Skip to main content
CVE-2026-30861 CRITICAL POC PATCH Act Now

OS command injection in WeKnora from version 0.2.5 allows authenticated users to execute arbitrary system commands. CVSS 9.9 with scope change. PoC available.

RCE Command Injection AI / ML Weknora Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-30860 CRITICAL POC PATCH Act Now

SQL injection in WeKnora LLM document understanding framework allows authenticated users to extract arbitrary database contents. CVSS 9.9 with scope change. PoC available.

PostgreSQL RCE SQLi AI / ML Weknora +1
NVD GitHub
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-30821 CRITICAL POC PATCH Act Now

Unrestricted file upload in Flowise LLM workflow builder before 3.0.13 via /api/v1/attachments endpoint allows unauthenticated attackers to upload and execute malicious files. PoC available.

RCE AI / ML Flowise
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-30824 CRITICAL POC PATCH Act Now

Missing authentication on NVD data endpoint in Flowise before 3.0.13 allows unauthenticated access to internal vulnerability data. PoC available.

Authentication Bypass AI / ML Flowise
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-30832 CRITICAL POC PATCH Act Now

SSRF in Soft Serve Git server versions 0.6.0 to 0.11.3 allows authenticated attackers to make requests to internal services. PoC and patch available.

SSH Soft Serve Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-30855 HIGH POC PATCH This Week

Insufficient authorization checks in WeKnora's tenant management endpoints allow any authenticated user to read, modify, or delete arbitrary tenants, with public exploit code available. Since the application allows open registration, unauthenticated attackers can register an account and exploit this flaw to perform cross-tenant account takeover and data destruction. No patch is currently available for this high-severity vulnerability affecting WeKnora AI/ML framework versions prior to 0.3.2.

Authentication Bypass AI / ML Weknora Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3677 HIGH POC This Week

Stack overflow in Tenda FH451 firmware's setcfm function allows authenticated remote attackers to achieve complete system compromise through malicious funcname or funcpara1 parameters. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects firmware version 1.0.0.9 and enables remote code execution with high impact to confidentiality, integrity, and availability.

Buffer Overflow Stack Overflow Fh451 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3679 HIGH POC This Week

Remote code execution in Tenda FH451 firmware via stack-based buffer overflow in the QuickIndex function allows unauthenticated attackers to execute arbitrary code by sending crafted requests with oversized PPPOEPassword parameters. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and affects firmware version 1.0.0.9 and potentially other versions.

Buffer Overflow Stack Overflow F451 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3678 HIGH POC This Week

Remote code execution in Tenda FH451 firmware via stack-based buffer overflow in the WAN configuration endpoint allows unauthenticated attackers to achieve full system compromise through malicious wanmode or PPPOEPassword parameters. Public exploit code exists for this vulnerability, and no patch is currently available. Stack Overflow products are also reported as affected.

Buffer Overflow Stack Overflow Fh451 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-30820 HIGH POC PATCH This Week

Privilege escalation in Flowise versions prior to 3.0.13 allows authenticated users to bypass API authorization by spoofing an internal request header, granting access to sensitive administrative functions including API key and credential management. Public exploit code exists for this vulnerability, and an attacker with valid tenant credentials can escalate to administrative privileges without additional authentication. No patch is currently available for affected deployments.

Authentication Bypass AI / ML Flowise
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-30840 HIGH POC PATCH This Week

Server-side request forgery in Wallos versions before 4.6.2 allows authenticated attackers to conduct arbitrary network requests through the notification tester functionality. An attacker with user privileges can exploit this to access internal services, retrieve sensitive data, or interact with backend systems on behalf of the server. Public exploit code exists for this vulnerability, though a patch is available in version 4.6.2.

SSRF Wallos
NVD GitHub
CVSS 3.0
8.8
EPSS
0.0%
CVE-2026-30823 HIGH POC PATCH This Week

Flowise versions up to 3.0.13 is affected by authorization bypass through user-controlled key (CVSS 8.8).

Authentication Bypass AI / ML Flowise
NVD GitHub
CVSS 3.0
8.8
EPSS
0.0%
CVE-2026-29786 HIGH POC PATCH This Week

Arbitrary file overwrite in node-tar before 7.5.10 lets a malicious tar archive write files outside the intended extraction directory on Windows by embedding a hardlink whose target uses a drive-relative path such as 'C:../target.txt'. The flaw triggers during ordinary tar.x() extraction, so any Node.js application that unpacks untrusted archives on Windows is exposed. Publicly available exploit code exists via the GitHub Security Advisory, though EPSS exploitation probability is very low (0.02%) and it is not listed in CISA KEV.

Node.js Tar Path Traversal
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-30851 HIGH POC PATCH This Week

Caddy versions 2.10.0 through 2.11.1 fail to strip client-supplied headers in the forward_auth copy_headers directive, enabling authenticated attackers to inject identity headers and escalate privileges. This authentication bypass vulnerability affects deployments relying on Caddy for request forwarding and has public exploit code available. The vulnerability requires valid authentication credentials but allows complete privilege elevation within affected systems.

TLS Privilege Escalation Caddy Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-30822 HIGH POC PATCH This Week

Flowise versions up to 3.0.13 is affected by improperly controlled modification of dynamically-determined object attributes (CVSS 7.7).

Code Injection AI / ML Flowise
NVD GitHub
CVSS 3.0
7.7
EPSS
0.1%
CVE-2026-30828 HIGH POC PATCH This Week

Path traversal in Wallos subscription tracker versions prior to 4.6.2 allows unauthenticated remote attackers to read arbitrary files from the hosting system via a malicious url parameter. Public exploit code exists for this vulnerability, which has a high severity CVSS score of 7.5. The vulnerability is patched in version 4.6.2 and later.

Path Traversal Wallos
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-30834 HIGH POC PATCH This Week

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. [CVSS 7.5 HIGH]

SSRF Pinchtab Chrome Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-30852 HIGH POC PATCH This Week

{env.DATABASE_URL} or {file./etc/passwd} into request headers, an unauthenticated attacker can leak sensitive system information. Public exploit code exists for this vulnerability, which is fixed in version 2.11.2.

TLS Caddy Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-30827 HIGH POC PATCH This Week

express-rate-limit versions 8.0.0 through 8.3.0 (excluding patched versions) collapse all IPv4 client traffic into a single rate-limit bucket due to incorrect IPv6 subnet masking of IPv4-mapped addresses, allowing any client to trigger denial of service for all other IPv4 users by exhausting the shared limit. Public exploit code exists for this vulnerability, affecting Node.js applications using the vulnerable middleware versions. Organizations should upgrade to versions 8.0.2, 8.1.1, 8.2.2, or 8.3.0 immediately.

Node.js Express Rate Limit Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24281 HIGH POC PATCH This Week

Hostname verification bypass in Apache ZooKeeper's ZKTrustManager allows attackers with a valid certificate trusted by the server to impersonate ZooKeeper nodes by exploiting fallback to reverse DNS validation when IP SAN checks fail. An attacker controlling or spoofing PTR records can intercept and forge communications between ZooKeeper servers and clients, compromising confidentiality and integrity of the cluster. No patch is currently available; mitigation requires upgrading to ZooKeeper 3.8.6 or 3.9.5 or disabling reverse DNS lookup via configuration.

Apache Zookeeper Information Disclosure
NVD VulDB GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-29778 HIGH POC PATCH GHSA This Week

Path traversal in pyLoad versions 0.5.0b3.dev13 through 0.5.0b3.dev96 allows authenticated attackers to manipulate package folder locations through insufficient sanitization of the pack_folder parameter, bypassing directory traversal protections with recursive sequences. An attacker can exploit this to write files outside intended directories, causing data integrity issues and potential denial of service. Public exploit code exists for this vulnerability and no patch is currently available.

Python Pyload Ng
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-30858 MEDIUM POC PATCH This Month

DNS rebinding in WeKnora's web_fetch tool allows authenticated attackers to bypass URL validation and access internal resources and private IP addresses on the server through malicious domains that resolve differently during validation versus execution. Public exploit code exists for this vulnerability, and versions prior to 0.3.0 are affected with no patch currently available. An attacker could leverage this to access sensitive local services and exfiltrate data from the affected system.

DNS AI / ML Weknora Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-30841 MEDIUM POC PATCH This Month

Reflected cross-site scripting (XSS) in Wallos password reset functionality before version 4.6.2 allows unauthenticated attackers to inject malicious scripts by manipulating token and email parameters that are output without sanitization. Public exploit code exists for this vulnerability, affecting self-hosted instances of Wallos. A patch is available in version 4.6.2 and later.

PHP XSS Wallos
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-30830 MEDIUM POC PATCH This Month

Defuddle versions prior to 0.9.0 fail to properly escape image attributes in HTML processing, allowing attackers to inject malicious event handlers through specially crafted alt text containing quote characters. Public exploit code exists for this cross-site scripting vulnerability. The vulnerability affects all users of Defuddle before version 0.9.0, and a patch is available.

XSS Defuddle
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-25070 CRITICAL Act Now

OS command injection in XikeStor SKS8310-8X network switch firmware 1.04.B07 and prior via management interface. Unauthenticated RCE on network infrastructure.

RCE Command Injection Zikestor Sks8310 8x Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2026-29076 MEDIUM POC PATCH This Month

Remote denial of service in cpp-httplib prior to version 0.37.0 allows unauthenticated attackers to crash server processes by submitting HTTP POST requests with maliciously crafted RFC 5987 filename* parameters that trigger catastrophic backtracking in the regex parser. The vulnerability exploits the recursive stack-based implementation of libstdc++'s regex engine, causing uncontrolled stack growth and stack overflow. Public exploit code exists for this vulnerability.

Stack Overflow Denial Of Service Cpp Httplib Red Hat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-30247 MEDIUM POC PATCH This Month

WeKnora's document import feature is vulnerable to Server-Side Request Forgery through HTTP redirects, allowing unauthenticated remote attackers to bypass URL validation controls and access internal services despite backend protections against private IPs and metadata endpoints. The vulnerability affects WeKnora versions prior to 0.2.12 when deployed in Docker environments, where host.docker.internal addresses are not blocked. Public exploit code exists and no patch is currently available.

Docker SSRF AI / ML Weknora Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-25072 CRITICAL Act Now

Predictable session identifier generation in XikeStor SKS8310-8X network switch allows session hijacking even if the command injection (CVE-2026-25070) is patched.

Authentication Bypass Zikestor Sks8310 8x Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-29186 CRITICAL PATCH Act Now

Arbitrary code execution in Backstage's @backstage/plugin-techdocs-node (versions <= 1.14.2) allows attackers who can influence an mkdocs.yml file to run arbitrary Python during the documentation build, bypassing TechDocs' allowlist-based configuration filtering. The flaw stems from MkDocs configuration keys (notably the hooks feature) that the security allowlist failed to block, meaning any contributor able to merge or supply a crafted mkdocs.yml gains code execution on the build host. No public exploit identified at time of analysis, and EPSS is low (0.07%), but the CVSS 9.8 rating and trivial exploitation primitive make this a high-priority patch for self-hosted developer portals.

Python Backstage Plugin Techdocs Node RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-30863 CRITICAL PATCH Act Now

Authentication bypass in Parse Server allows unauthenticated access to protected API endpoints. Parse Server is a popular open-source backend framework for mobile and web applications.

Node.js Parse Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-29780 MEDIUM POC PATCH This Month

Unsanitized attachment filenames in eml_parser prior to version 2.0.1 enable path traversal attacks, allowing attackers to write files outside the intended output directory when the example extraction script processes malicious emails. Organizations using the vulnerable example code or similar attachment handling logic are at risk of unauthorized file writes that could overwrite critical files or introduce malicious content. Public exploit code exists for this vulnerability, and a patch is available in version 2.0.1 and later.

Python Path Traversal Eml Parser
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-30829 MEDIUM POC This Month

Checkmate versions prior to 3.4.0 allow unauthenticated attackers to retrieve unpublished status pages and internal monitoring data through the GET /api/v1/status-page/:url endpoint due to missing authentication checks. Public exploit code exists for this information disclosure vulnerability, enabling remote attackers to access sensitive server hardware, uptime, and incident details without credentials. No patch is currently available for affected deployments.

Information Disclosure Checkmate
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-29787 MEDIUM POC PATCH This Month

The /api/health/detailed endpoint in mcp-memory-service prior to version 10.21.0 discloses sensitive system information including OS details, Python version, CPU configuration, memory metrics, and database paths to unauthenticated network users when anonymous access is enabled. Public exploit code exists for this information disclosure vulnerability, which affects deployments using the default 0.0.0.0 network binding. A patch is available in version 10.21.0 to restrict endpoint access and redact sensitive data.

Python AI / ML Mcp Memory Service
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-27797 MEDIUM POC PATCH This Month

Unauthenticated Server-Side Request Forgery in Homarr versions before 1.54.0 enables remote attackers to initiate arbitrary outbound HTTP requests from the server, potentially accessing internal network resources and private IP ranges. Public exploit code exists for this vulnerability. The issue is resolved in version 1.54.0 and later.

SSRF Homarr
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-29191 CRITICAL PATCH Act Now

Stored XSS in ZITADEL identity management platform versions 4.0.0 to 4.11.1 allows unauthenticated attackers to inject persistent scripts through the login flow. Patch available.

XSS Zitadel Suse
NVD GitHub
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-27796 MEDIUM POC PATCH This Month

Unauthenticated attackers can query the integration.all endpoint in Homarr prior to version 1.54.0 to enumerate all configured integrations and expose sensitive metadata including internal service URLs and integration details. Public exploit code exists for this information disclosure vulnerability. The vulnerability is patched in version 1.54.0 and later.

Information Disclosure Homarr
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-30857 MEDIUM POC PATCH This Month

Weknora versions up to 0.3.0 is affected by authorization bypass through user-controlled key (CVSS 5.3).

Authentication Bypass AI / ML Weknora Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-8899 HIGH This Week

The Paid Videochat Turnkey Site - HTML5 PPV Live Webcams plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.3.20. This is due to videowhisper_register_form() function not restricting user roles that can be set during registration. This makes it possible for authenticated attackers, with Author-level access and above, to create posts/pages with the registration form and administrator set as the role and subsequently use that form to register an a...

WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-29771 HIGH PATCH This Week

Denial of service in Gravitl Netmaker prior to 1.2.0 allows any remote unauthenticated attacker to terminate the server process by calling the unprotected /api/server/shutdown endpoint, which issues a SIGINT to the running process. Because the service restarts in roughly three seconds, attackers can loop the request to sustain a cyclic outage of the WireGuard-based overlay network. No public exploit identified at time of analysis and EPSS is low (0.04%), but the trivial nature of the request makes opportunistic abuse plausible once exposure is known.

Denial Of Service Netmaker
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-30842 MEDIUM POC PATCH This Month

Wallos prior to version 4.6.2 contains an authorization bypass allowing authenticated users to delete avatar files belonging to other users due to missing ownership verification on the avatar deletion endpoint. An attacker with valid credentials can enumerate or guess other users' avatar filenames to remove their files. Public exploit code exists for this vulnerability, and a patch is available in version 4.6.2 and later.

Authentication Bypass Wallos
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-30839 MEDIUM POC PATCH This Month

Wallos versions prior to 4.6.2 contain a server-side request forgery (SSRF) vulnerability in the webhook notification testing function that fails to restrict requests to private IP ranges, allowing authenticated attackers to read internal server responses. Public exploit code exists for this vulnerability. The vulnerability affects Wallos and has been patched in version 4.6.2.

PHP SSRF Wallos
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-29193 HIGH PATCH This Week

ZITADEL is an open source identity management platform. [CVSS 8.2 HIGH]

Authentication Bypass Zitadel Suse
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-29194 HIGH PATCH This Week

Netmaker versions prior to 1.5.0 fail to properly validate host JWT tokens during authorization, allowing any attacker with knowledge of target object identifiers to bypass access controls and read, modify, or delete resources across different hosts. The vulnerability affects critical operations including node management, host deletion, and failover configurations, requiring only a valid host token and network access to exploit. Update to version 1.5.0 or later to remediate.

Wireguard Netmaker Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-28678 HIGH PATCH This Week

DSA Study Hub stores JWT authentication tokens in unencrypted HTTP cookies, allowing attackers to extract and replay user credentials to gain unauthorized access to accounts. An unauthenticated remote attacker can intercept these tokens through network traffic analysis or client-side inspection to impersonate legitimate users. A patch is available in commit d527fba and should be applied immediately.

Information Disclosure Dsa Study Hub
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-29067 HIGH PATCH This Week

ZITADEL versions 4.0.0-rc.1 through 4.7.0 are vulnerable to open redirect attacks through improper validation of the Forwarded and X-Forwarded-Host headers used in password reset links. An attacker can craft a malicious request to redirect users to an attacker-controlled domain when they click password reset confirmation links, enabling credential harvesting or phishing attacks. The vulnerability affects all deployments using affected versions and has been patched in version 4.7.1.

Open Redirect Zitadel
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-29192 HIGH PATCH This Week

Account takeover in Zitadel versions 4.0.0 through 4.11.1 is possible through improper redirect URI validation in the login V2 interface, allowing attackers with high privileges to compromise user accounts. This cross-site scripting vulnerability affects organizations using the vulnerable Zitadel identity management platform and has been resolved in version 4.12.0.

XSS Zitadel Suse
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-25071 HIGH This Week

Unauthenticated remote attackers can download sensitive configuration files from ZikeStor SKS8310-8X network switches (firmware 1.04.B07 and earlier) via an unprotected /switch_config.src endpoint, exposing VLAN settings and IP addressing details without requiring credentials. This HIGH severity vulnerability (CVSS 7.5) affects confidentiality of device configurations and currently has no available patch.

Authentication Bypass Zikestor Sks8310 8x Firmware
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-2020 HIGH This Week

PHP object injection in the JS Archive List WordPress plugin (versions up to 6.1.7) allows authenticated contributors and above to deserialize untrusted data through the shortcode 'included' parameter. While no direct exploitation path exists in the plugin itself, attackers could leverage gadget chains from other installed plugins or themes to achieve arbitrary file deletion, information disclosure, or remote code execution. A patch is not currently available.

WordPress PHP Deserialization Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-14353 HIGH This Week

ZIP Code Based Content Protection (WordPress plugin) versions up to 1.0.2 is affected by sql injection (CVSS 7.5).

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-29779 HIGH PATCH This Week

UptimeFlare's configuration management fails to segregate server-only sensitive data from client-side code, causing the workerConfig object containing confidential settings to be exposed in the JavaScript bundle delivered to all website visitors. This information disclosure allows attackers to view sensitive configuration details without authentication. The vulnerability affects UptimeFlare instances prior to commit 377a596 and has been patched.

Information Disclosure Uptimeflare
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy