THREAT ALERT

EMERGENCY CVE-2026-33017 9.3 Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-33017, CVSS 9.3) in the public flow build API that allows attackers to execute arbitrary Python code by supplying malicious flow data. KEV-listed with public PoC, this vulnerability enables anyone with network access to a Langflow instance to achieve server compromise through the API that builds public flows without authentication. | ACT NOW CVE-2026-3910 8.8 Chrome's V8 JavaScript engine contains an inappropriate implementation (CVE-2026-3910, CVSS 8.8) that allows remote attackers to execute arbitrary code within the browser sandbox via crafted HTML pages. KEV-listed with public PoC, this V8 vulnerability affects all Chromium-based browsers and enables drive-by exploitation through any web page containing malicious JavaScript. | ACT NOW CVE-2026-3909 8.8 Google Chrome's Skia graphics library contains an out-of-bounds write (CVE-2026-3909, CVSS 8.8) enabling remote attackers to perform memory corruption through crafted HTML pages. KEV-listed with public PoC and patches available, this vulnerability in the core graphics rendering engine affects all Chromium-based browsers. | ACT NOW CVE-2025-14558 7.2 The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified. resolvconf(8) is a shell script which does not validate its input. [CVSS 7.2 HIGH] | EMERGENCY CVE-2026-20131 10.0 Cisco Secure Firewall Management Center (FMC) contains a critical unauthenticated Java deserialization vulnerability (CVE-2026-20131, CVSS 10.0) in its web interface that enables remote code execution as root. KEV-listed with public PoC, this vulnerability allows complete compromise of the central management platform that controls all Cisco firewalls in the organization, enabling attackers to modify security policies, disable protections, and access all network traffic. | EMERGENCY CVE-2026-27971 9.8 RCE in Qwik JavaScript framework <= 1.19.0 via unsafe deserialization in server$ Runtime. EPSS 13.4% with PoC available. | ACT NOW CVE-2026-21385 7.8 A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memory allocation, enabling local privilege escalation to kernel level. KEV-listed and patched, this vulnerability affects Qualcomm-based mobile devices and embedded systems, potentially impacting billions of Android devices globally. | ACT NOW CVE-2026-22719 8.1 VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated remote attackers to execute arbitrary commands during support-assisted product migration. KEV-listed with patches available, this vulnerability targets the infrastructure monitoring platform that has visibility into the entire virtualized environment. | EMERGENCY CVE-2026-20127 10.0 Cisco Catalyst SD-WAN Controller and Manager contain a critical authentication bypass (CVE-2026-20127, CVSS 10.0) in the peering authentication mechanism that allows unauthenticated remote attackers to obtain full administrative privileges. The vulnerability exists because peering authentication does not properly validate credentials, enabling any attacker with network access to take over the SD-WAN management plane and control the entire WAN fabric. | EMERGENCY CVE-2026-27180 9.8 MajorDoMo home automation platform is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin() method without authentication due to improper use of gr() (which reads from $_REQUEST), allowing attackers to redirect update URLs and push malicious code packages. | EMERGENCY CVE-2026-27175 9.8 Unauthenticated OS command injection in MajorDoMo via rc/index.php. EPSS 41.7% — the $param variable is passed unsanitized to shell commands. PoC available. | EMERGENCY CVE-2026-27174 9.8 MajorDoMo home automation platform allows unauthenticated remote code execution through the admin panel's PHP console. An include order bug in panel.class.php causes execution to continue past a redirect() call that lacks an exit statement, allowing unauthenticated requests to reach the PHP code execution functionality in inc_panel_ajax.php. | ACT NOW CVE-2026-22769 10.0 Dell RecoverPoint for Virtual Machines prior to 6.0.3.1 HF1 contains hardcoded credentials (CVE-2026-22769, CVSS 10.0) that allow unauthenticated remote attackers with knowledge of the credentials to gain root-level access to the underlying operating system. KEV-listed, this vulnerability exposes disaster recovery infrastructure to complete compromise, potentially affecting the integrity of backup and replication data. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — March 17, 2026

141 CVEs tracked today. 9 Critical, 49 High, 69 Medium, 12 Low.

CVE-2026-33017 CRITICAL CVSS 9.3
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-33017, CVSS 9.3) in the public flow build API that allows attackers to execute arbitrary Python code by supplying malicious flow data. KEV-listed with public PoC, this vulnerability enables anyone with network access to a Langflow instance to achieve server compromise through the API that builds public flows without authentication.

RCE Python Code Injection
CVE-2026-32298 CRITICAL CVSS 9.1
OS command execution in Angeet ES3 KVM allows authenticated administrators to execute arbitrary system commands through improper input validation in the cfg.lua script. An attacker with high-level privileges can leverage this vulnerability to achieve complete system compromise with high impact on confidentiality, integrity, and availability. No patch is currently available for this critical vulnerability.

Command Injection Es3 Kvm
CVE-2026-32295 CRITICAL CVSS 9.3
JetKVM versions prior to 0.5.4 contain an authentication vulnerability that allows unlimited login attempts without rate limiting, enabling attackers to conduct brute-force attacks against user credentials. This affects KVM (Keyboard, Video, Mouse) over IP devices used for remote server management, potentially granting attackers administrative access to critical infrastructure. The vulnerability has been reported by CISA-CG and analyzed by security researchers at Eclypsium in their research on KVM device security risks.

Information Disclosure
CVE-2026-31938 CRITICAL CVSS 9.6
HTML injection in PDF output functions allows remote attackers to execute arbitrary scripts in the browser context where generated PDFs are opened, exploitable when untrusted user input is passed unsanitized to the pdfObjectUrl, pdfJsUrl, or filename options. An attacker can craft malicious values through a web interface that, when used by victims to generate and open PDFs, execute arbitrary JavaScript in their browser with high impact on confidentiality and integrity. A patch is available to remediate this critical vulnerability affecting all users who process user-controlled PDF output parameters.

XSS
CVE-2026-25770 CRITICAL CVSS 9.1
Privilege escalation in Wazuh Manager versions 3.9.0 through 4.14.2 allows authenticated cluster nodes to achieve unauthenticated root code execution by exploiting insecure file permissions in the cluster synchronization protocol. An attacker with cluster node access can overwrite the manager's configuration file to inject malicious commands that are subsequently executed with root privileges by the logcollector service. This vulnerability affects multi-node Wazuh deployments and has no available patch.

RCE Privilege Escalation Path Traversal Wazuh
CVE-2026-25769 CRITICAL CVSS 9.1
A critical deserialization vulnerability in Wazuh's cluster mode allows attackers with access to any worker node to achieve remote code execution with root privileges on the master node. The vulnerability affects Wazuh versions 4.0.0 through 4.14.2 and poses severe risk to organizations using Wazuh in distributed deployments, as compromise of any single worker node can lead to full cluster takeover. While no active exploitation has been reported (not in KEV), proof-of-concept materials are publicly available via the Google Drive link in the advisory.

Deserialization RCE Wazuh
CVE-2026-21994 CRITICAL CVSS 9.8
This is a critical unauthenticated remote code execution vulnerability in Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit version 0.3.0. An attacker with network access via HTTP can completely take over the affected system without any authentication, privileges, or user interaction required. The CVSS score of 9.8 reflects maximum impact across confidentiality, integrity, and availability. There is no evidence of active exploitation (not in CISA KEV), and no proof-of-concept code has been publicly identified in the available intelligence.

Oracle Authentication Bypass
CVE-2026-4312 CRITICAL CVSS 9.8
A critical missing authentication vulnerability in DrangSoft's GCB/FCB Audit Software allows unauthenticated remote attackers to directly access certain APIs and create new administrative accounts, effectively granting full system control. The vulnerability has a maximum CVSS score of 9.8 and requires no authentication or user interaction to exploit over the network. While no active exploitation or proof-of-concept has been reported yet, the severity and ease of exploitation make this a high-priority security issue for organizations using this audit software.

Authentication Bypass
CVE-2026-3564 CRITICAL CVSS 9.0
A cryptographic authentication bypass vulnerability in ConnectWise ScreenConnect allows remote attackers who gain access to server-level cryptographic material to authenticate as any user and obtain elevated privileges. The vulnerability affects all ScreenConnect versions prior to 26.1 and carries a CVSS score of 9.0, indicating critical severity. While not currently listed in CISA's KEV catalog and with no public proof-of-concept available, the vulnerability's authentication bypass nature and potential for complete system compromise make it a high-priority patching target.

Authentication Bypass Jwt Attack Screenconnect
CVE-2026-33043 HIGH CVSS 8.1
AVideo (WWBN_AVideo) contains a critical CORS misconfiguration vulnerability that exposes PHP session IDs to any unauthenticated external website, enabling complete account takeover of any logged-in user including administrators. The vulnerability has a working proof-of-concept exploit and requires only that a victim visit an attacker-controlled webpage while logged into AVideo, making it highly exploitable with an 8.1 CVSS score.

Cors Misconfiguration PHP Information Disclosure
CVE-2026-33039 HIGH CVSS 8.6
A Server-Side Request Forgery (SSRF) vulnerability in AVideo's LiveLinks proxy endpoint allows unauthenticated attackers to access internal services and cloud metadata by exploiting missing validation on HTTP redirect targets. The vulnerability enables attackers to bypass initial URL validation through a malicious redirect, potentially exposing AWS/GCP/Azure instance metadata including IAM credentials. A detailed proof-of-concept is available and a patch has been released by the vendor.

PHP SSRF Google Microsoft Mozilla
CVE-2026-33038 HIGH CVSS 8.1
A critical authentication bypass vulnerability in AVideo's installation endpoint allows unauthenticated remote attackers to take over uninitialized deployments by completing the installation process with attacker-controlled credentials and database settings. The vulnerability affects AVideo installations where the configuration file does not exist (fresh deployments, container restarts without persistent storage, or re-deployments), enabling attackers to become the sole administrator with full control over the application. A detailed proof-of-concept is publicly available, and while no active exploitation has been reported in KEV, the vulnerability has a moderate EPSS score and requires only network access to exploit.

PHP RCE SQLi Authentication Bypass CSRF
CVE-2026-33036 HIGH CVSS 7.5
A bypass vulnerability in fast-xml-parser allows attackers to circumvent entity expansion limits through numeric character references (&#NNN;) and standard XML entities, causing denial of service via excessive memory allocation and CPU consumption. The vulnerability affects fast-xml-parser versions 5.x through 5.5.5, completely bypassing security controls added in the previous CVE-2026-26278 fix. A proof-of-concept demonstrates that even with strict limits configured (maxTotalExpansions=10), an attacker can inject 100,000+ numeric entities to consume hundreds of megabytes of memory.

Denial Of Service Node.js
CVE-2026-33012 HIGH CVSS 7.5
Unbounded heap memory consumption in Micronaut HTTP Server versions 4.7.0 through 4.10.7 allows remote attackers to trigger denial of service via crafted exception messages that pollute an uncapped cache. By manipulating request parameters reflected in error responses, an unauthenticated attacker can exhaust server memory and cause OutOfMemoryError conditions. A patch is available in version 4.10.7 and later.

Denial Of Service
CVE-2026-33011 HIGH CVSS 7.5
CVE-2026-33011 is a security vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Authentication Bypass
CVE-2026-32981 HIGH CVSS 7.5
Unauthenticated attackers can read arbitrary files on systems running Ray versions before 2.8.1 by exploiting a path traversal flaw in the Dashboard's static file handler on port 8265. The vulnerability stems from insufficient input validation that allows directory traversal sequences to bypass access controls, and public exploit code is available. No patch has been released, leaving affected Ray deployments vulnerable to local information disclosure.

Path Traversal Ray
CVE-2026-32944 HIGH CVSS 8.7
Parse Server contains a vulnerability that allows an unauthenticated remote attacker to crash the server process through a single HTTP request containing deeply nested query condition operators. This denial of service vulnerability affects parse-server versions before 8.6.45 and alpha versions 9.0.0 through 9.6.0-alpha.21. The vulnerability is classified as high severity with a CVSS score of 8.7, and patches are available from the vendor.

Denial Of Service
CVE-2026-32886 HIGH
Parse Server is vulnerable to denial of service when remote attackers craft malicious cloud function names that exploit prototype chain traversal, allowing them to trigger stack overflows and crash the server process. The vulnerability stems from improper property lookup restrictions during function name resolution. A patch is available that limits lookups to own properties only.

Prototype Pollution Denial Of Service
CVE-2026-32841 HIGH CVSS 8.1
Edimax GS-5008PL switches running firmware 1.00.54 and earlier contain an authentication bypass in the management interface that allows unauthenticated remote attackers to gain administrative access by exploiting a flawed global authentication flag mechanism. Once bypassed, attackers can modify administrator credentials, upload malicious firmware, and alter device configurations without any authentication required. No patch is currently available for this high-severity vulnerability.

Authentication Bypass Edimax Gs 5008pl
CVE-2026-32838 HIGH CVSS 7.5
A remote code execution vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Information Disclosure Edimax Gs 5008pl
CVE-2026-32297 HIGH CVSS 7.5
The Angeet ES3 KVM device contains an arbitrary file write vulnerability allowing remote, unauthenticated attackers to modify system files including configuration files and binaries, potentially leading to complete system compromise. All versions of the ES3 KVM appear to be affected based on EUVD version data (ES3 KVM 0 <*). This vulnerability has been reported by CISA and documented in their CSAF advisory VA-26-076-01, though no active exploitation (KEV) status has been indicated at this time.

Authentication Bypass Es3 Kvm
CVE-2026-32296 HIGH CVSS 8.2
A critical authentication bypass vulnerability in Sipeed NanoKVM KVM-over-IP devices allows unauthenticated remote attackers to hijack Wi-Fi configurations or crash the device through memory exhaustion. The vulnerability affects NanoKVM versions before 2.3.1 and enables attackers with network access to redirect the device to attacker-controlled networks or cause denial of service. While not currently in CISA KEV, the issue has been analyzed by security researchers and a patch is available from the vendor.

Authentication Bypass Nanokvm
CVE-2026-32294 HIGH CVSS 7.0
JetKVM versions prior to 0.5.4 lack cryptographic verification of firmware update authenticity, allowing attackers positioned on the network or controlling the update server to inject malicious firmware that bypasses hash validation. This enables local attackers with user interaction to compromise system integrity through a man-in-the-middle attack or server compromise. A patch is available to address this vulnerability.

Information Disclosure
CVE-2026-32292 HIGH CVSS 7.5
A brute-force authentication vulnerability exists in the GL-iNet Comet (GL-RM1) KVM device's web interface, which fails to implement rate limiting or account lockout mechanisms for login attempts. This allows remote attackers to systematically guess credentials and gain unauthorized access to the KVM management interface, potentially compromising all systems connected to the KVM device. The vulnerability affects GL-iNet Comet KVM versions prior to 1.7.2 and has a CVSS score of 7.5, indicating high severity for confidentiality impact.

