Skip to main content
CVE-2026-4252 HIGH POC This Week

A critical authentication bypass vulnerability exists in Tenda AC8 router firmware version 16.03.50.11 where the IPv6 handler function check_is_ipv6 relies on IP address for authentication, allowing remote attackers to gain unauthorized access. The vulnerability has a publicly available proof-of-concept exploit on GitHub and scores 9.8 CVSS, enabling complete compromise of the affected device with no authentication required. While not currently listed in CISA KEV, the combination of public exploit availability and ease of exploitation makes this a high-priority vulnerability for organizations using affected Tenda routers.

Tenda Information Disclosure
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.1%
CVE-2026-4213 HIGH POC This Week

Stack-based buffer overflow in D-Link DNS storage appliances (DNS-120, DNS-340L, DNS-1200-05 and others) through the /cgi-bin/gui_mgr.cgi endpoint allows remote authenticated attackers to achieve code execution. Public exploit code exists for this vulnerability, and no patch is currently available. Affected firmware versions are dated up to February 5, 2026.

Stack Overflow Buffer Overflow D-Link Dns 120 Dns 340l +18
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-4214 HIGH POC This Week

Stack-based buffer overflow in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-326, DNS-1100-4, and others) through the UPnP_AV_Server_Path_Setting function in /cgi-bin/app_mgr.cgi allows authenticated remote attackers to achieve complete system compromise with high integrity, confidentiality, and availability impact. Public exploit code exists for this vulnerability, and no patch is currently available.

Buffer Overflow D-Link Stack Overflow Dns 320lw Dns 323 +18
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4212 HIGH POC This Week

Stack-based buffer overflow in D-Link DNS NAS devices (DNS-120 through DNS-1550-04) allows authenticated attackers to achieve remote code execution via the Downloads_Schedule_Info function in /cgi-bin/download_mgr.cgi. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be executed over the network with high impact on confidentiality, integrity, and availability.

D-Link Buffer Overflow Stack Overflow Dns 1550 04 Dns 343 +18
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4211 HIGH POC This Week

Stack-based buffer overflow in D-Link DNS and DNR network storage devices allows authenticated remote attackers to execute arbitrary code by manipulating the f_idx parameter in the local_backup_mgr.cgi endpoint. Public exploit code exists for this vulnerability, which affects multiple device models up to firmware version 20260205 with no patch currently available. An attacker with valid credentials can trigger memory corruption to achieve complete system compromise including code execution, data theft, and service disruption.

D-Link Buffer Overflow Stack Overflow Dns 315l Dns 120 +18
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4227 HIGH POC This Week

Remote code execution in LB-LINK BL-WR9000 2.4.9 via buffer overflow in the /goform/get_hidessid_cfg endpoint allows authenticated attackers to achieve complete system compromise over the network. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. An attacker with login credentials can trigger the overflow in the sub_44D844 function to execute arbitrary code with full system privileges.

Buffer Overflow Bl Wr9000
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4226 HIGH POC This Week

Stack Overflow's infrastructure contains a stack-based buffer overflow in a virtual configuration function that can be exploited remotely by authenticated attackers to achieve complete system compromise. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. An attacker with valid credentials can manipulate input to the vulnerable endpoint and execute arbitrary code with full system privileges.

Buffer Overflow Stack Overflow Bl Wr9000
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2017-20222 HIGH POC This Week

An unauthenticated remote reboot vulnerability exists in the Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0, allowing attackers to trigger device restarts without any authentication by sending specially crafted POST requests to the lte.cgi endpoint. This vulnerability has a publicly available proof-of-concept exploit and enables denial of service attacks against affected routers. The vulnerability has been assigned a high CVSS score of 7.5 due to the complete availability impact and lack of authentication requirements.

Denial Of Service Authentication Bypass Sdt Cs3b1
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-32596 HIGH POC PATCH GHSA This Week

Glances web server exposes its REST API without authentication by default when started with the -w flag, allowing unauthenticated remote attackers to access sensitive system information including process details that may contain credentials such as passwords and API keys. The vulnerability affects Python and Docker deployments where Glances is exposed to untrusted networks due to the server binding to 0.0.0.0 with authentication disabled by default. A patch is available to address this configuration vulnerability.

Python Docker Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-30875 HIGH PATCH This Week

An arbitrary file upload vulnerability in Chamilo LMS allows authenticated users with Teacher role to achieve Remote Code Execution by uploading malicious H5P packages. The flaw affects versions prior to 1.11.36 and stems from inadequate validation of H5P package contents, which only checks for h5p.json existence but fails to block .htaccess or PHP files with alternative extensions. With a CVSS score of 8.8 and high exploitation potential, attackers can upload webshells disguised as text files along with .htaccess configurations to bypass security controls.

PHP RCE File Upload Code Injection Chamilo Lms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-32756 HIGH PATCH This Week

A critical unrestricted file upload vulnerability in Admidio's Documents & Files module allows authenticated users with upload permissions to bypass file extension restrictions by submitting an invalid CSRF token, enabling upload of PHP scripts that lead to Remote Code Execution. The vulnerability affects Admidio versions prior to the patch and has a published proof-of-concept demonstrating webshell upload and command execution. With a CVSS score of 8.8 and detailed exploitation steps available, this represents a high-priority risk for organizations using Admidio for document management.

CSRF PHP RCE Information Disclosure File Upload
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-32771 HIGH PATCH GHSA This Week

Path traversal in the `extractor` CLI tool and `extract.DumpOTelCollector` library function allows attackers to write files outside the intended extraction directory by exploiting an incomplete path validation check in the `sanitizeArchivePath` function. A maliciously crafted tar archive can bypass the prefix check and place arbitrary files on the system when processed. A patch is available to address the missing trailing path separator validation.

Path Traversal Suse
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2025-50881 HIGH This Week

The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is vulnerable to Remote Code Execution.

PHP RCE Code Injection N A
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-15540 HIGH PATCH This Week

A code injection vulnerability in Raytha CMS's Functions module allows privileged users to execute arbitrary .NET operations through unrestricted JavaScript code execution, effectively bypassing application sandboxing. The vulnerability affects Raytha CMS versions prior to 1.4.6 and enables authenticated administrators to compromise the application's hosting environment. No active exploitation has been reported (not in KEV), no public POC is available, and EPSS data is not yet available for this recently disclosed vulnerability.

RCE Code Injection Raytha
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-30881 HIGH PATCH This Week

Authenticated attackers can exploit SQL injection in Chamilo LMS 1.11.34 and earlier through the statistics AJAX endpoint, where insufficient input sanitization allows bypassing of database escaping mechanisms via the date_start and date_end parameters. This vulnerability enables blind time-based SQL injection attacks to extract or manipulate sensitive data from the underlying database. Version 1.11.36 contains the patch; versions 1.11.35 and earlier remain vulnerable.

SQLi Chamilo Lms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-69784 HIGH This Week

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product.

RCE
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-11500 HIGH PATCH This Week

An authentication bypass vulnerability in Tinycontrol network devices (tcPDU and LAN Controllers LK3.5, LK3.9, LK4) exposes usernames and encoded passwords for both normal and admin users through unauthenticated HTTP requests to the login page. The vulnerability affects devices running older firmware versions when the secondary authentication mechanism is disabled (default setting), allowing any attacker on the local network to harvest credentials without authentication. With an EPSS score of 0.00043 and no KEV listing, this vulnerability shows low real-world exploitation activity despite its high CVSS score of 8.7.

Information Disclosure Lan Kontroler V3 5 Lk3 9 Lk4 Tcpdu
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-29522 HIGH This Week

Remote unauthenticated attackers can read arbitrary server files in ZwickRoell Test Data Management versions before 3.0.8 by exploiting a path traversal flaw in the node_upgrade_srv.js endpoint's firmware parameter. The vulnerability enables direct access to sensitive system files including credentials, configuration data, and source code without authentication. Despite the high CVSS score (8.7), the low EPSS probability (0.06%, 17th percentile) indicates minimal automated exploitation activity, though the unauthenticated network attack vector and low complexity make this readily exploitable if discovered by adversaries targeting industrial testing infrastructure.

Path Traversal Information Disclosure Test Data Management
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-32268 HIGH PATCH This Week

The DefaultController->actionLoadContainerData() endpoint in the Microsoft plugin permits unauthenticated attackers possessing a valid CSRF token to enumerate accessible storage buckets and extract sensitive data from Azure error messages. This authorization bypass affects users running unpatched versions prior to 2.1.1, exposing cloud storage infrastructure details and potentially sensitive system information through verbose error responses.

Information Disclosure Authentication Bypass Microsoft CSRF
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-3110 HIGH PATCH This Week

An Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa allows unauthenticated attackers to access sensitive user data including usernames, full names, email addresses, and phone numbers of all enrolled students by manipulating course IDs in the export endpoint. The vulnerability requires no authentication and can be exploited remotely through simple URL manipulation and brute-force attacks on course IDs. With a CVSS score of 8.7 and network-based attack vector, this represents a critical data exposure risk for educational institutions using Campus Educativa.

Authentication Bypass Campus
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-25083 HIGH This Week

Cross-user data exposure and tampering in GROWI v7.4.5 and earlier allows any authenticated user who learns a shared AI assistant's identifier to read or modify other users' OpenAI thread and message contents via API endpoints that omit authorization checks. The flaw stems from missing access control (CWE-862) on the AI assistant interaction layer rather than a memory-corruption or injection bug. No public exploit identified at time of analysis, and EPSS rates near-term exploitation probability at 0.04% (12th percentile).

Authentication Bypass Growi
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-31386 HIGH This Week

OS command injection in OpenLiteSpeed and LSWS Enterprise web servers from LiteSpeed Technologies allows administrative users to execute arbitrary operating system commands on the host. The flaw affects all versions of both products per ENISA EUVD and was reported by JPCERT/CC via JVN. No public exploit identified at time of analysis and EPSS exploitation probability is low (0.16%, 37th percentile), but the high CVSS 4.0 score (8.6) reflects full confidentiality, integrity, and availability impact on the underlying host.

Command Injection Openlitespeed Lsws Enterprise
NVD VulDB
CVSS 4.0
8.6
EPSS
0.2%
CVE-2026-3020 HIGH PATCH This Week

An identity-based authorization bypass vulnerability (IDOR) allows authenticated attackers to modify other users' account data, including email addresses, and subsequently hijack accounts through password reset flows. The vulnerability affects an unspecified product with a CVSS 8.6 severity rating, requires only low privileges to exploit over the network, and enables complete account takeover. No active exploitation has been reported (not in KEV), no public proof-of-concept exists, and the EPSS score is unavailable.

Authentication Bypass Wakyma Application Web
NVD VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-15587 HIGH PATCH This Week

A privilege escalation vulnerability in Tinycontrol network management devices (tcPDU and LAN Controllers) allows low-privileged users to retrieve administrator passwords by directly accessing resources that are hidden from the graphical interface. The vulnerability affects multiple product lines including tcPDU, LK3.5, LK3.9, and LK4 controllers across various hardware versions, with a high CVSS score of 8.6 indicating significant risk. No evidence of active exploitation exists (not in KEV), no public POC is available, and the EPSS score is not provided, but patches are available for all affected versions.

Information Disclosure Lan Kontroler V3 5 Lk3 9 Lk4 Tcpdu
NVD VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-32261 HIGH PATCH This Week

A security vulnerability in renders user-supplied template content (CVSS 8.5) that allows an authenticated user with access. High severity vulnerability requiring prompt remediation. Vendor patch is available.

RCE PHP Ssti
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-4255 HIGH PATCH This Week

A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME allows local attackers to execute arbitrary code with administrative privileges through DLL side-loading. The vulnerability affects versions up to 2.0.5 and occurs because the application loads DLLs using Windows' default search order without verifying integrity or signatures, allowing malicious DLLs placed in writable directories to be loaded when the application runs. No active exploitation has been reported (not in KEV), no public POC is available, and EPSS data is not yet available for this CVE.

RCE Microsoft
NVD VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-28498 HIGH PATCH This Week

OIDC ID Token hash-binding bypass in the Authlib Python library (versions <= 1.6.8) lets attackers defeat at_hash and c_hash integrity checks by forging the JWT alg header with an unsupported value. The internal _verify_hash routine fails open-returning True when create_half_hash yields None for an unknown algorithm-so a forged token binds to an attacker-controlled access_token or authorization code. A detailed, working proof-of-concept against the real library exists; there is no public evidence of active exploitation, and EPSS is very low (0.02%). The flaw is fixed in Authlib 1.6.9.

Python RCE
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-32610 HIGH PATCH This Week

A critical CORS misconfiguration in the Glances system monitoring tool's REST API allows any website to steal sensitive system information from users who visit a malicious page while having access to a Glances instance. The vulnerability affects all versions prior to 4.5.2 and enables cross-origin theft of system stats, configuration secrets, database passwords, API keys, and command-line arguments. A proof-of-concept is publicly available, though no active exploitation has been reported yet.

Python Information Disclosure Docker Cors Misconfiguration Suse
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-20990 HIGH This Week

Google's Secure Folder prior to the March 2026 SMR release improperly exports Android application components, enabling local attackers to execute arbitrary activities with Secure Folder privileges. This high-severity vulnerability affects users with local device access and could allow privilege escalation or unauthorized access to protected data. No patch is currently available.

Information Disclosure Google Android
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-32634 HIGH PATCH This Week

A credential disclosure vulnerability exists in Glances monitoring tool when running in Central Browser mode with autodiscovery enabled. The vulnerability allows attackers on the same local network to steal reusable authentication credentials by advertising fake Glances services via Zeroconf, as the application trusts untrusted service names for password lookups instead of using verified IP addresses. A working proof-of-concept is included in the advisory, and the issue has a CVSS score of 8.1 indicating high severity.

Python Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-32813 HIGH PATCH This Week

A second-order SQL injection vulnerability exists in Admidio's MyList configuration feature, allowing authenticated users to inject arbitrary SQL commands through list column configurations that are safely stored but unsafely read back. The vulnerability enables attackers to read sensitive data including password hashes, modify database contents, or achieve full database compromise. A detailed proof-of-concept is available demonstrating exploitation requiring only standard user privileges.

CSRF SQLi PHP Privilege Escalation
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-32768 HIGH PATCH This Week

CVE-2026-32768 is a security vulnerability. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Kubernetes Authentication Bypass Suse
NVD GitHub VulDB
CVSS 4.0
7.9
EPSS
0.0%
CVE-2026-23862 HIGH PATCH This Week

Dell ThinOS 10 versions before 2602_10.0573 contain a command injection flaw that allows local attackers with low privileges to execute arbitrary commands and escalate their access rights. The vulnerability stems from improper sanitization of special elements in user-supplied input, requiring only local access and no user interaction to exploit. No patch is currently available.

Dell Command Injection
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-3476 HIGH This Week

A code injection vulnerability in SOLIDWORKS Desktop releases 2025 through 2026 allows attackers to execute arbitrary code on victim machines by tricking users into opening specially crafted files. The vulnerability requires local access and user interaction but provides complete system compromise with high impact to confidentiality, integrity, and availability (CVSS 7.8). No evidence of active exploitation or proof-of-concept code has been reported.

RCE Code Injection Solidworks Desktop
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-69783 HIGH This Week

A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name (e.g., csrss.exe, edrsvc.exe, edrcon.exe).

Privilege Escalation
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-10685 HIGH This Week

Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.This issue affects: smartLink SW-PN: through 1.03 smartLink SW-HT: through 1.42

Heap Overflow Buffer Overflow Smartlink Sw Pn Smartlink Sw Ht
NVD VulDB
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-32749 HIGH PATCH This Week

Path traversal in Python and Docker import endpoints allows authenticated administrators to write files to arbitrary filesystem locations by injecting directory traversal sequences in multipart upload filenames, potentially enabling remote code execution through placement of malicious files in executable paths. The vulnerability affects the POST /api/import/importSY and POST /api/import/importZipMd endpoints which fail to sanitize user-supplied filenames before constructing file write paths. No patch is currently available.

Python Docker Path Traversal Suse
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-2476 HIGH PATCH This Week

A sensitive information disclosure vulnerability in Mattermost Plugins versions 2.0.3.0 and earlier fails to properly mask sensitive configuration values in support packets, allowing attackers with high privileges to extract original plugin settings from exported configuration data. The vulnerability requires authenticated access with high privileges (CVSS 7.6) and enables attackers to obtain sensitive configuration data that should be masked, potentially exposing API keys, credentials, or other sensitive plugin configurations. No active exploitation or proof-of-concept has been reported, and the vulnerability requires significant access privileges to exploit.

Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-32606 HIGH PATCH This Week

A critical physical access vulnerability in IncusOS allows attackers to bypass LUKS disk encryption without breaking Secure Boot or modifying the kernel. The vulnerability affects all IncusOS versions through mkosi prior to version 202603142010 and enables attackers with physical access to extract encryption keys by substituting the encrypted root partition with their own malicious partition. This vulnerability has been patched and a proof-of-concept attack methodology has been publicly documented.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-30405 HIGH This Week

GoBGP gobgpd version 4.2.0 is vulnerable to denial of service attacks when processing malformed NEXT_HOP path attributes, allowing unauthenticated remote attackers to crash the BGP daemon without authentication or user interaction. This vulnerability affects BGP infrastructure relying on the vulnerable version and has no available patch at this time. The attack requires only network access to the BGP service, making it easily exploitable in environments running affected versions.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-66687 HIGH This Week

Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file path validation during the extraction of game files

Path Traversal
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-32805 HIGH PATCH This Week

Path traversal in the webserver's archive extraction function allows unauthenticated remote attackers to write files outside the intended directory by crafting malicious tar archives, due to incomplete path validation in the sanitizeArchivePath function. The vulnerability affects the download command's decompression functionality and could enable arbitrary file placement on the system. A patch is available.

Path Traversal Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-32609 HIGH PATCH This Week

A critical information disclosure vulnerability in Glances system monitoring tool allows unauthenticated remote attackers to access sensitive configuration data including password hashes, SNMP community strings, and authentication keys through unprotected API endpoints. The vulnerability affects Glances versions prior to 4.5.2 when running in web server mode without password protection (the default configuration), and a proof-of-concept demonstrating the attack is publicly available. While not currently in CISA's Known Exploited Vulnerabilities catalog, the issue has a high CVSS score of 7.5 due to the ease of exploitation and severity of exposed secrets.

Python Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-69768 HIGH This Week

SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component

PHP SQLi
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24458 HIGH PATCH This Week

Mattermost 10.11.x through 11.3.x fails to validate password length, allowing unauthenticated attackers to trigger denial of service by submitting multi-megabyte passwords during login attempts that consume excessive CPU and memory resources. The vulnerability affects all versions up to 10.11.10, 11.2.2, and 11.3.0, with no patch currently available.

Denial Of Service Mattermost Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-29112 HIGH PATCH This Week

The @dicebear/converter library before version 9.4.0 fails to validate SVG dimension attributes, allowing attackers to trigger excessive memory allocation by providing crafted SVGs with extremely large width and height values. Server-side applications processing untrusted or user-supplied SVGs through the conversion functions (toPng, toJpeg, toWebp, toAvif) are vulnerable to denial of service attacks. A patch is available in version 9.4.0 and users should upgrade immediately if processing external SVG inputs.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-4276 HIGH This Week

CVE-2026-4276 is a security vulnerability (CVSS 7.5) that allows attackers. High severity vulnerability requiring prompt remediation.

Code Injection RCE Rag Api
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-69240 HIGH PATCH This Week

A host header injection vulnerability in Raytha CMS allows attackers to hijack password reset tokens by spoofing X-Forwarded-Host or Host headers, leading to account takeover. The vulnerability affects all versions prior to 1.4.6 and requires only that the attacker knows the victim's email address to initiate the attack chain. With a CVSS 7.5 score and requiring user interaction, this represents a significant authentication bypass risk for organizations using the affected CMS versions.

Information Disclosure Authentication Bypass Raytha
NVD
CVSS 4.0
7.5
EPSS
0.0%
CVE-2025-69196 HIGH PATCH This Week

Token audience confusion in the FastMCP OAuth Proxy (fastmcp < 2.14.2) lets a malicious MCP server harvest a victim's access/refresh tokens and replay them against benign MCP servers that share the same authorization server. The proxy ignores the client-supplied `resource` parameter and instead binds every token to the proxy's own `base_url`, so receiving servers cannot enforce audience validation. A working proof-of-concept environment is published, though EPSS is negligible (0.01%) and the issue is not in CISA KEV; publicly available exploit code exists.

Authentication Bypass Python
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-32775 HIGH PATCH This Week

Integer underflow in libexif 0.6.25 and earlier allows local attackers to overwrite memory via crafted MakerNote EXIF data in image files. The flaw occurs when exif_mnote_data_get_value receives a zero-size parameter, triggering a buffer overflow that can lead to arbitrary code execution or information disclosure. No active exploitation confirmed (CISA KEV absent), but upstream commit 7df372e exists. EPSS score of 0.01% suggests low widespread exploitation likelihood, though the high-complexity local attack vector (CVSS AV:L/AC:H) limits real-world risk to scenarios where attackers control image file inputs processed by affected applications.

Information Disclosure Integer Overflow Libexif
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy