Skip to main content
CVE-2026-29066 MEDIUM POC PATCH This Month

Medium severity vulnerability in TinaCMS. The TinaCMS CLI dev server configures Vite with `server.fs.strict: false`, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system

Information Disclosure Tinacms Cli
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-3611 CRITICAL Act Now

Unauthenticated access to Honeywell IQ4x building controller HMI. CVSS 10.0.

Authentication Bypass Honeywell
NVD GitHub VulDB
CVSS 4.0
10.0
EPSS
0.1%
CVE-2026-21708 CRITICAL Act Now

Veeam Backup & Replication allows a user with the Backup Viewer role (read-only) to escalate to remote code execution as the postgres database user. A read-only role achieving RCE represents a severe privilege escalation with scope change.

PostgreSQL RCE SQLi
NVD VulDB
CVSS 3.1
9.9
EPSS
0.5%
CVE-2026-21667 CRITICAL Act Now

A second RCE vulnerability in Veeam Backup & Replication allows any authenticated domain user to execute code on the Backup Server with scope change. Same impact as CVE-2026-21666 but through a different attack vector.

RCE Authentication Bypass Veeam Backup Replication
NVD VulDB
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-21666 CRITICAL Act Now

Veeam Backup & Replication allows an authenticated domain user to achieve remote code execution on the Backup Server. With a scope change to CVSS 9.9, a compromised domain account can fully take over the backup infrastructure.

RCE Authentication Bypass Veeam Backup Replication
NVD VulDB
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-21669 CRITICAL Act Now

Yet another Veeam Backup & Replication RCE vulnerability allowing authenticated domain users to execute code on the Backup Server with scope change (CVSS 9.9). Part of a cluster of related Veeam vulnerabilities disclosed together.

RCE Code Injection Veeam Backup Replication
NVD VulDB
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-3059 CRITICAL PATCH GHSA Act Now

SGLang's multimodal generation module deserializes untrusted data with pickle.loads() over an unauthenticated ZMQ broker, enabling remote code execution. Any attacker who can reach the ZMQ port can execute arbitrary Python code on the ML inference server.

RCE Deserialization Sglang
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-3060 CRITICAL PATCH GHSA Act Now

SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated RCE through pickle deserialization in the disaggregation module's inter-process communication. Same class of vulnerability as CVE-2026-3059 in a different code path.

RCE Deserialization Sglang
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-59388 CRITICAL Act Now

QNAP Hyper Data Protector before 2.3.1.455 contains hard-coded credentials that allow remote unauthenticated attackers to gain unauthorized access to backup management functions, potentially compromising all backed-up data across the organization.

Authentication Bypass Hyper Data Protector
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-26793 CRITICAL Act Now

GL-iNet GL-AR300M16 v4.3.11 has a command injection in the set_config function, adding to the growing list of injection vulnerabilities in this device. This is the fourth distinct command injection CVE for this router model.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-26795 CRITICAL Act Now

GL-iNet GL-AR300M16 v4.3.11 contains another command injection vulnerability, this time via the module parameter in the M.get_system_log function. Part of a series of command injection flaws in this router model.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-26792 CRITICAL Act Now

GL-iNet GL-AR300M16 v4.3.11 has multiple command injection vulnerabilities in the set_upgrade function through seven different parameters. Each parameter provides an independent code execution vector on the router.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-26791 CRITICAL Act Now

GL-iNet GL-AR300M16 router (v4.3.11) is vulnerable to command injection through the string port parameter in the enable_echo_server function. Unauthenticated attackers can execute arbitrary commands on the router.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-70245 CRITICAL Act Now

D-Link DIR-513 router (v1.10) has a stack buffer overflow in the curTime parameter of formSetWizardSelectMode. This is an end-of-life router with no expected patch, meaning exploitation will remain possible indefinitely.

Buffer Overflow D-Link RCE Dir 513 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-32230 MEDIUM POC PATCH This Month

A remote code execution vulnerability in Uptime Kuma (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-28252 CRITICAL Act Now

Trane Tracer SC, SC+, and Concierge building automation controllers use broken cryptographic algorithms that allow attackers to bypass authentication and gain root access. These are critical building management systems controlling HVAC in commercial facilities.

Authentication Bypass Tracer Sc Firmware Tracer Concierge
NVD VulDB
CVSS 4.0
9.2
EPSS
0.1%
CVE-2026-21671 CRITICAL Act Now

Veeam Backup & Replication allows Backup Administrators to achieve RCE in high-availability deployments. While requiring admin-level access, the scope change to the HA infrastructure makes this critical for organizations running Veeam in HA mode.

RCE Code Injection Veeam Backup Replication
NVD VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-32140 HIGH This Week

Remote code execution in Dataease prior to version 2.10.20 allows authenticated attackers to execute arbitrary code by manipulating the IniFile parameter to load malicious JDBC configuration files through the Redshift driver. An attacker with valid credentials can exploit the aggressive configuration file discovery mechanism to inject dangerous JDBC properties and gain complete system compromise. No patch is currently available, leaving affected deployments vulnerable to this high-severity attack vector.

RCE Path Traversal Dataease
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-21672 HIGH This Week

Local privilege escalation in Veeam Backup & Replication on Windows enables authenticated users to gain system-level access without user interaction. An attacker with local account credentials can exploit this vulnerability to achieve complete control over the backup infrastructure, including reading, modifying, or deleting backups. No patch is currently available for this high-severity issue affecting backup administrators and organizations relying on Veeam for data protection.

Privilege Escalation Microsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-32137 HIGH This Week

Dataease is an open source data visualization analysis tool. versions up to 2.10.20 is affected by sql injection.

SQLi Dataease
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3978 HIGH This Week

Remote code execution in D-Link DIR-513 firmware version 1.10 through a stack-based buffer overflow in the /goform/formEasySetupWizard3 endpoint allows unauthenticated attackers to achieve full system compromise over the network. The vulnerability can be exploited with minimal complexity using publicly available exploit code, and no patch is currently available to remediate the issue.

Buffer Overflow D-Link Dir 513 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-21668 HIGH This Week

Authenticated domain users can bypass file access restrictions on Backup Repository systems to read, modify, or delete arbitrary files due to insufficient authorization controls. This high-severity flaw affects users with valid domain credentials and requires no user interaction to exploit. No patch is currently available for this vulnerability.

Authentication Bypass Veeam Backup Replication
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2023-43010 HIGH PATCH This Week

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. [CVSS 8.8 HIGH]

Buffer Overflow Apple Memory Corruption Ipados Iphone Os
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-26794 HIGH This Week

SQL injection in GL-iNet GL-AR300M16 firmware v4.3.11 allows authenticated attackers to execute arbitrary database commands through the add_group() function via crafted HTTP requests. The vulnerability affects all installations of the affected firmware version and requires valid credentials to exploit. No patch is currently available to remediate this high-severity flaw.

SQLi Ar300m16 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-28253 HIGH This Week

A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition

Information Disclosure Tracer Sc Firmware Tracer Concierge
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-32129 HIGH PATCH This Week

Insufficient input padding in soroban-poseidon's Poseidon V1 hash function enables attackers to forge hash collisions by appending zeros to shorter inputs, allowing distinct messages to produce identical hashes when the input count is less than the sponge rate. This vulnerability affects any Soroban smart contract relying on PoseidonSponge or poseidon_hash for cryptographic integrity, potentially compromising authentication, signature verification, or other security mechanisms that depend on hash uniqueness. No patch is currently available.

Code Injection
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-32274 HIGH PATCH This Week

Arbitrary file write in Black (the Python code formatter) before 26.3.1 lets an attacker who controls the value of the --python-cell-magics option place cache files at attacker-chosen filesystem locations via path traversal. The unsanitized option value is embedded directly into the computed cache filename, so a value such as '../../../tmp/pwned' escapes the cache directory and overwrites or creates files elsewhere. No public exploit is identified at time of analysis, EPSS is very low (0.02%), and the issue is not in CISA KEV; practical risk is confined to environments that feed untrusted input into Black's command-line options.

Path Traversal Python Black
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-3841 HIGH This Week

A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations.

Command Injection TP-Link
NVD
CVSS 4.0
8.5
EPSS
0.5%
CVE-2026-32138 HIGH This Week

NEXULEAN versions prior to 2.0.0 expose Firebase and Web3Forms API keys in the application, allowing unauthenticated attackers to access backend services and retrieve sensitive user data. The hardcoded credentials can be leveraged remotely without any user interaction to interact with protected resources. No patch is currently available for affected deployments.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-28255 HIGH This Week

A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.

Authentication Bypass Tracer Sc Firmware Tracer Concierge
NVD VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-32260 HIGH PATCH This Week

Deno versions 2.7.0 through 2.7.1 contain a command injection vulnerability in the node:child_process polyfill where improper quote handling allows attackers to bypass previous security fixes and execute arbitrary OS commands through shell metacharacter injection in spawn/spawnSync arguments. This vulnerability bypasses Deno's permission system entirely, enabling complete system compromise for applications processing untrusted input. A patch is available in version 2.7.2.

Command Injection Deno Suse
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-32116 HIGH PATCH This Week

Magic Wormhole versions 0.21.0 through 0.22.x allow malicious senders to overwrite arbitrary files on a receiver's system during file transfer operations, potentially compromising SSH keys and shell configuration files. This path traversal vulnerability (CWE-22) requires the attacker to control the sending side of the transfer and affects any user receiving files from an untrusted source. No patch is currently available for this HIGH severity vulnerability.

Path Traversal Magic Wormhole
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-25529 HIGH This Week

Postal SMTP server versions below 3.3.5 contain a stored cross-site scripting (XSS) vulnerability in the admin interface where the API's "send/raw" method fails to properly escape user-supplied data, allowing authenticated attackers to inject malicious HTML and JavaScript. An attacker with API access could manipulate the admin dashboard or execute unauthorized actions in the context of an administrator's session. No patch is currently available for affected versions.

XSS
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-32302 HIGH PATCH This Week

High severity vulnerability in OpenClaw. In affected versions of `openclaw`, browser-originated WebSocket connections could bypass origin validation when `gateway.auth.mode` was set to `trusted-proxy` and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted reverse proxy, inherit proxy-authenticated identity, and establish a privileged operator session.

Node.js Information Disclosure
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-3989 HIGH PATCH GHSA This Week

High severity vulnerability in SGLang. SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script.

Deserialization
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27940 HIGH This Week

Local attackers can achieve heap buffer overflow in llama.cpp versions before b8146 through integer overflow in the GGUF file parsing function, enabling arbitrary code execution with high integrity and confidentiality impact. The vulnerability stems from undersized heap allocation followed by unvalidated writes of over 528 bytes of attacker-controlled data, bypassing a previous fix for the same component. This affects systems running vulnerable LLM inference implementations on local machines where user interaction is required to trigger the malicious GGUF file processing.

Buffer Overflow Heap Overflow Llama Cpp
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21670 HIGH This Week

Unauthorized SSH credential extraction affects systems where low-privileged users can access stored authentication material, enabling account compromise without administrative access. The network-accessible vulnerability requires valid user credentials to exploit but impacts the entire system's security posture by exposing sensitive SSH keys. No patch is currently available to remediate this issue.

Information Disclosure Veeam Backup Replication
NVD VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-21887 HIGH PATCH GHSA This Week

OpenCTI versions prior to 6.8.16 contain a server-side request forgery vulnerability in the data ingestion feature that fails to validate user-supplied URLs, allowing authenticated attackers to send requests to arbitrary internal endpoints and services. The Axios HTTP client's permissive default configuration processes absolute URLs without restriction, enabling semi-blind SSRF attacks that can compromise internal systems despite limited response visibility. This vulnerability requires authentication but affects all deployments running vulnerable versions.

SSRF
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-3657 HIGH This Week

Unauthenticated SQL injection in WordPress My Sticky Bar plugin versions up to 2.8.6 allows attackers to extract database contents through crafted AJAX requests that exploit unsanitized parameter names in SQL INSERT statements. The vulnerability enables blind time-based data exfiltration despite sanitization of parameter values, affecting all users of the vulnerable plugin. No patch is currently available.

WordPress SQLi
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-2229 HIGH PATCH This Week

Node.js undici WebSocket client denial-of-service vulnerability allows remote attackers to crash the process by sending a malformed permessage-deflate compression parameter that bypasses validation and triggers an uncaught exception. The vulnerability exists because the client fails to properly validate the server_max_window_bits parameter before passing it to zlib, enabling any WebSocket server to terminate connected clients. No patch is currently available.

Node.js Denial Of Service Undici
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-32319 HIGH PATCH This Week

High severity vulnerability in Ella Networks Core. Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes.

Information Disclosure Buffer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-1528 HIGH PATCH This Week

Undici's WebSocket frame parser fails to properly validate 64-bit length fields, causing integer overflow in internal calculations that leaves the parser in an invalid state and crashes the process with a fatal TypeError. An unauthenticated remote attacker can exploit this to achieve denial of service by sending a specially crafted WebSocket frame. Versions 7.24.0, 6.24.0, and later contain fixes for this vulnerability.

Buffer Overflow Undici
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-1526 HIGH PATCH This Week

Node.js undici WebSocket client denial-of-service via decompression bomb in permessage-deflate processing allows remote attackers to crash or hang affected processes through unbounded memory consumption. An attacker controlling a malicious WebSocket server can send specially crafted compressed frames that expand to extremely large sizes in memory without triggering any decompression limits. No patch is currently available for this vulnerability.

Node.js Denial Of Service Undici
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-32141 HIGH PATCH This Week

flatted is a circular JSON parser. versions up to 3.4.0 is affected by uncontrolled recursion (CVSS 7.5).

Node.js Denial Of Service Flatted
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-70873 HIGH POC PATCH This Week

SQLite's zipfile extension contains a bug in the zipfileInflate function that leaks heap memory contents when processing specially crafted ZIP files. This affects SQLite version 3.51.1 and earlier installations that use the zipfile extension. An attacker can exploit this by providing a malicious ZIP file to read sensitive data from the application's memory, potentially exposing passwords, encryption keys, or other confidential information.

Information Disclosure Sqlite
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-4008 HIGH This Week

Remote code execution in Tenda W3 1.0.0.3(2204) via stack buffer overflow in the /goform/wifiSSIDset POST parameter handler allows authenticated attackers to achieve complete system compromise. The vulnerability exists in the index/GO parameter processing and can be exploited over the network without user interaction. Public exploit code is available for this vulnerability.

Buffer Overflow Tenda
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-3976 HIGH This Week

Stack-based buffer overflow in Tenda W3 firmware version 1.0.0.3(2204) allows remote authenticated attackers to achieve complete system compromise through manipulation of the index/GO parameter in the /goform/WifiMacFilterSet POST handler. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available.

Buffer Overflow Tenda
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-3973 HIGH This Week

Stack-based buffer overflow in Tenda W3 firmware version 1.0.0.3(2204) allows authenticated remote attackers to achieve complete system compromise through malicious ping parameters sent to the /goform/setAutoPing endpoint. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available, leaving affected devices exposed without mitigation options.

Buffer Overflow Tenda
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-3971 HIGH This Week

Stack-based buffer overflow in Tenda i3 firmware version 1.0.0.6(2204) allows authenticated remote attackers to achieve full system compromise through the SSID configuration endpoint. The vulnerability exists in the formwrlSSIDset function due to improper input validation on the index/GO parameter, and public exploit code is available. No patch is currently available, making this a critical risk for affected network devices.

Buffer Overflow Tenda
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-28791 HIGH PATCH This Week

High severity vulnerability in TinaCMS. ## Affected Package

Path Traversal Tinacms Cli
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.1%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy