THREAT ALERT

ACT NOW CVE-2026-21385 7.8 A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memory allocation, enabling local privilege escalation to kernel level. KEV-listed and patched, this vulnerability affects Qualcomm-based mobile devices and embedded systems, potentially impacting billions of Android devices globally. | ACT NOW CVE-2026-22719 8.1 VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated remote attackers to execute arbitrary commands during support-assisted product migration. KEV-listed with patches available, this vulnerability targets the infrastructure monitoring platform that has visibility into the entire virtualized environment. | EMERGENCY CVE-2026-20127 10.0 Cisco Catalyst SD-WAN Controller and Manager contain a critical authentication bypass (CVE-2026-20127, CVSS 10.0) in the peering authentication mechanism that allows unauthenticated remote attackers to obtain full administrative privileges. The vulnerability exists because peering authentication does not properly validate credentials, enabling any attacker with network access to take over the SD-WAN management plane and control the entire WAN fabric. | EMERGENCY CVE-2026-27180 9.8 MajorDoMo home automation platform is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin() method without authentication due to improper use of gr() (which reads from $_REQUEST), allowing attackers to redirect update URLs and push malicious code packages. | EMERGENCY CVE-2026-27175 9.8 Unauthenticated OS command injection in MajorDoMo via rc/index.php. EPSS 41.7% — the $param variable is passed unsanitized to shell commands. PoC available. | EMERGENCY CVE-2026-27174 9.8 MajorDoMo home automation platform allows unauthenticated remote code execution through the admin panel's PHP console. An include order bug in panel.class.php causes execution to continue past a redirect() call that lacks an exit statement, allowing unauthenticated requests to reach the PHP code execution functionality in inc_panel_ajax.php. | ACT NOW CVE-2026-22769 10.0 Dell RecoverPoint for Virtual Machines prior to 6.0.3.1 HF1 contains hardcoded credentials (CVE-2026-22769, CVSS 10.0) that allow unauthenticated remote attackers with knowledge of the credentials to gain root-level access to the underlying operating system. KEV-listed, this vulnerability exposes disaster recovery infrastructure to complete compromise, potentially affecting the integrity of backup and replication data. | ACT NOW CVE-2026-2441 8.8 Google Chrome's CSS engine contains a use-after-free vulnerability (CVE-2026-2441, CVSS 8.8) that allows remote attackers to execute arbitrary code within the browser sandbox through crafted HTML pages. KEV-listed with public PoC, this vulnerability enables drive-by exploitation when users visit malicious or compromised websites. | ACT NOW CVE-2026-25108 8.8 FileZen contains an OS command injection vulnerability (CVE-2026-25108, CVSS 8.8) that allows authenticated users to execute arbitrary commands when the Antivirus Check Option is enabled. KEV-listed with EPSS 18.6%, this vulnerability in the Japanese file-sharing appliance has been actively exploited in campaigns targeting organizations in Japan and Asia-Pacific. | ACT NOW CVE-2026-20700 7.8 Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CVE-2026-20700, CVSS 7.8) that allows attackers with memory write capability to execute arbitrary code at the kernel level. KEV-listed with Apple confirming reports of sophisticated in-the-wild exploitation, this represents an active zero-day targeting the Apple ecosystem at its most fundamental security boundary. | ACT NOW CVE-2026-21533 7.8 Windows Remote Desktop contains an improper privilege management vulnerability (CVE-2026-21533, CVSS 7.8) enabling authorized local attackers to escalate to SYSTEM. KEV-listed, this vulnerability in the RDP subsystem is particularly concerning in environments where Remote Desktop is widely used, as it can be chained with RDP session access for complete system compromise. | ACT NOW CVE-2026-21519 7.8 Desktop Window Manager (DWM) in Windows contains a type confusion vulnerability (CVE-2026-21519, CVSS 7.8) that enables authorized local attackers to escalate privileges. KEV-listed, this kernel-level vulnerability in the Windows compositor allows any authenticated user to achieve SYSTEM-level access through exploitation of an incompatible type access in DWM's resource handling. | ACT NOW CVE-2026-21514 7.8 Microsoft Office Word contains a security decision bypass (CVE-2026-21514, CVSS 7.8) through reliance on untrusted inputs, allowing local attackers to bypass protections when opening malicious documents. KEV-listed, this vulnerability enables document-based attacks that circumvent Word's security features designed to protect users from malicious content. | ACT NOW CVE-2026-21513 8.8 MSHTML Framework contains a protection mechanism failure (CVE-2026-21513, CVSS 8.8) allowing remote attackers to bypass security features over a network. KEV-listed, this vulnerability in the legacy HTML rendering engine (still used by many Windows applications and email clients) enables execution of malicious content by circumventing the browser's security sandbox and content restrictions. | ACT NOW CVE-2026-21510 8.8 Windows Shell contains a protection mechanism failure (CVE-2026-21510, CVSS 8.8) that allows unauthenticated remote attackers to bypass security features over a network. KEV-listed, this vulnerability in the core Windows Shell component enables remote code execution by circumventing security boundaries designed to prevent execution of untrusted content received from the network. | ACT NOW CVE-2026-1603 8.6 Ivanti Endpoint Manager before 2024 SU5 contains an authentication bypass (CVE-2026-1603, CVSS 8.6) that allows unauthenticated remote attackers to leak stored credential data. KEV-listed with EPSS 43.9%, this vulnerability exposes credentials stored in the endpoint management platform — potentially including service accounts, deployment credentials, and other secrets used to manage the entire endpoint fleet. | EMERGENCY CVE-2026-1731 9.8 BeyondTrust Remote Support (RS) and older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability (CVE-2026-1731) that allows unauthenticated attackers to execute OS commands through specially crafted requests. With EPSS 66% and KEV listing with public PoC, this vulnerability is devastating because these products are specifically designed for privileged remote access — compromising them grants attackers access to the most sensitive systems in an organization. | EMERGENCY CVE-2020-37123 9.8 Remote code execution via OS command injection in Pinger 1.0 allows attackers to inject shell commands through the ping target parameter. EPSS 12.2% indicates significant exploitation likelihood. PoC available. | ACT NOW CVE-2026-25512 8.8 Authenticated attackers can execute arbitrary commands on Group-Office servers through unsanitized user input in the email attachment endpoint, where shell metacharacters are directly passed to system execution functions. The vulnerability affects Group-Office versions prior to 6.8.150, 25.0.82, and 26.0.5, and public exploit code exists. Organizations should apply available patches immediately as this is actively exploitable by authenticated users. | ACT NOW CVE-2025-15556 7.5 Notepad++ versions prior to 8.8.9 contain an update integrity verification vulnerability (CVE-2025-15556) when using the WinGUp updater. The update mechanism fails to cryptographically verify downloaded metadata and installers, allowing man-in-the-middle attackers to serve malicious executables during the update process. KEV-listed, this supply chain risk affects one of the most widely used text editors on Windows. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — March 02, 2026

219 CVEs tracked today. 43 Critical, 98 High, 65 Medium, 6 Low.

CVE-2026-26720 CRITICAL CVSS 9.8
Twenty CRM v1.15.0 has a code injection vulnerability enabling remote attackers to execute arbitrary code through the CRM platform.

RCE Code Injection Twenty
CVE-2026-26713 CRITICAL CVSS 9.8
Simple Food Order System v1.0 has SQL injection in cancel-order.

PHP SQLi Simple Food Order System
CVE-2026-26712 CRITICAL CVSS 9.8
Simple Food Order System v1.0 has SQL injection in view-ticket-admin.

PHP SQLi Simple Food Order System
CVE-2026-26711 CRITICAL CVSS 9.8
Simple Food Order System v1.0 has SQL injection in view-ticket.

PHP SQLi Simple Food Order System
CVE-2026-26710 CRITICAL CVSS 9.8
Simple Food Order System v1.0 has SQL injection in edit-order.

PHP SQLi Simple Food Order System
CVE-2026-26709 CRITICAL CVSS 9.8
Simple Gym Management System v1.0 has SQL injection in trainer search.

PHP SQLi Simple Gym Management System
CVE-2026-26708 CRITICAL CVSS 9.8
Pharmacy Point of Sale System v1.0 has SQL injection in manage endpoints.

PHP SQLi Pharmacy Point Of Sale System
CVE-2026-26707 CRITICAL CVSS 9.8
Pharmacy POS has a fifth SQL injection in view_sales.

PHP SQLi Pharmacy Point Of Sale System
CVE-2026-26706 CRITICAL CVSS 9.8
Pharmacy POS has a fourth SQL injection in view_reports.

PHP SQLi Pharmacy Point Of Sale System
CVE-2026-26705 CRITICAL CVSS 9.8
Pharmacy POS has a third SQL injection in view_products.

PHP SQLi Pharmacy Point Of Sale System
CVE-2026-26704 CRITICAL CVSS 9.8
Pharmacy POS has a second SQL injection in view_categories.

PHP SQLi Pharmacy Point Of Sale System
CVE-2026-26703 CRITICAL CVSS 9.8
Personnel Property Equipment System v1.0 has a second SQL injection in a different admin endpoint.

PHP SQLi Personnel Property Equipment System
CVE-2026-26702 CRITICAL CVSS 9.8
Personnel Property Equipment System v1.0 has SQL injection in admin panel.

PHP SQLi Personnel Property Equipment System
CVE-2026-26701 CRITICAL CVSS 9.8
Personnel Property Equipment System v1.0 has a third SQL injection.

PHP SQLi Personnel Property Equipment System
CVE-2026-26700 CRITICAL CVSS 9.8
Personnel Property Equipment System has a fourth SQL injection.

PHP SQLi Personnel Property Equipment System
CVE-2026-26696 CRITICAL CVSS 9.8
Simple Student Alumni System v1.0 has a third SQL injection.

PHP SQLi Simple Student Alumni System
CVE-2026-26695 CRITICAL CVSS 9.8
Simple Student Alumni System v1.0 has SQL injection in record_search.php.

PHP SQLi Simple Student Alumni System
CVE-2026-26694 CRITICAL CVSS 9.8
Simple Student Alumni System v1.0 has SQL injection in modal_view.php.

PHP SQLi Simple Student Alumni System
CVE-2026-24115 CRITICAL CVSS 9.8
Tenda W20E has a seventh buffer overflow in gstup parameter handling.

Buffer Overflow W20e Firmware
CVE-2026-24114 CRITICAL CVSS 9.8
Tenda W20E has a sixth buffer overflow in pPortMapIndex parameter validation.

Buffer Overflow W20e Firmware
CVE-2026-24113 CRITICAL CVSS 9.8
Tenda W20E has a fifth buffer overflow.

Buffer Overflow W20e Firmware
CVE-2026-24112 CRITICAL CVSS 9.8
Tenda W20E has a ninth buffer overflow in yet another CGI endpoint.

Buffer Overflow W20e Firmware
CVE-2026-24111 CRITICAL CVSS 9.8
Tenda W20E has a fourth buffer overflow vulnerability.

Buffer Overflow W20e Firmware
CVE-2026-24110 CRITICAL CVSS 9.8
Tenda W20E has an eighth buffer overflow in addDhcpRules parameter.

Buffer Overflow W20e Firmware
CVE-2026-24109 CRITICAL CVSS 9.8
Tenda W20E has a third buffer overflow in a different CGI parameter.

Buffer Overflow W20e Firmware
CVE-2026-24108 CRITICAL CVSS 9.8
Tenda W20E has a buffer overflow — second of eight critical vulnerabilities in this router firmware.

Buffer Overflow W20e Firmware
CVE-2026-24107 CRITICAL CVSS 9.8
Tenda W20E router has a code injection vulnerability in usbPartitionName parameter allowing unauthenticated remote code execution with EPSS 1.1%.

Command Injection W20e Firmware
CVE-2026-24105 CRITICAL CVSS 9.8
Tenda AC15 router has a code injection in formsetUsbUnload (EPSS 1.7%) enabling unauthenticated remote code execution.

Command Injection Ac15 Firmware
CVE-2026-24101 CRITICAL CVSS 9.8
Tenda AC15 router has a command injection in formSetIptv (EPSS 1.1%) enabling unauthenticated root-level code execution.

Command Injection Ac15 Firmware
CVE-2026-21385 HIGH CVSS 7.8
A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memory allocation, enabling local privilege escalation to kernel level. KEV-listed and patched, this vulnerability affects Qualcomm-based mobile devices and embedded systems, potentially impacting billions of Android devices globally.

Memory Corruption Wcn3990 Firmware Sa8155 Firmware Sw5100p Firmware Qcn9024 Firmware
CVE-2026-3432 CRITICAL CVSS 9.1
SimStudio has a second authorization flaw in the OAuth token endpoint that allows privilege escalation through crafted token requests.

Authentication Bypass Sim
CVE-2026-3431 CRITICAL CVSS 9.8
SimStudio below 0.5.74 has a missing authorization on MongoDB tool endpoints that allows attackers to execute arbitrary MongoDB operations.

MongoDB Sim
CVE-2026-3422 CRITICAL CVSS 9.8
U-Office Force by e-Excellence has an insecure deserialization vulnerability allowing unauthenticated remote code execution.

Deserialization U Office Force
CVE-2026-3000 CRITICAL CVSS 9.8
IDExpert Windows Logon Agent has a second RCE vulnerability through another unsigned code download path.

Windows RCE Idexpert
CVE-2026-2999 CRITICAL CVSS 9.8
IDExpert Windows Logon Agent by Changing has an RCE vulnerability through download of code without integrity check, allowing malicious update injection.

Windows RCE Idexpert
CVE-2026-0006 CRITICAL CVSS 9.8
Android has a heap buffer overflow in multiple locations enabling privilege escalation through out-of-bounds read and write operations.

RCE Buffer Overflow Android Google
CVE-2025-52998 CRITICAL CVSS 9.8
Chamilo LMS prior to 1.11.30 has an insecure deserialization vulnerability enabling remote code execution through crafted serialized data.

Deserialization Chamilo Lms
CVE-2025-50199 CRITICAL CVSS 9.1
Chamilo LMS prior to 1.11.30 has a blind SSRF vulnerability enabling internal network reconnaissance from the learning platform.

PHP SSRF Chamilo Lms
CVE-2025-50192 CRITICAL CVSS 9.8
Chamilo LMS prior to 1.11.30 has a time-based SQL injection in a different endpoint, providing an additional database extraction vector.

PHP SQLi Chamilo Lms
CVE-2025-50190 CRITICAL CVSS 9.8
Chamilo LMS prior to 1.11.30 has an error-based SQL injection enabling database extraction.

PHP SQLi Chamilo Lms
CVE-2025-50187 CRITICAL CVSS 9.8
Chamilo LMS prior to 1.11.28 has a code injection through SOAP request parameters enabling remote code execution.

RCE Chamilo Lms
CVE-2025-48609 CRITICAL CVSS 9.1
Android MmsProvider has a vulnerability allowing arbitrary file deletion through improper handling of MMS data, potentially causing data loss on mobile devices.

Denial Of Service Path Traversal Android Google
CVE-2025-14532 CRITICAL CVSS 9.8
DobryCMS has an unauthenticated file upload vulnerability allowing remote attackers to upload and execute arbitrary files on the web server.

RCE Dorbycms
CVE-2025-12462 CRITICAL CVSS 9.3
A Blind SQL injection vulnerability has been identified in DobryCMS. A remote unauthenticated attacker is able to inject SQL syntax into URL path resulting in Blind SQL Injection.

SQLi
CVE-2026-28403 HIGH CVSS 7.6
Textream prior to version 1.5.1 fails to validate the Origin header during WebSocket handshake, allowing malicious websites to establish unauthorized connections to the local DirectorServer and inject arbitrary commands. An attacker can exploit this from a browser to gain full remote control of teleprompter content without user interaction beyond visiting a compromised page. Public exploit code exists for this vulnerability; updating to version 1.5.1 or later resolves the issue.

macOS Textream
CVE-2026-28399 HIGH CVSS 8.8
SQL injection in NocoDB versions prior to 0.301.3 allows authenticated users with Creator role to execute arbitrary SQL commands through the DATEADD formula's unit parameter. This high-severity vulnerability enables attackers to compromise data confidentiality, integrity, and system availability with network access and low complexity. No patch is currently available for affected installations.

SQLi Nocodb
CVE-2026-28286 HIGH CVSS 8.5
ZimaOS 1.5.2-beta3 lacks proper path validation in its API, allowing authenticated users to bypass frontend restrictions and write files to protected system directories such as /etc and /usr. Public exploit code exists for this vulnerability, enabling attackers with valid credentials to modify critical OS files and potentially achieve code execution. No patch is currently available.

Information Disclosure Zimaos
CVE-2026-27596 HIGH CVSS 7.5
Out-of-bounds memory read in Exiv2 prior to version 0.28.8 causes denial of service through application crash when processing specially crafted image files with the preview extraction feature. The vulnerability requires specific command-line arguments (such as -pp) to trigger and affects all users running vulnerable Exiv2 versions for image metadata operations. A patch is available in version 0.28.8 and later.

Denial Of Service Exiv2 Redhat Suse
CVE-2026-26699 HIGH CVSS 7.2
Arbitrary code execution in Personnel Property Equipment System v1.0 allows authenticated attackers with high privileges to execute malicious code through the admin picture upload functionality. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers can achieve complete compromise of confidentiality, integrity, and availability on affected systems.

PHP Personnel Property Equipment System
CVE-2026-25884 HIGH CVSS 8.1
Out-of-bounds read in Exiv2's CRW image parser allows remote attackers to cause denial of service and potentially disclose sensitive memory contents through crafted image files. Versions prior to 0.28.8 are affected, and public exploit code exists for this vulnerability. A patch is available that administrators should deploy immediately to prevent exploitation.

Buffer Overflow Information Disclosure Exiv2 Redhat Suse
CVE-2026-21882 HIGH CVSS 8.4
Local privilege escalation in theshit command-line utility versions prior to 0.2.0 allows unprivileged users to execute arbitrary commands with elevated privileges through improper privilege dropping during command re-execution. An attacker with local access can exploit this vulnerability to gain root or elevated system access. No patch is currently available.

Privilege Escalation
CVE-2026-21853 HIGH CVSS 8.8
Remote code execution in AFFiNE prior to version 0.25.4 allows unauthenticated attackers to execute arbitrary code on victim machines through malicious affine: URL scheme handlers embedded on websites or in user-generated content. When a victim clicks a crafted link or visits a compromised site that auto-redirects to such a URL, the AFFiNE application processes the payload without additional user interaction, enabling complete system compromise. No patch is currently available for this high-severity vulnerability.

RCE
CVE-2026-20434 HIGH CVSS 7.5
Privilege escalation in Modem affects Nr17, Lr13, Nr16, Lr12a, and Nr15 devices through an out-of-bounds write vulnerability triggered when connecting to a rogue base station. An attacker controlling a malicious base station can achieve remote code execution and full system compromise without requiring additional privileges or user interaction beyond initial network connection. No patch is currently available for this high-severity vulnerability.

Privilege Escalation Nr17 Lr13 Nr16 Lr12a
CVE-2026-20430 HIGH CVSS 8.8
OpenWrt and its Software Development Kit contain an out-of-bounds write vulnerability in the WLAN access point firmware caused by improper bounds checking, enabling adjacent network attackers to achieve privilege escalation without user interaction or special privileges. The vulnerability carries high severity with complete impact across confidentiality, integrity, and availability, though no patch is currently available.

Privilege Escalation Openwrt Software Development Kit
CVE-2026-20423 HIGH CVSS 7.8
Nbiot Sdk contains a vulnerability that allows attackers to local escalation of privilege with User execution privileges needed (CVSS 7.8).

Privilege Escalation Nbiot Sdk
CVE-2026-20416 HIGH CVSS 7.2
Local privilege escalation in Android's PCIe driver allows system-level attackers to execute arbitrary code through an out-of-bounds write caused by insufficient bounds validation. Exploitation requires pre-existing system privileges but no user interaction, enabling a compromised system component to gain complete device control. No patch is currently available.

Privilege Escalation Android Google
CVE-2026-3413 HIGH CVSS 7.3
SQL injection in itsourcecode University Management System 1.0 via the ID parameter in /admin_single_student.php allows unauthenticated remote attackers to manipulate database queries with public exploit code currently available. The vulnerability enables attackers to read, modify, or delete sensitive academic and administrative data without authentication. No patch is currently available for this PHP-based application.

PHP SQLi University Management System
CVE-2026-3411 HIGH CVSS 7.3
SQL injection in itsourcecode University Management System 1.0 via the ID parameter in /admin_single_student_update.php allows unauthenticated remote attackers to manipulate database queries and potentially extract or modify sensitive student records. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected institutions at immediate risk.

PHP SQLi University Management System
CVE-2026-3410 HIGH CVSS 7.3
Society Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

PHP SQLi Society Management System
CVE-2026-3409 HIGH CVSS 7.3
Remote code injection in eosphoros-ai db-gpt 0.7.5 allows unauthenticated attackers to execute arbitrary code through malicious file uploads to the Flow Import endpoint. The vulnerability exploits unsafe module loading in the file import functionality and has public exploit code available. No patch is currently available from the vendor.

Code Injection AI / ML
CVE-2026-3406 HIGH CVSS 7.3
SQL injection in Online Art Gallery Shop 1.0 via the fname parameter in /admin/registration.php enables unauthenticated remote attackers to manipulate database queries. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected PHP installations at immediate risk of data compromise or unauthorized access.

PHP SQLi Online Art Gallery Shop
CVE-2026-3400 HIGH CVSS 8.8
Remote code execution in Tenda AC15 firmware versions up to 15.13.07.13 via a stack-based buffer overflow in the /goform/TextEditingConversion endpoint allows unauthenticated attackers to achieve complete system compromise. Public exploit code exists for this vulnerability, and no patch is currently available, creating immediate risk for deployed devices. An attacker can exploit this remotely with minimal complexity by manipulating the wpapsk_crypto2_4g parameter.

Buffer Overflow Stack Overflow Ac15 Firmware
CVE-2026-3338 HIGH CVSS 7.5
PKCS7 signature validation bypass in AWS-LC allows unauthenticated attackers to forge valid signatures on PKCS7 objects containing Authenticated Attributes, potentially enabling malicious code execution or data tampering in applications relying on this cryptographic library. Applications using AWS-LC should immediately upgrade to version 1.69.0, while AWS service customers are not directly impacted. The vulnerability has a CVSS score of 7.5 and currently has no public exploits reported.

Aws Aws Lc Sys Aws Libcrypto
CVE-2026-3336 HIGH CVSS 7.5
AWS-LC's PKCS7_verify() function fails to properly validate certificate chains in multi-signer scenarios, allowing unauthenticated attackers to forge signatures by bypassing verification of all but the final signer. This affects applications directly using AWS-LC library, though AWS service customers are unaffected. Users should upgrade to AWS-LC version 1.69.0 or later to remediate the vulnerability.

Aws Aws Libcrypto Aws Lc Sys
CVE-2026-3180 HIGH CVSS 7.5
Unauthenticated attackers can exploit blind SQL injection in the Contest Gallery WordPress plugin through improperly sanitized email parameters to extract sensitive database information without authentication. Affected versions through 28.1.4 fail to properly escape user input in the 'cgLostPasswordEmail' and 'cgl_mail' parameters, allowing attackers to inject arbitrary SQL commands. No patch is currently available for all vulnerable versions.

WordPress SQLi
CVE-2026-3132 HIGH CVSS 8.8
Master Addons for Elementor Premium (WordPress plugin) versions up to 2.1.3 is affected by code injection (CVSS 8.8).

WordPress RCE
CVE-2026-0655 HIGH CVSS 8.0
TP-Link Deco BE25 firmware versions 1.0 through 1.1.1 (Build 20250822) contain a path traversal vulnerability that allows authenticated adjacent network attackers to read arbitrary files or trigger denial of service without user interaction. The vulnerability affects the web module component and requires local network access with valid credentials to exploit. No patch is currently available for this high-severity flaw (CVSS 8.0).

TP-Link Denial Of Service Path Traversal Deco Be25 Firmware
CVE-2026-0654 HIGH CVSS 8.0
Arbitrary command execution in TP-Link Deco BE25 firmware v1.0 through v1.1.1 Build 20250822 stems from improper input validation in the web administration interface, allowing authenticated adjacent attackers to inject OS commands via malicious configuration files. Successful exploitation grants full control over the affected device with complete compromise of confidentiality, integrity, and availability. No patch is currently available.

TP-Link Command Injection Deco Be25 Firmware
CVE-2026-0047 HIGH CVSS 8.4
Android versions up to 16.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
CVE-2026-0038 HIGH CVSS 8.4
Android versions up to - contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
CVE-2026-0037 HIGH CVSS 8.4
Local privilege escalation in Android's ffa.c component allows unauthenticated attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability stems from a logic error in multiple functions and requires only local access to exploit. A patch is available to address this high-severity flaw.

Memory Corruption Privilege Escalation Android Google
CVE-2026-0035 HIGH CVSS 8.4
An Android MediaProvider logic error allows local applications to obtain unauthorized read and write access to arbitrary files, enabling privilege escalation without requiring additional permissions or user interaction. This vulnerability affects the createRequest function and permits apps to manipulate file access controls beyond their intended scope. No patch is currently available.

Privilege Escalation Android Google
CVE-2026-0034 HIGH CVSS 8.4
Improper input validation in Android's ManagedServices notification policy handler allows local attackers to escalate privileges without requiring additional permissions or user interaction. An attacker can exploit this flaw to desynchronize notification policies and gain elevated system privileges on the affected device. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
CVE-2026-0032 HIGH CVSS 7.8
A logic error in Android's mem_protect.c enables local attackers to write out-of-bounds memory and escalate privileges without requiring additional permissions or user interaction. This vulnerability affects Android devices and can be exploited by any local user to gain elevated system privileges. A patch is available.

Privilege Escalation Android Google
CVE-2026-0031 HIGH CVSS 8.4
Local privilege escalation in Android's mem_protect.c results from integer overflow conditions that enable out-of-bounds memory writes, allowing unauthenticated local attackers to gain elevated system privileges without user interaction. The vulnerability affects multiple functions within the memory protection component and is exploitable by any process on the affected device. A patch is available to address this high-severity issue.

Integer Overflow Privilege Escalation Android Google
CVE-2026-0030 HIGH CVSS 8.4
Local privilege escalation in Android's mem_protect.c allows unprivileged attackers to achieve full system access through an out-of-bounds write caused by insufficient bounds validation. The vulnerability requires no user interaction and can be exploited immediately upon device compromise by any local process.

Privilege Escalation Android Google
CVE-2026-0029 HIGH CVSS 8.4
Local privilege escalation in Android's pKVM hypervisor initialization allows unprivileged attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability stems from a logic error in the __pkvm_init_vm function that fails to properly validate memory operations during VM setup. A patch is available to address this high-severity flaw affecting Android devices.

Memory Corruption Privilege Escalation Android Google
CVE-2026-0028 HIGH CVSS 8.4
Local privilege escalation in Android's __pkvm_host_share_guest function allows unprivileged attackers to achieve kernel-level code execution through integer overflow-induced out-of-bounds memory writes. The vulnerability requires no user interaction and can be exploited directly from any local context on affected devices. A patch is available to address this high-severity flaw.

Integer Overflow Privilege Escalation Android Google
CVE-2026-0026 HIGH CVSS 7.8
Local privilege escalation in Android's PermissionManagerServiceImpl allows an attacker to override system permissions through a logic error in the removePermission function. An unprivileged local attacker can exploit this vulnerability with user interaction to gain elevated privileges. No patch is currently available and exploitation requires physical or local access to the device.

Privilege Escalation Android Google
CVE-2026-0025 HIGH CVSS 8.4
Unauthorized information disclosure in Android's Notification.java hasImage method allows local attackers to bypass permission checks and access sensitive data across user accounts without requiring elevated privileges or user interaction. This permissions bypass can lead to local privilege escalation on affected Android devices. No patch is currently available.

Privilege Escalation Android Google
CVE-2026-0023 HIGH CVSS 7.8
Improper permission validation in Android's PackageInstallerService allows a local app to modify its own package ownership without requiring elevated privileges, enabling privilege escalation. An attacker with a malicious app installed on the device can exploit this flaw without user interaction to gain unauthorized access to system resources. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
CVE-2026-0021 HIGH CVSS 8.4
Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
CVE-2026-0020 HIGH CVSS 8.4
Android versions up to 14.0 is affected by authorization bypass through user-controlled key (CVSS 8.4).

Privilege Escalation Android Google
CVE-2026-0017 HIGH CVSS 7.7
Biometric authentication bypass in Android's BiometricService allows local attackers to enable fingerprint unlock through a logic error, resulting in privilege escalation without requiring user interaction or special permissions. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
CVE-2026-0013 HIGH CVSS 8.4
Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
CVE-2026-0011 HIGH CVSS 8.4
Local privilege escalation in Android's Settings.java enableSystemPackageLPw function allows unauthenticated local attackers to manipulate location access controls through a logic error, requiring no user interaction. An attacker with local access can exploit this vulnerability to gain elevated privileges and bypass location permission enforcement. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
CVE-2026-0010 HIGH CVSS 8.4
Local privilege escalation in Android's DRM manager service allows unprivileged processes to achieve system-level access through an out-of-bounds memory write in the IDrmManagerService transaction handler. The vulnerability requires no user interaction and can be exploited immediately upon execution, making it a direct path to elevated privileges on affected Android devices. No patch is currently available.

Privilege Escalation Android Google
CVE-2026-0008 HIGH CVSS 8.4
Android versions up to 16.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
CVE-2026-0007 HIGH CVSS 8.6
Android versions up to 14.0 is affected by improper restriction of rendered ui layers or frames (CVSS 8.6).

Privilege Escalation Android Google
CVE-2025-70252 HIGH CVSS 7.5
An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. [CVSS 7.5 HIGH]

Stack Overflow Ac6 Firmware Tenda
CVE-2025-64427 HIGH CVSS 7.1
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. [CVSS 7.1 HIGH]

Information Disclosure Zimaos
CVE-2025-59603 HIGH CVSS 7.8
Memory Corruption when processing invalid user address with nonstandard buffer address. [CVSS 7.8 HIGH]

Memory Corruption Sxr2250p Firmware Xg101039 Firmware Fastconnect 6900 Firmware Sd865 5g Firmware
CVE-2025-59600 HIGH CVSS 7.8
Memory Corruption when adding user-supplied data without checking available buffer space. [CVSS 7.8 HIGH]

Memory Corruption Fastconnect 6700 Firmware Qmp1000 Firmware Fastconnect 6200 Firmware Wcd9378 Firmware
CVE-2025-58402 HIGH CVSS 7.5
The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users. [CVSS 7.5 HIGH]

Authentication Bypass Clininet
CVE-2025-58107 HIGH CVSS 7.5
In Microsoft Exchange versions up to 2019 is affected by cleartext transmission of sensitive information (CVSS 7.5).

Microsoft Samsung
CVE-2025-52482 HIGH CVSS 8.3
Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. [CVSS 8.3 HIGH]

XSS Chamilo Lms
CVE-2025-52469 HIGH CVSS 7.1
Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allows an authenticated user to forcibly add any user as a friend by directly calling the AJAX endpoint. [CVSS 7.1 HIGH]

Authentication Bypass Chamilo Lms
CVE-2025-52468 HIGH CVSS 8.8
Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. [CVSS 8.8 HIGH]

XSS Chamilo Lms
CVE-2025-50197 HIGH CVSS 7.2
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
CVE-2025-50196 HIGH CVSS 7.2
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
CVE-2025-50195 HIGH CVSS 7.2
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
CVE-2025-50194 HIGH CVSS 7.2
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
CVE-2025-50193 HIGH CVSS 7.2
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
CVE-2025-50191 HIGH CVSS 7.2
Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. [CVSS 7.2 HIGH]

PHP SQLi Chamilo Lms
CVE-2025-50189 HIGH CVSS 8.8
Chamilo is a learning management system. [CVSS 8.8 HIGH]

PHP Chamilo Lms
CVE-2025-50188 HIGH CVSS 7.2
Chamilo is a learning management system. [CVSS 7.2 HIGH]

PHP Chamilo Lms
CVE-2025-48654 HIGH CVSS 7.8
Android versions up to 16.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 7.8).

Privilege Escalation Android Google
CVE-2025-48653 HIGH CVSS 7.8
In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
CVE-2025-48650 HIGH CVSS 8.4
In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

SQLi Privilege Escalation Information Disclosure Android Google
CVE-2025-48646 HIGH CVSS 7.8
Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 7.8).

Privilege Escalation Android Google
CVE-2025-48645 HIGH CVSS 7.8
In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
CVE-2025-48641 HIGH CVSS 7.0
In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.0 HIGH]

Use After Free Privilege Escalation Race Condition Android Google
CVE-2025-48636 HIGH CVSS 8.4
In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Path Traversal Android Google
CVE-2025-48635 HIGH CVSS 7.7
In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.7 HIGH]

Privilege Escalation Android Google
CVE-2025-48634 HIGH CVSS 7.3
In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.3 HIGH]

Privilege Escalation Android Google
CVE-2025-48630 HIGH CVSS 7.4
Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 7.4).

Privilege Escalation Information Disclosure Android Google
CVE-2025-48619 HIGH CVSS 8.4
In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
CVE-2025-48613 HIGH CVSS 7.8
In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
CVE-2025-48605 HIGH CVSS 8.4
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
CVE-2025-48602 HIGH CVSS 8.4
In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
CVE-2025-48582 HIGH CVSS 8.4
In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
CVE-2025-48579 HIGH CVSS 8.4
Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
CVE-2025-48578 HIGH CVSS 7.8
In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
CVE-2025-48577 HIGH CVSS 7.4
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.4 HIGH]

Privilege Escalation Race Condition Android Google
CVE-2025-48574 HIGH CVSS 8.4
In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
CVE-2025-48568 HIGH CVSS 7.4
In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.4 HIGH]

Privilege Escalation Race Condition Android Google
CVE-2025-48567 HIGH CVSS 7.8
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
CVE-2025-47386 HIGH CVSS 7.8
Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs. [CVSS 7.8 HIGH]

Memory Corruption Fwa Gen 3 Ultra Firmware Qca9377 Firmware Sda660 Firmware Robotics Rb2 Platform Firmware
CVE-2025-47385 HIGH CVSS 7.8
Memory Corruption when accessing trusted execution environment without proper privilege check. [CVSS 7.8 HIGH]

Memory Corruption Wsa8845 Firmware Sar1165p Firmware Lemansau Firmware Qca9377 Firmware
CVE-2025-47383 HIGH CVSS 7.2
5G Fixed Wireless Access Platform Firmware versions up to - contains a vulnerability that allows attackers to cryptographic issue when a VoWiFi call is triggered from UE (CVSS 7.2).

Information Disclosure Snapdragon 820am Firmware Video Collaboration Vc3 Platform Firmware Sw5100p Firmware Sm6250 Firmware
CVE-2025-47381 HIGH CVSS 7.8
Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs. [CVSS 7.8 HIGH]

Memory Corruption Qca6574a Firmware Qca9367 Firmware Qca6574au Firmware Sa7255p Firmware
CVE-2025-47379 HIGH CVSS 7.8
Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources. [CVSS 7.8 HIGH]

Memory Corruption Qualcomm 215 Mobile Platform Firmware Qcm2290 Firmware Qca9377 Firmware Qca6574 Firmware
CVE-2025-47378 HIGH CVSS 7.1
Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain. [CVSS 7.1 HIGH]

Information Disclosure Fastconnect 6900 Firmware Snapdragon Xr2 5g Platform Firmware Sar2230p Firmware Snapdragon Ar1 Gen 1 Platform Firmware
CVE-2025-47377 HIGH CVSS 7.8
Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls. [CVSS 7.8 HIGH]

Memory Corruption Qcm4325 Firmware Sxr2350p Firmware Snapdragon 680 4g Mobile Platform Firmware Snapdragon X32 5g Modem Rf System Firmware
CVE-2025-47376 HIGH CVSS 7.8
Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls. [CVSS 7.8 HIGH]

Memory Corruption Sa8145p Firmware Fastconnect 6200 Firmware Lemansau Firmware Sa8195p Firmware
CVE-2025-47375 HIGH CVSS 7.8
Memory corruption while handling different IOCTL calls from the user-space simultaneously. [CVSS 7.8 HIGH]

Memory Corruption Wsa8845 Firmware Qca6678aq Firmware Qcs2290 Firmware Mdm9628 Firmware
CVE-2025-47373 HIGH CVSS 7.8
Memory Corruption when accessing buffers with invalid length during TA invocation. [CVSS 7.8 HIGH]

Memory Corruption Qcm4490 Firmware Wcn3910 Firmware Sm7675 Firmware Sm8475p Firmware
CVE-2025-32313 HIGH CVSS 8.4
In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
CVE-2025-30042 HIGH CVSS 7.8
The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. [CVSS 7.8 HIGH]

Information Disclosure Clininet
CVE-2024-47886 HIGH CVSS 7.2
Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution (RCE) within versions 1.11.12 to 1.11.26. [CVSS 7.2 HIGH]

RCE Deserialization Chamilo Lms
CVE-2024-31328 HIGH CVSS 8.8
In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.8 HIGH]

Privilege Escalation Android Google
CVE-2026-28412 MEDIUM CVSS 6.5
Textream versions prior to 1.5.1 lack connection limits on the DirectorServer WebSocket, allowing remote attackers to trigger denial of service by flooding the server with requests that trigger periodic state broadcasts, exhausting system resources and crashing the application during live sessions. Public exploit code exists for this vulnerability. The issue is resolved in version 1.5.1 and later.

macOS Denial Of Service Textream
CVE-2026-28401 MEDIUM CVSS 5.4
NocoDB versions before 0.301.3 allow authenticated attackers to inject malicious JavaScript through rich text cell content that is rendered without sanitization, enabling stored cross-site scripting attacks. An attacker with user access can craft malicious payloads that execute in the browsers of other users viewing affected cells, potentially compromising session data or performing unauthorized actions. No patch is currently available for affected deployments.

XSS Nocodb
CVE-2026-28398 MEDIUM CVSS 5.4
Stored cross-site scripting in NocoDB versions before 0.301.3 allows authenticated users to inject malicious scripts through comments and rich text cells that execute in other users' browsers due to unsanitized HTML rendering. An attacker with login credentials can exploit this to steal session tokens, perform unauthorized actions, or compromise other database users accessing the same NocoDB instance. No patch is currently available for affected deployments.

XSS Nocodb
CVE-2026-28397 MEDIUM CVSS 5.4
NocoDB versions prior to 0.301.3 are vulnerable to stored cross-site scripting (XSS) through improperly sanitized comment rendering via v-html, allowing authenticated users to inject malicious scripts that execute in other users' browsers. An attacker with login access could craft malicious comments to steal session tokens, perform unauthorized actions, or deface the application interface for other users. A patch is available in version 0.301.3 and later.

XSS Nocodb
CVE-2026-28396 MEDIUM CVSS 6.5
NocoDB versions prior to 0.301.3 fail to invalidate refresh tokens during password resets, enabling attackers with previously compromised tokens to continue generating valid session tokens despite the victim changing their password. An authenticated attacker can exploit this to maintain unauthorized access to user accounts without requiring the new credentials. This vulnerability requires prior token compromise but allows indefinite session hijacking until the stolen token naturally expires.

Information Disclosure Nocodb
CVE-2026-28361 MEDIUM CVSS 6.3
Nocodb versions up to 0.301.3 is affected by authorization bypass through user-controlled key (CVSS 6.3).

Authentication Bypass Nocodb
CVE-2026-28360 MEDIUM CVSS 5.3
NocoDB versions prior to 0.301.3 store shared view passwords in plaintext and validate them using simple string comparison, allowing attackers with database access to trivially recover authentication credentials. This affects all users relying on shared view password protection for access control. No patch is currently available for affected deployments.

Information Disclosure Nocodb
CVE-2026-28359 MEDIUM CVSS 5.4
NocoDB versions prior to 0.301.3 allow authenticated Editor-role users to inject arbitrary HTML into Rich Text cells by bypassing client-side validation and sending malicious payloads directly through the API. This stored XSS vulnerability affects any NocoDB instance where untrusted users have Editor access, potentially enabling malicious script execution in the browsers of users viewing affected cells. No patch is currently available for this vulnerability.

XSS Nocodb
CVE-2026-28358 MEDIUM CVSS 5.3
NocoDB versions prior to 0.301.3 expose user enumeration through the password reset endpoint, which returns distinguishable responses for valid and invalid email addresses. An unauthenticated attacker can exploit this to identify registered users in the system. This vulnerability requires no user interaction and has a CVSS score of 5.3, though no patch is currently available.

Information Disclosure Nocodb
CVE-2026-28357 MEDIUM CVSS 5.4
Stored XSS in NocoDB versions before 0.301.3 allows authenticated users to execute arbitrary JavaScript in other users' browsers through malicious formulas in virtual cells. The vulnerability exploits unsanitized rendering of URI patterns in formula results, enabling attackers to steal session tokens, manipulate data, or perform actions on behalf of victims. No patch is currently available for affected deployments.

XSS Nocodb
CVE-2026-27631 MEDIUM CVSS 5.3
Exiv2 versions prior to 0.28.8 are vulnerable to a denial of service attack through integer overflow in the preview component when specific command-line arguments are used, causing the application to crash with an uncaught exception. An attacker can trigger this vulnerability by providing a specially crafted image file to crash Exiv2 processes, affecting systems that rely on the library for metadata processing. A patch is available in version 0.28.8 and later.

Integer Overflow Denial Of Service Exiv2 Redhat Suse
CVE-2026-26698 MEDIUM CVSS 4.9
SQL injection in Simple Student Alumni System v1.0's modal_edit.php endpoint allows authenticated administrators to extract sensitive database information through unauthenticated network requests. Public exploit code exists for this vulnerability, though no patch is currently available. The attack requires high-level privileges but can bypass intended access controls to read confidential data.

PHP SQLi Simple Student Alumni System
CVE-2026-26697 MEDIUM CVSS 4.9
Simple Student Alumni System v1.0 contains a SQL injection vulnerability in the recordteacher_view.php endpoint that allows authenticated administrators to extract sensitive data from the underlying database. Public exploit code exists for this vulnerability, though a patch is currently unavailable. The attack requires high-level administrative privileges but can be executed remotely without user interaction.

PHP SQLi Simple Student Alumni System
CVE-2026-25477 MEDIUM CVSS 6.9
all-in-one workspace and an operating system. versions up to 0.26.0 is affected by url redirection to untrusted site (open redirect).

Open Redirect
CVE-2026-23865 MEDIUM CVSS 5.3
Out-of-bounds memory read in FreeType 2.13.2 and 2.13.3 occurs during parsing of OpenType variable font tables (HVAR/VVAR/MVAR) due to an integer overflow in the tt_var_load_item_variation_store function. Local attackers with user interaction can exploit this by crafting malicious font files to trigger the vulnerability and read sensitive memory. The issue is resolved in FreeType 2.14.2.

Integer Overflow Redhat Suse
CVE-2026-20445 MEDIUM CVSS 4.4
Android versions up to 14.0 contains a vulnerability that allows attackers to local denial of service if a malicious actor has already obtained the System pri (CVSS 4.4).

Denial Of Service Race Condition Android Google
CVE-2026-20444 MEDIUM CVSS 6.7
Local privilege escalation in Android's display module stems from insufficient bounds checking in memory operations, allowing system-level attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability affects Android devices where an adversary with existing system privileges can exploit this flaw to further escalate their access. No patch is currently available for this issue.

Memory Corruption Privilege Escalation Android Google
CVE-2026-20443 MEDIUM CVSS 6.7
Local privilege escalation in Android's display subsystem exploits a use-after-free memory corruption vulnerability to elevate from system-level privileges, requiring no user interaction. An attacker with pre-existing system access can trigger the memory corruption to gain complete control over the affected device. No patch is currently available to remediate this issue.

Use After Free Memory Corruption Privilege Escalation Android Google
CVE-2026-20442 MEDIUM CVSS 4.4
Android's display subsystem crashes due to a use-after-free memory error that allows a privileged local attacker to trigger a denial of service without user interaction. Exploitation requires pre-existing system-level access, limiting impact to scenarios where an attacker has already compromised the device at the highest privilege level. No patch is currently available for this vulnerability.

Use After Free Denial Of Service Android Google
CVE-2026-20441 MEDIUM CVSS 6.7
Android's MAE component contains an out-of-bounds write vulnerability due to insufficient bounds checking that enables local privilege escalation for attackers with existing system-level access. This memory corruption flaw requires no user interaction and could allow a privileged malicious actor to achieve arbitrary code execution, though exploitation is currently not publicly documented. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
CVE-2026-20440 MEDIUM CVSS 6.7
Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.7).

Privilege Escalation Android Google
CVE-2026-20439 MEDIUM CVSS 4.4
Android's imgsys component is vulnerable to a use-after-free condition that enables local denial of service attacks. Exploitation requires system-level privileges and causes immediate system crashes without user interaction. No patch is currently available for this vulnerability.

Use After Free Denial Of Service Android Google
CVE-2026-20438 MEDIUM CVSS 6.4
Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.4).

Privilege Escalation Race Condition Android Google
CVE-2026-20437 MEDIUM CVSS 4.4
Android MAE component is vulnerable to a use-after-free condition that can trigger a system crash, resulting in denial of service for devices where an attacker has already obtained system-level privileges. No user interaction is required for exploitation. Currently, no patch is available for this vulnerability.

Use After Free Denial Of Service Android Google
CVE-2026-20436 MEDIUM CVSS 6.7
The Nbiot SDK's wlan STA driver contains a buffer overflow vulnerability due to missing bounds checking that allows privilege escalation from System-level access. An attacker with existing System privileges can exploit this flaw without user interaction to gain elevated permissions. No patch is currently available for this vulnerability.

Privilege Escalation Nbiot Sdk
CVE-2026-20435 MEDIUM CVSS 4.6
Device unique identifiers in the preloader of Openwrt, Android, Yocto, RDK-B, and Zephyr can be read by attackers with physical access due to a logic error, leading to local information disclosure without requiring additional privileges or user interaction. This vulnerability affects multiple embedded and IoT platforms where the preloader executes before operating system initialization. No patch is currently available for this issue.

Information Disclosure Openwrt Android Yocto Rdk B
CVE-2026-20429 MEDIUM CVSS 4.4
Android's display component fails to validate buffer boundaries during read operations, allowing a system-privileged attacker to access sensitive memory contents without user interaction. This out-of-bounds read vulnerability enables local information disclosure to any malicious process running with System privileges. No patch is currently available to address this issue.

Information Disclosure Android Google
CVE-2026-20428 MEDIUM CVSS 6.7
Improper bounds checking in Android's display subsystem enables local privilege escalation for attackers with system-level access, potentially allowing them to execute arbitrary code with elevated privileges. The vulnerability stems from an out-of-bounds write condition that requires no user interaction to exploit. No patch is currently available for this medium-severity issue.

Privilege Escalation Android Google
CVE-2026-20427 MEDIUM CVSS 6.7
Android's display subsystem contains a buffer overflow vulnerability stemming from insufficient bounds validation, allowing attackers with system-level privileges to escalate their access further without user interaction. This local privilege escalation affects Android devices and requires an attacker to already possess system privileges, limiting the immediate threat scope. While no patch is currently available, the vulnerability poses a significant risk in multi-user or containerized Android environments where system compromise could lead to complete device control.

Privilege Escalation Android Google
CVE-2026-20426 MEDIUM CVSS 6.7
Android's display component contains an out-of-bounds write vulnerability due to insufficient bounds checking that could allow a system-privileged attacker to escalate privileges without user interaction. The vulnerability affects devices where an adversary has already obtained system-level access, enabling potential memory corruption and further privilege elevation. No patch is currently available.

Privilege Escalation Android Google
CVE-2026-20425 MEDIUM CVSS 6.7
Android's display module contains an out-of-bounds write vulnerability due to insufficient bounds validation, enabling local privilege escalation for attackers who already possess System-level access. The vulnerability requires no user interaction and could allow complete system compromise through memory corruption. No patch is currently available for this medium-severity issue.

Privilege Escalation Android Google
CVE-2026-20424 MEDIUM CVSS 4.4
Android's display component contains an out-of-bounds read vulnerability stemming from insufficient bounds validation, allowing system-privileged attackers to disclose sensitive memory contents without user interaction. The vulnerability requires pre-existing system-level access but poses a high confidentiality risk through local information disclosure. No patch is currently available.

Information Disclosure Android Google
CVE-2026-3412 MEDIUM CVSS 4.3
University Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 4.3).

PHP XSS University Management System
CVE-2026-3408 MEDIUM CVSS 4.3
Open Babel versions up to 3.1.1 contain a null pointer dereference in the CDXML file handler's OBAtom::GetExplicitValence function, allowing remote attackers to crash the application through maliciously crafted files. Public exploit code exists for this vulnerability, making it a practical attack vector for denial of service. A patch is available and should be applied to all affected installations.

Null Pointer Dereference Open Babel
CVE-2026-3404 MEDIUM CVSS 5.0
Jeesite versions up to 5.15.1. contains a vulnerability that allows attackers to xml external entity reference (CVSS 5.0).

Java XXE Jeesite
CVE-2026-3337 MEDIUM CVSS 5.9
Timing side-channel attacks in AWS-LC's AES-CCM decryption implementation allow unauthenticated attackers to infer authentication tag validity through precise timing measurements. The vulnerability affects AWS-LC and related cryptographic libraries across multiple AES-CCM variants (128, 192, and 256-bit), potentially enabling attackers to forge authenticated messages. AWS service customers are unaffected, but applications using AWS-LC directly should upgrade to version 1.69.0 or later.

Aws Aws Libcrypto Aws Lc Fips Sys Aws Lc Sys
CVE-2026-2583 MEDIUM CVSS 6.4
Stored cross-site scripting in Blocksy WordPress theme versions up to 2.1.30 allows authenticated contributors and above to inject malicious scripts through insufficiently sanitized metadata fields. When users access pages containing injected payloads, the scripts execute in their browsers, potentially compromising site security and user data. No patch is currently available for this vulnerability.

WordPress XSS
CVE-2026-2256 MEDIUM CVSS 6.5
ModelScope ms-agent v1.6.0rc1 and earlier allows unauthenticated remote attackers to execute arbitrary operating system commands by injecting malicious input through prompt-derived parameters. Public exploit code exists for this vulnerability, and no patch is currently available. This command injection flaw affects AI/ML systems processing untrusted user prompts.

Command Injection AI / ML Redhat
CVE-2026-1628 MEDIUM CVSS 4.6
Mattermost Desktop is affected by inclusion of functionality from untrusted control sphere (CVSS 4.6).

RCE Mattermost Desktop
CVE-2026-0027 MEDIUM CVSS 6.7
The ARM SMMU v3 driver in Android contains a use-after-free vulnerability in the smmu_detach_dev function that could allow a local privileged attacker to execute arbitrary code with system privileges. An attacker with high-level system access can trigger an out-of-bounds write to escalate privileges without requiring user interaction. A patch is available to address this issue.

Use After Free Privilege Escalation Android Google
CVE-2026-0024 MEDIUM CVSS 4.0
MediaProvider on Android lacks proper permission validation in the isRedactionNeededForOpenViaContentResolver function, allowing local attackers to infer the precise locations of media files without requiring special privileges or user interaction. This information disclosure vulnerability affects any application with local access to the device, and while the CVSS score is moderate, no patch is currently available.

Information Disclosure Android Google
CVE-2026-0015 MEDIUM CVSS 6.2
AppOpsService.java in Android contains insufficient input validation that permits local attackers to trigger persistent denial of service without requiring elevated privileges or user interaction. An attacker can exploit multiple code paths to repeatedly crash or disable the service, degrading system functionality for legitimate users. No patch is currently available for this vulnerability.

Denial Of Service Android Google
CVE-2026-0014 MEDIUM CVSS 6.2
Local denial of service in Android's AppOpsService allows unauthenticated attackers to trigger persistent system crashes through improper input validation in the isPackageNullOrSystem function. The vulnerability requires only local access with no special privileges or user interaction, making any app on an affected device a potential attack vector. No patch is currently available.

Denial Of Service Android Google
CVE-2026-0012 MEDIUM CVSS 6.2
Contact information exposure in Android's notification system allows local attackers to extract sensitive user data through a logic error in the setHideSensitive function, requiring no special privileges or user interaction. The vulnerability affects the ExpandableNotificationRow component where contact names can be inadvertently disclosed despite intended privacy protections. No patch is currently available for this medium-severity flaw.

Information Disclosure Android Google
CVE-2026-0005 MEDIUM CVSS 6.2
App pinning bypass in Android's KeyguardServiceDelegate allows unauthenticated local attackers to interact with restricted applications without the lock screen knowledge factor (LSKF) due to insufficient permission validation. The vulnerability enables limited information disclosure through unauthorized app access with no additional privileges or user interaction required. No patch is currently available.

Information Disclosure Android Google
CVE-2025-66880 MEDIUM CVSS 6.1
Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote attacker to execute arbitrary code via the LoginComp (Module 2093) and SignupComp (Module 2094) modules. [CVSS 6.1 MEDIUM]

XSS
CVE-2025-65465 MEDIUM CVSS 6.1
A reflected Cross-Site Scripting (XSS) vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter (e.g., to the FileRead function). [CVSS 6.1 MEDIUM]

XSS
CVE-2025-58406 MEDIUM CVSS 4.3
The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls. [CVSS 4.3 MEDIUM]

Information Disclosure Clininet
CVE-2025-58405 MEDIUM CVSS 6.1
The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frame‑busting protections were detected. [CVSS 6.1 MEDIUM]

CSRF Clininet
CVE-2025-52564 MEDIUM CVSS 6.1
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. [CVSS 6.1 MEDIUM]

PHP Chamilo Lms
CVE-2025-52563 MEDIUM CVSS 6.1
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitization of the page parameter in the session/add_users_to_session.php endpoint. [CVSS 6.1 MEDIUM]

PHP XSS Chamilo Lms
CVE-2025-52476 MEDIUM CVSS 6.1
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to improper sanitization of the keyword_active parameter in admin/user_list.php. [CVSS 6.1 MEDIUM]

PHP XSS Chamilo Lms
CVE-2025-52475 MEDIUM CVSS 6.1
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability in the admin/user_list.php endpoint. [CVSS 6.1 MEDIUM]

PHP XSS Chamilo Lms
CVE-2025-52470 MEDIUM CVSS 4.8
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the session_category_add.php script. [CVSS 4.8 MEDIUM]

PHP XSS Chamilo Lms
CVE-2025-50198 MEDIUM CVSS 4.9
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. [CVSS 4.9 MEDIUM]

PHP Deserialization Chamilo Lms
CVE-2025-50186 MEDIUM CVSS 4.8
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists due to insufficient sanitization of CSV filenames. [CVSS 4.8 MEDIUM]

XSS Chamilo Lms
CVE-2025-48644 MEDIUM CVSS 5.5
In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. [CVSS 5.5 MEDIUM]

Denial Of Service Android Google
CVE-2025-48642 MEDIUM CVSS 5.5
In jump_to_payload of payload.rs, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. [CVSS 5.5 MEDIUM]

Information Disclosure Android Google
CVE-2025-48587 MEDIUM CVSS 6.2
In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. [CVSS 6.2 MEDIUM]

Denial Of Service Android Google
CVE-2025-48585 MEDIUM CVSS 6.2
In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. [CVSS 6.2 MEDIUM]

Denial Of Service Android Google
CVE-2025-47384 MEDIUM CVSS 6.5
5G Fixed Wireless Access Platform Firmware versions up to - is affected by reachable assertion (CVSS 6.5).

Denial Of Service Qca6391 Firmware 5g Fixed Wireless Access Platform Firmware Snapdragon 690 5g Mobile Platform Firmware Wsa8835 Firmware
CVE-2025-47371 MEDIUM CVSS 6.5
5G Fixed Wireless Access Platform Firmware versions up to - is affected by reachable assertion (CVSS 6.5).

Denial Of Service Wcn3950 Firmware Snapdragon 7c Gen 2 Compute Platform Firmware Wcd9340 Firmware Wsa8830 Firmware
CVE-2025-15597 MEDIUM CVSS 6.3
A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. [CVSS 6.3 MEDIUM]

Information Disclosure AI / ML Sqlbot
CVE-2024-50337 MEDIUM CVSS 5.3
Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. [CVSS 5.3 MEDIUM]

SSRF Chamilo Lms
CVE-2024-43766 MEDIUM CVSS 6.5
Android versions up to 14.0 is affected by cleartext transmission of sensitive information (CVSS 6.5).

Information Disclosure Android Google
CVE-2026-23600 None
A remote authentication bypass vulnerability exists in HPE AutoPass License Server (APLS).

Authentication Bypass
CVE-2026-3407 LOW CVSS 3.3
A vulnerability was determined in YosysHQ yosy versions up to 0.62. is affected by buffer overflow (CVSS 3.3).

Linux Buffer Overflow Heap Overflow
CVE-2026-3405 LOW CVSS 3.1
A vulnerability has been found in thinkgem JeeSite up to 5.15.1. The affected element is an unknown function of the component Connection Handler. [CVSS 3.1 LOW]

Path Traversal
CVE-2026-3403 LOW CVSS 2.4
A vulnerability was detected in PHPGurukul Student Record Management System 1.0. This issue affects some unknown processing of the file /edit-subject.php. [CVSS 2.4 LOW]

PHP XSS
CVE-2026-3402 LOW CVSS 2.4
A security vulnerability has been detected in PHPGurukul Student Record Management System up to 1.0. This vulnerability affects unknown code of the file /edit-course.php. [CVSS 2.4 LOW]

PHP XSS
CVE-2026-3401 LOW CVSS 3.1
Web-Based Pharmacy Product Management System versions up to 1.0 is affected by insufficient session expiration (CVSS 3.1).

Information Disclosure
CVE-2026-2584 None
A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially crafted SQL queries through the login interface.

SQLi
CVE-2026-0995 LOW CVSS 3.6
An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME. [CVSS 3.6 LOW]

Race Condition
CVE-2026-0689 None
In ExtremeCloud IQ - Site Engine (XIQ‑SE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses.

Authentication Bypass
CVE-2025-30062 None
In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injection.

SQLi
CVE-2025-30044 None
In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection.

Code Injection
CVE-2025-30035 None
The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials.

Authentication Bypass
CVE-2025-10350 None
including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions up to 7.9.0. is affected by sql injection.

SQLi

Today's Vulnerabilities Vulnerabilities