack and the lack of authentication requirements. No patch is currently available for affected installations.

WordPress Authentication Bypass
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-25191 HIGH This Week

Arbitrary code execution in FinalCode Client installer (Digital Arts Inc.) results from unsafe DLL loading that allows an attacker to place a malicious library in the same directory as the installer and execute it with elevated privileges when a user runs the installation. This local attack requires user interaction to place the malicious file and execute the installer, but poses significant risk as there is currently no available patch.

Privilege Escalation RCE
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-23703 HIGH This Week

FinalCode Client installer by Digital Arts Inc. improperly configures file permissions, enabling local non-administrative users to execute arbitrary code with SYSTEM-level privileges. This privilege escalation affects all users of the affected installer versions and allows attackers to achieve complete system compromise. No patch is currently available for this vulnerability.

Privilege Escalation RCE
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-28211 HIGH This Week

Arbitrary code execution in NVDA Dev & Test Toolbox versions 2.0-8.0 through unsafe evaluation of Python expressions embedded in log files. An attacker can trick users into opening a malicious log file and reading it with the add-on's log reader commands, causing arbitrary code execution under the user's privileges without requiring elevated permissions or user interaction beyond opening the file.

Python
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27938 HIGH This Week

Arbitrary command execution in WPGraphQL's GitHub Actions workflow allows attackers with pull request creation privileges to inject shell commands through unvalidated pull request body content, potentially compromising the build environment and repository integrity. The vulnerability affects WPGraphQL versions prior to 2.9.1 and requires low privileges and user interaction to exploit. No patch is currently available for affected deployments.

WordPress Github Command Injection
NVD GitHub
CVSS 3.1
7.7
EPSS
0.1%
CVE-2026-27970 HIGH PATCH This Week

Cross-site scripting in Angular's internationalization (i18n) pipeline allows attacker-controlled JavaScript to execute in the application origin when a poisoned translation file is merged into an app. The flaw affects Angular versions before 21.2.0, 21.1.16, 20.3.17, and 19.2.19, where HTML inside ICU (International Components for Unicode) messages from translated content was not sanitized before rendering. Exploitation is not open to arbitrary users - it requires first compromising a translation file (xliff, xtb, etc.), so this is effectively a supply-chain/third-party-translation risk; EPSS is very low (0.04%, 13th percentile) and there is no public exploit identified at time of analysis.

Angular XSS
NVD GitHub HeroDevs
CVSS 4.0
7.6
EPSS
0.0%
CVE-2025-14343 HIGH This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS.This issue affects E-Commerce Product: through 10122025. [CVSS 7.6 HIGH]

XSS
NVD VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-28136 HIGH This Week

The WP SMS plugin for WordPress through version 6.9.12 contains an SQL injection vulnerability that allows high-privileged authenticated users to manipulate database queries and extract sensitive information. An attacker with administrative credentials could exploit this to read arbitrary data from the WordPress database, potentially compromising user information and site configuration. No patch is currently available for this vulnerability.

WordPress SQLi
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-22205 HIGH This Week

Spip versions up to 4.4.10 contains a vulnerability that allows attackers to access protected information (CVSS 7.5).

PHP Authentication Bypass Spip
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-28276 HIGH This Week

Unauthenticated access to uploaded files in Initiative project management platform prior to version 0.32.2 allows remote attackers to retrieve sensitive documents by directly accessing the unprotected /uploads/ directory. The vulnerability stems from missing authentication and authorization controls on file serving, enabling disclosure of confidential project data without requiring any credentials. Initiative versions 0.32.2 and later contain patches to restrict access to uploaded documents.

Authentication Bypass Information Disclosure Initiative
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27633 HIGH PATCH This Week

TinyWeb versions prior to 2.02 are vulnerable to denial of service through memory exhaustion when unauthenticated attackers send HTTP POST requests with extremely large Content-Length headers, causing the server to allocate unbounded memory and crash. The vulnerability affects all organizations running vulnerable TinyWeb instances, and patch version 2.02 addresses it by implementing a 10MB maximum entity body size limit.

Nginx Denial Of Service Tinyweb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27630 HIGH PATCH This Week

TinyWeb versions prior to 2.02 lack connection limits and request timeouts, enabling unauthenticated remote attackers to trigger denial of service through Slowloris attacks by maintaining numerous concurrent connections and transmitting data at minimal rates. The vulnerability affects all systems running vulnerable TinyWeb instances, with attackers capable of exhausting server resources and rendering services unavailable. A patch is available that implements connection limits and idle timeouts to mitigate the attack vector.

Nginx Denial Of Service Tinyweb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27818 HIGH PATCH This Week

Improper input validation in TerriaJS-Server versions before 4.0.3 allows unauthenticated remote attackers to bypass domain allowlist restrictions and proxy requests to arbitrary domains. This vulnerability affects Node.js deployments of TerriaJS and could enable attackers to access restricted resources or perform server-side request forgery attacks. A patch is available in version 4.0.3 and later.

Node.js Terriajs Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27141 HIGH PATCH This Week

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic [CVSS 7.5 HIGH]

Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27449 HIGH PATCH This Week

Umbraco Engage versions prior to 16.2.1 and 17.1.1 expose unauthenticated API endpoints that lack access control, allowing remote attackers to retrieve sensitive data by directly querying endpoints with arbitrary identifier parameters. An attacker can enumerate records at scale without authentication or valid session credentials, potentially exposing confidential business intelligence information. No patch is currently available for affected installations.

Industrial
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27831 HIGH This Week

Heap buffer over-read vulnerability in rldns DNS server version 1.3 allows remote attackers to trigger denial of service without authentication or user interaction. The flaw enables reading beyond allocated memory boundaries, causing the service to crash. Version 1.4 addresses this issue, though no patch is currently available for affected 1.3 deployments.

DNS Heap Overflow Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27942 HIGH PATCH This Week

Stack overflow denial of service in fast-xml-parser versions prior to 5.3.8 occurs when the XML builder is used with the preserveOrder option enabled, causing the application to crash. An attacker can trigger this vulnerability remotely by sending specially crafted XML input, resulting in service unavailability for applications using the affected library. A patch is available in version 5.3.8 and later.

Stack Overflow Denial Of Service Fast Xml Parser Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27888 HIGH PATCH This Week

Denial of service in pypdf prior to version 6.7.3 allows remote attackers to exhaust system memory by crafting malicious PDF files that exploit FlateDecode-compressed streams accessed through the xfa property. The vulnerability requires no authentication or user interaction and affects any application processing untrusted PDF documents with the vulnerable library. Upgrade to pypdf 6.7.3 or later to remediate.

Python Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-26265 HIGH This Week

Discourse versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 contain an insecure direct object reference (IDOR) in the directory items endpoint that allows unauthenticated attackers to retrieve private user field values for all directory users. The vulnerability stems from missing authorization checks on the user_field_ids parameter, enabling bulk exfiltration of sensitive user data that should be restricted by visibility settings. No patch is currently available for affected deployments.

Authentication Bypass Information Disclosure Discourse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-26078 HIGH This Week

Discourse instances with an unconfigured patreon_webhook_secret allow remote attackers to forge valid webhook signatures using an empty HMAC-MD5 key, enabling arbitrary creation, modification, or deletion of Patreon pledge data and unauthorized patron synchronization. The vulnerability affects Discourse versions prior to 2025.12.2, 2026.1.1, and 2026.2.0, and currently lacks an available patch. Administrators must explicitly configure the patreon_webhook_secret setting or upgrade to patched versions to mitigate this integrity attack.

Authentication Bypass Discourse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-28279 HIGH PATCH This Week

Remote code execution in osctrl prior to version 0.5.0 allows authenticated administrators to inject arbitrary OS commands through the hostname parameter during environment configuration, which are then executed on all endpoints enrolling via the compromised environment. The injected commands execute with root/SYSTEM privileges before osquery installation, providing complete system compromise with minimal audit trails. A patch is available in version 0.5.0 and later.

RCE Command Injection Osctrl Suse
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-28138 HIGH This Week

Stylemix uListing versions 2.2.0 and earlier contain an unsafe deserialization vulnerability that enables object injection attacks, allowing authenticated attackers with high privileges to execute arbitrary code on affected systems. With no available patch, this vulnerability presents a significant risk to organizations running vulnerable versions of the plugin. The network-accessible nature of the flaw (CVSS 7.2) means exploitation requires only valid credentials to trigger the attack.

Deserialization
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-23750 HIGH This Week

Heap-based buffer overflow in Golioth Pouch 0.1.0 (prior to commit 1b2219a1) lets an adjacent, unauthenticated BLE client corrupt device memory through the GATT server-certificate characteristic. The server_cert_write() handler sizes a heap buffer once on the first fragment but appends later fragments with memcpy() and no bounds check, so an oversized fragmented write overflows the allocation, crashing the device and potentially corrupting adjacent heap data. EPSS is negligible (0.01%, 3rd percentile) and there is no public exploit identified at time of analysis, but the flaw is remotely reachable within BLE range without credentials.

Buffer Overflow Heap Overflow
NVD GitHub
CVSS 4.0
7.2
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy