Remote unauthenticated attackers can read arbitrary server files in ZwickRoell Test Data Management versions before 3.0.8 by exploiting a path traversal flaw in the node_upgrade_srv.js endpoint's firmware parameter. The vulnerability enables direct access to sensitive system files including credentials, configuration data, and source code without authentication. Despite the high CVSS score (8.7), the low EPSS probability (0.06%, 17th percentile) indicates minimal automated exploitation activity, though the unauthenticated network attack vector and low complexity make this readily exploitable if discovered by adversaries targeting industrial testing infrastructure.
The DefaultController->actionLoadContainerData() endpoint in the Microsoft plugin permits unauthenticated attackers possessing a valid CSRF token to enumerate accessible storage buckets and extract sensitive data from Azure error messages. This authorization bypass affects users running unpatched versions prior to 2.1.1, exposing cloud storage infrastructure details and potentially sensitive system information through verbose error responses.
An Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa allows unauthenticated attackers to access sensitive user data including usernames, full names, email addresses, and phone numbers of all enrolled students by manipulating course IDs in the export endpoint. The vulnerability requires no authentication and can be exploited remotely through simple URL manipulation and brute-force attacks on course IDs. With a CVSS score of 8.7 and network-based attack vector, this represents a critical data exposure risk for educational institutions using Campus Educativa.
Cross-user data exposure and tampering in GROWI v7.4.5 and earlier allows any authenticated user who learns a shared AI assistant's identifier to read or modify other users' OpenAI thread and message contents via API endpoints that omit authorization checks. The flaw stems from missing access control (CWE-862) on the AI assistant interaction layer rather than a memory-corruption or injection bug. No public exploit identified at time of analysis, and EPSS rates near-term exploitation probability at 0.04% (12th percentile).
OS command injection in OpenLiteSpeed and LSWS Enterprise web servers from LiteSpeed Technologies allows administrative users to execute arbitrary operating system commands on the host. The flaw affects all versions of both products per ENISA EUVD and was reported by JPCERT/CC via JVN. No public exploit identified at time of analysis and EPSS exploitation probability is low (0.16%, 37th percentile), but the high CVSS 4.0 score (8.6) reflects full confidentiality, integrity, and availability impact on the underlying host.
An identity-based authorization bypass vulnerability (IDOR) allows authenticated attackers to modify other users' account data, including email addresses, and subsequently hijack accounts through password reset flows. The vulnerability affects an unspecified product with a CVSS 8.6 severity rating, requires only low privileges to exploit over the network, and enables complete account takeover. No active exploitation has been reported (not in KEV), no public proof-of-concept exists, and the EPSS score is unavailable.
A privilege escalation vulnerability in Tinycontrol network management devices (tcPDU and LAN Controllers) allows low-privileged users to retrieve administrator passwords by directly accessing resources that are hidden from the graphical interface. The vulnerability affects multiple product lines including tcPDU, LK3.5, LK3.9, and LK4 controllers across various hardware versions, with a high CVSS score of 8.6 indicating significant risk. No evidence of active exploitation exists (not in KEV), no public POC is available, and the EPSS score is not provided, but patches are available for all affected versions.
A security vulnerability in renders user-supplied template content (CVSS 8.5) that allows an authenticated user with access. High severity vulnerability requiring prompt remediation. Vendor patch is available.
A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME allows local attackers to execute arbitrary code with administrative privileges through DLL side-loading. The vulnerability affects versions up to 2.0.5 and occurs because the application loads DLLs using Windows' default search order without verifying integrity or signatures, allowing malicious DLLs placed in writable directories to be loaded when the application runs. No active exploitation has been reported (not in KEV), no public POC is available, and EPSS data is not yet available for this CVE.
OIDC ID Token hash-binding bypass in the Authlib Python library (versions <= 1.6.8) lets attackers defeat at_hash and c_hash integrity checks by forging the JWT alg header with an unsupported value. The internal _verify_hash routine fails open-returning True when create_half_hash yields None for an unknown algorithm-so a forged token binds to an attacker-controlled access_token or authorization code. A detailed, working proof-of-concept against the real library exists; there is no public evidence of active exploitation, and EPSS is very low (0.02%). The flaw is fixed in Authlib 1.6.9.
A critical CORS misconfiguration in the Glances system monitoring tool's REST API allows any website to steal sensitive system information from users who visit a malicious page while having access to a Glances instance. The vulnerability affects all versions prior to 4.5.2 and enables cross-origin theft of system stats, configuration secrets, database passwords, API keys, and command-line arguments. A proof-of-concept is publicly available, though no active exploitation has been reported yet.
Google's Secure Folder prior to the March 2026 SMR release improperly exports Android application components, enabling local attackers to execute arbitrary activities with Secure Folder privileges. This high-severity vulnerability affects users with local device access and could allow privilege escalation or unauthorized access to protected data. No patch is currently available.
A credential disclosure vulnerability exists in Glances monitoring tool when running in Central Browser mode with autodiscovery enabled. The vulnerability allows attackers on the same local network to steal reusable authentication credentials by advertising fake Glances services via Zeroconf, as the application trusts untrusted service names for password lookups instead of using verified IP addresses. A working proof-of-concept is included in the advisory, and the issue has a CVSS score of 8.1 indicating high severity.
A second-order SQL injection vulnerability exists in Admidio's MyList configuration feature, allowing authenticated users to inject arbitrary SQL commands through list column configurations that are safely stored but unsafely read back. The vulnerability enables attackers to read sensitive data including password hashes, modify database contents, or achieve full database compromise. A detailed proof-of-concept is available demonstrating exploitation requiring only standard user privileges.
CVE-2026-32768 is a security vulnerability. Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Dell ThinOS 10 versions before 2602_10.0573 contain a command injection flaw that allows local attackers with low privileges to execute arbitrary commands and escalate their access rights. The vulnerability stems from improper sanitization of special elements in user-supplied input, requiring only local access and no user interaction to exploit. No patch is currently available.
A code injection vulnerability in SOLIDWORKS Desktop releases 2025 through 2026 allows attackers to execute arbitrary code on victim machines by tricking users into opening specially crafted files. The vulnerability requires local access and user interaction but provides complete system compromise with high impact to confidentiality, integrity, and availability (CVSS 7.8). No evidence of active exploitation or proof-of-concept code has been reported.
A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name (e.g., csrss.exe, edrsvc.exe, edrcon.exe).
Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.This issue affects: smartLink SW-PN: through 1.03 smartLink SW-HT: through 1.42
Path traversal in Python and Docker import endpoints allows authenticated administrators to write files to arbitrary filesystem locations by injecting directory traversal sequences in multipart upload filenames, potentially enabling remote code execution through placement of malicious files in executable paths. The vulnerability affects the POST /api/import/importSY and POST /api/import/importZipMd endpoints which fail to sanitize user-supplied filenames before constructing file write paths. No patch is currently available.
A sensitive information disclosure vulnerability in Mattermost Plugins versions 2.0.3.0 and earlier fails to properly mask sensitive configuration values in support packets, allowing attackers with high privileges to extract original plugin settings from exported configuration data. The vulnerability requires authenticated access with high privileges (CVSS 7.6) and enables attackers to obtain sensitive configuration data that should be masked, potentially exposing API keys, credentials, or other sensitive plugin configurations. No active exploitation or proof-of-concept has been reported, and the vulnerability requires significant access privileges to exploit.
A critical physical access vulnerability in IncusOS allows attackers to bypass LUKS disk encryption without breaking Secure Boot or modifying the kernel. The vulnerability affects all IncusOS versions through mkosi prior to version 202603142010 and enables attackers with physical access to extract encryption keys by substituting the encrypted root partition with their own malicious partition. This vulnerability has been patched and a proof-of-concept attack methodology has been publicly documented.
GoBGP gobgpd version 4.2.0 is vulnerable to denial of service attacks when processing malformed NEXT_HOP path attributes, allowing unauthenticated remote attackers to crash the BGP daemon without authentication or user interaction. This vulnerability affects BGP infrastructure relying on the vulnerable version and has no available patch at this time. The attack requires only network access to the BGP service, making it easily exploitable in environments running affected versions.
Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file path validation during the extraction of game files
Path traversal in the webserver's archive extraction function allows unauthenticated remote attackers to write files outside the intended directory by crafting malicious tar archives, due to incomplete path validation in the sanitizeArchivePath function. The vulnerability affects the download command's decompression functionality and could enable arbitrary file placement on the system. A patch is available.
A critical information disclosure vulnerability in Glances system monitoring tool allows unauthenticated remote attackers to access sensitive configuration data including password hashes, SNMP community strings, and authentication keys through unprotected API endpoints. The vulnerability affects Glances versions prior to 4.5.2 when running in web server mode without password protection (the default configuration), and a proof-of-concept demonstrating the attack is publicly available. While not currently in CISA's Known Exploited Vulnerabilities catalog, the issue has a high CVSS score of 7.5 due to the ease of exploitation and severity of exposed secrets.
SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component
Mattermost 10.11.x through 11.3.x fails to validate password length, allowing unauthenticated attackers to trigger denial of service by submitting multi-megabyte passwords during login attempts that consume excessive CPU and memory resources. The vulnerability affects all versions up to 10.11.10, 11.2.2, and 11.3.0, with no patch currently available.
The @dicebear/converter library before version 9.4.0 fails to validate SVG dimension attributes, allowing attackers to trigger excessive memory allocation by providing crafted SVGs with extremely large width and height values. Server-side applications processing untrusted or user-supplied SVGs through the conversion functions (toPng, toJpeg, toWebp, toAvif) are vulnerable to denial of service attacks. A patch is available in version 9.4.0 and users should upgrade immediately if processing external SVG inputs.
CVE-2026-4276 is a security vulnerability (CVSS 7.5) that allows attackers. High severity vulnerability requiring prompt remediation.
A host header injection vulnerability in Raytha CMS allows attackers to hijack password reset tokens by spoofing X-Forwarded-Host or Host headers, leading to account takeover. The vulnerability affects all versions prior to 1.4.6 and requires only that the attacker knows the victim's email address to initiate the attack chain. With a CVSS 7.5 score and requiring user interaction, this represents a significant authentication bypass risk for organizations using the affected CMS versions.
libexpat before version 2.7.5 contains a NULL pointer dereference vulnerability in the setContext function that occurs when the library retries operations following an out-of-memory condition. This flaw affects all users of vulnerable libexpat versions and can result in application crashes leading to denial of service. While the CVSS score of 2.9 is low and exploitation requires specific local conditions and high complexity, this vulnerability represents a stability risk for XML parsing operations in memory-constrained or stressed environments.
libexpat before version 2.7.5 contains an infinite loop vulnerability triggered during DTD (Document Type Definition) parsing, allowing local attackers to cause a denial of service condition. The vulnerability affects all applications and libraries that depend on libexpat for XML parsing, with a CVSS score of 4.0 reflecting limited severity due to local-only attack vector and availability impact. While the CVSS base score is moderate, the infinite loop condition presents a real denial of service risk for services that parse untrusted XML documents containing malicious DTD content.
libexpat before version 2.7.5 contains a NULL pointer dereference vulnerability triggered by malformed XML containing empty external parameter entity content, resulting in denial of service through application crashes. The vulnerability affects all versions of libexpat prior to 2.7.5 across multiple platforms and applications that embed this XML parsing library. An attacker with local access can craft a malicious XML document to crash any application using vulnerable libexpat, though the impact is limited to availability (CVSS 4.0) with no code execution or data compromise possible.
Token audience confusion in the FastMCP OAuth Proxy (fastmcp < 2.14.2) lets a malicious MCP server harvest a victim's access/refresh tokens and replay them against benign MCP servers that share the same authorization server. The proxy ignores the client-supplied `resource` parameter and instead binds every token to the proxy's own `base_url`, so receiving servers cannot enforce audience validation. A working proof-of-concept environment is published, though EPSS is negligible (0.01%) and the issue is not in CISA KEV; publicly available exploit code exists.
Integer underflow in libexif 0.6.25 and earlier allows local attackers to overwrite memory via crafted MakerNote EXIF data in image files. The flaw occurs when exif_mnote_data_get_value receives a zero-size parameter, triggering a buffer overflow that can lead to arbitrary code execution or information disclosure. No active exploitation confirmed (CISA KEV absent), but upstream commit 7df372e exists. EPSS score of 0.01% suggests low widespread exploitation likelihood, though the high-complexity local attack vector (CVSS AV:L/AC:H) limits real-world risk to scenarios where attackers control image file inputs processed by affected applications.
Buffer overflow in pyOpenSSL's cookie generation callback allows attackers to corrupt memory and potentially achieve remote code execution by supplying oversized cookie values exceeding 256 bytes. The vulnerability affects applications using custom cookie callbacks with OpenSSL integration, where insufficient length validation permits writing beyond allocated buffer boundaries. A patch is available that implements proper cookie size validation.
Remote code execution in Craft CMS allows authenticated administrators with control panel access to execute arbitrary code by exploiting an incomplete patch that left the same vulnerable gadget chain pattern in multiple controllers. The vulnerability requires administrative privileges and the allowAdminChanges setting to be enabled, limiting exposure to trusted users with elevated access. Craft CMS versions before 4.17.5 and 5.9.11 are affected and should be patched immediately.
Unsafe deserialization of untrusted user input in PHP Craft CMS allows authenticated high-privilege users to inject arbitrary Yii2 behaviors and event handlers, enabling remote code execution through the EntryTypesController. An incomplete prior patch for a similar vulnerability left the same dangerous pattern in place, permitting attackers with administrative access to manipulate application configuration and achieve full system compromise. A patch is available to properly sanitize configuration inputs before processing.
Smart Switch versions prior to 3.7.69.15 contain a replay attack vulnerability in the authentication mechanism that allows remote attackers to bypass security controls and execute privileged functions without valid credentials. The vulnerability requires user interaction to trigger but poses a significant risk as no patch is currently available. Organizations using affected Smart Switch deployments should implement network-level controls to restrict access until an update is released.
Samsung Smart Switch versions prior to 3.7.69.15 contain an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent security controls. This vulnerability could enable attackers to gain unauthorized access to the application without valid credentials. No patch is currently available for this high-severity issue.
A cryptographic downgrade vulnerability in Samsung Smart Switch allows remote attackers to force the application to use weak authentication schemes during device-to-device transfers. The vulnerability affects Smart Switch versions prior to 3.7.69.15 and requires user interaction to exploit, potentially exposing sensitive data during the transfer process between Samsung devices. With a CVSS 4.0 score of 7.1 and no current evidence of active exploitation or public proof-of-concept code, this represents a moderate risk primarily to Samsung device users performing data migrations.
CVE-2026-32769 is a security vulnerability. Remediation should follow standard vulnerability management procedures. Vendor patch is available.
A reflected Cross-Site Scripting (XSS) vulnerability exists in the Flexmls® IDX WordPress plugin through version 3.15.9, allowing attackers to inject malicious scripts into web pages that execute in victims' browsers when they click specially crafted links. The vulnerability has a CVSS score of 7.1 and requires user interaction but can impact confidentiality, integrity, and availability across different origins due to its scope change characteristic. While not currently listed in CISA KEV or showing high EPSS scores, the vulnerability represents a moderate risk for WordPress sites using this real estate listing plugin.
A non-relational SQL injection (NoSQLi) vulnerability exists in the Wakyma veterinary web application, specifically in the hospitalization summary generation endpoint at vets.wakyma.com. Authenticated users with low privileges can inject NoSQL commands into POST requests to exfiltrate customer reports containing sensitive veterinary and pet owner data. The vulnerability has a high CVSS score of 7.1 but requires authentication, limiting the attack surface to users with valid credentials.
A path traversal vulnerability in Smart Switch (CVSS 7.1) that allows adjacent attackers. High severity vulnerability requiring prompt remediation.
Glances monitoring system allows local attackers with limited privileges to execute arbitrary commands by injecting shell metacharacters into process or container names, which bypass command sanitization in the action execution handler. The vulnerability affects the threshold alert system that dynamically executes administrator-configured shell commands populated with runtime monitoring data. An attacker controlling a process name or container name can manipulate command parsing to break out of intended command boundaries and inject malicious commands.
Galaxy Store versions prior to 4.6.03.8 contain an access control flaw that enables local attackers to create files with elevated Galaxy Store privileges. This vulnerability affects local users on affected devices and could allow privilege escalation or persistence mechanisms. No patch is currently available.
SQL injection in Python's Glances DuckDB export module allows unauthenticated remote attackers to execute arbitrary SQL commands by injecting malicious data through unparameterized table and column name interpolation in DDL statements. While INSERT values use parameterized queries, identifier names are directly embedded via f-strings, enabling attackers over the network to manipulate database structure and access sensitive monitoring data. A patch is available.
A URL redirection vulnerability in Samsung Account allows remote attackers to potentially steal user access tokens through malicious redirect chains. The vulnerability affects Samsung Account versions prior to 15.5.01.1 and requires user interaction to exploit. While not currently in CISA's Known Exploited Vulnerabilities catalog, the issue has a moderate CVSS score of 7.0 and could lead to account takeover if successfully exploited.