Information Disclosure
CVE-2026-32256 HIGH CVSS 7.5
CVE-2026-32256 is a security vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Node.js Denial Of Service
CVE-2026-32254 HIGH CVSS 7.1
The kube-router proxy module fails to validate Service externalIPs and LoadBalancer IPs against configured IP ranges, allowing namespace-scoped users to bind arbitrary VIPs on all cluster nodes and hijack traffic to critical services like kube-dns. This affects all kube-router v2.x versions including v2.7.1, primarily impacting multi-tenant clusters where untrusted users have Service creation permissions. A detailed proof-of-concept demonstrates single-command cluster DNS takedown and arbitrary VIP binding with traffic redirection to attacker-controlled pods, though EPSS scoring is not available for this recently disclosed vulnerability.

Kubernetes Denial Of Service Authentication Bypass Nginx
CVE-2026-31898 HIGH CVSS 8.1
A code injection vulnerability in the jsPDF library allows attackers to inject arbitrary PDF objects, including malicious JavaScript actions, through unsanitized user input to the createAnnotation method. The vulnerability affects jsPDF versions prior to 4.2.1 and enables remote attackers to execute arbitrary code when a victim opens or interacts with a maliciously crafted PDF file. A proof-of-concept exploit is publicly available demonstrating how to launch system executables like calc.exe through PDF action injection.

Code Injection
CVE-2026-31891 HIGH CVSS 7.7
SQL injection in Cockpit CMS version 2.13.4 and earlier allows attackers with a valid read-only API key to inject arbitrary SQL through the `/api/content/aggregate/{model}` endpoint and extract unauthorized data from the SQLite database, including unpublished content. The vulnerability requires network access and low-privilege API credentials, enabling data exfiltration without administrative privileges. No patch is currently available.

PHP SQLi
CVE-2026-30922 HIGH CVSS 7.5
The pyasn1 library suffers from an uncontrolled recursion vulnerability when parsing deeply nested ASN.1 structures, allowing remote attackers to trigger a denial of service through stack exhaustion or memory consumption. Any service using pyasn1 to parse untrusted ASN.1 data (including LDAP, SNMP, Kerberos, and X.509 parsers) can be crashed remotely with a small crafted payload under 100KB. A working proof-of-concept is publicly available, and while not currently in CISA KEV, the vulnerability has a CVSS score of 7.5 indicating high severity.

Python Denial Of Service
CVE-2026-30911 HIGH CVSS 8.1
CVE-2026-30911 is a security vulnerability (CVSS 8.1) that allows any authenticated task instance. High severity vulnerability requiring prompt remediation. Vendor patch is available.

Authentication Bypass Apache Debian Apache Airflow
CVE-2026-30707 HIGH CVSS 8.1
CVE-2026-30707 is a security vulnerability (CVSS 8.1) that allows broken access control. High severity vulnerability requiring prompt remediation.

Authentication Bypass
CVE-2026-28779 HIGH CVSS 7.5
CVE-2026-28779 is a security vulnerability (CVSS 7.5) that allows any application co-hosted under the same domain. High severity vulnerability requiring prompt remediation. Vendor patch is available.

Information Disclosure Apache Debian Apache Airflow
CVE-2026-27980 HIGH CVSS 7.5
Next.js image optimization caches unbounded disk space by default, enabling attackers to exhaust storage and cause denial of service by requesting numerous image variants. The vulnerability affects applications using the default `/_next/image` optimization feature without explicit cache size limits. A patch is available that introduces configurable cache size limits with LRU eviction.

Denial Of Service Redhat
CVE-2026-27979 HIGH CVSS 7.5
Unbounded request body buffering in Next.js App Router with Partial Prerendering enabled allows remote attackers to trigger denial of service through oversized `next-resume` POST requests that bypass size enforcement in non-minimal deployments. An attacker can exhaust server memory by sending specially crafted resume payloads without authentication or user interaction. The vulnerability affects applications with experimental PPR features enabled and has been patched with consistent size limit enforcement.

Denial Of Service Redhat
CVE-2026-26001 HIGH CVSS 7.1
SQL injection in GLPI Inventory Plugin versions before 1.6.6 allows authenticated users with sufficient privileges to execute arbitrary SQL queries through unvalidated input in report functionality. An attacker with report access can extract or modify sensitive database information, though code execution is not possible through this vector. A patch is available in version 1.6.6 and later.

SQLi
CVE-2026-24901 HIGH CVSS 8.1
An Insecure Direct Object Reference (IDOR) vulnerability in Outline's document restoration logic allows any authenticated team member to restore, view, and take ownership of deleted drafts belonging to other users, including administrators. Attackers can access sensitive private information and lock the original owners out of their own content by exploiting the missing ownership validation during the restore process. This vulnerability affects Outline versions prior to 1.4.0 and carries a high CVSS score of 8.1, though no active exploitation or proof-of-concept code has been reported.

Authentication Bypass Outline
CVE-2026-23759 HIGH CVSS 7.2
An authenticated OS command injection vulnerability exists in Perle IOLAN STS and SCS terminal servers running firmware versions prior to 6.0. An attacker with valid credentials can inject shell metacharacters through the restricted shell's 'ps' command when accessing the device via Telnet or SSH, escalating to root privileges and achieving full system compromise. No KEV status or EPSS data is currently available for this vulnerability.

Command Injection Iolan Sts Iolan Scs
CVE-2026-22727 HIGH CVSS 7.5
Cloud Foundry CAPI Release contains unprotected internal endpoints that allow attackers who have bypassed perimeter firewall controls to replace application droplets and access sensitive application data. The vulnerability affects Cloud Foundry CAPI Release version 1.226.0 and earlier, and CF Deployment version 54.9.0 and earlier across all platforms. This is an authentication bypass issue (CWE-306) with a CVSS score of 7.5, requiring adjacent network access and high attack complexity but no privileges or user interaction.

Authentication Bypass Cloud Foundry
CVE-2026-21570 HIGH CVSS 8.6
Remote code execution in Atlassian Bamboo Data Center versions 9.6.0 through 12.1.0 allows authenticated attackers with high privileges to execute arbitrary code on affected systems with a CVSS score of 8.6. The vulnerability impacts multiple major versions with no patch currently available, requiring immediate upgrade to patched releases such as 9.6.24, 10.2.16, or 12.1.3. Organizations unable to upgrade should prioritize access controls for high-privileged accounts until remediation is possible.

RCE Atlassian Code Injection Bamboo Data Center
CVE-2026-4318 HIGH CVSS 8.8
Remote code execution in UTT HiPER 810G up to version 1.7.7-171114 through a buffer overflow in the /goform/formApLbConfig endpoint allows authenticated attackers to achieve complete system compromise. The vulnerability stems from unsafe use of strcpy() on the loadBalanceNameOld parameter, and public exploit code is currently available. No patch has been released for affected devices.

Buffer Overflow Hiper 810g
CVE-2026-4295 HIGH CVSS 7.8
A trust boundary enforcement vulnerability in Kiro IDE allows remote attackers to execute arbitrary code when a local user opens a maliciously crafted project directory. The vulnerability affects all versions of Kiro IDE prior to 0.8.0 on all supported platforms and bypasses workspace trust protections designed to prevent unauthorized code execution. While not currently listed in CISA KEV or showing high EPSS scores, the vulnerability enables remote code execution through local user interaction.

RCE Kiro Ide
CVE-2026-4289 HIGH CVSS 7.3
SQL injection in Tiandy Easy7 Integrated Management Platform versions up to 7.17.0 allows unauthenticated remote attackers to manipulate the ID parameter in the /rest/preSetTemplate/getRecByTemplateId endpoint, potentially enabling unauthorized data access, modification, or service disruption. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

SQLi Easy7 Integrated Management Platform
CVE-2026-4288 HIGH CVSS 7.3
Tiandy Easy7 Integrated Management Platform 7.17.0 contains an SQL injection vulnerability in the /rest/devStatus/getDevDetailedInfo endpoint that allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. The vulnerability enables unauthorized access to, modification of, and disruption of sensitive data, with public exploit code already available. No patch has been released despite early vendor notification.

SQLi Easy7 Integrated Management Platform
CVE-2026-4287 HIGH CVSS 7.3
SQL injection in Tiandy Easy7 Integrated Management Platform 7.17.0 allows unauthenticated remote attackers to manipulate the areaId parameter in the /rest/devStatus/queryResources endpoint and execute arbitrary database queries. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. Successful exploitation could result in unauthorized data access, modification, or system disruption.

SQLi
CVE-2026-4258 HIGH CVSS 7.5
A cryptographic vulnerability in the Stanford Javascript Crypto Library (SJCL) allows attackers to recover victims' ECDH private keys through a missing point-on-curve validation flaw. The vulnerability affects all versions of SJCL and enables remote attackers to send specially crafted off-curve public keys and observe ECDH outputs to extract private key material. A proof-of-concept exploit is publicly available, though the vulnerability is not currently listed in CISA KEV and has no EPSS score assigned yet.

Information Disclosure Oracle Jwt Attack Debian Sjcl
CVE-2026-4208 HIGH CVSS 7.7
CVE-2026-4208 is a security vulnerability (CVSS 7.7). High severity vulnerability requiring prompt remediation.

Authentication Bypass
CVE-2026-4148 HIGH CVSS 8.7
MongoDB Server sharded clusters are vulnerable to use-after-free memory corruption when authenticated users with read permissions execute malicious $lookup or $graphLookup aggregation pipeline operations. An attacker can exploit this vulnerability to achieve high-impact outcomes including information disclosure, data manipulation, and denial of service. No patch is currently available for this vulnerability.

Use After Free Information Disclosure Memory Corruption
CVE-2026-4147 HIGH CVSS 7.1
An authenticated user with read-only role can extract limited amounts of uninitialized stack memory through specially crafted issuances of the filemd5 command in MongoDB Server. This information disclosure vulnerability affects MongoDB Server versions 8.2 prior to 8.2.6, 8.0 prior to 8.0.20, and 7.0 prior to 7.0.31. An attacker with valid database read credentials can exploit this to leak sensitive data from process memory without requiring elevated privileges or user interaction.

Information Disclosure
CVE-2026-4064 HIGH CVSS 8.3
PowerShell Universal before version 2026.1.4 contains insufficient authorization validation on gRPC endpoints, allowing any authenticated user to bypass role-based access controls and execute privileged operations. An attacker with valid credentials can exploit this to read sensitive data, modify or delete resources, and disrupt service availability. No patch is currently available.

Authentication Bypass Information Disclosure Powershell Universal
CVE-2026-3888 HIGH CVSS 7.8
Local privilege escalation in snapd on multiple Ubuntu versions allows authenticated local attackers to obtain root access by exploiting a race condition between snap's temporary directory creation and systemd-tmpfiles cleanup operations. An attacker with local access can manipulate the /tmp directory to escalate privileges when snapd attempts to recreate its private snap directories. This vulnerability affects Ubuntu 16.04 LTS through 24.04 LTS with no patch currently available.

Ubuntu Privilege Escalation Ubuntu 20.04 Lts Ubuntu 16.04 Lts Ubuntu 22.04 Lts
CVE-2026-3207 HIGH CVSS 8.7
Unauthenticated attackers can gain unauthorized access to TIBCO BPM Enterprise 4.x through a misconfigured Java Management Extensions (JMX) interface, potentially allowing full system compromise. This vulnerability affects the availability, integrity, and confidentiality of affected systems with no patch currently available.

Java Authentication Bypass
CVE-2026-2579 HIGH CVSS 7.5
Unauthenticated attackers can exploit SQL injection in the WowStore plugin for WordPress (versions up to 4.4.3) through the unescaped 'search' parameter to extract sensitive data from the underlying database. The vulnerability stems from insufficient input validation and improper query preparation, allowing attackers to append malicious SQL commands without authentication. No patch is currently available for this high-severity issue affecting all users of the affected plugin versions.

SQLi WordPress
CVE-2026-1376 HIGH CVSS 7.5
A resource exhaustion vulnerability in IBM i 7.6 allows unauthenticated remote attackers to cause a denial of service by overwhelming the system with failed authentication attempts. The vulnerability stems from improper resource allocation during authentication processing, enabling attackers to consume system resources without valid credentials. While no active exploitation or proof-of-concept has been reported, the high CVSS score of 7.5 reflects the ease of remote exploitation without authentication.

IBM Denial Of Service
CVE-2026-1264 HIGH CVSS 7.1
IBM Sterling B2B Integrator and IBM Sterling File Gateway contain an authentication bypass vulnerability that allows remote unauthenticated attackers to view and delete business partners within communities, as well as delete entire communities. Multiple versions are affected including 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0. While the CVSS score is 7.1 (High), the vulnerability requires low attack complexity and no user interaction, making it straightforward to exploit over the network with low privileges.

IBM Authentication Bypass Sterling B2b Integrator
CVE-2026-0708 HIGH CVSS 8.3
Denial of service in libucl allows remote attackers to crash affected applications by submitting maliciously crafted UCL configuration files containing null bytes in object keys, triggering a segmentation fault in the ucl_object_emit function. The vulnerability requires user interaction but has high impact potential with no available patch, affecting systems that parse untrusted UCL input. An attacker can remotely exploit this with low complexity to disable services relying on libucl for configuration parsing.

Denial Of Service Information Disclosure Buffer Overflow Libucl Redhat
CVE-2025-66342 HIGH CVSS 7.8
A type confusion vulnerability in the EMF (Enhanced Metafile) functionality of Canva Affinity allows attackers to achieve arbitrary code execution through specially crafted EMF files. The vulnerability affects Affinity version 3.0.1.3808 and requires user interaction to trigger, as victims must open a malicious EMF file. With a CVSS score of 7.8 and local attack vector, this represents a significant risk for users handling untrusted graphic files, though no active exploitation or public POC has been reported.

Buffer Overflow RCE Memory Corruption Affinity
CVE-2025-64301 HIGH CVSS 7.8
An out-of-bounds write vulnerability in Canva Affinity's EMF file processing allows attackers to achieve code execution by crafting malicious EMF (Enhanced Metafile) image files. The vulnerability affects Affinity version 3.0.1.3808 and requires user interaction to open the malicious file, but then grants full system compromise with high impact to confidentiality, integrity, and availability. No evidence of active exploitation or public proof-of-concept exists, and the local attack vector with user interaction requirement reduces immediate risk.

RCE Buffer Overflow Memory Corruption Affinity
CVE-2025-14031 HIGH CVSS 7.5
IBM Sterling B2B Integrator and IBM Sterling File Gateway contain a denial-of-service vulnerability that allows an unauthenticated remote attacker to crash the application by sending a specially crafted request. The vulnerability affects multiple versions of both products (6.1.0.0 through 6.2.2.0 ranges) and has a high CVSS score of 7.5 due to its network-based attack vector requiring no authentication or user interaction. A patch is available from IBM, and there is no indication of active exploitation in the wild or public proof-of-concept availability at this time.

IBM Command Injection Sterling B2b Integrator
CVE-2026-33042 MEDIUM
Node.js authentication bypass allows unauthenticated account creation when empty authData objects bypass credential validation, enabling attackers to establish authenticated sessions without providing required usernames or passwords. This affects applications where anonymous registration is disabled but authentication checks fail to properly validate the authData parameter. The vulnerability is fixed by treating empty authData as absent data and enforcing mandatory credential validation during user registration.

Authentication Bypass Node.js
CVE-2026-33041 MEDIUM CVSS 5.3
An unauthenticated attacker can leverage an exposed password hashing endpoint in PHP applications to obtain hashed versions of arbitrary passwords, facilitating offline cracking attacks against compromised database credentials. The vulnerable `/objects/encryptPass.json.php` file accepts user-supplied passwords via request parameters and returns their encrypted equivalents without authentication, effectively disclosing the application's hashing algorithm and salt to potential adversaries. This information disclosure has a CVSS score of 5.3 and patches are available.

PHP Information Disclosure SQLi
CVE-2026-33035 MEDIUM CVSS 6.1
Reflected XSS in AVideo's error message handling allows unauthenticated attackers to execute arbitrary JavaScript in victims' browsers by injecting malicious code through a URL parameter that bypasses `json_encode()` filtering. An attacker can craft a malicious link to steal session cookies, perform actions on behalf of the victim, or redirect users to malicious sites. A patch is available.

PHP XSS
CVE-2026-33022 MEDIUM CVSS 6.5
A denial of service vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Denial Of Service Kubernetes
CVE-2026-32953 MEDIUM
CVE-2026-32953 is a security vulnerability. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

RCE Debian
CVE-2026-32947 MEDIUM CVSS 4.9
A security vulnerability in A vulnerability exists in the Community Tier of Harden-Runner that (CVSS 4.9). Remediation should follow standard vulnerability management procedures.

RCE Google
CVE-2026-32941 MEDIUM CVSS 6.5
CVE-2026-32941 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Denial Of Service
CVE-2026-32878 MEDIUM
CVE-2026-32878 is a security vulnerability. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Authentication Bypass
CVE-2026-32842 MEDIUM CVSS 6.5
CVE-2026-32842 is a security vulnerability (CVSS 6.5) that allows attackers. Remediation should follow standard vulnerability management procedures.

Authentication Bypass Edimax Gs 5008pl
CVE-2026-32840 MEDIUM CVSS 5.4
Stored cross-site scripting in Edimax GS-5008PL firmware version 1.00.54 and earlier allows authenticated attackers to inject malicious scripts through the sysName parameter in system_name_set.cgi, which execute when administrators access management pages. An attacker with login credentials can craft a POST request to persistently inject arbitrary JavaScript that compromises administrative sessions and enables unauthorized actions within the device management interface.

XSS Edimax Gs 5008pl
CVE-2026-32839 MEDIUM CVSS 4.3
Cross-site request forgery in Edimax GS-5008PL firmware version 1.00.54 and earlier allows unauthenticated remote attackers to trick administrators into performing unauthorized actions such as password changes, firmware uploads, device reboots, factory resets, and network configuration modifications by visiting attacker-controlled websites. The vulnerability exists due to missing CSRF token validation and insufficient request integrity checks. No patch is currently available for affected devices.

CSRF Edimax Gs 5008pl
CVE-2026-32837 MEDIUM CVSS 5.1
Miniaudio versions 0.11.25 and earlier are vulnerable to a heap out-of-bounds read in the WAV BEXT metadata parser when processing specially crafted WAV files. An attacker can exploit improper null-termination handling in the coding history field to trigger memory access violations, causing application crashes or denial of service. No patch is currently available for affected Debian and Miniaudio distributions.

Buffer Overflow Denial Of Service Debian Miniaudio
CVE-2026-32836 MEDIUM CVSS 5.5
Denial of service in dr_libs 0.13.3 and earlier enables local attackers with user privileges to exhaust system memory by supplying malicious PICTURE metadata blocks with oversized length fields in FLAC streams. The vulnerability resides in improper bounds checking during metadata parsing, allowing uncontrolled memory allocation that crashes applications processing affected audio files. No patch is currently available.

Denial Of Service
CVE-2026-32770 MEDIUM CVSS 5.9
Parse Server contains a denial-of-service vulnerability in its LiveQuery feature where remote attackers can crash the server by subscribing with an invalid regular expression pattern. The vulnerability affects npm package parse-server across versions and allows unauthenticated network-based attacks with high attack complexity, resulting in complete service disruption for all connected clients. A patch is available from the vendor, and the attack does not require user interaction or special privileges.

Denial Of Service
CVE-2026-32742 MEDIUM CVSS 4.3
CVE-2026-32742 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Authentication Bypass
CVE-2026-32700 MEDIUM CVSS 6.0
Devise's Confirmable module with the reconfirmable option enabled contains a race condition that allows attackers to confirm email addresses they don't control by sending concurrent email change requests. By exploiting the desynchronization between the confirmation token and unconfirmed email fields, an attacker can redirect a victim's email confirmation to their own account. This affects all Devise applications using the default Confirmable configuration with email changes, and is patched in Devise v5.0.3.

Race Condition Information Disclosure
CVE-2026-32636 MEDIUM CVSS 5.3
The NewXMLTree method in affected products is vulnerable to a denial of service condition where an out-of-bounds write of a single zero byte can trigger an application crash. An unauthenticated remote attacker can exploit this memory corruption vulnerability without user interaction to cause service disruption. No patch is currently available for this issue.

Buffer Overflow Memory Corruption
CVE-2026-32586 MEDIUM CVSS 5.3
Booster for WooCommerce versions prior to 7.11.3 contain an authorization bypass vulnerability that allows unauthenticated remote attackers to exploit misconfigured access controls. This vulnerability could enable attackers to cause service disruptions or access unauthorized functionality within affected WooCommerce installations. No patch is currently available for this vulnerability.

Authentication Bypass WordPress Woocommerce PHP Booster For Woocommerce
CVE-2026-32291 MEDIUM CVSS 6.8
The GL-iNet Comet (GL-RM1) KVM lacks authentication enforcement on its UART serial console, allowing unauthenticated access to device management functions after physical access is obtained. This authentication bypass (CWE-306) affects all versions of the Comet KVM product line and enables attackers with physical access to achieve complete system compromise including confidentiality, integrity, and availability violations. While the attack requires opening the device and connecting to UART pins, security research from Eclypsium demonstrates that affordable KVM devices like this one can serve as network pivoting points for lateral movement and reconnaissance.

Authentication Bypass
CVE-2026-32290 MEDIUM CVSS 4.7
GL-iNet Comet (GL-RM1) firmware verification fails to authenticate update packages cryptographically, allowing an attacker positioned on the network or controlling the update server to inject malicious firmware. An attacker exploiting this weakness could modify firmware binaries and their corresponding MD5 hashes to bypass integrity checks and gain code execution on affected devices. No patch is currently available.

Information Disclosure
CVE-2026-31865 MEDIUM CVSS 6.5
Elysia (npm package, versions prior to 1.4.27) is vulnerable to prototype pollution through maliciously crafted cookie names, allowing unauthenticated attackers to override application cookie values and potentially inject arbitrary data into the application's object prototype. With a CVSS score of 6.5 and network-accessible attack vector requiring no privileges or user interaction, attackers can manipulate cookie handling to gain limited information disclosure and integrity compromise. A proof-of-concept exploit demonstrating the `__proto__` injection vector exists in the GitHub advisory.

Code Injection Prototype Pollution
CVE-2026-29057 MEDIUM CVSS 6.5
CVE-2026-29057 is a security vulnerability (CVSS 6.5) that allows request smuggling. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Request Smuggling Authentication Bypass
CVE-2026-28563 MEDIUM CVSS 4.3
CVE-2026-28563 is a security vulnerability (CVSS 4.3) that allows an authenticated user with only dag dependencies permission. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Apache Authentication Bypass Debian Apache Airflow
CVE-2026-28506 MEDIUM CVSS 4.3
Outline versions before 1.5.0 allow authenticated users to enumerate sensitive metadata from documents they shouldn't access via a logic flaw in the events.list API endpoint, exposing document IDs, activity timestamps, and titles of deleted items. This information disclosure enables attackers to bypass UUID protections and craft follow-up IDOR attacks to access restricted documents. The vulnerability requires authentication but affects all users with access to the Outline instance.

Information Disclosure Outline
CVE-2026-27978 MEDIUM CVSS 4.3
Server Action CSRF validation in Next.js incorrectly treats null origins from sandboxed contexts as missing origins, allowing attackers to bypass verification and trick victim browsers into executing state-changing actions with their credentials. This affects applications relying on origin checks for CSRF protection without additional safeguards. A patch is available that enforces strict origin validation unless null is explicitly allowlisted.

CSRF Redhat
CVE-2026-27977 MEDIUM CVSS 5.4
CVE-2026-27977 is a security vulnerability (CVSS 5.4). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Redhat
CVE-2026-27895 MEDIUM CVSS 4.3
Insufficient file extension validation in the PDF export component of LDAP Account Manager prior to version 9.5 permits authenticated attackers to upload arbitrary file types, including PHP files, to the server. When combined with GHSA-w7xq-vjr3-p9cf, this vulnerability enables remote code execution with web server privileges. Affected users should upgrade to version 9.5 or restrict web server write access to the LAM configuration directory.

PHP RCE
CVE-2026-26929 MEDIUM CVSS 6.5
CVE-2026-26929 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Apache Python Authentication Bypass Apache Airflow
CVE-2026-25937 MEDIUM CVSS 6.5
GLPI versions 11.0.0 through 11.0.5 contain an authentication bypass vulnerability that allows an attacker with knowledge of a user's credentials to circumvent multi-factor authentication (MFA) and gain unauthorized account access. This vulnerability affects the GLPI asset and IT management software and is classified as CWE-287 (Improper Authentication), with a CVSS score of 6.5 indicating medium severity. The issue has been patched in version 11.0.6, and while no active KEV listing or public proof-of-concept is noted in available sources, the authentication bypass nature suggests moderate exploitation probability.

Authentication Bypass
CVE-2026-25936 MEDIUM CVSS 6.5
GLPI versions 11.0.0 through 11.0.5 contain an authenticated SQL injection vulnerability that allows authenticated users to read sensitive database contents without modification or denial-of-service capabilities. The vulnerability affects the free Asset and IT management software package GLPI and is resolved in version 11.0.6. While the CVSS score of 6.5 reflects moderate severity, the impact is limited to confidentiality breach due to the read-only nature of the exploit and the requirement for prior authentication.

SQLi Glpi
CVE-2026-25790 MEDIUM CVSS 4.9
Stack-based buffer overflow in Wazuh manager versions 3.9.0 through 4.14.3 allows remote attackers with high privileges to crash the `wazuh-analysisd` service via malformed JSON events, resulting in denial of service. The vulnerability stems from unsafe use of sprintf with floating-point format specifiers in the Security Configuration Assessment decoder, and may potentially enable remote code execution on affected Wazuh installations.

Denial Of Service Stack Overflow Buffer Overflow Wazuh
CVE-2026-25772 MEDIUM CVSS 4.9
Stack-based buffer overflow in Wazuh 4.4.0 through 4.14.2 allows authenticated remote attackers with high privileges to trigger an integer underflow in the database synchronization module, causing denial of service or potential code execution. The vulnerability exists in SQL query construction logic within wdb_delta_event.c where improper size calculations on buffers exceeding 2048 bytes can corrupt the stack. A patch is available in version 4.14.3.

Denial Of Service Buffer Overflow Stack Overflow Wazuh
CVE-2026-25771 MEDIUM CVSS 5.3
Denial of service in Wazuh 4.3.0 through 4.14.2 allows unauthenticated attackers to exhaust API resources by sending crafted Bearer token requests that trigger blocking disk I/O operations in the authentication middleware, preventing the single-threaded event loop from processing legitimate connections. The vulnerability exists because synchronous file operations are called on every API request without proper resource constraints, enabling attackers to starve the application of CPU availability with relatively low request volumes. No patch is currently available.

Denial Of Service Wazuh
CVE-2026-22882 MEDIUM CVSS 6.1
Canva Affinity's EMF file parser is vulnerable to an out-of-bounds read (CWE-125) when processing specially crafted EMF files, allowing local attackers to extract sensitive data from application memory. This medium-severity vulnerability affects users who open untrusted EMF files and currently has no available patch. The attack requires user interaction and local access but poses a real information disclosure risk.

Buffer Overflow Information Disclosure Affinity
CVE-2026-21886 MEDIUM CVSS 6.5
OpenCTI versions prior to 6.9.1 contain an authorization bypass vulnerability in the GraphQL mutation 'IndividualDeletionDeleteMutation' that allows authenticated users to delete arbitrary unrelated objects such as analysis reports, not just the intended individual entities. The vulnerability stems from insufficient input validation in the API layer, enabling a user with basic mutation privileges to escalate their impact beyond intended scope. With a CVSS score of 6.5 and authenticated access requirement, this represents a moderate but actionable availability risk for organizations managing threat intelligence with OpenCTI.

Authentication Bypass Opencti
CVE-2026-20726 MEDIUM CVSS 6.1
Canva Affinity's EMF file parser is vulnerable to out-of-bounds read attacks when processing specially crafted files, allowing attackers to extract sensitive information from application memory. This local vulnerability requires user interaction to trigger and has no available patch, affecting users who open malicious EMF documents in Affinity.

Buffer Overflow Information Disclosure Affinity
CVE-2026-20643 MEDIUM CVSS 5.4
A denial of service vulnerability in A cross-origin (CVSS 5.4). Remediation should follow standard vulnerability management procedures.

Authentication Bypass Apple macOS iOS Redhat
CVE-2026-4358 MEDIUM CVSS 6.1
Memory corruption in MongoDB Server's slot-based execution engine can be triggered by authenticated users with write privileges through malicious $lookup aggregation queries that cause hash table spillover to disk. Successful exploitation enables denial of service and potential information disclosure, though a patch is not currently available. The attack requires network access and specific query construction, limiting the practical exploit window.

Information Disclosure
CVE-2026-4349 MEDIUM CVSS 5.6
A improper authentication vulnerability exists in Duende IdentityServer 4 affecting the Token Renewal Endpoint at /connect/authorize, where manipulation of the id_token_hint parameter can bypass authentication controls. This vulnerability affects Duende IdentityServer 4 across all versions, allowing remote attackers without credentials to gain unauthorized access with high complexity exploitation requirements. No active exploitation in the wild (KEV status unknown), no public proof-of-concept available, and the vendor has not responded to early disclosure attempts.

Authentication Bypass
CVE-2026-4324 MEDIUM CVSS 5.4
SQL injection in the Katello plugin for Red Hat Satellite 6 allows authenticated remote attackers to execute arbitrary SQL commands via the sort_by parameter in the /api/hosts/bootc_images endpoint. An attacker can exploit this flaw to trigger database errors causing denial of service or conduct blind SQL injection attacks to extract sensitive information from the database. No patch is currently available for this vulnerability.

Redhat SQLi Denial Of Service
CVE-2026-4319 MEDIUM CVSS 6.9
SQL injection in Simple Food Order System 1.0's /routers/add-item.php endpoint allows unauthenticated remote attackers to manipulate the price parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and could lead to unauthorized data access, modification, or deletion.

SQLi PHP
CVE-2026-4308 MEDIUM CVSS 6.3
A Server-Side Request Forgery (SSRF) vulnerability exists in frdel/agent-zero version 0.9.7 within the handle_pdf_document function of python/helpers/document_query.py. This allows authenticated remote attackers to manipulate PDF document handling to perform arbitrary server-side requests, potentially accessing internal services or exfiltrating sensitive data. A public proof-of-concept exploit is available, and the vendor has not responded to early disclosure notifications, increasing the practical risk of exploitation.

Python SSRF Agent Zero
CVE-2026-4307 MEDIUM CVSS 4.3
Agent Zero 0.9.7-10's get_abs_path function in python/helpers/files.py is vulnerable to path traversal, allowing authenticated remote attackers to access files outside intended directories with limited confidentiality impact. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor.

Path Traversal Python Agent Zero
CVE-2026-4271 MEDIUM CVSS 5.3
HTTP/2 server implementations in libsoup across Debian and Red Hat Enterprise Linux versions contain a use-after-free vulnerability that allows unauthenticated remote attackers to trigger application crashes through specially crafted requests. Exploitation results in denial of service by forcing the application to access freed memory, causing instability. No patch is currently available for this medium-severity flaw.

Denial Of Service Debian Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 7
CVE-2026-3856 MEDIUM CVSS 5.3
CVE-2026-3856 is a security vulnerability (CVSS 5.3) that allows an attacker. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Microsoft IBM Information Disclosure Db2 Recovery Expert Windows
CVE-2026-3563 MEDIUM CVSS 5.5
PowerShell Universal versions before 2026.1.4 contain an improper input validation vulnerability in the apps and endpoints configuration system that allows authenticated users with creation or modification permissions to inject malicious URL paths that override existing application or system routes. This vulnerability can result in unintended request routing where legitimate traffic is redirected to attacker-controlled endpoints, as well as denial of service conditions through route conflicts. The vulnerability requires high-level authentication privileges (PR:H) but has been formally documented in the ENISA EUVD database (EUVD-2026-12636) and poses a real risk to multi-tenant PowerShell Universal deployments where administrative controls may not be strictly enforced.

Denial Of Service Powershell Universal
CVE-2026-2809 MEDIUM CVSS 6.7
Netskope's Endpoint DLP Module for Windows is vulnerable to an integer overflow in its DLL Injector that can be triggered by a high-privileged local user to crash the system. When the Endpoint DLP module is enabled, successful exploitation results in a Blue Screen of Death and denial of service on the affected machine. No patch is currently available for this medium-severity vulnerability.

Buffer Overflow Microsoft Endpoint Dlp Module For Netskope Client Windows
CVE-2026-2373 MEDIUM CVSS 5.3
Unauthenticated attackers can extract sensitive data from non-public custom post types in Royal Addons for Elementor WordPress plugin versions up to 1.7.1049 through improper access controls in the get_main_query_args() function. This allows exposure of private content including Contact Form 7 submissions and WooCommerce coupons without authentication. The vulnerability affects WordPress installations using this plugin and remains unpatched.

WordPress Information Disclosure PHP
CVE-2026-1323 MEDIUM CVSS 5.2
Unsafe deserialization in TYPO3's mail transport extension permits arbitrary code execution when an attacker with write access to the configured spool directory supplies malicious serialized objects during transport failure handling. The vulnerability stems from inadequate class whitelisting during deserialization and requires local filesystem access to exploit. No patch is currently available.

Deserialization Typo3 PHP RCE
CVE-2026-1267 MEDIUM CVSS 6.5
IBM Planning Analytics Local versions 2.1.0 through 2.1.17 contain an improper access control vulnerability (CWE-200) that allows authenticated users to access sensitive application data and administrative functionalities beyond their authorization level. An attacker with valid credentials can leverage this flaw to read confidential planning and analytics data, escalate privileges, or access administrative functions without proper authorization. A vendor patch is available, and this represents a moderate-to-high risk for organizations running affected versions in production environments.

Authentication Bypass IBM Information Disclosure Planning Analytics Local
CVE-2025-66633 MEDIUM CVSS 6.1
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity, allowing attackers to read memory beyond allocated buffer boundaries when processing specially crafted EMF files. The vulnerability affects Canva Affinity version 3.0.1.3808 and potentially other versions in the product line; attackers with local access and user interaction can trigger the flaw to disclose sensitive information from process memory. While the CVSS score of 6.1 indicates medium severity with high confidentiality impact and low availability impact, the attack requires local file system access and user interaction (opening a malicious EMF file), limiting widespread exploitation risk.

Buffer Overflow Information Disclosure Affinity
CVE-2025-66617 MEDIUM CVSS 6.1
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affecting Affinity version 3.0.1.3808 and potentially earlier versions. An attacker can craft a malicious EMF file that, when opened by a user in Affinity, triggers an out-of-bounds memory read, potentially disclosing sensitive information from the application's memory space. With a CVSS score of 6.1 and a local attack vector requiring user interaction, this vulnerability poses a moderate risk primarily through information disclosure, though local denial of service is also possible.

Buffer Overflow Information Disclosure Affinity
CVE-2025-66503 MEDIUM CVSS 6.1
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity, allowing attackers to read memory beyond allocated buffer boundaries by crafting malicious EMF files. Affinity version 3.0.1.3808 and potentially earlier versions are affected. An attacker with local access can exploit this vulnerability through user interaction (opening a crafted EMF file) to disclose sensitive information from process memory, with potential for denial of service through application crashes.

Buffer Overflow Information Disclosure Affinity
CVE-2025-66042 MEDIUM CVSS 6.1
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity, allowing attackers to read memory beyond allocated buffer boundaries through specially crafted EMF files. Affinity version 3.0.1.3808 and potentially earlier versions are affected, with the vulnerability requiring only local access and user interaction (opening a malicious file) to trigger. Successful exploitation enables disclosure of sensitive information from application memory, with potential limited impact on system availability; no active exploitation or public proof-of-concept has been confirmed at this time based on available intelligence sources.

Buffer Overflow Information Disclosure Affinity
CVE-2025-66000 MEDIUM CVSS 6.1
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity, affecting version 3.0.1.3808 and potentially earlier releases. An attacker can craft a malicious EMF file that, when opened by a user in Affinity, triggers an out-of-bounds memory read, potentially disclosing sensitive information from adjacent memory regions. The vulnerability requires user interaction (opening a file) but no elevated privileges, with a CVSS score of 6.1 indicating moderate severity; while not currently listed in CISA's Known Exploited Vulnerabilities catalog, the straightforward attack vector and information disclosure impact warrant prompt patching.

Buffer Overflow Information Disclosure Affinity
CVE-2025-65119 MEDIUM CVSS 6.1
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) image processing functionality of Canva Affinity, enabling attackers to read memory beyond allocated buffer boundaries through specially crafted EMF files. The vulnerability affects Canva Affinity version 3.0.1.3808 and potentially other versions, allowing unauthenticated local attackers with no special privileges to trigger the flaw via user interaction (opening a malicious file). Successful exploitation can disclose sensitive information from process memory, with a secondary risk of application instability (low availability impact). No active exploitation in the wild or public proof-of-concept has been confirmed based on available intelligence, but the vulnerability has been formally disclosed by Talos Intelligence and tracked in NIST NVD and ENISA EUVD databases.

Information Disclosure Buffer Overflow Affinity
CVE-2025-64776 MEDIUM CVSS 6.1
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling that allows attackers to read memory beyond allocated buffer boundaries. The vulnerability affects Affinity version 3.0.1.3808 and potentially other versions in the product line. An attacker can craft a malicious EMF file that, when opened by a user, triggers the out-of-bounds read to disclose sensitive information from process memory, with a CVSS score of 6.1 indicating moderate severity with high confidentiality impact and limited availability impact.

Buffer Overflow Information Disclosure Affinity
CVE-2025-64735 MEDIUM CVSS 6.1
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, affecting Affinity 3.0.1.3808 and potentially other versions. An attacker can craft a malicious EMF file that, when opened by a user in Affinity, triggers an out-of-bounds memory read, allowing disclosure of sensitive information from adjacent memory regions. While the CVSS score of 6.1 indicates moderate severity with high confidentiality impact, actual exploitation requires user interaction (opening a file) and is limited to information disclosure without code execution capability.

Buffer Overflow Information Disclosure Affinity
CVE-2025-64733 MEDIUM CVSS 6.1
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, allowing an attacker to read memory beyond allocated buffer boundaries by supplying a specially crafted EMF file. Affected versions include Affinity 3.0.1.3808 and potentially other releases in the Affinity product line. Successful exploitation could disclose sensitive information from application memory, though the vulnerability does not enable code execution or denial of service; however, the local attack vector and user interaction requirement (opening a malicious file) limit real-world impact compared to network-exploitable vulnerabilities.

Buffer Overflow Information Disclosure Affinity
CVE-2025-62500 MEDIUM CVSS 6.1
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, allowing attackers to read memory beyond allocated buffer boundaries. Affinity version 3.0.1.3808 and potentially earlier versions are affected. By crafting a malicious EMF file, an unauthenticated attacker with local file system access can trigger the vulnerability through user interaction (opening the file), potentially disclosing sensitive information such as API keys, credentials, or other data resident in adjacent memory regions. The vulnerability has a CVSS score of 6.1 indicating medium severity with high confidentiality impact but limited integrity and availability consequences.

Information Disclosure Buffer Overflow Affinity
CVE-2025-62403 MEDIUM CVSS 6.1
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file handling functionality of Canva Affinity, allowing attackers to read memory beyond allocated buffer boundaries when processing specially crafted EMF files. The vulnerability affects Canva Affinity version 3.0.1.3808 and potentially other versions, requiring local access and user interaction (opening a malicious EMF file). Successful exploitation can lead to disclosure of sensitive information from process memory, with limited impact on system availability. No active exploitation in the wild has been confirmed via KEV status, and the CVSS 6.1 score reflects moderate risk balanced between high confidentiality impact and lower attack complexity.

Information Disclosure Buffer Overflow Affinity
CVE-2025-62320 MEDIUM CVSS 4.7
HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage.

XSS Code Injection Sametime
CVE-2025-61979 MEDIUM CVSS 6.1
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file handling functionality of Canva Affinity, allowing an attacker to read memory beyond allocated buffer boundaries by crafting a malicious EMF file. This vulnerability affects Canva Affinity version 3.0.1.3808 and potentially earlier versions, and requires user interaction (opening a specially crafted file) but no elevated privileges to exploit. Successful exploitation can disclose sensitive information from process memory, with potential for limited availability impact; no public exploit code or active exploitation in the wild has been confirmed based on available intelligence.

Buffer Overflow Information Disclosure Affinity
CVE-2025-61952 MEDIUM CVSS 6.1
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality that allows attackers to read memory beyond allocated buffer boundaries. Canva Affinity version 3.0.1.3808 and potentially earlier versions are affected. An attacker can craft a malicious EMF file that, when opened by a user, triggers the out-of-bounds read to disclose sensitive information from process memory; the vulnerability requires user interaction (opening the file) but no elevated privileges, making it a practical attack vector for phishing or drive-by downloads.

Buffer Overflow Information Disclosure Affinity
CVE-2025-58427 MEDIUM CVSS 6.1
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affecting Affinity version 3.0.1.3808 and potentially other versions. An attacker can craft a malicious EMF file that, when opened by a user in Affinity, triggers an out-of-bounds memory read, potentially disclosing sensitive information from process memory. With a CVSS score of 6.1 and a local attack vector requiring user interaction, this vulnerability poses a moderate risk of information disclosure with minimal availability impact.

Buffer Overflow Information Disclosure Affinity
CVE-2025-47873 MEDIUM CVSS 6.1
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling functionality, affecting Affinity version 3.0.1.3808 and potentially other versions. An attacker can craft a malicious EMF file that, when opened by a user in Affinity, triggers an out-of-bounds memory read, potentially disclosing sensitive information from process memory such as authentication tokens, cryptographic keys, or other confidential data. The vulnerability requires user interaction (opening a file) and local access, making it a moderate-priority issue with a CVSS base score of 6.1, though the high confidentiality impact warrants prompt patching.

Information Disclosure Buffer Overflow Affinity
CVE-2025-15584 MEDIUM CVSS 6.8
Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on Windows systems.

Buffer Overflow Microsoft Endpoint Dlp Module For Netskope Client Windows
CVE-2025-14806 MEDIUM CVSS 5.7
IBM Planning Analytics Local versions 2.1.0 through 2.1.17 contain a cache poisoning vulnerability (CWE-524) where attackers can manipulate the caching mechanism to store and serve sensitive, user-specific responses as publicly cacheable resources, resulting in information disclosure to unauthorized users. The vulnerability requires low attack complexity and user interaction but only affects confidentiality with a CVSS score of 5.7. A patch is available from the vendor, and this represents a moderate-priority issue requiring prompt remediation in production environments handling sensitive analytical data.

Information Disclosure IBM Planning Analytics Local
CVE-2025-13406 MEDIUM CVSS 6.8
NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.This issue affects smartLink SW-HT: 1.43.

Denial Of Service Null Pointer Dereference
CVE-2026-32946 LOW CVSS 2.7
A remote code execution vulnerability in A vulnerability exists in the Community Tier of Harden-Runner that (CVSS 2.7). Remediation should follow standard vulnerability management procedures.

RCE
CVE-2026-32943 LOW CVSS 2.3
The password reset mechanism in Parse Server fails to enforce single-use guarantees on reset tokens, allowing attackers to exploit a race condition during concurrent password reset requests. An attacker who intercepts a password reset token can submit a password change request that races against the legitimate user's own reset attempt, potentially causing the attacker's new password to take effect while the user believes their own password was successfully changed. All Parse Server deployments using the password reset feature are affected, with patched versions available from the vendor (Parse Server versions 8.6.48 and later, and 9.6.0-alpha.28 and later).

Information Disclosure
CVE-2026-32766 LOW
CVE-2026-32766 is a security vulnerability. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure
CVE-2026-32293 LOW CVSS 3.7
The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA certificates.

Information Disclosure
CVE-2026-23241 None
In the Linux kernel, the following vulnerability has been resolved: audit: add missing syscalls to read class The "at" variant of getxattr() and listxattr() are missing from the audit read class.

Linux Authentication Bypass Ubuntu Debian Linux Kernel
CVE-2026-4359 LOW CVSS 2.0
A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver.

Denial Of Service
CVE-2026-4285 LOW CVSS 2.7
A vulnerability was identified in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433.

Path Traversal Java
CVE-2026-4202 LOW CVSS 2.3
CVE-2026-4202 is a security vulnerability (CVSS 2.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
CVE-2026-3634 LOW CVSS 3.9
A security vulnerability in A flaw (CVSS 3.9). Remediation should follow standard vulnerability management procedures.

Code Injection Ubuntu Debian
CVE-2026-3633 LOW CVSS 3.9
A security vulnerability in A flaw (CVSS 3.9). Remediation should follow standard vulnerability management procedures.

Code Injection Ubuntu Debian
CVE-2026-3632 LOW CVSS 3.9
A flaw was found in libsoup, a library used by applications to send network requests.

SSRF Ubuntu Debian
CVE-2026-3237 LOW CVSS 2.3
A security vulnerability in affected (CVSS 2.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
CVE-2025-71239 None
In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2() to change attributes class fchmodat2(), introduced in version 6.6 is currently not in the change attribute class of audit.

Linux Authentication Bypass Ubuntu Debian Linux Kernel
CVE-2025-31966 LOW CVSS 2.7
HCL Sametime is vulnerable to broken server-side validation.

Authentication Bypass

Today's Vulnerabilities Vulnerabilities