389 CVEs tracked today. 34 Critical, 182 High, 136 Medium, 7 Low.
-
CVE-2025-40943
CRITICAL
CVSS 9.6
Siemens devices have a stored XSS in trace file handling (CVSS 9.6) enabling code execution when administrators view diagnostic data.
XSS
-
CVE-2026-31800
CRITICAL
CVSS 9.1
Parse Server has a third vulnerability with missing authorization enabling unauthorized operations.
Node.js
Parse Server
-
CVE-2026-30970
CRITICAL
CVSS 9.1
Coral Server has a third missing authorization flaw.
Authentication Bypass
AI / ML
Coral Server
-
CVE-2026-30969
CRITICAL
CVSS 9.1
Coral Server has an IDOR vulnerability enabling cross-user data access.
Authentication Bypass
AI / ML
Coral Server
-
CVE-2026-30968
CRITICAL
CVSS 9.8
Coral Server open collaboration platform has a missing authorization enabling unauthenticated access to all collaboration data.
Authentication Bypass
AI / ML
Coral Server
-
CVE-2026-30966
CRITICAL
CVSS 10.0
Parse Server has a CVSS 10.0 access control vulnerability enabling complete bypass of all data access restrictions.
Node.js
Parse Server
-
CVE-2026-30965
CRITICAL
CVSS 9.1
Parse Server has an incorrect authorization vulnerability enabling unauthorized data access across applications.
Node.js
Parse Server
-
CVE-2026-30957
CRITICAL
CVSS 9.9
OneUptime prior to 10.0.21 has a fourth vulnerability in Synthetic monitoring exposing dangerous functionality.
RCE
Oneuptime
-
CVE-2026-30956
CRITICAL
CVSS 9.9
OneUptime prior to 10.0.21 has a third authorization bypass enabling low-privileged users to access admin functions.
Authentication Bypass
Privilege Escalation
Information Disclosure
Node.js
Oneuptime
-
CVE-2026-30930
CRITICAL
CVSS 9.8
Glances monitoring tool prior to 4.5.1 has a SQL injection in the TimescaleDB export plugin enabling database compromise.
SQLi
Glances
-
CVE-2026-30921
CRITICAL
CVSS 9.9
OneUptime prior to 10.0.20 exposes dangerous functionality in Synthetic monitoring that enables code execution.
RCE
AI / ML
Oneuptime
-
CVE-2026-30887
CRITICAL
CVSS 9.9
OneUptime monitoring platform prior to 10.0.18 allows code injection (CVSS 9.9) enabling RCE through the monitoring configuration.
Node.js
Oneuptime
-
CVE-2026-30869
CRITICAL
CVSS 9.3
SiYuan prior to 3.5.10 has a path traversal vulnerability enabling arbitrary file access through crafted API requests.
RCE
Path Traversal
Siyuan
-
CVE-2026-30862
CRITICAL
CVSS 9.0
Appsmith platform prior to version 1.96 has a critical stored XSS enabling account takeover through crafted admin panel content.
XSS
Appsmith
-
CVE-2026-28806
CRITICAL
CVSS 9.4
Improper Authorization vulnerability in nerves-hub nerves_hub_web allows cross-organization device control via device bulk actions and device update API.
Authentication Bypass
-
CVE-2026-28495
CRITICAL
CVSS 9.6
GetSimple CMS massiveAdmin plugin has a CSRF vulnerability enabling attackers to perform admin actions through crafted malicious pages.
PHP
RCE
CSRF
Getsimple Cms
-
CVE-2026-28292
CRITICAL
CVSS 9.8
simple-git Node.js library has a command injection vulnerability (EPSS with patch) enabling RCE when processing untrusted git operations.
Node.js
RCE
Simple Git
Redhat
Suse
-
CVE-2026-27825
CRITICAL
CVSS 9.0
MCP Atlassian server has a path traversal vulnerability enabling unauthorized access to Confluence and Jira data outside the intended scope.
Atlassian
Path Traversal
RCE
-
CVE-2026-27685
CRITICAL
CVSS 9.1
SAP NetWeaver Enterprise Portal Administration has an insecure deserialization vulnerability allowing privileged users to execute code through uploaded files.
Sap
Deserialization
-
CVE-2026-25573
HIGH
CVSS 7.4
Command injection in SICAM SIAPP SDK versions prior to 2.1.7 allows unauthenticated local attackers to manipulate shell command construction and achieve arbitrary code execution with full system privileges. The vulnerability stems from insufficient input validation when building and executing system commands with user-supplied data. No patch is currently available, leaving all affected versions vulnerable to complete system compromise.
Command Injection
Sicam Siapp Sdk
-
CVE-2026-25570
HIGH
CVSS 7.4
Insufficient input validation in SICAM SIAPP SDK versions prior to V2.1.7 enables stack overflow attacks, permitting local attackers to execute arbitrary code or trigger denial of service. The vulnerability affects all versions below the patched release, with no currently available remediation for deployed systems. Attackers with local access can leverage malformed input to corrupt the stack and gain code execution privileges.
Stack Overflow
Denial Of Service
RCE
Buffer Overflow
Sicam Siapp Sdk
-
CVE-2026-25569
HIGH
CVSS 7.4
Out-of-bounds write vulnerability in SICAM SIAPP SDK versions prior to V2.1.7 allows local attackers to corrupt memory and achieve arbitrary code execution or denial of service. The vulnerability requires local access and specific conditions to trigger, but no patch is currently available. Affected organizations using vulnerable SDK versions should immediately implement compensating controls or upgrade to V2.1.7 or later.
Denial Of Service
RCE
Buffer Overflow
Memory Corruption
Sicam Siapp Sdk
-
CVE-2026-23240
CRITICAL
CVSS 9.8
In the Linux kernel, the following vulnerability has been resolved:
tls: Fix race condition in tls_sw_cancel_work_tx()
This issue was discovered during a code audit.
Linux
Information Disclosure
Redhat
Suse
-
CVE-2026-3843
CRITICAL
CVSS 9.8
Gas station automation system BUK TS-G 2.9.1 has a SQL injection enabling compromise of fuel management and transaction data.
Linux
PHP
RCE
SQLi
-
CVE-2026-0953
CRITICAL
CVSS 9.8
Tutor LMS Pro WordPress plugin has an authentication bypass enabling unauthenticated users to access premium learning content and admin functions.
WordPress
Authentication Bypass
-
CVE-2026-0120
CRITICAL
CVSS 9.8
Modem has a fifth OOB write enabling remote privilege escalation.
RCE
Android
Google
-
CVE-2026-0116
CRITICAL
CVSS 9.8
Samsung/Google MFC driver has an OOB write in mfc_core_isr.c enabling kernel-level privilege escalation on Android devices.
RCE
Android
Google
-
CVE-2026-0114
CRITICAL
CVSS 9.8
Modem has a fourth OOB write due to incorrect bounds check.
RCE
Android
Google
-
CVE-2026-0113
CRITICAL
CVSS 9.8
Modem has a third OOB write in cell broadcast utilities.
Privilege Escalation
Android
Google
-
CVE-2026-0111
CRITICAL
CVSS 9.8
Modem OOB write in cell broadcast utilities enabling privilege escalation.
Privilege Escalation
Android
Google
-
CVE-2026-0110
CRITICAL
CVSS 9.8
Samsung/Qualcomm modem has an out-of-bounds write in NR SM message handling enabling privilege escalation through crafted cellular signaling.
Memory Corruption
Privilege Escalation
Android
Google
-
CVE-2025-69615
CRITICAL
CVSS 9.1
A product has missing 2FA rate limiting allowing unlimited brute-force attempts against two-factor authentication codes.
Authentication Bypass
-
CVE-2025-69614
CRITICAL
CVSS 9.4
A product has an access control flaw allowing activation token reuse on the password-reset endpoint for unauthorized account takeover.
Authentication Bypass
-
CVE-2025-56422
CRITICAL
CVSS 9.8
LimeSurvey before v6.15.0 has an insecure deserialization enabling remote code execution through crafted survey data.
Deserialization
RCE
-
CVE-2025-48611
CRITICAL
CVSS 10.0
Android DeviceId component has a CVSS 10.0 out-of-bounds write in persistence handling enabling device compromise.
Privilege Escalation
Buffer Overflow
-
CVE-2025-41709
CRITICAL
CVSS 9.8
A Siemens product has a command injection vulnerability enabling remote code execution.
Command Injection
-
CVE-2025-11158
CRITICAL
CVSS 9.1
Hitachi Vantara Pentaho has a missing authorization vulnerability enabling unauthorized access to data integration and analytics functions.
Industrial
-
CVE-2026-31837
HIGH
CVSS 7.5
Istio versions prior to 1.29.1, 1.28.5, and 1.27.8 fall back to hardcoded default JWKS values when the resolver becomes unavailable or fails to fetch, potentially allowing attackers to bypass authentication controls configured via RequestAuthentication policies. This flaw exposes sensitive information and could enable unauthorized access to microservices when JWKS endpoints are unreachable. No patch is currently available for affected deployments.
Information Disclosure
Istio
-
CVE-2026-31834
HIGH
CVSS 7.2
Privilege escalation in Umbraco CMS versions 15.3.1 through 16.5.0 and 17.x before 17.2.2 allows authenticated backoffice users with user management permissions to assign themselves elevated privileges by bypassing authorization checks on role assignments. An attacker with these permissions could gain administrative access to the CMS without proper privilege validation. No patch is currently available for affected installations.
Privilege Escalation
Umbraco Cms
-
CVE-2026-31830
HIGH
CVSS 7.5
Sigstore-ruby versions before 0.2.3 fail to properly validate artifact digests when verifying DSSE bundles with in-toto attestations, causing the library to incorrectly return successful verification even when the artifact does not match the attested subject. This allows attackers to bypass cryptographic verification controls and accept mismatched or tampered artifacts as valid. Organizations using sigstore-ruby for supply chain verification should upgrade to version 0.2.3 immediately, though no patch is currently available for other affected projects.
Information Disclosure
-
CVE-2026-31829
HIGH
CVSS 7.1
Flowise versions prior to 3.0.13 allow unauthenticated users to trigger Server-Side Request Forgery (SSRF) attacks through improperly validated URLs in the HTTP Node component, enabling attackers to probe internal networks and cloud metadata endpoints from the Flowise server. Public exploit code exists for this vulnerability, and no patch is currently available for affected deployments. Any organization running a publicly exposed Flowise instance is at immediate risk of internal network reconnaissance and potential credential theft from cloud environments.
SSRF
AI / ML
Flowise
-
CVE-2026-31828
HIGH
CVSS 8.8
Parse Server's LDAP authentication adapter fails to properly sanitize user input in Distinguished Names and group filters, allowing authenticated attackers to inject LDAP commands and bypass group-based access controls. This vulnerability enables privilege escalation for any valid LDAP user to gain membership in restricted groups, affecting deployments that rely on LDAP group policies for authorization. Patches are available in versions 9.5.2-alpha.13 and 8.6.26.
Node.js
Dns
Ldap
Privilege Escalation
Parse Server
-
CVE-2026-31824
HIGH
CVSS 8.2
Sylius eCommerce Framework is vulnerable to a race condition in promotion and coupon usage limit enforcement, where concurrent requests can bypass redemption restrictions by exploiting a gap between eligibility validation and usage increment operations. An unauthenticated attacker can exploit this TOCTOU vulnerability to redeem promotions or coupons beyond their configured usage limits, potentially causing financial loss through unintended discounts. No patch is currently available.
Race Condition
Sylius
-
CVE-2026-31817
HIGH
CVSS 8.5
Arbitrary file write in OliveTin prior to 3000.11.2 allows authenticated attackers to write files to arbitrary filesystem locations via path traversal in the UniqueTrackingId parameter when the saveLogs feature is enabled. The vulnerability enables denial of service and potential system compromise through log file manipulation. Public exploit code exists and no patch is currently available.
Path Traversal
Olivetin
-
CVE-2026-31801
HIGH
CVSS 7.7
Zot registry versions 1.3.0 through 2.1.14 have an authorization bypass in the manifest upload endpoint that allows authenticated users with only create permissions to overwrite the latest tag when it already exists. An attacker with limited write privileges can leverage this flaw to replace the latest image version, potentially distributing malicious container images to downstream consumers. The vulnerability is fixed in version 2.1.15.
Authentication Bypass
Zot
-
CVE-2026-31796
HIGH
CVSS 7.8
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by heap-based buffer overflow (CVSS 7.8).
Buffer Overflow
Heap Overflow
Iccdev
-
CVE-2026-31795
HIGH
CVSS 7.8
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by classic buffer overflow (CVSS 7.8).
Buffer Overflow
Iccdev
-
CVE-2026-31792
HIGH
CVSS 7.8
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by null pointer dereference (CVSS 7.8).
Null Pointer Dereference
Denial Of Service
Iccdev
-
CVE-2026-30987
HIGH
CVSS 7.8
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by classic buffer overflow (CVSS 7.8).
Buffer Overflow
Iccdev
-
CVE-2026-30985
HIGH
CVSS 7.8
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by classic buffer overflow (CVSS 7.8).
Buffer Overflow
Iccdev
-
CVE-2026-30983
HIGH
CVSS 7.8
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by classic buffer overflow (CVSS 7.8).
Buffer Overflow
Iccdev
-
CVE-2026-30979
HIGH
CVSS 7.8
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by classic buffer overflow (CVSS 7.8).
Buffer Overflow
Iccdev
-
CVE-2026-30978
HIGH
CVSS 7.8
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by use after free (CVSS 7.8).
Use After Free
Denial Of Service
Memory Corruption
Iccdev
-
CVE-2026-30972
HIGH
CVSS 7.5
Parse Server versions prior to 9.5.2-alpha.10 and 8.6.23 allow remote attackers to bypass rate limiting protections by submitting multiple requests within a single batch request, since batch processing routes requests internally and circumvents Express middleware controls. Deployments relying on built-in rate limiting are vulnerable to abuse and denial of service attacks. A patch is available in the specified versions.
Node.js
Parse Server
-
CVE-2026-30967
HIGH
CVSS 8.8
Parse Server versions prior to 9.5.2-alpha.9 and 8.6.22 fail to properly validate OAuth2 token ownership when the useridField option is not configured, allowing attackers with any valid token from the same provider to impersonate arbitrary users. This authentication bypass affects all Parse Server deployments using the generic OAuth2 adapter without the useridField setting. The vulnerability is resolved in patched versions 9.5.2-alpha.9 and 8.6.22.
Node.js
Parse Server
-
CVE-2026-30958
HIGH
CVSS 7.2
Unauthenticated path traversal in OneUptime versions before 10.0.21 allows remote attackers to read arbitrary files from the server via the /workflow/docs/:componentName endpoint, which fails to sanitize user input before passing it to file operations. Public exploit code exists for this vulnerability, affecting all users of vulnerable versions without authentication requirements. Upgrade to version 10.0.21 or later to remediate.
Path Traversal
Oneuptime
-
CVE-2026-30953
HIGH
CVSS 7.7
Server-side request forgery in LinkAce allows authenticated users to make arbitrary HTTP requests to internal network addresses and cloud metadata endpoints by providing malicious URLs during link creation, bypassing validation controls that exist elsewhere in the application. An attacker with valid credentials can exploit this to access Docker service hostnames, internal services, and sensitive metadata endpoints. No patch is currently available for this vulnerability affecting PHP-based LinkAce deployments.
PHP
Docker
SSRF
Linkace
-
CVE-2026-30952
HIGH
CVSS 7.5
liquidjs is a Shopify / GitHub Pages compatible template engine in pure JavaScript. versions up to 10.25.0 is affected by path traversal.
Path Traversal
Liquidjs
-
CVE-2026-30951
HIGH
CVSS 7.5
SQL injection in Sequelize prior to version 6.37.8 allows unauthenticated attackers to execute arbitrary SQL queries and extract sensitive data by manipulating JSON object keys in WHERE clause operations. The vulnerability stems from improper sanitization of cast type parameters in the _traverseJSON() function, which directly interpolates user-controlled input into CAST SQL statements. Node.js applications using affected Sequelize versions are at risk of complete database compromise.
Node.js
SQLi
Sequelize
-
CVE-2026-30949
HIGH
CVSS 8.8
Parse Server's Keycloak authentication adapter fails to validate the authorized party claim in access tokens, allowing tokens issued for one client application to authenticate users on another client within the same Keycloak realm. An authenticated attacker with valid credentials to any client application can exploit this to perform cross-application account takeover against Parse Server instances using Keycloak authentication in multi-client environments. A patch is available in versions 9.5.2-alpha.5 and 8.6.18.
Node.js
Parse Server
-
CVE-2026-30947
HIGH
CVSS 7.5
Parse Server versions prior to 9.5.2-alpha.3 and 8.6.16 fail to enforce class-level permissions on LiveQuery subscriptions, allowing unauthenticated attackers to subscribe to restricted data classes and receive real-time updates on all objects. This authorization bypass affects all deployments using LiveQuery with permission controls, exposing sensitive data to unauthorized subscribers. A patch is available in the mentioned versions.
Node.js
Parse Server
-
CVE-2026-30946
HIGH
CVSS 7.5
Parse-Server versions up to 9.5.2 is affected by allocation of resources without limits or throttling (CVSS 7.5).
Node.js
Parse Server
-
CVE-2026-30945
HIGH
CVSS 7.1
StudioCMS prior to version 0.4.0 allows authenticated editors and above to revoke API tokens belonging to any user, including administrators and owners, due to insufficient authorization checks on the DELETE /studiocms_api/dashboard/api-tokens endpoint. An attacker with editor privileges can exploit this to disable critical integrations and automations by revoking tokens of higher-privileged accounts. No patch is currently available for affected versions.
Denial Of Service
Authentication Bypass
Studiocms
-
CVE-2026-30944
HIGH
CVSS 8.8
Privilege escalation in StudioCMS versions prior to 0.4.0 enables authenticated Editor-level users to generate API tokens for arbitrary accounts, including administrative and owner roles, due to missing authorization validation on the /studiocms_api/dashboard/api-tokens endpoint. An attacker with basic editor privileges can exploit this to gain full administrative access without requiring the target account's credentials. No patch is currently available for affected installations.
Privilege Escalation
Authentication Bypass
Studiocms
-
CVE-2026-30941
HIGH
CVSS 7.5
NoSQL injection in Parse Server's password reset and email verification endpoints allows unauthenticated attackers to extract authentication tokens by injecting MongoDB query operators through the unvalidated token parameter. Affected deployments running MongoDB with these features enabled are vulnerable to email verification bypass and password reset token theft. The vulnerability is fixed in versions 8.6.14 and 9.5.2-alpha.1.
Node.js
MongoDB
SQLi
Parse Server
-
CVE-2026-30939
HIGH
CVSS 7.5
Unauthenticated attackers can crash Parse Server instances by invoking Cloud Function endpoints with prototype property names, triggering infinite recursion and process termination. Additionally, attackers can bypass validation checks using prototype pollution techniques to elicit HTTP 200 responses for non-existent functions. All Parse Server versions prior to 8.6.13 and 9.5.1-alpha.2 are affected when the Cloud Function endpoint is exposed.
Node.js
Denial Of Service
Parse Server
-
CVE-2026-30934
HIGH
CVSS 8.9
Stored cross-site scripting in FileBrowser versions prior to 1.3.1-beta and 1.2.2-stable allows authenticated attackers to inject malicious scripts through share metadata fields that are improperly rendered without HTML escaping. When victims visit affected share URLs, the injected scripts execute in their browsers with full privileges, potentially leading to session hijacking, credential theft, or further compromise. A patch is available in the fixed versions, though exploitation currently shows 0% adoption likelihood.
XSS
Filebrowser
-
CVE-2026-30933
HIGH
CVSS 7.5
FileBrowser versions prior to 1.3.1-beta and 1.2.2-stable leak authentication tokens through the /public/api/share/info endpoint, allowing unauthenticated attackers to bypass password protections on shared files. The vulnerability stems from an incomplete fix to CVE-2026-27611 and enables token disclosure that could facilitate unauthorized file access. No patch is currently available for affected installations.
Information Disclosure
Filebrowser
-
CVE-2026-30929
HIGH
CVSS 7.7
High severity vulnerability in ImageMagick. MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack.
Buffer Overflow
Stack Overflow
Imagemagick
-
CVE-2026-30928
HIGH
CVSS 7.5
Glances is an open-source system cross-platform monitoring tool. versions up to 4.5.1 is affected by information exposure.
Information Disclosure
Glances
-
CVE-2026-30926
HIGH
CVSS 7.1
SiYuan Note prior to version 3.5.10 contains an insufficient authorization flaw in the /api/block/appendHeadingChildren endpoint that allows authenticated users with read-only (RoleReader) privileges to modify notebook content by appending blocks to documents. The vulnerability exists because the endpoint applies only basic authentication checks instead of enforcing stricter administrative or read-only restrictions. Affected users should upgrade to version 3.5.10 or later, as no workaround is currently available and exploitation requires only network access and valid read-only credentials.
Privilege Escalation
Authentication Bypass
Siyuan
-
CVE-2026-30925
HIGH
CVSS 7.5
Parse Server's LiveQuery feature is vulnerable to denial of service through malicious regex patterns that trigger catastrophic backtracking, freezing the Node.js event loop and rendering the entire server unresponsive to all clients. Attackers only require the publicly available application ID and JavaScript key to exploit this vulnerability on any Parse Server with LiveQuery enabled. Updates to versions 9.5.0-alpha.14 or 8.6.11 and later address this issue.
Node.js
Parse Server
-
CVE-2026-30920
HIGH
CVSS 8.6
OneUptime versions prior to 10.0.19 allow unauthenticated attackers to hijack GitHub App integrations across projects by exploiting insufficient validation in the OAuth callback handler, enabling them to redirect repository access and create code records in arbitrary projects. Public exploit code exists for this vulnerability, and GitHub and OneUptime users remain at risk until patches are applied, as no fixes are currently available for the affected GitHub integration.
Github
Oneuptime
-
CVE-2026-30919
HIGH
CVSS 7.6
facileManager is a modular suite of web apps built with the sysadmin in mind. versions up to 6.0.4 is affected by cross-site scripting (xss) (CVSS 7.6).
XSS
Facilemanager
-
CVE-2026-30918
HIGH
CVSS 7.6
FacileManager versions prior to 6.0.4 contain a reflected cross-site scripting vulnerability in the fmDNS module's log_search_query parameter that allows authenticated attackers to inject malicious JavaScript through crafted URLs. An attacker with login credentials can exploit this to execute arbitrary scripts in users' browsers, potentially compromising sensitive administrative data or session tokens. No patch is currently available for affected deployments.
XSS
Facilemanager
-
CVE-2026-30837
HIGH
CVSS 7.5
OpenAPI documentation and client-server communication. versions up to 1.4.26 is affected by inefficient regular expression complexity (redos) (CVSS 7.5).
Denial Of Service
-
CVE-2026-29174
HIGH
CVSS 8.8
Craft Commerce versions prior to 5.5.3 contain an SQL injection vulnerability in the inventory levels endpoint where sort parameters are improperly sanitized, allowing authenticated users with Commerce Inventory access to execute arbitrary database queries. Public exploit code exists for this vulnerability, which could enable complete database compromise. Update to version 5.5.3 or later to resolve this high-severity issue.
SQLi
Craft Commerce
-
CVE-2026-29172
HIGH
CVSS 8.8
SQL injection in Craft Commerce's purchasables endpoint allows authenticated attackers to manipulate the sort parameter and execute arbitrary SQL queries via the unvalidated ORDER BY clause. Versions prior to 4.10.2 and 5.5.3 are vulnerable, with public exploit code available. An attacker with valid credentials can extract sensitive database information or modify data without additional user interaction.
SQLi
Craft Commerce
-
CVE-2026-28807
HIGH
CVSS 8.7
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.serve_static function is vulnerable to path traversal because sanitization runs before percent-decoding.
Path Traversal
-
CVE-2026-28693
HIGH
CVSS 8.1
High severity vulnerability in ImageMagick. An integer overflow in DIB coder can result in out of bounds read or write
Integer Overflow
Imagemagick
Redhat
Suse
-
CVE-2026-28691
HIGH
CVSS 7.5
High severity vulnerability in ImageMagick. An uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check.
Information Disclosure
Imagemagick
Redhat
Suse
-
CVE-2026-28513
HIGH
CVSS 8.5
Pocket ID versions prior to 2.4.0 fail to properly validate authorization codes at the OIDC token endpoint, enabling attackers with valid credentials to exchange codes across different clients or reuse expired codes. This authentication bypass affects any service relying on Pocket ID for passkey-based authentication and allows token acquisition without proper authorization. Public exploit code exists for this vulnerability, and no patch is currently available.
Authentication Bypass
Pocket Id
Suse
-
CVE-2026-28512
HIGH
CVSS 7.1
Pocket ID versions 2.0.0 through 2.3.x suffer from improper callback URL validation that allows attackers to bypass redirect URI restrictions using URL userinfo characters (@), enabling authorization code interception. An attacker can craft a malicious authorization link to redirect authentication codes to an attacker-controlled server if a user is tricked into clicking it. Public exploit code exists for this vulnerability, and no patch is currently available.
Open Redirect
Pocket Id
Suse
-
CVE-2026-28494
HIGH
CVSS 7.1
High severity vulnerability in ImageMagick. A stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption.
Linux
Buffer Overflow
Imagemagick
Redhat
Suse
-
CVE-2026-28432
HIGH
CVSS 7.5
federated social media platform. All Misskey server versions up to 2026.3.1 is affected by improper verification of cryptographic signature.
Authentication Bypass
Misskey
-
CVE-2026-28431
HIGH
CVSS 7.5
Misskey is an open source, federated social media platform.
Authentication Bypass
Misskey
-
CVE-2026-28281
HIGH
CVSS 7.1
InstantCMS is a free and open source content management system. versions up to 2.18.1 is affected by cross-site request forgery (csrf) (CVSS 7.1).
CSRF
Instantcms
-
CVE-2026-27826
HIGH
CVSS 8.2
Unauthenticated attackers can abuse the MCP Atlassian server to perform arbitrary outbound HTTP requests by manipulating HTTP headers, enabling credential theft from cloud instance metadata endpoints or internal network reconnaissance without requiring authentication. The vulnerability exists in the HTTP middleware layer prior to version 0.17.0, affecting Atlassian Confluence and Jira deployments. No patch is currently available.
Atlassian
Confluence
Jira
AI / ML
-
CVE-2026-27689
HIGH
CVSS 7.7
Denial of service in a remote-enabled function module allows authenticated attackers to exhaust system resources by submitting requests with oversized loop parameters, rendering the affected system unavailable. The vulnerability requires valid user credentials and network access but no user interaction, making it exploitable by any authenticated user on the network. No patch is currently available to address this high-severity flaw.
Denial Of Service
-
CVE-2026-27280
HIGH
CVSS 7.8
Arbitrary code execution in DNG SDK 1.7.1 2471 and earlier via an out-of-bounds write vulnerability that executes with user privileges when a victim opens a malicious file. The vulnerability requires user interaction but no special privileges, making it exploitable through social engineering with crafted documents. No patch is currently available for affected DNG Software Development Kit users.
Buffer Overflow
RCE
Dng Software Development Kit
-
CVE-2026-27279
HIGH
CVSS 7.8
Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability triggered when users open malicious files. An attacker can execute code with the privileges of the affected user, requiring only social engineering to deliver the malicious file. No patch is currently available for this high-severity vulnerability.
Buffer Overflow
RCE
Substance 3d Stager
-
CVE-2026-27278
HIGH
CVSS 7.8
Arbitrary code execution in Adobe Acrobat and Acrobat Reader versions 24.001.30307 and earlier stems from a use-after-free memory vulnerability triggered when users open specially crafted files. An attacker can achieve code execution with the privileges of the current user, though exploitation requires victim interaction. No patch is currently available for affected versions.
Adobe
Use After Free
Acrobat Reader Dc
Acrobat
Acrobat Dc
-
CVE-2026-27277
HIGH
CVSS 7.8
Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through a use-after-free memory vulnerability that triggers when users open specially crafted malicious files. An attacker can exploit this to execute code with the privileges of the affected user, though no patch is currently available to remediate the issue.
Use After Free
Substance 3d Stager
-
CVE-2026-27276
HIGH
CVSS 7.8
Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier stems from a use-after-free vulnerability that executes with the privileges of the current user. An attacker can exploit this by crafting a malicious file that, when opened by a victim, triggers memory corruption and code execution. No patch is currently available for this high-severity vulnerability.
Use After Free
Substance 3d Stager
-
CVE-2026-27275
HIGH
CVSS 7.8
Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability triggered by opening a malicious file. An attacker can achieve code execution with user privileges by crafting a weaponized file and socially engineering a victim into opening it. No patch is currently available for this high-severity vulnerability.
Buffer Overflow
RCE
Substance 3d Stager
-
CVE-2026-27274
HIGH
CVSS 7.8
Arbitrary code execution in Adobe Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability that executes with user privileges when a victim opens a crafted file. The vulnerability requires user interaction but no special permissions, making it a practical attack vector for local exploitation. No patch is currently available.
Buffer Overflow
RCE
Substance 3d Stager
-
CVE-2026-27273
HIGH
CVSS 7.8
Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability triggered by opening a malicious file. Users running affected versions face code execution at their privilege level with no available patch. This requires social engineering to trick users into opening a crafted file.
Buffer Overflow
RCE
Substance 3d Stager
-
CVE-2026-27272
HIGH
CVSS 7.8
Arbitrary code execution in Adobe Illustrator 29.8.4, 30.1 and earlier through an out-of-bounds write vulnerability affecting local users who open malicious files. An attacker can exploit this to execute code with the privileges of the targeted user, requiring only that the victim interact with a crafted document. No patch is currently available for this high-severity vulnerability.
Adobe
Illustrator
-
CVE-2026-27271
HIGH
CVSS 7.8
Heap buffer overflow in Adobe Illustrator 29.8.4 and 30.1 allows arbitrary code execution under the current user's privileges when opening a malicious file. The vulnerability requires user interaction but carries no patch availability, leaving affected systems at risk. An attacker can achieve code execution by crafting and distributing a malicious document that triggers the memory corruption flaw.
Adobe
Buffer Overflow
Heap Overflow
Illustrator
-
CVE-2026-27269
HIGH
CVSS 7.8
Code execution in Adobe Premiere Pro 25.5 and earlier via out-of-bounds read when processing malicious media files. An attacker can achieve arbitrary code execution within the user's security context by crafting a specially formatted file that triggers a memory read past allocated buffer boundaries. Exploitation requires the victim to open the malicious file, and no patch is currently available.
Buffer Overflow
Information Disclosure
Premiere Pro
-
CVE-2026-27267
HIGH
CVSS 7.8
Arbitrary code execution in Adobe Illustrator 29.8.4 and 30.1 through a stack-based buffer overflow when processing malicious files. Local exploitation requires user interaction to open a crafted document, executing code with the privileges of the current user. No patch is currently available for affected versions.
Adobe
Buffer Overflow
Stack Overflow
Illustrator
-
CVE-2026-27220
HIGH
CVSS 7.8
Arbitrary code execution in Adobe Acrobat Reader and Acrobat (versions 24.001.30307 and earlier) via a use-after-free vulnerability requires victims to open a malicious file. Local attackers can exploit this to execute code with the privileges of the current user. No patch is currently available.
Adobe
Use After Free
Acrobat Reader Dc
Acrobat
Acrobat Dc
-
CVE-2026-26801
HIGH
CVSS 7.5
pdfmake versions 0.3.0-beta.2 through 0.3.5 contain a server-side request forgery vulnerability in the URLResolver component that allows unauthenticated remote attackers to access sensitive information through crafted URL requests. Affected applications using vulnerable versions without proper URL access controls are at risk of information disclosure. No patch is currently available, though version 0.3.6 introduces URL access policy controls to mitigate the risk.
SSRF
-
CVE-2026-26742
HIGH
CVSS 8.1
PX4 Autopilot versions 1.12.x through 1.15.x can be forced into an unsafe re-arm state when pilots switch to Manual mode and re-arm within 5 seconds of landing, bypassing critical pre-flight safety checks and throttle validation. This allows attackers or malicious pilots to trigger immediate high-thrust takeoff, resulting in loss of aircraft control. Public exploit code exists for this vulnerability and no patch is currently available.
Authentication Bypass
Px4 Drone Autopilot
-
CVE-2026-26741
HIGH
CVSS 8.1
PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. [CVSS 8.1 HIGH]
Authentication Bypass
Px4 Drone Autopilot
-
CVE-2026-26738
HIGH
CVSS 7.8
Arbitrary code execution in Uderzo Software SpaceSniffer v.2.0.5.18 results from a buffer overflow vulnerability triggered by processing malicious .sns snapshot files. An attacker with local access can craft a specially formatted file to achieve code execution with high privileges. No patch is currently available for this vulnerability.
Buffer Overflow
RCE
Stack Overflow
-
CVE-2026-26308
HIGH
CVSS 7.5
Envoy's RBAC filter improperly concatenates duplicate HTTP headers into comma-separated strings instead of validating each value individually, allowing attackers to bypass "Deny" access control policies through header manipulation. This vulnerability affects Envoy versions prior to 1.34.13, 1.35.8, 1.36.5, and 1.37.1, and public exploit code exists. Patches are available for all affected versions.
Authentication Bypass
Envoy
-
CVE-2026-26148
HIGH
CVSS 8.1
Local privilege escalation in Azure Entra ID SSH Login Extension for Linux stems from improper initialization of trusted variables, enabling unauthenticated attackers on affected systems to gain elevated privileges. This high-severity vulnerability (CVSS 8.1) requires local access but can compromise system confidentiality, integrity, and availability across trust boundaries. No patch is currently available.
Authentication Bypass
Microsoft
Azure Ad Ssh Login Extension For Linux
-
CVE-2026-26144
HIGH
CVSS 7.5
Information disclosure in Microsoft 365 Apps Excel allows unauthenticated remote attackers to extract sensitive data through stored cross-site scripting attacks in generated web content. The vulnerability requires no user interaction and affects all Excel users who process untrusted documents. No patch is currently available, leaving users dependent on mitigation strategies until Microsoft releases a fix.
Microsoft
XSS
365 Apps
-
CVE-2026-26141
HIGH
CVSS 7.8
Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]
Authentication Bypass
Microsoft
Azure Automation Hybrid Worker Windows Extension
-
CVE-2026-26134
HIGH
CVSS 7.8
Microsoft Office is vulnerable to an integer overflow that allows authenticated local users to escalate their privileges and gain full system control. An attacker with valid credentials can exploit this numeric calculation flaw to execute arbitrary code with elevated permissions. No patch is currently available for this vulnerability.
Microsoft
Integer Overflow
Buffer Overflow
Office
-
CVE-2026-26132
HIGH
CVSS 7.8
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]
Use After Free
Microsoft
Memory Corruption
Denial Of Service
Windows
-
CVE-2026-26131
HIGH
CVSS 7.8
Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]
Privilege Escalation
Redhat
-
CVE-2026-26130
HIGH
CVSS 7.5
Uncontrolled resource allocation in ASP.NET Core enables unauthenticated remote attackers to exhaust system resources and cause denial of service without requiring user interaction. The vulnerability affects .NET applications exposed to network access, allowing attackers to trigger unbounded resource consumption from any network location. A patch is available to address this issue.
Denial Of Service
Redhat
Suse
-
CVE-2026-26128
HIGH
CVSS 7.8
Windows SMB Server's authentication mechanism can be bypassed by local authenticated users to gain elevated privileges on affected systems. This high-severity vulnerability (CVSS 7.8) impacts confidentiality, integrity, and availability, though no patch is currently available. Organizations should implement compensating controls and monitor for exploitation attempts targeting this authentication weakness.
Microsoft
Authentication Bypass
Windows
-
CVE-2026-26127
HIGH
CVSS 7.5
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. [CVSS 7.5 HIGH]
Buffer Overflow
Information Disclosure
Redhat
Suse
-
CVE-2026-26121
HIGH
CVSS 7.5
Azure IoT Explorer is vulnerable to server-side request forgery that enables unauthenticated network-based attackers to perform spoofing attacks and access sensitive information. The vulnerability requires no user interaction and can be exploited remotely with low attack complexity, affecting the confidentiality of exposed data. No patch is currently available.
SSRF
Microsoft
Azure Iot Explorer
-
CVE-2026-26118
HIGH
CVSS 8.8
Authenticated users can exploit a server-side request forgery vulnerability in Azure MCP Server to escalate their privileges across the network, potentially gaining unauthorized access to sensitive resources. The vulnerability affects Microsoft Azure environments and requires only low attack complexity with no user interaction, making it a significant risk for organizations using this service. No patch is currently available, leaving affected systems exposed to exploitation.
SSRF
Microsoft
Azure Mcp Server
-
CVE-2026-26117
HIGH
CVSS 7.8
Privilege escalation in Microsoft Azure Connected Machine Agent on Windows allows local authenticated users to bypass authentication mechanisms and gain elevated system privileges. An attacker with existing local access can exploit alternate authentication paths to escalate their permissions without user interaction. No patch is currently available for this vulnerability affecting Arc Enabled Servers.
Authentication Bypass
Microsoft
Arc Enabled Servers Azure Connected Machine Agent
Windows
-
CVE-2026-26116
HIGH
CVSS 8.8
Authenticated users can exploit SQL injection vulnerabilities in SQL Server 2016-2025 to escalate privileges and gain unauthorized access across the network. This high-severity flaw (CVSS 8.8) affects multiple SQL Server versions with no available patch, allowing attackers with valid credentials to manipulate SQL commands and compromise system integrity. Organizations running these affected versions should implement network segmentation and monitor for suspicious database activity until a patch is released.
SQLi
Sql Server 2022
Sql Server 2025
Sql Server 2016
Sql Server 2019
-
CVE-2026-26115
HIGH
CVSS 8.8
Privilege escalation in SQL Server 2016-2025 stems from insufficient input validation, enabling authenticated network attackers to gain elevated permissions. The high CVSS score of 8.8 reflects complete compromise of confidentiality, integrity, and availability, though no patch is currently available. Organizations running affected SQL Server versions should prioritize access controls and network segmentation until remediation is released.
Information Disclosure
Sql Server 2019
Sql Server 2022
Sql Server 2017
Sql Server 2016
-
CVE-2026-26114
HIGH
CVSS 8.8
Remote code execution in Microsoft SharePoint Server through unsafe deserialization of untrusted data allows authenticated attackers to execute arbitrary code with high privileges over the network. The vulnerability requires valid user credentials but no user interaction, making it exploitable by any authorized account. No patch is currently available, leaving affected systems vulnerable until Microsoft releases a fix.
Microsoft
Deserialization
Sharepoint Server
-
CVE-2026-26113
HIGH
CVSS 8.4
Unsafe pointer dereference in Microsoft Office, SharePoint Server, and 365 Apps enables local code execution with high privileges on affected systems. An attacker with local access can exploit this memory safety flaw to achieve complete system compromise including data theft and modification. No patch is currently available, leaving users vulnerable until Microsoft releases a security update.
Microsoft
Authentication Bypass
Sharepoint Server
Office
Office Long Term Servicing Channel
-
CVE-2026-26112
HIGH
CVSS 7.8
Microsoft Excel and Office products are vulnerable to local code execution through unsafe pointer dereferencing, requiring user interaction to trigger. An attacker with local access can exploit this flaw to achieve arbitrary code execution with full system privileges. No patch is currently available, leaving users of affected Office versions at risk.
Microsoft
Authentication Bypass
Office Online Server
Excel
Office
-
CVE-2026-26111
HIGH
CVSS 8.0
Remote code execution in Windows RRAS across Server 2016, 2022, and 2025 via an integer overflow vulnerability allows authenticated attackers to execute arbitrary code over the network with high privileges. Public exploit code exists for this vulnerability, and no patch is currently available. Authenticated users with network access can trigger the vulnerability through a simple interaction to gain complete system compromise.
Buffer Overflow
Heap Overflow
Microsoft
Windows Server 2022
Windows Server 2016
-
CVE-2026-26110
HIGH
CVSS 8.4
Local code execution in Microsoft Office and 365 Apps stems from a type confusion vulnerability in memory handling that allows unauthenticated attackers to execute arbitrary code with system privileges. The vulnerability affects Office Long Term Servicing Channel deployments and requires only local access with no user interaction to trigger. No patch is currently available, making this a critical risk for organizations running affected Office versions.
Microsoft
Authentication Bypass
Memory Corruption
Office
365 Apps
-
CVE-2026-26109
HIGH
CVSS 8.4
Arbitrary code execution in Microsoft Office Excel and related products (Office Online Server, 365 Apps) via out-of-bounds memory read allows local attackers to achieve complete system compromise without requiring user interaction or elevated privileges. This high-severity vulnerability affects multiple Microsoft Office components and currently lacks a security patch. An attacker with local access can exploit memory corruption to execute malicious code with full system permissions.
Microsoft
Information Disclosure
Buffer Overflow
Office Online Server
365 Apps
-
CVE-2026-26108
HIGH
CVSS 7.8
Heap buffer overflow in Microsoft Office Excel enables local code execution with high integrity and confidentiality impact affecting Office, Office Online Server, and 365 Apps. An attacker with user interaction can achieve arbitrary code execution in the context of the affected application. No patch is currently available for this vulnerability.
Microsoft
Buffer Overflow
Heap Overflow
Office
Office Online Server
-
CVE-2026-26107
HIGH
CVSS 7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]
Microsoft
Use After Free
Denial Of Service
Memory Corruption
Office Long Term Servicing Channel
-
CVE-2026-26106
HIGH
CVSS 8.8
Remote code execution in Microsoft SharePoint Server allows authenticated users to bypass input validation and execute arbitrary code across the network. This high-severity vulnerability (CVSS 8.8) affects authorized attackers who can leverage improper validation controls to achieve full system compromise. No patch is currently available, making immediate mitigation and access controls critical for affected organizations.
Microsoft
Information Disclosure
Sharepoint Server
-
CVE-2026-26105
HIGH
CVSS 8.1
Microsoft SharePoint Server contains a reflected cross-site scripting vulnerability that allows remote attackers to execute arbitrary scripts in users' browsers through malicious links, enabling spoofing attacks and credential theft. The vulnerability requires user interaction to trigger and affects all SharePoint deployments with no available patch. With a CVSS score of 8.1, this poses a significant risk to organizations relying on SharePoint for collaboration.
Microsoft
XSS
Sharepoint Server
-
CVE-2026-25836
HIGH
CVSS 7.2
Fortinet FortiSandbox Cloud 5.0.4 contains an OS command injection vulnerability that allows privileged super-admin users with CLI access to execute arbitrary code through malicious HTTP requests. The vulnerability requires high privileges and direct access but carries high impact including confidentiality, integrity, and availability compromise. No patch is currently available.
Fortinet
Command Injection
Fortisandbox Cloud
-
CVE-2026-25190
HIGH
CVSS 7.8
Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]
Authentication Bypass
Microsoft
Windows Server 2022 23h2
Windows Server 2022
Windows 11 26h1
-
CVE-2026-25189
HIGH
CVSS 7.8
Privilege escalation in Windows DWM Core Library affects Windows 10 versions 21H2 and 1809 through a use-after-free memory corruption vulnerability that allows authenticated local attackers to gain system-level privileges. The vulnerability requires local access and valid user credentials but no user interaction, creating a significant risk for multi-user systems. No patch is currently available.
Use After Free
Microsoft
Denial Of Service
Memory Corruption
Windows 10 21h2
-
CVE-2026-25188
HIGH
CVSS 8.8
Privilege escalation in Windows Telephony Service through heap buffer overflow affects Windows 10 1607, Windows 11 25h2, and Windows Server 2012, allowing adjacent network attackers to gain elevated system access without authentication. The vulnerability has a high CVSS score of 8.8 but currently lacks a patch, creating significant risk for exposed systems. Exploitation requires network proximity but no user interaction.
Buffer Overflow
Heap Overflow
Microsoft
Windows 10 1607
Windows 11 25h2
-
CVE-2026-25187
HIGH
CVSS 7.8
Windows Winlogon's failure to properly validate symbolic links before file access enables local privilege escalation on affected Windows Server and Windows 10/11 systems. An authenticated attacker can exploit this vulnerability to gain elevated system privileges without user interaction. No patch is currently available for this high-severity issue affecting multiple Windows versions including Server 2025 and Windows 11 26h1.
Information Disclosure
Windows Server 2025
Windows 10 22h2
Windows 11 26h1
Windows Server 2016
-
CVE-2026-25181
HIGH
CVSS 7.5
Information disclosure in Windows GDI+ affects Windows 11 (24h2, 25h2) and Windows Server 2012/2016, allowing unauthenticated attackers to read sensitive data remotely through an out-of-bounds memory access vulnerability. The flaw requires no user interaction and can be exploited over the network to compromise confidentiality without modifying system data or availability. No patch is currently available for this high-severity vulnerability.
Information Disclosure
Buffer Overflow
Microsoft
Windows 11 24h2
Windows Server 2012
-
CVE-2026-25179
HIGH
CVSS 7.0
Windows Ancillary Function Driver for WinSock in Windows Server 2025, 2022, and Windows 10 1809 contains insufficient input validation that allows authenticated local users to escalate privileges. An attacker with local access and valid credentials can exploit this vulnerability to gain elevated system permissions, though no patch is currently available. This HIGH severity vulnerability affects multiple Windows Server and client versions with no active exploit mitigation path.
Information Disclosure
Microsoft
Windows Server 2025
Windows Server 2022
Windows Server 2022 23h2
-
CVE-2026-25178
HIGH
CVSS 7.0
Windows Ancillary Function Driver for WinSock (AFD) in Windows 11 versions 24h2 and 26h1 contains a use-after-free vulnerability (CWE-416) that allows authenticated local attackers to escalate privileges through memory corruption. An attacker with local access could exploit this flaw to gain elevated system permissions, though no official patch is currently available.
Use After Free
Microsoft
Denial Of Service
Memory Corruption
Windows 11 26h1
-
CVE-2026-25177
HIGH
CVSS 8.8
Privilege escalation in Windows Active Directory Domain Services (AD DS) across Windows 11, Windows 10, and Windows Server platforms allows authenticated network attackers to gain elevated privileges by exploiting improper validation of resource naming restrictions. An attacker with valid domain credentials can leverage this vulnerability to escalate their access level without user interaction. Currently, no patch is available, leaving all affected Windows versions vulnerable.
Information Disclosure
Windows 11 23h2
Windows 11 26h1
Windows Server 2025
Windows 10 22h2
-
CVE-2026-25176
HIGH
CVSS 7.8
Windows Ancillary Function Driver for WinSock in Windows 10 (all versions) and Windows 11 contains an access control weakness that enables authenticated local attackers to escalate privileges to system level. An attacker with standard user credentials can exploit this flaw to gain elevated rights on affected systems. No patch is currently available for this vulnerability.
Authentication Bypass
Microsoft
Windows 10 22h2
Windows 10 1607
Windows Server 2019
-
CVE-2026-25175
HIGH
CVSS 7.8
Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]
Information Disclosure
Buffer Overflow
Microsoft
Windows Server 2019
Windows 10 1607
-
CVE-2026-25174
HIGH
CVSS 7.8
Windows Extensible File Allocation (exFAT) contains an out-of-bounds read vulnerability affecting Windows Server 2022, Windows 10 1607, and Windows 11 versions 23h2/25h2, enabling authenticated local users to escalate privileges with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user-level privileges to exploit, with no patch currently available. This flaw carries a CVSS score of 7.8 and affects multiple supported Windows versions across server and client platforms.
Information Disclosure
Buffer Overflow
Microsoft
Windows Server 2022
Windows 10 1607
-
CVE-2026-25173
HIGH
CVSS 8.0
Remote code execution in Windows RRAS affects Windows 10 1607 and Windows Server 2022 23h2 through an integer overflow vulnerability exploitable by authenticated network attackers. Public exploit code exists for this vulnerability, enabling authenticated users to execute arbitrary code with high integrity and confidentiality impact. No patch is currently available, making this a critical exposure for affected Windows environments.
Microsoft
Buffer Overflow
Heap Overflow
Windows Server 2022 23h2
Windows 10 1607
-
CVE-2026-25172
HIGH
CVSS 8.0
Remote code execution in Windows Routing and Remote Access Service (RRAS) across Windows Server 2012, 2022, and 2022 23h2 stems from an integer overflow vulnerability that authenticated network attackers can exploit with user interaction. Public exploit code exists for this vulnerability, enabling attackers to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. No patch is currently available.
Microsoft
Buffer Overflow
Heap Overflow
Windows Server 2022
Windows Server 2012
-
CVE-2026-25171
HIGH
CVSS 7.0
Privilege escalation in Windows Authentication Methods (Windows 10 22H2, Windows 11 26H1) stems from a use-after-free memory vulnerability that allows authenticated local attackers to gain elevated system privileges. The flaw requires low user privileges and manual interaction but provides complete system compromise through code execution. No patch is currently available for this high-severity vulnerability.
Use After Free
Microsoft
Denial Of Service
Memory Corruption
Windows 10 22h2
-
CVE-2026-25170
HIGH
CVSS 7.0
Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]
Use After Free
Microsoft
Denial Of Service
Memory Corruption
Windows 11 23h2
-
CVE-2026-25167
HIGH
CVSS 7.4
Privilege escalation in Microsoft's Brokering File System on Windows 11 (24h2 and 25h2) stems from a use-after-free vulnerability that allows local attackers to gain elevated system privileges. An attacker with local access can exploit memory corruption to execute arbitrary code with higher privileges, potentially compromising system integrity. No patch is currently available for this vulnerability.
Microsoft
Use After Free
Denial Of Service
Memory Corruption
Windows 11 24h2
-
CVE-2026-25166
HIGH
CVSS 7.8
Local code execution in Windows System Image Manager (Windows 11 23h2, Windows Server 2019/2022) through unsafe deserialization of untrusted data. An authenticated local attacker can exploit this vulnerability to execute arbitrary code with elevated privileges. No patch is currently available.
Deserialization
Microsoft
Windows 11 23h2
Windows Server 2019
Windows Server 2022 23h2
-
CVE-2026-25165
HIGH
CVSS 7.8
Privilege escalation in Windows Performance Counters via null pointer dereference affects Windows Server 2019 and Windows 11 systems, enabling authenticated local attackers to gain elevated privileges. The vulnerability impacts systems where users have standard account access, allowing them to escalate to higher privilege levels on affected machines. No patch is currently available.
Null Pointer Dereference
Microsoft
Denial Of Service
Windows Server 2019
Windows 11 26h1
-
CVE-2026-24296
HIGH
CVSS 7.0
Privilege escalation in Windows Device Association Service (Windows 10 versions 1607, 1809, and 21H2) stems from improper synchronization of shared resources, enabling local authenticated users to gain elevated system privileges. The vulnerability requires high attack complexity and no user interaction, making it exploitable by insiders or compromised local accounts. No patch is currently available.
Race Condition
Microsoft
Information Disclosure
Windows Server 2022 23h2
Windows Server 2019
-
CVE-2026-24295
HIGH
CVSS 7.0
Privilege escalation in Windows Device Association Service across Windows 10, 11, and Server 2022 stems from improper synchronization of shared resources, enabling local authenticated users to gain elevated system privileges. The vulnerability requires local access and specific timing conditions but poses high risk due to its impact on confidentiality, integrity, and availability. No patch is currently available.
Race Condition
Microsoft
Information Disclosure
Windows Server 2022 23h2
Windows 11 24h2
-
CVE-2026-24294
HIGH
CVSS 7.8
Windows SMB Server authentication bypass across multiple versions (Windows 10 1607, Windows 11 23h2, Windows Server 2012/2025) permits authenticated local users to escalate privileges with high impact to confidentiality, integrity, and availability. The vulnerability stems from improper authentication validation in the SMB service, allowing a local attacker to gain system-level access without user interaction. No patch is currently available, leaving affected systems vulnerable to privilege escalation attacks from any authenticated user.
Microsoft
Authentication Bypass
Windows
-
CVE-2026-24293
HIGH
CVSS 7.8
Privilege escalation in Windows Ancillary Function Driver for WinSock affects Windows 11 24H2, Windows Server 2022, and Windows Server 2025, allowing authenticated local attackers to gain system-level access through null pointer dereference. The vulnerability requires valid user credentials and local access but no user interaction to exploit. No patch is currently available.
Null Pointer Dereference
Microsoft
Denial Of Service
Windows Server 2022
Windows 11 24h2
-
CVE-2026-24292
HIGH
CVSS 7.8
Privilege escalation in Windows Connected Devices Platform Service (Cdpsvc) exploits a use-after-free memory vulnerability, affecting Windows 10 22h2 and Windows 11 (25h2, 26h1). An authenticated local attacker can leverage this flaw to gain system-level privileges on vulnerable systems. No patch is currently available for this high-severity vulnerability.
Use After Free
Denial Of Service
Memory Corruption
Windows 10 22h2
Windows 11 25h2
-
CVE-2026-24291
HIGH
CVSS 7.8
Privilege escalation in Windows Accessibility Infrastructure (ATBroker.exe) across Windows 10, Windows 11, and Windows Server 2022 stems from improper permission assignments on a critical resource. A local authenticated attacker can exploit this misconfiguration to gain elevated privileges without user interaction. No patch is currently available for this vulnerability.
Information Disclosure
Microsoft
Windows Server 2022
Windows 11 25h2
Windows 11 23h2
-
CVE-2026-24290
HIGH
CVSS 7.8
Windows Projected File System in Windows 11 and Server 2022 contains improper access control that enables authenticated local users to escalate privileges to system level. An attacker with valid credentials can exploit this vulnerability to gain elevated permissions without user interaction. Currently, no patch is available to address this issue.
Microsoft
Authentication Bypass
Windows 11 24h2
Windows Server 2022 23h2
Windows 11 26h1
-
CVE-2026-24289
HIGH
CVSS 7.8
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]
Use After Free
Microsoft
Denial Of Service
Memory Corruption
Windows 10 22h2
-
CVE-2026-24287
HIGH
CVSS 7.8
Windows Kernel path traversal vulnerability in Server 2025, Server 2022, Windows 11 24h2, and Windows 10 22h2 enables authenticated local attackers to achieve full system compromise through privilege escalation. The flaw allows an authorized user to manipulate file name or path parameters, bypassing access controls and gaining kernel-level privileges. No patch is currently available.
Information Disclosure
Microsoft
Windows Server 2025
Windows 11 24h2
Windows Server 2022 23h2
-
CVE-2026-24285
HIGH
CVSS 7.0
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]
Use After Free
Microsoft
Denial Of Service
Memory Corruption
Office
-
CVE-2026-24283
HIGH
CVSS 8.8
Privilege escalation in Windows 11 (24h2, 26h1) and Windows Server 2022 (23h2) via heap overflow allows authenticated local users to gain system-level access. The vulnerability requires valid credentials but no user interaction, making it a direct path to complete system compromise. No patch is currently available.
Buffer Overflow
Heap Overflow
Microsoft
Windows 11 24h2
Windows 11 26h1
-
CVE-2026-24018
HIGH
CVSS 7.8
following vulnerability in Fortinet FortiClientLinux 7.4.0 versions up to 7.4.4 contains a vulnerability that allows attackers to a local and unprivileged user to escalate their privileges to root (CVSS 7.8).
Fortinet
Privilege Escalation
Forticlient
-
CVE-2026-24017
HIGH
CVSS 8.1
Fortinet FortiWeb versions 7.0 through 8.0.2 contain an improper rate-limiting flaw that allows unauthenticated remote attackers to bypass authentication attempt restrictions through crafted requests. This vulnerability enables attackers to conduct brute-force password attacks against FortiWeb instances with reduced constraints, with success dependent on attacker resources and target password complexity. No patch is currently available for affected versions.
Fortinet
Fortiweb
-
CVE-2026-23674
HIGH
CVSS 7.5
Windows MapUrlToZone security bypass in Windows 11 24H2, Windows 10 21H2, and Windows Server 2016/2025 allows unauthenticated remote attackers to circumvent zone-based security restrictions through improper path equivalence resolution. An attacker can exploit this network-accessible vulnerability without user interaction to bypass intended access controls. No patch is currently available for this high-severity vulnerability.
Microsoft
Authentication Bypass
Windows 11 24h2
Windows 10 21h2
Windows Server 2025
-
CVE-2026-23673
HIGH
CVSS 7.8
Windows ReFS contains an out-of-bounds read vulnerability affecting Server 2019, 2022, 2025, and Windows 11 26h1 that enables authenticated local users to escalate privileges with high impact to confidentiality, integrity, and availability. The vulnerability requires low attack complexity and no user interaction, making it exploitable by any authenticated user on the system. No patch is currently available for this HIGH severity issue.
Information Disclosure
Microsoft
Buffer Overflow
Windows Server 2019
Windows Server 2025
-
CVE-2026-23672
HIGH
CVSS 7.8
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability [CVSS 7.8 HIGH]
Information Disclosure
Buffer Overflow
Microsoft
Windows 11 25h2
Windows Server 2019
-
CVE-2026-23671
HIGH
CVSS 7.0
Privilege escalation in the Windows Bluetooth RFCOM Protocol Driver across Windows 11 26h1, Windows Server 2025, and Windows 10 1809 stems from improper synchronization of concurrent access to shared resources. An authenticated local attacker can exploit this race condition to gain elevated privileges on affected systems. No patch is currently available for this vulnerability.
Race Condition
Information Disclosure
Microsoft
Windows 11 26h1
Windows Server 2025
-
CVE-2026-23669
HIGH
CVSS 8.8
Remote code execution in Microsoft Windows Print Spooler Components via use-after-free memory corruption enables authenticated network attackers to execute arbitrary code with high privileges. The vulnerability requires valid credentials but no user interaction, presenting a significant risk to organizations where print services are accessible to untrusted internal or remote users. No patch is currently available.
Use After Free
Microsoft
Denial Of Service
Memory Corruption
Windows
-
CVE-2026-23668
HIGH
CVSS 7.0
Local privilege escalation in Microsoft Graphics Component on Windows Server 2016 and Windows 11 23h2 stems from improper synchronization of shared resources, enabling authenticated attackers to gain elevated privileges. The race condition vulnerability requires local access and specific timing conditions but carries high impact potential across confidentiality, integrity, and availability. No patch is currently available for this vulnerability.
Microsoft
Industrial
Race Condition
Windows Server 2016
Windows 11 23h2
-
CVE-2026-23667
HIGH
CVSS 7.0
Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]
Use After Free
Windows 10 1809
Windows 11 26h1
Windows 11 24h2
Windows 11 25h2
-
CVE-2026-23665
HIGH
CVSS 7.8
Privilege escalation in Azure Linux Virtual Machines results from a heap-based buffer overflow that authenticated local users can exploit to gain elevated system access. An attacker with valid credentials can trigger memory corruption to bypass privilege restrictions and assume administrative control of the affected virtual machine. No patch is currently available, making this a critical risk for organizations running Azure Linux infrastructure.
Buffer Overflow
Heap Overflow
Microsoft
-
CVE-2026-23664
HIGH
CVSS 7.5
Azure IoT Explorer fails to properly restrict communication to intended endpoints, enabling unauthenticated attackers to intercept and disclose sensitive information over the network. The vulnerability requires no user interaction and can be exploited remotely with a CVSS score of 7.5. A patch is available for affected Azure IoT products.
Azure
IoT
Azure Iot Explorer
-
CVE-2026-23662
HIGH
CVSS 7.5
Azure IoT Explorer fails to enforce authentication on a critical function, enabling unauthenticated network attackers to remotely access and exfiltrate sensitive information. This high-severity vulnerability (CVSS 7.5) affects Azure IoT deployments and requires immediate patching to prevent unauthorized disclosure of IoT configuration and operational data. A patch is available.
Azure
IoT
Azure Iot Explorer
-
CVE-2026-23661
HIGH
CVSS 7.5
Sensitive data transmission over cleartext in Azure IoT Explorer enables network-based attackers to intercept and disclose confidential information without authentication. This vulnerability affects Azure IoT deployments and could expose device credentials, configuration details, or other sensitive metadata to passive network observers. A patch is available to remediate the cleartext transmission issue.
Azure
IoT
Azure Iot Explorer
-
CVE-2026-23660
HIGH
CVSS 7.8
Windows Admin Center in Azure Portal contains an access control flaw that enables local authenticated users to escalate their privileges. An attacker with valid credentials can exploit this vulnerability to gain elevated permissions on the system. No patch is currently available for this issue.
Authentication Bypass
Microsoft
Windows Admin Center
Windows
-
CVE-2026-23654
HIGH
CVSS 8.8
Remote code execution in the zero-shot-scfoundation AI/ML framework results from a vulnerable third-party dependency, enabling unauthenticated attackers to execute arbitrary code over the network with minimal user interaction. This high-severity vulnerability affects systems using the affected component, and no patch is currently available.
Authentication Bypass
AI / ML
Zero Shot Scfoundation
-
CVE-2026-23239
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved:
espintcp: Fix race condition in espintcp_close()
This issue was discovered during a code audit.
Linux
Information Disclosure
Redhat
Suse
-
CVE-2026-22627
HIGH
CVSS 8.8
vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 versions up to 1.0.1 is affected by classic buffer overflow (CVSS 8.8).
Fortinet
Buffer Overflow
-
CVE-2026-22572
HIGH
CVSS 7.2
MFA bypass in Fortinet FortiManager and FortiAnalyzer 7.2.2-7.6.3 allows attackers with valid admin credentials to disable multifactor authentication through specially crafted repeated requests. This authentication bypass (CWE-288) affects multiple product lines including FortiManager Cloud, creating high risk for unauthorized administrative access. No patch is currently available, leaving affected systems vulnerable to MFA circumvention attacks.
Fortinet
Authentication Bypass
Fortimanager
Fortianalyzer
Fortimanager Cloud
-
CVE-2026-21362
HIGH
CVSS 7.8
Arbitrary code execution in Adobe Illustrator versions 29.8.4 and 30.1 and earlier results from an out-of-bounds write flaw that executes with user privileges. An attacker can achieve code execution by crafting a malicious file that triggers the vulnerability when opened by a victim. No patch is currently available for this high-severity issue.
Adobe
Illustrator
-
CVE-2026-21333
HIGH
CVSS 8.6
Arbitrary code execution in Adobe Illustrator versions 29.8.4 and 30.1 and earlier via an untrusted search path vulnerability allows local attackers to execute malicious code with user privileges. The vulnerability requires a victim to open a specially crafted file, making it exploitable through social engineering or malicious file distribution. No patch is currently available.
Adobe
Illustrator
-
CVE-2026-21262
HIGH
CVSS 8.8
SQL Server 2016-2025 contains an improper access control flaw that allows authenticated network attackers to escalate privileges without user interaction. Public exploit code exists for this vulnerability, which carries a CVSS score of 8.8 and affects confidentiality, integrity, and availability. No patch is currently available.
Authentication Bypass
Sql Server 2019
Sql Server 2022
Sql Server 2017
Sql Server 2016
-
CVE-2026-20967
HIGH
CVSS 8.8
Privilege escalation in System Center Operations Manager via improper input validation enables authenticated network-based attackers to gain elevated system permissions. An attacker with valid credentials can exploit this weakness to compromise administrative access without user interaction. No patch is currently available for this high-severity vulnerability affecting System Center Operations Manager deployments.
Information Disclosure
System Center Operations Manager
-
CVE-2026-3854
HIGH
CVSS 8.8
Remote code execution in GitHub Enterprise Server allows authenticated users with repository push access to execute arbitrary code via unsanitized push option values that bypass internal header validation. An attacker can inject malicious metadata fields by exploiting insufficient input sanitization in the git push operation handler. This high-severity vulnerability affects GitHub Enterprise Server versions prior to 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6, and 3.19.3, with no patch currently available for all affected installations.
Github
RCE
Enterprise Server
-
CVE-2026-3847
HIGH
CVSS 8.8
Arbitrary code execution in Firefox versions prior to 148.0.2 results from multiple memory corruption flaws in the browser's memory safety implementation. An unauthenticated attacker can exploit these vulnerabilities through a malicious webpage requiring user interaction to achieve remote code execution with full system privileges. No patch is currently available for this vulnerability.
Memory Corruption
Firefox
-
CVE-2026-3845
HIGH
CVSS 8.8
Firefox for Android versions prior to 148.0.2 contain a heap buffer overflow in the audio/video playback component that allows remote code execution, information disclosure, and denial of service through a malicious media file requiring user interaction. The vulnerability affects all Firefox for Android users and currently lacks a publicly available patch. An attacker can achieve complete system compromise by crafting a specially crafted video or audio file that triggers the buffer overflow when played.
Android
Buffer Overflow
Firefox
-
CVE-2026-3585
HIGH
CVSS 7.5
The Events Calendar (WordPress plugin) versions up to 6.15.17 is affected by path traversal (CVSS 7.5).
WordPress
Path Traversal
-
CVE-2026-3483
HIGH
CVSS 7.8
Privilege escalation in Ivanti DSM versions before 2026.1.1 stems from an exposed dangerous method that allows authenticated local users to gain elevated system privileges. An attacker with local access could exploit this vulnerability to obtain high-level permissions, compromising system integrity and confidentiality. No patch is currently available for this issue.
Ivanti
-
CVE-2026-2724
HIGH
CVSS 7.2
Unlimited Elements for Elementor (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 7.2).
WordPress
XSS
-
CVE-2026-2713
HIGH
CVSS 7.4
IBM Trusteer Rapport 3.5.2309.290 contains an insecure DLL search path vulnerability that allows local attackers to execute arbitrary code by planting a malicious file in a compromised directory. The attack requires local system access but no user interaction or elevated privileges, making it exploitable by any local user. No patch is currently available for this high-severity vulnerability.
IBM
RCE
-
CVE-2026-2364
HIGH
CVSS 7.3
Privilege escalation in CODESYS Development System installer exploits a time-of-check-time-of-use (TOCTOU) race condition, allowing a low-privileged local attacker to gain elevated rights when a legitimate user initiates a system update or installation. An attacker with local access can manipulate files during the installation process window to execute arbitrary code with elevated privileges. No patch is currently available, and the vulnerability requires user interaction but poses significant risk to system integrity and confidentiality.
Race Condition
-
CVE-2026-2339
HIGH
CVSS 7.5
TUBITAK BILGEM Software Technologies Research Institute Liderahenk is affected by missing authentication for critical function (CVSS 7.5).
Command Injection
Authentication Bypass
-
CVE-2026-1261
HIGH
CVSS 7.2
Stored XSS in MetForm Pro's Quiz feature allows unauthenticated attackers to inject malicious scripts through insufficient input sanitization in WordPress versions up to 3.9.6. When users access affected pages, the injected scripts execute in their browsers, potentially compromising session data or performing unauthorized actions. No patch is currently available.
WordPress
XSS
-
CVE-2026-0124
HIGH
CVSS 7.8
Local privilege escalation in Android results from an out-of-bounds write vulnerability caused by insufficient bounds validation. A local attacker with limited privileges can exploit this flaw without user interaction to gain elevated system permissions. No patch is currently available.
Privilege Escalation
Android
Google
-
CVE-2026-0123
HIGH
CVSS 8.4
Uncontrolled buffer writes in Android's EfwApTransport component allow local attackers to achieve privilege escalation without requiring user interaction or special permissions. The vulnerability stems from insufficient bounds checking in the ProcessRxRing function, enabling an attacker with local access to corrupt kernel memory and gain elevated privileges.
Privilege Escalation
Android
Google
-
CVE-2026-0122
HIGH
CVSS 8.4
Unauthenticated local attackers can achieve remote code execution on Android devices through out-of-bounds memory writes that corrupt process memory. This vulnerability requires no user interaction or elevated privileges to exploit and has a CVSS score of 8.4. No patch is currently available.
RCE
Memory Corruption
Android
Google
-
CVE-2026-0118
HIGH
CVSS 8.4
Oobconfig on Android contains a logic error that allows local attackers to circumvent carrier restrictions and escalate privileges without requiring additional execution capabilities or user interaction. This vulnerability enables unauthorized privilege elevation on affected devices through a straightforward exploitation path. No patch is currently available to remediate this issue.
Privilege Escalation
Android
Google
-
CVE-2026-0117
HIGH
CVSS 8.4
Local privilege escalation in Android's Media Framework Codec (MFC) decoder results from an out-of-bounds write vulnerability in the mfc_dec_dqbuf function due to inadequate bounds validation. An attacker with local access can exploit this defect without special privileges or user interaction to gain elevated system permissions. No patch is currently available for this vulnerability.
Privilege Escalation
Android
Google
-
CVE-2026-0112
HIGH
CVSS 7.4
Local privilege escalation on Android devices occurs through a race condition in the VPU driver's instance opening function, allowing attackers to trigger a use-after-free condition without requiring special privileges or user interaction. An unprivileged local attacker can exploit this vulnerability to gain elevated system privileges. No patch is currently available for this vulnerability.
Use After Free
Privilege Escalation
Race Condition
Android
Google
-
CVE-2026-0109
HIGH
CVSS 7.5
Android versions up to - is affected by improper check for unusual or exceptional conditions (CVSS 7.5).
Denial Of Service
Android
Google
-
CVE-2026-0107
HIGH
CVSS 8.4
Android versions up to - contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).
Privilege Escalation
Android
Google
-
CVE-2025-70802
HIGH
CVSS 8.4
Tenda G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. [CVSS 8.4 HIGH]
Authentication Bypass
Tenda
-
CVE-2025-70798
HIGH
CVSS 8.4
Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. [CVSS 8.4 HIGH]
Authentication Bypass
Tenda
-
CVE-2025-70251
HIGH
CVSS 7.5
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanGuestSetup. [CVSS 7.5 HIGH]
D-Link
Buffer Overflow
Dir 513 Firmware
-
CVE-2025-70249
HIGH
CVSS 7.5
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard2. [CVSS 7.5 HIGH]
D-Link
Buffer Overflow
Dir 513 Firmware
-
CVE-2025-70247
HIGH
CVSS 7.5
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard1. [CVSS 7.5 HIGH]
D-Link
Buffer Overflow
Dir 513 Firmware
-
CVE-2025-70246
HIGH
CVSS 7.5
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formVirtualServ. [CVSS 7.5 HIGH]
D-Link
Buffer Overflow
Dir 513 Firmware
-
CVE-2025-70244
HIGH
CVSS 7.5
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanSetup. [CVSS 7.5 HIGH]
D-Link
Buffer Overflow
Dir 513 Firmware
-
CVE-2025-70242
HIGH
CVSS 7.5
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formSetWanPPTP. [CVSS 7.5 HIGH]
D-Link
Buffer Overflow
Dir 513 Firmware
-
CVE-2025-70227
HIGH
CVSS 7.5
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the nextPage parameter to goform/formLanguageChange. [CVSS 7.5 HIGH]
D-Link
Buffer Overflow
Dir 513 Firmware
-
CVE-2025-68648
HIGH
CVSS 7.2
A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, Fort...
Fortinet
Privilege Escalation
Fortimanager Cloud
Fortimanager
Fortianalyzer Cloud
-
CVE-2025-66413
HIGH
CVSS 7.4
Git for Windows is the Windows port of Git. versions up to 2.53.0 is affected by information exposure (CVSS 7.4).
Windows
-
CVE-2025-66178
HIGH
CVSS 7.2
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiWeb 7.0.0 through 7.0.12 may allow an authenticated attacked to execute arbitrary commands via a specialy crafted HTTP request. [CVSS 7.2 HIGH]
Fortinet
Command Injection
Fortiweb
-
CVE-2025-56421
HIGH
CVSS 7.5
SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database. [CVSS 7.5 HIGH]
SQLi
-
CVE-2025-54820
HIGH
CVSS 8.1
A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. [CVSS 8.1 HIGH]
Fortinet
Buffer Overflow
Stack Overflow
Fortimanager
-
CVE-2025-36920
HIGH
CVSS 8.4
In hyp_alloc of arch/arm64/kvm/hyp/nvhe/alloc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]
Privilege Escalation
Android
Google
-
CVE-2026-31838
MEDIUM
CVSS 6.9
Istio versions prior to 1.29.1, 1.28.5, and 1.27.8 are vulnerable to authorization policy bypass through improper Envoy RBAC handling of multi-valued HTTP headers. An attacker can craft requests with multiple header values that cause the authorization engine to evaluate headers differently than intended, allowing unauthorized access to protected microservices. No patch is currently available for this vulnerability.
Authentication Bypass
-
CVE-2026-31833
MEDIUM
CVSS 6.7
Umbraco is an ASP.NET CMS. From 16.2.0 to versions up to 16.5.1 is affected by cross-site scripting (xss) (CVSS 6.7).
XSS
Umbraco Cms
-
CVE-2026-31832
MEDIUM
CVSS 5.4
Umbraco CMS versions 14.0.0 through 16.5.0 and 17.0.0-17.2.1 contain an authorization bypass in a backoffice API endpoint that allows authenticated editors to assign domain configurations to content nodes they lack permission to access. An attacker with valid credentials could exploit this to modify domain settings on restricted content, potentially affecting content visibility or routing. The vulnerability affects Umbraco deployments without patches 16.5.1 or 17.2.2 applied.
Authentication Bypass
Umbraco Cms
-
CVE-2026-31826
MEDIUM
CVSS 5.5
pypdf is a free and open-source pure-python PDF library. versions up to 6.8.0 is affected by allocation of resources without limits or throttling.
Python
Denial Of Service
Pypdf
-
CVE-2026-31825
MEDIUM
CVSS 5.3
Sylius eCommerce Framework versions prior to 1.9.12, 1.10.16, 1.11.17, 1.12.23, 1.13.15, 1.14.18, 2.0.16, 2.1.12, and 2.2.3 are vulnerable to DQL injection through the ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter API endpoints, which fail to validate user-supplied order direction parameters before passing them to Doctrine. An unauthenticated remote attacker can inject arbitrary DQL queries to read sensitive data from the application database. No patch is currently available for this medium-severity vulnerability.
SQLi
Sylius
-
CVE-2026-31823
MEDIUM
CVSS 4.8
Stored XSS vulnerabilities in Sylius allow authenticated attackers with high privileges to inject malicious scripts through unsanitized entity names (taxons, products) that are rendered as raw HTML in breadcrumbs and admin interfaces. An attacker could craft malicious product or category names to execute arbitrary JavaScript in the browsers of shop visitors and administrators, potentially leading to session hijacking or credential theft. No patch is currently available for this medium-severity vulnerability.
XSS
Sylius
-
CVE-2026-31822
MEDIUM
CVSS 6.1
Stored XSS in Sylius checkout login form allows unauthenticated attackers to inject malicious scripts through authentication error messages that are unsafely rendered via innerHTML. An attacker can craft a failed login attempt containing JavaScript payload that executes in the browser of any user viewing the checkout page, potentially stealing session tokens or credentials. The vulnerability affects Sylius versions prior to 2.0.16, 2.1.12, and 2.2.3, with no current patch available for older releases.
XSS
Sylius
-
CVE-2026-31821
MEDIUM
CVSS 5.3
Sylius eCommerce framework's cart API endpoint fails to validate cart ownership, allowing unauthenticated attackers to add items to other customers' shopping carts if they possess a valid cart token value. This integrity flaw affects registered users whose carts can be manipulated by external threat actors, potentially leading to fraudulent transactions or operational disruption. The vulnerability is unpatched in versions prior to 2.0.16, 2.1.12, and 2.2.3.
Authentication Bypass
Sylius
-
CVE-2026-31820
MEDIUM
CVSS 6.5
Authenticated users in Sylius eCommerce can access sensitive customer data belonging to other users through unvalidated resource IDs in LiveComponent parameters, including checkout addresses and shopping carts. The vulnerability exists because LiveArg parameters lack ownership validation when loading resources by ID, allowing attackers to enumerate and retrieve private information such as names, contact details, and order information without proper authorization checks.
Authentication Bypass
Sylius
-
CVE-2026-31819
MEDIUM
CVSS 6.1
Open redirect vulnerabilities in Sylius eCommerce Framework allow unauthenticated attackers to redirect users to arbitrary domains by manipulating the HTTP Referer header through multiple controllers, enabling phishing and credential theft attacks when victims click malicious links from attacker-controlled sites. Public endpoints are trivially exploitable without authentication, while admin endpoints require an authenticated session but remain vulnerable if administrators follow external links. No patch is currently available for this medium-severity flaw.
Open Redirect
Sylius
-
CVE-2026-31815
MEDIUM
CVSS 5.3
Unicorn adds modern reactive component functionality to your Django templates. versions up to 0.67.0 is affected by improper access control (CVSS 5.3).
Python
Authentication Bypass
Unicorn
-
CVE-2026-31809
MEDIUM
CVSS 6.1
SiYuan's SVG sanitizer fails to properly filter malicious href attributes when whitespace characters are inserted into javascript: URLs, allowing reflected cross-site scripting on the unauthenticated /api/icon/getDynamicIcon endpoint. Public exploit code exists for this vulnerability, which bypasses the previous fix for CVE-2026-29183. Attackers can inject executable JavaScript to target unauthenticated users of SiYuan versions prior to 3.5.10.
XSS
Siyuan
-
CVE-2026-31808
MEDIUM
CVSS 5.3
Denial of service in file-type library versions prior to 21.3.1 allows remote attackers to hang Node.js event loops by submitting malformed ASF (WMV/WMA) files that trigger infinite loops during file type detection. Applications using file-type to analyze untrusted input are vulnerable, with a minimal 55-byte payload sufficient to stall processing. No patch is currently available for affected Node.js and File Type products.
Node.js
Denial Of Service
File Type
-
CVE-2026-31807
MEDIUM
CVSS 6.1
Reflected XSS in SiYuan's /api/icon/getDynamicIcon endpoint allows unauthenticated attackers to inject malicious JavaScript through SVG animation elements that bypass the sanitizer's static filters. The vulnerability exists because the SVG sanitizer blocks script tags and event handlers but fails to restrict <animate> and <set> elements, which can dynamically modify attributes at runtime to execute code. Public exploit code exists and patches are not yet available for affected versions prior to 3.5.10.
XSS
Siyuan
-
CVE-2026-31802
MEDIUM
CVSS 5.5
node-tar is a full-featured Tar for Node.js.
Node.js
Path Traversal
Tar
-
CVE-2026-31797
MEDIUM
CVSS 6.1
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by out-of-bounds read (CVSS 6.1).
Buffer Overflow
Information Disclosure
Iccdev
-
CVE-2026-31794
MEDIUM
CVSS 5.5
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by out-of-bounds read (CVSS 5.5).
Denial Of Service
Buffer Overflow
Information Disclosure
Iccdev
-
CVE-2026-31793
MEDIUM
CVSS 5.5
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by out-of-bounds read (CVSS 5.5).
Denial Of Service
Buffer Overflow
Information Disclosure
Iccdev
-
CVE-2026-30986
MEDIUM
CVSS 5.5
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by out-of-bounds read (CVSS 5.5).
Buffer Overflow
Information Disclosure
Iccdev
-
CVE-2026-30984
MEDIUM
CVSS 6.1
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by out-of-bounds read (CVSS 6.1).
Buffer Overflow
Information Disclosure
Iccdev
-
CVE-2026-30982
MEDIUM
CVSS 6.1
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by heap-based buffer overflow (CVSS 6.1).
Buffer Overflow
Heap Overflow
Iccdev
-
CVE-2026-30981
MEDIUM
CVSS 6.1
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by classic buffer overflow (CVSS 6.1).
Buffer Overflow
Iccdev
-
CVE-2026-30980
MEDIUM
CVSS 5.5
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by stack-based buffer overflow (CVSS 5.5).
Stack Overflow
Buffer Overflow
Iccdev
-
CVE-2026-30974
MEDIUM
CVSS 4.6
Copyparty versions before 1.20.11 fail to apply the nohtml security restriction to SVG files, allowing authenticated users with write permissions to upload SVG images containing malicious JavaScript that executes when opened by other users. This cross-site scripting vulnerability bypasses the intended protection against JavaScript execution in user-uploaded content. The vulnerability has been patched in version 1.20.11.
XSS
Copyparty
-
CVE-2026-30973
MEDIUM
CVSS 6.5
Appium's ZIP extraction function in @appium/support versions prior to 7.0.6 fails to properly enforce path traversal protections, allowing attackers to extract malicious ZIP files that write arbitrary files outside the intended directory. The vulnerability stems from an Error object that is created but never thrown, enabling Zip Slip attacks across all JavaScript-based extraction operations. An attacker can exploit this by crafting a malicious ZIP archive to overwrite sensitive files on systems using affected versions.
Path Traversal
-
CVE-2026-30964
MEDIUM
CVSS 5.4
The webauthn-lib PHP library before version 5.2.4 incorrectly validates origin restrictions by comparing only hostname components, allowing attackers to bypass authentication policies that rely on scheme or port differentiation. This enables an attacker to authenticate from origins that should be blocked, such as using HTTP instead of HTTPS or non-standard ports. Applications using this library with strict origin policies are affected until they upgrade to the patched version.
PHP
-
CVE-2026-30962
MEDIUM
CVSS 6.5
Parse Server versions prior to 9.5.2-alpha.6 and 8.6.19 allow authenticated users to bypass field protection checks by nesting query constraints within logical operators, enabling unauthorized extraction of protected field values. This vulnerability affects all Parse Server deployments with default protected fields, as the validation mechanism only inspects top-level query keys. A patch is available in the specified versions.
Node.js
Parse Server
-
CVE-2026-30959
MEDIUM
CVSS 5.0
OneUptime's resend-verification-code endpoint fails to validate user ownership of WhatsApp records, allowing any authenticated attacker to trigger verification code resends for arbitrary users. Public exploit code exists for this vulnerability, which could enable account enumeration or facilitate phishing attacks against other users. The vulnerability affects the UserWhatsAppAPI and UserWhatsAppService components with no patch currently available.
Oneuptime
-
CVE-2026-30954
MEDIUM
CVSS 4.3
LinkAce versions 2.1.0 and earlier allow authenticated users to inappropriately associate other users' private taxonomies with their own links through insufficient authorization checks in the processTaxonomy() method. This enables privilege escalation where attackers can gain unauthorized access to private tags and lists belonging to other users on the same instance. The vulnerability requires valid authentication credentials and has no available patch at this time.
PHP
Authentication Bypass
Linkace
-
CVE-2026-30948
MEDIUM
CVSS 5.4
Parse Server versions prior to 9.5.2-alpha.4 and 8.6.17 allow authenticated users to upload SVG files containing malicious JavaScript that executes in the server's origin context due to missing content security headers, enabling attackers to steal session tokens and compromise user accounts. All deployments with file upload enabled for authenticated users are vulnerable by default, as the file extension filter blocks HTML but not SVG files. A patch is available in the specified versions.
Node.js
XSS
Parse Server
-
CVE-2026-30942
MEDIUM
CVSS 6.5
Flare versions before 1.7.3 contain a path traversal vulnerability in the avatar endpoint that allows authenticated users to read arbitrary files from the application container by exploiting unsanitized filename parameters. Any user with login access, including self-registered accounts on instances with open registration enabled (default configuration), can enumerate and retrieve sensitive files accessible to the Node.js process. The vulnerability requires authentication but poses a significant confidentiality risk on publicly accessible Flare instances without registration restrictions.
Path Traversal
Flare
-
CVE-2026-30938
MEDIUM
CVSS 5.3
Parse Server versions prior to 8.6.12 and 9.5.1-alpha.1 allow attackers to bypass the requestKeywordDenylist security control by nesting prohibited keywords within objects or arrays in request payloads, enabling injection of restricted data into applications. This logic flaw affects all Parse Server deployments since the denylist is enabled by default, and custom keyword restrictions configured by developers are equally vulnerable to the same bypassing technique. Attackers can exploit this to inject malicious content or bypass access controls on any Parse Server instance.
Node.js
Parse Server
-
CVE-2026-30937
MEDIUM
CVSS 6.8
Medium severity vulnerability in ImageMagick. A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur.
Buffer Overflow
Microsoft
Heap Overflow
Imagemagick
Windows
-
CVE-2026-30936
MEDIUM
CVSS 5.5
Medium severity vulnerability in ImageMagick. A crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur.
Buffer Overflow
Imagemagick
-
CVE-2026-30935
MEDIUM
CVSS 4.4
BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the `-bilateral-blur` operation an out of bounds read can occur.
```
=================================================================
==676172==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50a0000079c0 at pc 0x57b483c722f7 bp 0x7fffc0acd380 sp 0x7fffc0acd370
READ of size 4 at 0x50a0000079c0 thread T0
```
Buffer Overflow
Imagemagick
-
CVE-2026-30931
MEDIUM
CVSS 6.8
Medium severity vulnerability in ImageMagick. A heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write.
Buffer Overflow
Heap Overflow
Imagemagick
-
CVE-2026-30927
MEDIUM
CVSS 5.4
Unauthorized event participation manipulation in Admidio prior to 5.0.6 allows authenticated users to register or cancel participation for other users by manipulating the user_uuid parameter in event functions. Any user with event participation privileges can exploit this to modify another user's event enrollment status without authorization. The vulnerability requires authentication and affects confidentiality through unauthorized modifications.
PHP
Authentication Bypass
Admidio
-
CVE-2026-30913
MEDIUM
CVSS 4.6
Flarum's nicknames extension allows authenticated users to inject email-like hyperlinks into their nicknames, which are rendered verbatim in plain-text notification emails sent to other users. An attacker can exploit this to craft malicious nicknames that email clients interpret as clickable links, potentially redirecting recipients to attacker-controlled domains for phishing or credential harvesting. No patch is currently available for this vulnerability.
XSS
-
CVE-2026-30897
MEDIUM
CVSS 6.6
Remote code execution in Fortinet FortiWeb versions 7.0 through 8.0.3 stems from a stack-based buffer overflow that authenticated attackers can exploit by sending crafted HTTP requests, provided they can bypass stack protection and ASLR mechanisms. Successful exploitation allows attackers to execute arbitrary code with the privileges of the vulnerable application. No patch is currently available for this medium-severity vulnerability affecting multiple FortiWeb releases.
Fortinet
Buffer Overflow
Stack Overflow
Fortiweb
-
CVE-2026-30885
MEDIUM
CVSS 5.3
WWBN AVideo is an open source video platform. versions up to 25.0 is affected by missing authentication for critical function.
PHP
Authentication Bypass
Avideo
-
CVE-2026-30883
MEDIUM
CVSS 5.7
ImageMagick is free and open-source software used for editing and manipulating digital images. versions up to 7.1.2-16 is affected by buffer overflow (CVSS 5.7).
Buffer Overflow
Imagemagick
-
CVE-2026-30870
MEDIUM
CVSS 6.5
PowerSync Service 1.20.0 with config.edition: 3 fails to enforce subquery filters in sync streams, allowing authenticated users to access data that should be restricted based on their permissions. The vulnerability affects only configurations using unpartitioned subqueries for synchronization gating and is resolved in version 1.20.1. No patch is currently available for affected deployments.
Authentication Bypass
-
CVE-2026-29773
MEDIUM
CVSS 4.3
Kubewarden's deprecated host-callback APIs in AdmissionPolicy can be exploited by authenticated users with policy creation permissions to gain unauthorized read access to cluster-level resources including Ingresses, Namespaces, and Services. An attacker with privileged AdmissionPolicy creation permissions—not a default privilege—could craft malicious policies to bypass intended access controls and enumerate sensitive cluster infrastructure, though this vulnerability is limited to read-only access without write capability or access to Secrets and ConfigMaps. The vulnerability affects Kubernetes deployments using Kubewarden and currently has no available patch.
Kubernetes
Privilege Escalation
-
CVE-2026-29177
MEDIUM
CVSS 5.4
Stored XSS in Craft Commerce Order details allows authenticated users to inject malicious scripts through Shipping Method Name, Order Reference, or Site Name fields that execute when administrators view order information. Public exploit code exists for this vulnerability affecting versions before 4.10.2 and 5.5.3. Patches are available to remediate the issue.
XSS
Craft Commerce
-
CVE-2026-29176
MEDIUM
CVSS 4.8
Stored XSS in Craft Commerce versions before 5.5.3 allows authenticated users with product editing permissions to inject malicious JavaScript through the Inventory Locations Name field, which executes when administrators view affected product variants. An attacker with these privileges can steal session tokens, modify product data, or perform other administrative actions within the application. A patch is available in version 5.5.3.
XSS
Craft Commerce
-
CVE-2026-29175
MEDIUM
CVSS 5.4
Craft Commerce versions before 5.5.3 contain stored cross-site scripting (XSS) vulnerabilities in the inventory management interface where product and variant fields lack proper HTML escaping. An attacker can inject malicious JavaScript through these fields that executes in the browsers of any user viewing the inventory page, including administrators, with public exploit code currently available. The vulnerability requires authenticated access and user interaction to exploit but can compromise sensitive administrative functions.
XSS
Craft Commerce
-
CVE-2026-29173
MEDIUM
CVSS 4.8
Stored cross-site scripting in Craft Commerce versions before 4.10.2 and 5.5.3 allows authenticated users with high privileges to inject malicious scripts through unescaped Order Status Name fields. Public exploit code exists for this vulnerability, which can be leveraged to execute arbitrary JavaScript in the browser context of other administrators. The vulnerability is restricted by high privilege requirements and user interaction, but affects the integrity and confidentiality of the Commerce Orders management interface.
XSS
Craft Commerce
-
CVE-2026-29113
MEDIUM
CVSS 4.3
Unauthenticated attackers can generate preview tokens in Craft CMS versions prior to 4.17.4 and 5.9.7 by exploiting a CSRF vulnerability in the /actions/preview/create-token endpoint, which lacks proper token validation and HTTP method restrictions. An attacker can force a logged-in editor to create an attacker-controlled preview token that grants unauthorized access to unpublished content. This attack requires user interaction but allows the attacker to view sensitive content without authentication.
CSRF
Craft Cms
-
CVE-2026-28692
MEDIUM
CVSS 4.8
Heap over-read in ImageMagick's MAT decoder prior to versions 7.1.2-16 and 6.9.13-41 results from incorrect arithmetic parenthesization, allowing remote attackers to leak sensitive memory contents and cause denial of service through crafted MAT image files. The vulnerability requires no authentication or user interaction and affects systems using vulnerable ImageMagick versions for image processing. No patch is currently available, leaving users dependent on upgrading to patched versions when released.
Buffer Overflow
Information Disclosure
Imagemagick
Redhat
Suse
-
CVE-2026-28690
MEDIUM
CVSS 6.9
Medium severity vulnerability in ImageMagick. A stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data.
Buffer Overflow
Imagemagick
Redhat
Suse
-
CVE-2026-28689
MEDIUM
CVSS 6.3
Imagemagick versions up to 7.1.2-16 is affected by improper link resolution before file access (CVSS 6.3).
Path Traversal
Imagemagick
Redhat
Suse
-
CVE-2026-28688
MEDIUM
CVSS 4.0
ImageMagick versions prior to 7.1.2-16 and 6.9.13-41 contain a heap-use-after-free vulnerability in the MSL encoder that can be triggered by local attackers to cause denial of service through double-free conditions on cloned images. The vulnerability requires local access with no special privileges or user interaction, resulting in application crashes or potential memory corruption. No patch is currently available for affected versions.
Use After Free
Imagemagick
Redhat
Suse
-
CVE-2026-28687
MEDIUM
CVSS 5.3
Heap use-after-free in ImageMagick's MSL decoder (versions before 7.1.2-16 and 6.9.13-41) allows remote attackers to trigger memory access violations via specially crafted MSL files, resulting in denial of service. The vulnerability requires no authentication or user interaction and affects systems processing untrusted image files. No patch is currently available for this MEDIUM severity issue.
Use After Free
Imagemagick
Redhat
Suse
-
CVE-2026-28686
MEDIUM
CVSS 6.8
Medium severity vulnerability in ImageMagick. A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation.
Buffer Overflow
Imagemagick
Redhat
Suse
-
CVE-2026-28493
MEDIUM
CVSS 6.5
Medium severity vulnerability in ImageMagick. An integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted mage.
Integer Overflow
Imagemagick
Redhat
Suse
-
CVE-2026-28433
MEDIUM
CVSS 4.3
Misskey versions 10.93.0 through 2026.3.0 allow authenticated users to import arbitrary user data due to insufficient ownership validation, enabling attackers with knowledge of target file IDs to access other users' information. The vulnerability requires valid login credentials and knowledge of specific file identifiers, limiting its practical impact. No patch is currently available.
Authentication Bypass
Misskey
-
CVE-2026-28267
MEDIUM
CVSS 5.5
Improper file permission settings in multiple i-フィルター products allow local non-administrative users to create or overwrite critical files in system and backup directories. This vulnerability enables an attacker with local access to manipulate system integrity and potentially disrupt operations, though code execution is not directly possible. No patch is currently available for this vulnerability.
Privilege Escalation
-
CVE-2026-27688
MEDIUM
CVSS 5.0
Unauthorized access to Database Analyzer Log Files in SAP NetWeaver Application Server for ABAP allows authenticated users to read sensitive database logs through an unprotected RFC function module. An attacker with standard user privileges and access to execute the affected module can bypass authorization checks to disclose confidential information, though system integrity and availability remain unaffected. No patch is currently available to remediate this authorization bypass vulnerability.
Sap
-
CVE-2026-27687
MEDIUM
CVSS 5.8
Insufficient authorization validation in SAP S/4HANA and ERP HCM Portugal modules allows high-privileged users to view confidential data from other companies. An authenticated attacker with elevated permissions could exploit this cross-tenant data exposure to access sensitive information without proper access controls. No patch is currently available for this medium-severity vulnerability.
Sap
-
CVE-2026-27686
MEDIUM
CVSS 5.9
SAP Business Warehouse Service API lacks proper authorization controls on RFC function modules, allowing authenticated attackers to modify configurations and disrupt request processing. An attacker with valid credentials could exploit this vulnerability to cause denial of service and alter system integrity without detection. No patch is currently available for this medium-severity vulnerability.
Sap
Denial Of Service
-
CVE-2026-27684
MEDIUM
CVSS 6.4
SQL injection in SAP NetWeaver Feedback Notifications Service enables authenticated attackers to execute arbitrary database queries by exploiting insufficient input validation. An attacker can manipulate SQL WHERE clauses to access or exfiltrate sensitive database information, with limited impact on system confidentiality and availability. No patch is currently available for this vulnerability.
Sap
SQLi
-
CVE-2026-27661
MEDIUM
CVSS 4.3
SINEC Security Monitor versions before 4.9.0 expose sensitive metadata including contributor information and email addresses on the SSM Server, allowing authenticated attackers to obtain confidential data. The vulnerability requires valid credentials to exploit and poses a low-severity information disclosure risk with no availability or integrity impact.
Information Disclosure
Sinec Security Monitor
-
CVE-2026-27281
MEDIUM
CVSS 5.5
DNG SDK versions 1.7.1 and earlier contain an integer overflow vulnerability that allows local attackers to crash affected applications through specially crafted files. Exploitation requires user interaction, as victims must open a malicious file to trigger the denial-of-service condition. No patch is currently available for this vulnerability.
Integer Overflow
Denial Of Service
Dng Software Development Kit
-
CVE-2026-27270
MEDIUM
CVSS 5.5
Out-of-bounds memory read in Adobe Illustrator 29.8.4 and 30.1 and earlier enables attackers to disclose sensitive information from process memory by tricking users into opening malicious files. This local vulnerability requires user interaction but poses a high confidentiality risk with no available patch. Affected organizations should restrict file opening from untrusted sources until Adobe releases a fix.
Adobe
Illustrator
-
CVE-2026-27268
MEDIUM
CVSS 5.5
Out-of-bounds memory read in Adobe Illustrator 29.8.4, 30.1 and earlier enables local attackers to extract sensitive data from process memory by tricking users into opening crafted files. No patch is currently available for this vulnerability, which requires user interaction but poses a meaningful confidentiality risk to affected users.
Adobe
Illustrator
-
CVE-2026-27221
MEDIUM
CVSS 5.5
Improper certificate validation in Adobe Acrobat Reader DC versions 24.001.30307 and earlier allows local attackers to forge digital signatures by spoofing signer identity, bypassing security features that users rely on for document verification. This attack requires user interaction and affects multiple Adobe products including Acrobat DC. No patch is currently available.
Adobe
Acrobat Dc
Acrobat Reader Dc
Acrobat
-
CVE-2026-27219
MEDIUM
CVSS 5.5
Out-of-bounds memory read in Substance 3D Painter 11.1.2 and earlier allows attackers to expose sensitive data from application memory. Exploitation requires a user to open a malicious file, making this a local attack vector dependent on social engineering. No patch is currently available for this vulnerability.
Buffer Overflow
Information Disclosure
Substance 3d Painter
-
CVE-2026-27218
MEDIUM
CVSS 5.5
Substance 3D Painter versions 11.1.2 and earlier contain a null pointer dereference that allows local attackers to crash the application by tricking users into opening malicious files. This denial-of-service vulnerability requires user interaction but requires no elevated privileges to exploit. No patch is currently available for this medium-severity issue.
Null Pointer Dereference
Denial Of Service
Substance 3d Painter
-
CVE-2026-27217
MEDIUM
CVSS 5.5
Substance 3D Painter versions 11.1.2 and earlier contain a null pointer dereference that enables local denial-of-service attacks when users open specially crafted files. An attacker can crash the application to disrupt workflow, though exploitation requires user interaction and no patch is currently available. The vulnerability has a moderate CVSS score of 5.5 with zero percent estimated exploitation probability.
Null Pointer Dereference
Denial Of Service
Substance 3d Painter
-
CVE-2026-27216
MEDIUM
CVSS 5.5
Out-of-bounds memory read in Substance 3D Painter 11.1.2 and earlier enables attackers to leak sensitive data from application memory when a user opens a specially crafted file. This local vulnerability requires user interaction but poses a meaningful confidentiality risk to designers and artists using affected versions. No patch is currently available.
Buffer Overflow
Information Disclosure
Substance 3d Painter
-
CVE-2026-27215
MEDIUM
CVSS 5.5
Substance 3D Painter versions 11.1.2 and earlier contain a null pointer dereference vulnerability that allows local attackers to crash the application by convincing users to open a malicious file. This denial-of-service impact disrupts application availability, though no patch is currently available. User interaction is required for exploitation, and the vulnerability affects local attack scenarios only.
Null Pointer Dereference
Denial Of Service
Substance 3d Painter
-
CVE-2026-27214
MEDIUM
CVSS 5.5
Denial-of-service in Substance 3D Painter 11.1.2 and earlier stems from improper null pointer handling that crashes the application when processing malicious files. An attacker can trigger this crash by tricking a user into opening a specially crafted file, temporarily disrupting the victim's workflow. No patch is currently available to address this vulnerability.
Null Pointer Dereference
Denial Of Service
Substance 3d Painter
-
CVE-2026-26982
MEDIUM
CVSS 6.3
Ghostty terminal emulator allows control characters embedded in pasted or drag-and-dropped text to execute arbitrary commands in certain shell environments, requiring only user interaction to trigger. An attacker can craft malicious text with invisible control sequences that, when copied/pasted by a user, execute unintended commands with the user's privileges. No patch is currently available for this vulnerability.
Command Injection
Ghostty
Suse
-
CVE-2026-26330
MEDIUM
CVSS 5.3
Envoy proxy versions prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13 can be crashed by an authenticated attacker through improper state cleanup in the rate limit filter when both request and response phase limiting are enabled. When a response phase rate limit request fails, the gRPC client reuses stale internal state from the prior request phase, leading to a use-after-free condition that crashes the proxy. An attacker with network access and valid credentials can exploit this to cause a denial of service against Envoy instances.
Denial Of Service
Envoy
-
CVE-2026-26311
MEDIUM
CVSS 5.9
Envoy proxy versions before 1.37.1, 1.36.5, 1.35.8, and 1.34.13 contain a use-after-free vulnerability in the HTTP connection manager that allows attackers to trigger denial of service by sending data frames on streams after they have been reset. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables filter callbacks to execute on logically cleaned-up streams, potentially causing service disruption or state corruption.
Use After Free
Envoy
-
CVE-2026-26310
MEDIUM
CVSS 5.9
Envoy proxy versions prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13 crash when processing scoped IPv6 addresses through the Utility::getAddressWithPort function, which is invoked by the original_src and dns filters in the data plane. This denial of service vulnerability can be triggered remotely without authentication, and public exploit code exists. No patch is currently available for affected deployments.
Dns
Denial Of Service
Envoy
-
CVE-2026-26309
MEDIUM
CVSS 5.3
Envoy is a high-performance edge/middle/service proxy. [CVSS 5.3 MEDIUM]
Denial Of Service
Envoy
-
CVE-2026-26123
MEDIUM
CVSS 5.5
Microsoft Authenticator contains an information disclosure vulnerability that allows local attackers to access sensitive data without requiring elevated privileges or user interaction beyond standard operation. The vulnerability stems from improper categorization of security controls, enabling unauthorized disclosure of confidential information on affected systems. No patch is currently available for this issue.
Microsoft
Information Disclosure
Authenticator
-
CVE-2026-25972
MEDIUM
CVSS 4.3
FortiSIEM 7.3.0-7.3.4 and 7.4.0 are vulnerable to reflected cross-site scripting that allows unauthenticated remote attackers to inject malicious scripts through URL parameters, enabling social engineering attacks against users who click malicious links. The vulnerability requires user interaction to trigger but has no authentication requirements, making it practical for phishing campaigns that redirect victims to spoofed pages.
Fortinet
XSS
Fortisiem
-
CVE-2026-25689
MEDIUM
CVSS 6.5
Fortinet FortiDeceptor versions 4.0 through 6.2.0 are vulnerable to argument injection that allows authenticated super-admin users with CLI access to delete sensitive files through crafted HTTP requests. The vulnerability requires high-level privileges and direct CLI access to exploit, limiting the attack surface to trusted administrators. No patch is currently available for this issue.
Fortinet
Information Disclosure
Fortideceptor
-
CVE-2026-25605
MEDIUM
CVSS 6.7
Unvalidated file path handling in SICAM SIAPP SDK versions below 2.1.7 permits local attackers to delete arbitrary files and sockets accessible to the application process, causing denial of service or service disruption. The vulnerability requires local access and specific conditions to exploit but carries no patching option currently. Organizations using affected SDK versions should implement access controls and monitor for unexpected file deletion activity until an update becomes available.
Denial Of Service
Sicam Siapp Sdk
-
CVE-2026-25572
MEDIUM
CVSS 5.1
Stack overflow in SICAM SIAPP SDK versions prior to 2.1.7 allows local attackers to crash the server component by submitting oversized input that bypasses length validation, resulting in denial of service. The vulnerability stems from missing input length checks on certain variables processed by the SDK server. No patch is currently available for affected installations.
Denial Of Service
Sicam Siapp Sdk
-
CVE-2026-25571
MEDIUM
CVSS 5.1
Stack overflow in SICAM SIAPP SDK versions below 2.1.7 results from missing input length validation on client-side variables, allowing local attackers to trigger denial of service by submitting oversized inputs that crash the affected process. The vulnerability requires local access and manual user interaction but carries no availability impact mitigation since no patch is currently available.
Denial Of Service
Sicam Siapp Sdk
-
CVE-2026-25186
MEDIUM
CVSS 5.5
Unauthorized disclosure of sensitive information in Windows Accessibility Infrastructure (ATBroker.exe) affects Windows Server 2019, 2025, Windows 10 22h2, and Windows 11 25h2, allowing local authenticated attackers to read confidential data. The vulnerability requires user privileges and local access but poses no risk to system integrity or availability. No patch is currently available for this issue.
Information Disclosure
Microsoft
Windows Server 2019
Windows 10 22h2
Windows Server 2025
-
CVE-2026-25185
MEDIUM
CVSS 5.3
Windows Shell Link Processing leaks sensitive information over the network in Windows Server 2012, 2019, and 2022, enabling remote spoofing attacks without authentication or user interaction. An unauthenticated attacker can exploit this information disclosure to conduct spoofing attacks against affected systems. No patch is currently available.
Information Disclosure
Microsoft
Windows Server 2022 23h2
Windows Server 2012
Windows Server 2022
-
CVE-2026-25180
MEDIUM
CVSS 5.5
Microsoft Graphics Component contains an out-of-bounds read vulnerability affecting Windows 10 1607, Windows Server 2019, and 2022, enabling local attackers to read sensitive information from memory. The vulnerability requires user interaction and local access, posing a confidentiality risk without offering a currently available patch. Attack complexity is low, making it a practical concern for systems running affected Office and Windows versions.
Microsoft
Information Disclosure
Buffer Overflow
Office
Windows Server 2019
-
CVE-2026-25169
MEDIUM
CVSS 6.2
A division by zero flaw in the Microsoft Graphics Component on Windows 10 and Windows 11 systems enables local attackers to trigger a denial of service condition without requiring special privileges or user interaction. The vulnerability affects multiple Windows versions including Windows 10 1607, 22h2 and Windows 11 25h2, 26h1, with no patch currently available.
Microsoft
Authentication Bypass
Windows 10 1607
Windows 11 25h2
Windows 11 26h1
-
CVE-2026-25168
MEDIUM
CVSS 6.2
Microsoft Graphics Component on Windows 10 21H2, Windows Server 2016, and Windows 11 25H2 is vulnerable to a null pointer dereference that enables local denial of service attacks. An attacker with local access can trigger the vulnerability without requiring elevated privileges or user interaction to crash the graphics component and render the system unavailable. No patch is currently available for this medium-severity vulnerability.
Microsoft
Null Pointer Dereference
Denial Of Service
Windows 10 21h2
Windows Server 2016
-
CVE-2026-24640
MEDIUM
CVSS 6.6
Arbitrary code execution in Fortinet FortiWeb 7.0.2 through 8.0.2 stems from a stack-based buffer overflow triggered by crafted HTTP requests from authenticated attackers who can bypass stack protection mechanisms. The vulnerability affects multiple FortiWeb versions and requires high privileges and specific conditions to exploit, though no patch is currently available. An authenticated attacker with sufficient privileges could leverage this flaw to execute arbitrary commands on affected systems.
Fortinet
Buffer Overflow
Stack Overflow
Fortiweb
-
CVE-2026-24317
MEDIUM
CVSS 5.0
SAP GUI for Windows improperly loads DLL files from user-accessible directories, enabling arbitrary code execution when GuiXT is enabled. An attacker can exploit this by tricking a user into downloading a malicious DLL to a predictable location, resulting in code execution with the victim's privileges. No patch is currently available for this medium-severity vulnerability.
Sap
Windows
-
CVE-2026-24316
MEDIUM
CVSS 6.4
SAP NetWeaver Application Server for ABAP contains a server-side request forgery vulnerability in a built-in ABAP testing report that allows authenticated attackers to send HTTP requests to arbitrary internal or external endpoints. Successful exploitation could enable reconnaissance of sensitive internal systems and potential data exfiltration, though availability is not impacted. Currently, no patch is available for this vulnerability.
Sap
SSRF
-
CVE-2026-24313
MEDIUM
CVSS 5.0
SAP Solution Tools Plug-In (ST-PI) exposes system information to authenticated users due to missing authorization validation in a function module. An attacker with valid credentials can bypass access controls to retrieve sensitive information about the SAP system without requiring user interaction.
Sap
-
CVE-2026-24311
MEDIUM
CVSS 5.6
SAP Customer Checkout stores operational data with weak encryption that can be accessed and modified by authenticated users with high privileges through local interaction, potentially compromising confidentiality and integrity of application behavior. This vulnerability requires physical access and user interaction but carries no availability impact, affecting SAP industrial deployment environments where no patch is currently available.
Sap
Industrial
-
CVE-2026-24309
MEDIUM
CVSS 6.4
Missing authorization controls in SAP NetWeaver Application Server for ABAP allow authenticated attackers to invoke specific function modules that manipulate the database configuration table, potentially degrading system performance or causing service interruptions. This authorization bypass affects both system integrity and availability, though it requires valid credentials and no patch is currently available.
Sap
-
CVE-2026-24297
MEDIUM
CVSS 6.5
Windows Kerberos authentication in Server 2012 and Windows 10 (versions 1607, 1809) contains a race condition that enables unauthenticated remote attackers to circumvent security feature protections. The synchronization flaw in concurrent resource access allows attackers to bypass intended security controls without user interaction over the network. No patch is currently available for this vulnerability.
Race Condition
Microsoft
Authentication Bypass
Windows Server 2012
Windows 10 1607
-
CVE-2026-24288
MEDIUM
CVSS 6.8
Arbitrary code execution in Windows 10 (versions 21H2 and 22H2) via heap buffer overflow in Mobile Broadband functionality requires physical access to a target device. An attacker with direct hardware access can trigger memory corruption to achieve kernel-level code execution with full system privileges. No patch is currently available for this vulnerability.
Buffer Overflow
Heap Overflow
Microsoft
Windows 10 22h2
Windows 10 21h2
-
CVE-2026-24282
MEDIUM
CVSS 5.5
Windows Push Message Routing Service contains an out-of-bounds read vulnerability that enables authenticated local users to access sensitive information on affected systems running Windows 10 and Windows 11. The vulnerability requires valid credentials to exploit and poses a confidentiality risk, though no patch is currently available. This affects multiple Windows versions including 21H2, 22H2, and 23H2 releases.
Buffer Overflow
Information Disclosure
Windows 10 21h2
Windows 10 1607
Windows 11 25h2
-
CVE-2026-23907
MEDIUM
CVSS 5.3
Apache PDFBox versions 2.0.24-2.0.35 and 3.0.0-3.0.6 contain a path traversal vulnerability in the ExtractEmbeddedFiles example that allows attackers to write files outside the intended extraction directory by manipulating embedded file names. Organizations that have integrated this example code into production systems are at risk of unauthorized file writes on the host system. No patch is currently available, requiring developers to manually implement path validation to ensure extracted files remain within the designated directory.
Apache
Path Traversal
Pdfbox
Redhat
Suse
-
CVE-2026-23868
MEDIUM
CVSS 5.1
Giflib's image processing functions are vulnerable to denial of service through a double-free memory corruption flaw triggered during shallow copy operations in GifMakeSavedImage with improper error handling. Local attackers with crafted image files can crash applications using affected Giflib versions, though exploitation requires specific and difficult-to-achieve conditions. No patch is currently available.
Information Disclosure
Redhat
Suse
-
CVE-2026-23656
MEDIUM
CVSS 5.9
Windows App Installer fails to adequately authenticate package data, enabling network-based attackers to conduct spoofing attacks without user interaction. This vulnerability affects Windows and Windows App installations, potentially allowing threat actors to deceive users into installing malicious or tampered applications. While no patch is currently available, the low EPSS score suggests exploitation is unlikely in the near term.
Windows
Windows App
Microsoft
-
CVE-2026-22628
MEDIUM
CVSS 5.3
Fortinet FortiSwitchAXFixed versions 1.0.0 through 1.0.1 contain an access control flaw that allows authenticated administrators to execute arbitrary system commands by uploading a malicious SSH configuration file. The vulnerability requires local access and valid admin credentials but poses a risk to organizations where admin accounts may be compromised or where insider threats are a concern. No patch is currently available.
Fortinet
Authentication Bypass
-
CVE-2026-22614
MEDIUM
CVSS 6.1
Eaton EasySoft project files use weak encryption vulnerable to brute force attacks, allowing local attackers with file access to extract sensitive information and modify project configurations. An authenticated user on the affected system can exploit this weakness to compromise confidentiality and integrity of stored data. No patch is currently available for this vulnerability.
Information Disclosure
-
CVE-2026-21365
MEDIUM
CVSS 5.5
Memory disclosure in Substance 3D Painter 11.1.2 and earlier allows attackers to read sensitive data from process memory through an out-of-bounds read vulnerability. Exploitation requires user interaction, as victims must open a specially crafted malicious file. No patch is currently available for this vulnerability.
Buffer Overflow
Information Disclosure
Substance 3d Painter
-
CVE-2026-21364
MEDIUM
CVSS 5.5
Denial-of-service crashes in Adobe Substance 3D Painter versions 11.1.2 and earlier stem from a null pointer dereference vulnerability triggered when users open specially crafted files. An attacker can exploit this flaw to force application crashes and disrupt user workflows, though no patch is currently available. Exploitation requires social engineering to convince victims to open a malicious file.
Null Pointer Dereference
Denial Of Service
Substance 3d Painter
-
CVE-2026-21363
MEDIUM
CVSS 5.5
Substance 3D Painter versions 11.1.2 and earlier contain a null pointer dereference vulnerability that allows local attackers to crash the application by tricking users into opening a malicious file. This denial-of-service condition disrupts workflow for affected users, though no patch is currently available. The vulnerability requires user interaction and does not enable code execution or data compromise.
Null Pointer Dereference
Denial Of Service
Substance 3d Painter
-
CVE-2026-3846
MEDIUM
CVSS 6.5
Firefox's CSS parsing engine fails to properly enforce same-origin policy restrictions, allowing attackers to perform unauthorized modifications to web content across different origins through user interaction. Versions prior to 148.0.2 are affected, and the vulnerability requires user engagement to exploit. No patch is currently available, leaving vulnerable installations at risk of data integrity attacks.
CSRF
Mozilla
Firefox
-
CVE-2026-3582
MEDIUM
CVSS 4.3
GitHub Enterprise Server allows authenticated users with limited personal access tokens to access private and internal repository data through the search API if they already have some level of access to those repositories via organization membership or collaborator status. This authorization bypass affects versions prior to 3.20 and enables information disclosure despite the tokens lacking the necessary repository scope permissions. No patch is currently available for this MEDIUM severity vulnerability.
Github
Enterprise Server
-
CVE-2026-3306
MEDIUM
CVSS 4.3
GitHub Enterprise Server allows users with read-only repository access and project write permissions to modify issue and pull request metadata by exploiting insufficient authorization checks when updating project items. An attacker with these limited permissions can alter sensitive metadata without the required repository write access, potentially disrupting workflow management and data integrity. This vulnerability affects multiple versions and currently has no publicly available patch.
Github
Enterprise Server
-
CVE-2026-3228
MEDIUM
CVSS 6.4
Stored XSS in NextScripts Social Networks Auto-Poster plugin for WordPress (versions up to 4.4.6) allows authenticated Contributor-level users to inject malicious scripts through the `[nxs_fbembed]` shortcode due to insufficient input sanitization. Attackers can embed arbitrary JavaScript that executes when other users access the affected pages. A patch is not currently available.
WordPress
XSS
-
CVE-2026-2266
MEDIUM
CVSS 5.4
DOM-based XSS in GitHub Enterprise Server prior to version 3.20 allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by injecting malicious HTML through task list content in issues and pull requests. The vulnerability stems from improper input neutralization in the task list rendering logic, which fails to re-encode user-supplied content before display. An attacker with repository access could exploit this to steal session tokens or perform actions on behalf of other users.
Github
XSS
Enterprise Server
-
CVE-2026-1920
MEDIUM
CVSS 5.3
The Booktics plugin for WordPress versions up to 1.0.16 lacks proper permission validation in its Extension_Controller function, allowing unauthenticated attackers to install arbitrary addon plugins and modify site data. This network-accessible vulnerability affects WordPress installations using the vulnerable plugin without requiring user interaction. No patch is currently available for this medium-severity vulnerability.
WordPress
Industrial
-
CVE-2026-1919
MEDIUM
CVSS 5.3
Booktic versions up to 1.0.16. is affected by missing authentication for critical function (CVSS 5.3).
WordPress
Industrial
-
CVE-2026-1508
MEDIUM
CVSS 4.3
Court Reservation WordPre versions up to 1.10.9 is affected by cross-site request forgery (csrf) (CVSS 4.3).
WordPress
CSRF
-
CVE-2026-0489
MEDIUM
CVSS 6.1
DOM-based XSS in SAP Business One Job Service allows unauthenticated attackers to inject malicious code through unvalidated URL query parameters, compromising user sessions when victims interact with crafted links. Successful exploitation could leak sensitive data or modify application content, though availability is not affected. No patch is currently available.
Sap
XSS
-
CVE-2026-0119
MEDIUM
CVSS 6.8
An out-of-bounds write vulnerability in Android's USIM registration component allows an attacker with physical access to escalate privileges without requiring additional permissions or user interaction. The memory corruption flaw in usim_SendMCCMNCIndMsg could enable complete compromise of affected devices. No patch is currently available for this vulnerability.
Memory Corruption
Privilege Escalation
Android
Google
-
CVE-2026-0108
MEDIUM
CVSS 4.0
Improper register protection in the PowerVR GPU on Android devices enables local attackers to read sensitive information without requiring special privileges or user interaction. This memory disclosure vulnerability affects Android systems and cannot currently be patched, leaving devices vulnerable to information leakage through direct GPU register access.
Information Disclosure
Android
-
CVE-2025-70129
MEDIUM
CVSS 5.3
If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and publish spam comments. [CVSS 5.3 MEDIUM]
Information Disclosure
-
CVE-2025-70128
MEDIUM
CVSS 6.1
A Stored Cross-Site Scripting (XSS) vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. The application fails to properly sanitize or validate user-supplied input in the "link" field of a comment. [CVSS 6.1 MEDIUM]
PHP
XSS
-
CVE-2025-70025
MEDIUM
CVSS 6.1
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in benkeen generatedata 4.0.14. [CVSS 6.1 MEDIUM]
XSS
-
CVE-2025-68482
MEDIUM
CVSS 6.9
A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack. [CVSS 6.9 MEDIUM]
Fortinet
Fortimanager
Fortianalyzer
-
CVE-2025-55717
MEDIUM
CVSS 4.0
A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited ...
Fortinet
Fortivoice
Fortimail
Fortirecorder
-
CVE-2025-54659
MEDIUM
CVSS 5.8
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow an unauthenticated attacker to read files accessible to the fortisoar user on a system where the agent is deployed, via sending a crafted request to the agent port. [CVSS 5.8 MEDIUM]
Fortinet
Path Traversal
-
CVE-2025-53608
MEDIUM
CVSS 4.8
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated privileged attacker to execute code via crafted requests. [CVSS 4.8 MEDIUM]
Fortinet
XSS
Fortisandbox
-
CVE-2025-49784
MEDIUM
CVSS 6.0
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigData 7.6.0, FortiAnalyzer-BigData 7.4.0 through 7.4.4, FortiAnalyzer-BigData 7.2 all versions, FortiAnalyzer-BigData 7.0 all versions, FortiAnalyzer-BigData 6.4 all versions, FortiAnalyzer-BigData 6.2 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted requests. [CVSS 6.0 MEDIUM]
Fortinet
SQLi
Fortianalyzer Big Data
Fortianalyzer
-
CVE-2025-48840
MEDIUM
CVSS 5.3
An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request. [CVSS 5.3 MEDIUM]
Fortinet
Authentication Bypass
Fortiweb
-
CVE-2025-48418
MEDIUM
CVSS 6.7
A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2.1 through 7.2.10, FortiAnalyzer Cloud 7.0.1 through 7.0.14, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.0 through 7.2.10, FortiManager 7.0.0 through 7.0.14, FortiManager 6.4 all versions, FortiManager Cloud 7.6.2 through 7.6.3, FortiManager Cloud 7.4.1 through 7.4.7, FortiManager Cloud 7.2.1 through 7.2.10, FortiManager Cloud 7.0.1 through 7.0.14, FortiManager Cloud 6.4 all versions may allow a remote authenticated read-only admin with CLI access to escalate their privilege via use of a hidden command. [CVSS 6.7 MEDIUM]
Fortinet
Fortimanager
Fortianalyzer Cloud
Fortianalyzer
Fortimanager Cloud
-
CVE-2025-41712
MEDIUM
CVSS 6.5
An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server. [CVSS 6.5 MEDIUM]
Privilege Escalation
-
CVE-2025-41711
MEDIUM
CVSS 5.3
An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access. [CVSS 5.3 MEDIUM]
Information Disclosure
-
CVE-2025-41710
MEDIUM
CVSS 6.5
An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges. [CVSS 6.5 MEDIUM]
Authentication Bypass
-
CVE-2025-36227
MEDIUM
CVSS 5.4
Aspera Faspex versions up to 5.0.14.3 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 5.4).
IBM
XSS
Aspera Faspex
-
CVE-2025-36226
MEDIUM
CVSS 5.4
IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. [CVSS 5.4 MEDIUM]
IBM
XSS
Aspera Faspex
-
CVE-2025-36173
MEDIUM
CVSS 6.1
Affected Product(s)Version(s)InfoSphere Data Architect9.2.1 [CVSS 6.1 MEDIUM]
XSS
-
CVE-2025-36105
MEDIUM
CVSS 4.4
IBM Planning Analytics Advanced Certified Containers 3.1.0 versions up to 3.1.4 contains a vulnerability that allows attackers to a local privileged user to obtain sensitive information from environment variabl (CVSS 4.4).
IBM
Industrial
-
CVE-2025-13219
MEDIUM
CVSS 5.9
Aspera Orchestrator versions up to 4.1.2 contains a vulnerability that allows attackers to information disclosure if unauthorized parties have access to the URLs via serve (CVSS 5.9).
IBM
Information Disclosure
Aspera Orchestrator
-
CVE-2025-13213
MEDIUM
CVSS 5.4
Aspera Orchestrator versions up to 4.1.2 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 5.4).
IBM
XSS
Aspera Orchestrator
-
CVE-2025-2399
MEDIUM
CVSS 5.9
Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric CNC M800V Series M800VW and M800VS, M80V Series M80V and M80VW, M800 Series M800W and M800S, M80 Series M80 and M80W, E80 Series E80, C80 Series C80, M700V Series M750VW, M720VW, 730VW, M720VS, M730VS, and M750VS, M70V Series M70V, E70 Series E70, and Software Tools NC Trainer2 and NC Trainer2 plus allows a remote attacker to cause an out-of-bounds read, resulting in a denial-of-service condition by sending specially crafted packets to TCP port 683. [CVSS 5.9 MEDIUM]
Buffer Overflow
-
CVE-2026-31827
None
Alienbin is an anonymous code and text sharing web service. In 1.0.0 and earlier, the /save endpoint in server.js drops and recreates the MongoDB TTL index on the entire post collection for every new paste submission.
MongoDB
-
CVE-2026-31812
None
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(),...
Denial Of Service
-
CVE-2026-30977
None
RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScript. versions up to 0.1.1 is affected by cross-site scripting (xss).
Mediawiki
XSS
-
CVE-2026-30960
None
rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities.
Industrial
-
CVE-2026-30917
None
Bucket is a MediaWiki extension to store and retrieve structured data on articles. versions up to 2.1.1 is affected by cross-site scripting (xss).
Mediawiki
XSS
-
CVE-2026-30916
None
Shescape is a simple shell escape library for JavaScript. versions up to 2.1.9 is affected by information exposure.
Information Disclosure
-
CVE-2026-29793
None
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, Socket.IO clients can send arbitrary JavaScript objects as the id argument to any service method (get, patch, update, remove). The transport layer performs no type checking on this argument. When the service uses the MongoDB adapter, these objects pass through getObjectId() and land directly in the MongoDB query as operators. Sending {$ne: null} as the id mat...
MongoDB
-
CVE-2026-29792
None
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, an unauthenticated attacker can send a crafted GET request directly to /oauth/:provider/callback with a forged profile in the query string. The OAuth service's authentication payload has a fallback chain that reaches params.query (the raw request query) when Gra...
Authentication Bypass
-
CVE-2026-24641
LOW
CVSS 2.7
A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests. [CVSS 2.7 LOW]
Fortinet
Null Pointer Dereference
Denial Of Service
-
CVE-2026-24310
LOW
CVSS 3.5
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. [CVSS 3.5 LOW]
Sap
-
CVE-2026-22629
LOW
CVSS 3.7
An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4 all versions, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4 all...
Fortinet
Authentication Bypass
-
CVE-2026-21791
LOW
CVSS 3.3
HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL [CVSS 3.3 LOW]
Android
Information Disclosure
-
CVE-2026-3862
None
Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page.
XSS
-
CVE-2026-3315
None
Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.This issue affects Visionline: from 1.0 before 1.33.
Windows
-
CVE-2026-2742
None
Authentication bypass in Vaadin framework (14.0.0-14.14.0, 23.0.0-23.6.x, and other ranges). The web application framework fails to properly enforce authentication on certain routes.
Spring
Authentication Bypass
-
CVE-2026-2741
None
Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 versions up to 14.14.0 is affected by path traversal.
Node.js
Dns
Path Traversal
-
CVE-2026-2273
None
CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of the subsequent system when an authenticated user opens a malicious project file.
Code Injection
-
CVE-2026-1776
None
Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem.
Aws
Path Traversal
-
CVE-2026-1286
None
CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated user opens a malicious project file.
RCE
Deserialization
-
CVE-2026-0121
LOW
CVSS 2.9
In VPU, there is a possible use-after-free read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. [CVSS 2.9 LOW]
Information Disclosure
Race Condition
-
CVE-2026-0115
LOW
CVSS 2.1
Android versions up to - contains a vulnerability that allows attackers to physical information disclosure with no additional execution privileges needed (CVSS 2.1).
Information Disclosure
-
CVE-2025-53706
None
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.
Information Disclosure
-
CVE-2025-27769
LOW
CVSS 2.6
A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (All versions < F4.11.1), Heliox Mobile DC 40 kW EV Charging Station (All versions < L4.10.1). [CVSS 2.6 LOW]
Authentication Bypass
-
CVE-2025-22850
None
Time-of-check time-of-use race condition in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure.
Information Disclosure
Race Condition
-
CVE-2025-22444
None
Exposure of resource to wrong sphere in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure.
Information Disclosure
-
CVE-2025-20105
None
Improper input validation in some UEFI firmware SMM module for the Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution.
Privilege Escalation
-
CVE-2025-20096
None
Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation.
Privilege Escalation
-
CVE-2025-20073
None
Improper buffer restrictions in the UEFI DXE module for some Intel(R) Reference Platforms within UEFI may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure.
Information Disclosure
-
CVE-2025-20068
None
Improper input validation in the UEFI ImcErrorHandler module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege.
Privilege Escalation
-
CVE-2025-20064
None
Improper input validation in the UEFI FlashUcAcmSmm module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code execution.
Privilege Escalation
-
CVE-2025-20028
None
Time-of-check time-of-use race condition in the WheaERST SMM module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege.
Privilege Escalation
Race Condition
-
CVE-2025-20027
None
Improper input validation in the UEFI WheaERST module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege.
Privilege Escalation
-
CVE-2025-20005
None
Improper buffer restrictions in some UEFI firmware for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation.
Privilege Escalation
-
CVE-2025-13957
None
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default.
PostgreSQL
RCE
Information Disclosure
-
CVE-2025-13902
None
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server containing the injected payload.
XSS
-
CVE-2025-13901
None
CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels.
Denial Of Service
-
CVE-2025-11739
None
CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization.
Deserialization
RCE