Skip to main content
CVE-2026-30957 CRITICAL POC PATCH Act Now

OneUptime prior to 10.0.21 has a fourth vulnerability in Synthetic monitoring exposing dangerous functionality.

RCE Oneuptime
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.3%
CVE-2026-30887 CRITICAL POC PATCH Act Now

OneUptime monitoring platform prior to 10.0.18 allows code injection (CVSS 9.9) enabling RCE through the monitoring configuration.

Node.js Oneuptime
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-30956 CRITICAL POC PATCH Act Now

OneUptime prior to 10.0.21 has a third authorization bypass enabling low-privileged users to access admin functions.

Authentication Bypass Privilege Escalation Information Disclosure Node.js Oneuptime
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-30921 CRITICAL POC PATCH Act Now

OneUptime prior to 10.0.20 exposes dangerous functionality in Synthetic monitoring that enables code execution.

RCE AI / ML Oneuptime
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-28292 CRITICAL POC PATCH GHSA Act Now

simple-git Node.js library has a command injection vulnerability (EPSS with patch) enabling RCE when processing untrusted git operations.

Node.js RCE Command Injection Simple Git
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-28495 CRITICAL POC Act Now

GetSimple CMS massiveAdmin plugin has a CSRF vulnerability enabling attackers to perform admin actions through crafted malicious pages.

PHP RCE CSRF Getsimple Cms
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-40943 CRITICAL CISA Emergency

Siemens devices have a stored XSS in trace file handling (CVSS 9.6) enabling code execution when administrators view diagnostic data.

XSS
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-30966 CRITICAL PATCH Act Now

Parse Server has a CVSS 10.0 access control vulnerability enabling complete bypass of all data access restrictions.

Node.js Parse Server
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2025-48611 CRITICAL Act Now

Android DeviceId component has a CVSS 10.0 out-of-bounds write in persistence handling enabling device compromise.

Privilege Escalation Buffer Overflow
NVD VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-0120 CRITICAL Act Now

Modem has a fifth OOB write enabling remote privilege escalation.

RCE Android Google
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-0116 CRITICAL Act Now

Samsung/Google MFC driver has an OOB write in mfc_core_isr.c enabling kernel-level privilege escalation on Android devices.

RCE Android Google
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-0114 CRITICAL Act Now

Modem has a fourth OOB write due to incorrect bounds check.

RCE Android Google
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-0113 CRITICAL Act Now

Modem has a third OOB write in cell broadcast utilities.

Privilege Escalation Android Google
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-0111 CRITICAL Act Now

Modem OOB write in cell broadcast utilities enabling privilege escalation.

Privilege Escalation Android Google
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-0110 CRITICAL Act Now

Samsung/Qualcomm modem has an out-of-bounds write in NR SM message handling enabling privilege escalation through crafted cellular signaling.

Memory Corruption Privilege Escalation Android Google
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-56422 CRITICAL Act Now

LimeSurvey before v6.15.0 has an insecure deserialization enabling remote code execution through crafted survey data.

Deserialization RCE Limesurvey
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-41709 CRITICAL Act Now

A Siemens product has a command injection vulnerability enabling remote code execution.

Command Injection
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-0953 CRITICAL Act Now

Tutor LMS Pro WordPress plugin has an authentication bypass enabling unauthenticated users to access premium learning content and admin functions.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-30968 CRITICAL Act Now

Coral Server open collaboration platform has a missing authorization enabling unauthenticated access to all collaboration data.

Authentication Bypass AI / ML Coral Server
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-23240 CRITICAL PATCH Act Now

In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was discovered during a code audit.

Linux Information Disclosure Race Condition
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-69614 CRITICAL Act Now

A product has an access control flaw allowing activation token reuse on the password-reset endpoint for unauthorized account takeover.

Authentication Bypass Account Management Portal
NVD GitHub VulDB
CVSS 3.1
9.4
EPSS
0.0%
CVE-2026-28806 CRITICAL Act Now

Improper Authorization vulnerability in nerves-hub nerves_hub_web allows cross-organization device control via device bulk actions and device update API.

Authentication Bypass Nerveshub
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-30960 CRITICAL PATCH Act Now

rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities.

RCE Code Injection
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-3843 CRITICAL Act Now

Gas station automation system BUK TS-G 2.9.1 has a SQL injection enabling compromise of fuel management and transaction data.

PHP RCE SQLi
NVD VulDB
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-30869 CRITICAL PATCH Act Now

SiYuan prior to 3.5.10 has a path traversal vulnerability enabling arbitrary file access through crafted API requests.

RCE Path Traversal Siyuan Suse
NVD GitHub VulDB
CVSS 3.1
9.3
EPSS
0.4%
CVE-2026-30970 CRITICAL Act Now

Coral Server has a third missing authorization flaw.

Authentication Bypass AI / ML Coral Server
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-31800 CRITICAL PATCH Act Now

Parse Server has a third vulnerability with missing authorization enabling unauthorized operations.

Node.js Parse Server
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-30969 CRITICAL Act Now

Coral Server has an IDOR vulnerability enabling cross-user data access.

Authentication Bypass AI / ML Coral Server
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-30965 CRITICAL PATCH Act Now

Parse Server has an incorrect authorization vulnerability enabling unauthorized data access across applications.

Node.js Parse Server
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-27685 CRITICAL Act Now

SAP NetWeaver Enterprise Portal Administration has an insecure deserialization vulnerability allowing privileged users to execute code through uploaded files.

SAP Deserialization
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-11158 CRITICAL Act Now

Hitachi Vantara Pentaho has a missing authorization vulnerability enabling unauthorized access to data integration and analytics functions.

Authentication Bypass Vantara Pentaho Data Integration And Analytics
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-69615 CRITICAL Act Now

A product has missing 2FA rate limiting allowing unlimited brute-force attempts against two-factor authentication codes.

Authentication Bypass Account Management Portal
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-30862 CRITICAL Act Now

Appsmith platform prior to version 1.96 has a critical stored XSS enabling account takeover through crafted admin panel content.

XSS Appsmith
NVD GitHub VulDB
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-27825 CRITICAL PATCH Act Now

MCP Atlassian server has a path traversal vulnerability enabling unauthorized access to Confluence and Jira data outside the intended scope.

Atlassian Path Traversal RCE
NVD GitHub VulDB
CVSS 3.1
9.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy