Skip to main content
CVE-2026-32763 HIGH PATCH This Week

Kysely through version 0.28.11 contains a SQL injection vulnerability in JSON path compilation affecting MySQL and SQLite dialects. The visitJSONPathLeg() function appends user-controlled values from .key() and .at() methods directly into single-quoted JSON path string literals without escaping single quotes, enabling attackers to break out of the string context and inject arbitrary SQL. A working proof-of-concept demonstrates UNION-based data exfiltration from SQLite databases. The vulnerability has CVSS score 8.2 and patches are available from the vendor.

SQLi PostgreSQL
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-22171 HIGH PATCH This Week

OpenClaw contains a path traversal vulnerability in the Feishu media download functionality where untrusted media key values are directly interpolated into temporary file paths without sanitization. OpenClaw versions prior to 2026.2.19 are affected, allowing remote unauthenticated attackers to write arbitrary files within the process permissions by using directory traversal sequences in media keys. No public evidence of active exploitation (KEV) or public proof-of-concept exists at this time, though the high CVSS score of 8.2 reflects the network-accessible attack vector and lack of authentication requirements.

Path Traversal Openclaw
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-32811 HIGH PATCH This Week

Heimdall, an authorization decision API for Envoy proxy, contains a path traversal bypass vulnerability when used in gRPC decision API mode. Attackers can bypass non-wildcard path expression rules by appending query parameters to URLs, which causes incorrect URL encoding that prevents rule matching. A proof-of-concept is publicly available demonstrating the bypass, though exploitation requires heimdall to be configured with an insecure 'allow all' default rule (which is blocked by secure defaults since v0.16.0 unless explicitly disabled).

Docker Authentication Bypass Suse
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-33163 HIGH PATCH This Week

Parse Server's LiveQuery component leaks protected fields and OAuth authentication data to unauthorized subscribers when an afterLiveQueryEvent trigger is registered for a class. The vulnerability affects Parse Server installations using LiveQuery with afterEvent triggers, allowing any user with basic subscription permissions to access sensitive personal information and third-party OAuth tokens belonging to other users. Patches are available from the vendor with workarounds documented.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-24063 HIGH This Week

Arturia Software Center on macOS installs plugin uninstall scripts with world-writable permissions (777) in root-owned directories, allowing local attackers to modify these scripts and achieve privilege escalation when the Privileged Helper executes them during plugin removal. This vulnerability affects any macOS user with the Arturia Software Center installed and requires local access and user interaction to exploit. No patch is currently available.

Privilege Escalation Apple
NVD VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-2603 HIGH PATCH GHSA This Week

Keycloak contains an authentication bypass vulnerability in its SAML broker functionality that allows remote attackers with low-level privileges to complete IdP-initiated broker logins even when the SAML Identity Provider has been administratively disabled. Red Hat Build of Keycloak versions 26.2 and 26.4 are affected, with patches available in versions 26.2-16, 26.2.14-1, 26.4-12, and 26.4.10-1. The CVSS score of 8.1 reflects high confidentiality and integrity impact, though no evidence of active exploitation (KEV) or public proof-of-concept has been reported at this time.

Authentication Bypass Red Hat Build Of Keycloak 26 2 Red Hat Build Of Keycloak 26 2 14 Red Hat Build Of Keycloak 26 4 Red Hat Build Of Keycloak 26 4 10
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-32730 HIGH PATCH This Week

A MongoDB query logic error in ApostropheCMS versions 3.0.0 through 4.27.1 allows complete bypass of multi-factor authentication (MFA/TOTP) protections. An attacker with knowledge of a victim's password can use an incomplete bearer token (returned after password verification but before MFA completion) to gain fully authenticated API access without providing TOTP codes. A proof-of-concept demonstration is included in the vulnerability report, and while no public KEV listing exists, the technical details and working POC make this immediately exploitable.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-33142 HIGH PATCH This Week

SQL injection in PostgreSQL StatementGenerator allows authenticated attackers to execute arbitrary SQL commands through unsanitized object keys in sort, select, and groupBy parameters on analytics endpoints. The vulnerability exists because column name validation was incompletely applied during a previous fix, leaving three query construction methods vulnerable to direct identifier injection. An attacker with valid credentials can exploit this to access or manipulate database contents without requiring user interaction.

PostgreSQL SQLi
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-55046 HIGH This Week

MuraCMS versions through 10.1.10 contain a Cross-Site Request Forgery (CSRF) vulnerability in the cTrash.empty function that lacks proper token validation, allowing attackers to permanently delete all content in the trash system. An authenticated administrator visiting a malicious webpage can be tricked into permanently destroying all deleted content without their knowledge or consent, resulting in catastrophic, irreversible data loss. While no CVSS score or EPSS data is currently available, the vulnerability's attack vector is network-based with low complexity, affecting any authenticated administrator, and the technical impact of complete data destruction in the trash system constitutes a critical business continuity threat.

CSRF
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-4396 HIGH This Week

Devolutions Hub Reporting Service versions 2025.3.1.1 and earlier contain improper certificate validation that disables TLS certificate verification, enabling network attackers to intercept and manipulate encrypted communications. An unauthenticated attacker on the network can conduct man-in-the-middle (MITM) attacks to eavesdrop on sensitive data exchanges or inject malicious content. While no CVSS score or EPSS probability is currently available, the vulnerability's classification under CWE-295 (Improper Certificate Validation) indicates a cryptographic bypass with potentially severe information disclosure implications.

Information Disclosure Hub Reporting Service
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-41258 HIGH This Week

A critical authentication bypass vulnerability exists in LibreChat version 0.8.1-rc2 where the same JWT secret is reused for both user session management and the RAG (Retrieval-Augmented Generation) API authentication. This design flaw allows authenticated users to compromise service-level authentication of the RAG API by leveraging their session tokens to access or manipulate the RAG service beyond intended privileges. No active exploitation (KEV) has been reported, but a detailed security advisory with technical analysis is publicly available from SBA Research.

Authentication Bypass Librechat
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-55041 HIGH This Week

MuraCMS through version 10.1.10 contains a Cross-Site Request Forgery (CSRF) vulnerability in the user management Add To Group functionality that allows attackers to escalate privileges by adding authenticated users to arbitrary groups without proper authorization validation. An authenticated administrator visiting a malicious webpage can be tricked into adding any user to the Admin group or other privileged groups, though escalation to the Super Admin (s2) group is blocked. This vulnerability enables both horizontal privilege escalation across different user groups and vertical privilege escalation to administrative roles, posing a significant risk to multi-user MuraCMS installations where administrator accounts are targeted.

Privilege Escalation CSRF
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-33139 HIGH PATCH This Week

PySpector versions 0.1.6 and earlier contain a security validation bypass in the plugin system that allows arbitrary code execution. The validate_plugin_code() function fails to detect dangerous API calls when invoked indirectly via getattr(), allowing malicious plugins to execute system commands. A public proof-of-concept exploit exists demonstrating the bypass, and while exploitation requires user interaction (installing and trusting a malicious plugin), successful exploitation grants full system access including filesystem manipulation, credential theft, and persistence mechanisms.

Information Disclosure RCE
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23243 HIGH PATCH This Week

A negative integer underflow vulnerability exists in the Linux kernel's RDMA/umad subsystem where the ib_umad_write function fails to validate user-controlled data_len calculations, allowing a mismatch between user MAD header size and RMPP header length to produce negative values. This negative data_len can propagate to ib_create_send_mad() and trigger an out-of-bounds memset in alloc_send_rmpp_list(), causing kernel memory corruption and denial of service. The vulnerability affects Linux kernel versions from 2.6.24 through multiple stable branches (5.10, 5.15, 6.1, 6.6, 6.12, 6.18, 6.19) and requires local access to RDMA user-mode interface to exploit, with patches available across multiple stable kernel versions as referenced in the git commits.

Linux Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23270 HIGH PATCH This Week

Use-after-free in Linux kernel traffic control (net/sched) occurs when act_ct action returns TC_ACT_CONSUMED while a packet is held by the defragmentation engine, allowing local authenticated attackers with low privileges to achieve code execution, denial of service, or information disclosure. Affects Linux kernel 6.8 through 6.12.x and 6.18.x series. Vendor patches available across multiple stable branches (commits 524ce8b4, 380ad8b7, 9deda0fc, 11cb63b0). EPSS score of 0.02% (4th percentile) indicates very low observed exploitation likelihood despite 7.8 CVSS rating. No active exploitation confirmed; not listed in CISA KEV.

Linux Information Disclosure Red Hat Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23253 HIGH PATCH This Week

Linux kernel DVB digital video recorder driver allows local authenticated users to trigger use-after-free conditions via stale waitqueue entries, potentially achieving privilege escalation to root or causing kernel crashes. The vulnerability stems from improper waitqueue reinitialization when reopening DVR devices, orphaning existing epoll/io_uring poll entries. Affects Linux kernel versions from 2.6.17 through 6.19.6, with patches available in 6.12.77, 6.18.17, 6.19.7, and 7.0-rc2. EPSS score of 0.02% (4th percentile) indicates low observed exploitation activity, though CVSS 7.8 reflects high impact if local access is obtained.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23248 HIGH PATCH This Week

A race condition in the Linux kernel's perf_mmap() function creates a use-after-free vulnerability when concurrent threads attempt to access a ring buffer during failed memory mapping operations. The vulnerability affects Linux kernel versions across 6.18.17, 6.19.7, and 7.0-rc2, allowing a local attacker with standard user privileges to trigger refcount saturation warnings and potential kernel crashes via denial of service. This issue was discovered by Syzkaller fuzzing and has patches available across multiple stable kernel branches.

Linux Information Disclosure Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23245 HIGH PATCH This Week

Race condition in Linux kernel's Traffic Control act_gate scheduler allows local authenticated users to trigger memory corruption and potentially execute arbitrary code or cause denial of service. Affects Linux kernel 5.8+ through 6.19.x and 7.0-rc3. Vulnerability arises when concurrent gate action replacement occurs during hrtimer callback or dump operations, creating a use-after-free scenario. No active exploitation confirmed (EPSS 0.02%, not in CISA KEV). Vendor patches available across multiple stable branches including 6.18.18, 6.19.8, and 7.0-rc3.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23268 HIGH PATCH This Week

Local privilege escalation in Linux kernel AppArmor allows low-privilege users to manipulate security policy via confused deputy attack. Attackers pass file descriptors for apparmorfs interfaces to privileged processes, enabling full policy management capabilities including disabling confinement and bypassing user namespace restrictions. Publicly available exploit code exists. EPSS score 0.01% suggests low widespread exploitation probability. Patches released for kernel 6.12.77, 6.18.18, 6.19.8, and 7.0-rc4 with multiple distribution advisories available.

Privilege Escalation Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24062 HIGH This Week

The Arturia Software Center on macOS contains insufficient code signature validation in its Privileged Helper component, allowing unauthenticated clients to connect and execute privileged actions without proper authorization. This vulnerability affects all versions of Arturia Software Center and enables local privilege escalation attacks where an unprivileged user can escalate to root or system-level privileges. While no CVSS score or EPSS data is publicly available, the authentication bypass nature and privilege escalation impact classify this as a high-severity issue; no KEV listing or public proof-of-concept has been confirmed at this time.

Privilege Escalation Apple Authentication Bypass
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-2092 HIGH PATCH GHSA This Week

Keycloak's SAML broker endpoint contains a validation flaw that allows attackers with a valid signed SAML assertion to inject encrypted assertions for arbitrary principals when the overall SAML response is unsigned. This leads to authentication bypass and unauthorized access to protected resources. Red Hat build of Keycloak versions 26.2 and 26.4 are affected, with patches available in versions 26.2-16, 26.2.14-1, 26.4-12, and 26.4.10-1. No evidence of active exploitation (not in CISA KEV) has been reported.

Information Disclosure Authentication Bypass Red Hat Build Of Keycloak 26 2 Red Hat Build Of Keycloak 26 2 14 Red Hat Build Of Keycloak 26 4 +1
NVD VulDB GitHub
CVSS 3.1
7.7
EPSS
0.1%
CVE-2026-32692 HIGH PATCH This Week

An authorization bypass vulnerability exists in the Vault secrets back-end implementation of Canonical's Juju orchestration tool, allowing authenticated unit agents to perform unauthorized updates to secret revisions beyond their intended scope. Juju versions 3.1.6 through 3.6.18 are affected, and attackers with sufficient information can poison any existing secret revision within the Vault secret back-end scope. With a CVSS score of 7.6 (High severity) featuring network attack vector, low complexity, and high integrity impact, this represents a significant security concern for Juju deployments using Vault as their secrets back-end, though no active exploitation (KEV) status or EPSS score was provided in available data.

Hashicorp Authentication Bypass Debian Juju Suse
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-33064 HIGH PATCH This Week

A NULL pointer dereference vulnerability in free5GC v4.0.1's UDM (Unified Data Management) service allows remote attackers to crash the service via a crafted POST request to the /sdm-subscriptions endpoint containing path traversal sequences and a large JSON payload. The DataChangeNotificationProcedure function in notifier.go fails to validate pointers before dereferencing, causing complete service disruption requiring manual restart. All deployments of free5GC v4.0.1 utilizing UDM HTTP callback functionality are affected, and a patch is available via PR free5gc/udm#78.

Denial Of Service Null Pointer Dereference Path Traversal Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-22179 HIGH PATCH This Week

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the macOS node-host system.run function that permits remote attackers with high privileges to execute arbitrary commands by exploiting improper parsing of command substitution tokens. Attackers can craft malicious shell payloads using command substitution syntax within double-quoted strings to circumvent security allowlists and achieve code execution. A patch is available from the vendor, and the vulnerability has been documented by VulnCheck with public advisory and GitHub security advisory references.

Command Injection Apple macOS
NVD GitHub VulDB
CVSS 4.0
7.5
EPSS
0.1%
CVE-2026-33203 HIGH PATCH This Week

The SiYuan kernel, a Go-based note-taking application, contains an authentication bypass vulnerability in its WebSocket server that allows unauthenticated attackers to crash the kernel process through malformed JSON messages. SiYuan kernel versions exposed via Docker or network-accessible deployments are affected, with the issue stemming from unsafe type assertions on attacker-controlled input after bypassing authentication via a specific query parameter pattern. A proof-of-concept demonstrating the attack exists in the GitHub advisory, and while CVSS rates this as 7.5 High severity for availability impact, real-world exploitation risk depends heavily on network exposure beyond localhost.

Authentication Bypass Docker Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-32874 HIGH PATCH This Week

ujson versions 5.4.0 through 5.11.0 contain a memory leak in JSON parsing of large integers outside the range [-2^63, 2^64 - 1], allowing remote denial of service attacks against services processing untrusted JSON input. An attacker can craft malicious JSON payloads with oversized integers to exhaust memory and crash vulnerable applications. A patch is available.

Python Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33154 HIGH PATCH GHSA This Week

Dynaconf, a Python configuration management library, contains a Server-Side Template Injection (SSTI) vulnerability in its @jinja resolver that allows arbitrary command execution when attackers can control configuration sources such as environment variables, .env files, or CI/CD secrets. The vulnerability affects pip package dynaconf and includes a public proof-of-concept demonstrating command execution via Jinja2 template evaluation without sandboxing. The @format resolver additionally enables object graph traversal to expose sensitive runtime data including API keys and credentials.

RCE Code Injection Python Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33204 HIGH PATCH This Week

The SimpleJWT PHP library version 1.1.0 contains an algorithmic complexity denial-of-service vulnerability in its PBES2 password-based encryption implementation. An unauthenticated attacker can send a crafted JWE token with an extremely large p2c (PBKDF2 iteration count) parameter in the header, forcing the server to perform hundreds of billions of iterations during key derivation and causing CPU exhaustion. A working proof-of-concept exploit is publicly available demonstrating how a single malicious request can block PHP workers until execution timeouts are reached.

PHP Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33128 HIGH PATCH This Week

The h3 JavaScript framework for Node.js contains a Server-Sent Events (SSE) injection vulnerability in its createEventStream function due to missing newline sanitization. Applications using h3's SSE functionality (pkg:npm/h3) are vulnerable to attackers who can control any part of SSE message fields (id, event, data, or comments), allowing injection of arbitrary events to all connected clients. A proof-of-concept exploit exists demonstrating event injection, cross-user content manipulation, and denial-of-service attacks.

Code Injection
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-32875 HIGH PATCH This Week

The ujson Python library prior to version 5.12.0 contains an integer overflow/underflow vulnerability in the dumps() function that can crash the Python interpreter (segmentation fault) or cause an infinite loop, leading to denial of service. The vulnerability affects applications that allow untrusted users to control the indent parameter when serializing JSON, or that use large negative indent values with nested data structures. A proof-of-concept demonstrating both the segfault and infinite loop conditions is provided in the vulnerability disclosure, though there is no evidence of active exploitation (not in KEV).

Integer Overflow Python Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33180 HIGH PATCH This Week

A header leakage vulnerability exists in the internal HTTP client of HAPI FHIR Core library that causes sensitive headers (such as authentication tokens) to be forwarded to third-party hosts when following HTTP redirects. Multiple HAPI FHIR packages including org.hl7.fhir.utilities, org.hl7.fhir.convertors, and various FHIR version implementations (DSTU2, DSTU3, R4, R4B, R5) are affected in versions prior to 6.8.3. With a CVSS score of 9.8 (Critical), this vulnerability allows network-based attackers to capture sensitive credentials without authentication or user interaction, though no EPSS score, KEV listing, or public POC is currently documented.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33143 HIGH PATCH This Week

The OneUptime monitoring platform (specifically version 10.0.23 and likely earlier versions) contains an authentication bypass vulnerability in its WhatsApp webhook handler that fails to verify the X-Hub-Signature-256 HMAC signature required by Meta/WhatsApp. Any unauthenticated remote attacker can send forged webhook payloads to manipulate notification delivery status records, suppress critical alerts, and corrupt audit trails. A working proof-of-concept exploit has been published demonstrating successful injection of arbitrary webhook events via simple HTTP POST requests with no authentication required.

Docker Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-23242 HIGH PATCH This Week

A null pointer dereference vulnerability exists in the Linux kernel's RDMA/siw (Software iWARP) module in the TCP receive data path handler. When siw_get_hdr() returns an error before initializing the receive FPDU context, the error handling code attempts to dereference qp->rx_fpdu without null checking, potentially causing a kernel panic and denial of service. The vulnerability affects multiple Linux kernel versions across stable branches (5.10, 5.15, 6.1, 6.6, 6.12, and others) and has been patched across numerous kernel releases.

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33002 HIGH PATCH This Week

Jenkins versions 2.442 through 2.554 and LTS 2.426.3 through 2.541.2 contain an origin validation bypass vulnerability in the CLI WebSocket endpoint that allows attackers to conduct DNS rebinding attacks. The vulnerability stems from improper use of Host and X-Forwarded-Host headers to compute expected request origins, enabling attackers to bypass authentication controls and potentially execute arbitrary commands through the CLI WebSocket interface. While no CVSS score, EPSS data, or active exploitation in the wild (KEV) status has been publicly disclosed, the vulnerability affects a critical Jenkins component and was responsibly disclosed by the Jenkins security team.

Jenkins Authentication Bypass Red Hat
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-3278 HIGH This Week

OpenText ZENworks Service Desk contains an improper input neutralization vulnerability (CWE-79 Cross-Site Scripting) that allows attackers to inject and execute arbitrary JavaScript in the context of a user's browser session. Affected versions are 25.2 and 25.3. Successful exploitation enables unauthorized actions on behalf of the user, including session hijacking, credential theft, or lateral movement within the service desk application.

XSS Zenworks Service Desk
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-33131 HIGH PATCH This Week

A Host header manipulation vulnerability in the h3 Node.js web framework allows attackers to bypass authentication middleware by polluting the event.url object. The vulnerability affects h3 npm package and allows unauthorized access to protected routes by crafting malicious Host headers that trigger internal URL reconstruction logic. A working proof-of-concept exploit is publicly available demonstrating the authentication bypass.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-2991 HIGH This Week

The KiviCare Clinic & Patient Management System (EHR) plugin for WordPress contains a critical authentication bypass vulnerability allowing unauthenticated attackers to log in as any patient by simply providing their email address and an arbitrary access token value. All versions up to and including 4.1.2 are affected, exposing sensitive medical records, appointments, prescriptions, and billing information (PII/PHI). The CVSS score of 9.8 reflects the severity of unauthenticated remote exploitation with high impact to confidentiality, integrity, and availability.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2026-33080 HIGH PATCH GHSA This Week

A stored cross-site scripting (XSS) vulnerability exists in Filament Table's Range and Values summarizers, which render database values without HTML escaping. Affected products include filament_tables (Composer package), where an attacker with low privileges can inject malicious HTML or JavaScript into database columns used by these summarizers, executing arbitrary scripts when other users view the table. No KEV listing or EPSS data is available, but proof-of-concept details are documented in GitHub advisories GHSA-vv3x-j2x5-36jc.

XSS
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-28673 HIGH PATCH This Week

xiaoheiFS versions up to and including 0.3.15 contain a critical remote code execution vulnerability in the plugin upload mechanism. Administrators can upload plugin ZIP files containing arbitrary binaries which the server executes without validation based on the manifest.json 'binaries' field. This allows authenticated administrators with high privileges to achieve full system compromise by uploading malicious plugin packages.

RCE Command Injection Xiaoheifs
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-3090 HIGH This Week

A stored cross-site scripting (XSS) vulnerability exists in the Post SMTP WordPress plugin through version 3.8.0, allowing unauthenticated attackers to inject malicious scripts via the 'event_type' parameter. The vulnerability requires the Post SMTP Pro plugin with its Reporting and Tracking extension to be enabled for exploitation. With a CVSS score of 7.2 and unauthenticated network-based exploitation possible, this represents a moderate-to-high severity risk for WordPress sites using both the free and Pro versions of Post SMTP together.

WordPress XSS
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-22317 HIGH PATCH This Week

Arbitrary command execution with root privileges affects multiple Fl Switch and Fl Nat devices through improper handling of HTTP POST requests in the Root CA certificate transfer workflow. An authenticated high-privileged attacker can exploit this command injection flaw to execute arbitrary commands on the underlying Linux operating system. No patch is currently available for the affected product versions.

Command Injection Fl Switch 2316 Pn Fl Switch 2005 Fl Switch Tsn 2316 Fl Switch 2206 2fx Sm +67
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-28674 HIGH PATCH This Week

xiaoheiFS, a self-hosted financial and operational system for cloud service businesses, contains a critical authenticated remote code execution vulnerability in versions up to 0.3.15. An attacker who knows the hardcoded password 'qweasd123456' can upload arbitrary executable files through the AdminPaymentPluginUpload endpoint, which are then automatically executed by a background watcher service every 5 seconds. While EPSS data is not provided, the combination of hardcoded credentials (CWE-434, Authentication Bypass tag) and automatic execution significantly elevates real-world risk despite requiring high privileges (PR:H) in the CVSS vector.

File Upload Xiaoheifs
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-31971 HIGH PATCH This Week

HTSlib, a widely-used bioinformatics library for reading and writing sequence alignment formats, contains a critical buffer overflow vulnerability in its CRAM format decoder. The vulnerability exists in the `cram_byte_array_len_decode()` function which fails to validate that unpacked data matches the output buffer size, affecting HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1. An attacker can craft a malicious CRAM file that, when opened by a user, triggers either a heap or stack overflow with attacker-controlled bytes, potentially leading to arbitrary code execution, program crash, or memory corruption.

Buffer Overflow Stack Overflow Heap Overflow Denial Of Service RCE +3
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-22322 HIGH PATCH This Week

A cross-site scripting vulnerability (CVSS 7.1) that allows an unauthenticated remote attacker. High severity vulnerability requiring prompt remediation.

XSS Fl Switch 2005 Fl Switch 2008 Fl Switch 2016 Fl Switch 2105 +73
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-31969 HIGH PATCH This Week

HTSlib versions prior to 1.21.1, 1.22.2, and 1.23.1 contain an out-by-one error in the CRAM decoder's `cram_byte_array_stop_decode_char()` function that allows a single attacker-controlled byte to be written beyond the end of a heap allocation. This heap buffer overflow (CWE-122) affects bioinformatics applications using HTSlib to process CRAM-formatted DNA sequence alignment files, and could enable arbitrary code execution if exploited. No public exploit code or KEV status is currently documented, but patch availability exists for multiple stable release branches.

Buffer Overflow Heap Overflow Denial Of Service RCE Debian +1
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-22175 HIGH PATCH This Week

OpenClaw contains an execution approval bypass vulnerability in allowlist mode that allows authenticated attackers to circumvent allow-always grants through unrecognized multiplexer shell wrappers like busybox and toybox. Attackers with low-level privileges can invoke arbitrary payloads under these multiplexer wrappers to satisfy stored allowlist rules while executing unintended commands. This affects all OpenClaw versions prior to 2026.2.23, with a patch now available from the vendor.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-31970 HIGH PATCH This Week

HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1 contain a heap buffer overflow vulnerability in the GZI index loading function `bgzf_index_load_hfile()`. An integer overflow during buffer allocation allows attackers to craft malicious `.gzi` files that trigger heap memory corruption, potentially leading to denial of service, data corruption, or remote code execution when a user opens the compromised file. No evidence of active exploitation in the wild has been reported, but the vulnerability is demonstrable and patch availability is confirmed.

Buffer Overflow Heap Overflow Integer Overflow Denial Of Service RCE +2
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-32937 HIGH PATCH This Week

Out-of-bounds slice access in the Free5GC CHF nchf-convergedcharging service allows authenticated attackers to trigger server-side panics via malformed PUT requests to the recharge endpoint, causing denial of service and log flooding. An attacker with valid authentication credentials can repeatedly exploit this vulnerability to degrade recharge functionality and disrupt service availability. A patch is available to remediate this high-severity vulnerability.

Buffer Overflow Suse
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-22169 HIGH PATCH This Week

OpenClaw versions before 2026.2.22 allow local attackers with high privileges to execute arbitrary commands through a safeBins allowlist bypass in the compress-program option, enabling unauthorized external program execution despite security constraints. The vulnerability exploits improper validation of the sort tool configuration to circumvent intended access controls. A patch is available to remediate this command injection flaw.

Command Injection Openclaw
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-22323 HIGH PATCH This Week

A CSRF vulnerability in A CSRF vulnerability in the Link Aggregation configuration interface (CVSS 7.1) that allows an unauthenticated remote attacker. High severity vulnerability requiring prompt remediation.

CSRF Fl Switch 2005 Fl Switch 2008 Fl Switch 2016 Fl Switch 2105 +73
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy