Skip to main content
CVE-2026-2092 HIGH PATCH GHSA This Week

Keycloak's SAML broker endpoint contains a validation flaw that allows attackers with a valid signed SAML assertion to inject encrypted assertions for arbitrary principals when the overall SAML response is unsigned. This leads to authentication bypass and unauthorized access to protected resources. Red Hat build of Keycloak versions 26.2 and 26.4 are affected, with patches available in versions 26.2-16, 26.2.14-1, 26.4-12, and 26.4.10-1. No evidence of active exploitation (not in CISA KEV) has been reported.

Information Disclosure Authentication Bypass Red Hat Build Of Keycloak 26 2 Red Hat Build Of Keycloak 26 2 14 Red Hat Build Of Keycloak 26 4 +1
NVD VulDB GitHub
CVSS 3.1
7.7
EPSS
0.1%
CVE-2026-32692 HIGH PATCH This Week

An authorization bypass vulnerability exists in the Vault secrets back-end implementation of Canonical's Juju orchestration tool, allowing authenticated unit agents to perform unauthorized updates to secret revisions beyond their intended scope. Juju versions 3.1.6 through 3.6.18 are affected, and attackers with sufficient information can poison any existing secret revision within the Vault secret back-end scope. With a CVSS score of 7.6 (High severity) featuring network attack vector, low complexity, and high integrity impact, this represents a significant security concern for Juju deployments using Vault as their secrets back-end, though no active exploitation (KEV) status or EPSS score was provided in available data.

Hashicorp Authentication Bypass Debian Juju Suse
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-33064 HIGH PATCH This Week

A NULL pointer dereference vulnerability in free5GC v4.0.1's UDM (Unified Data Management) service allows remote attackers to crash the service via a crafted POST request to the /sdm-subscriptions endpoint containing path traversal sequences and a large JSON payload. The DataChangeNotificationProcedure function in notifier.go fails to validate pointers before dereferencing, causing complete service disruption requiring manual restart. All deployments of free5GC v4.0.1 utilizing UDM HTTP callback functionality are affected, and a patch is available via PR free5gc/udm#78.

Denial Of Service Null Pointer Dereference Path Traversal Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-22179 HIGH PATCH This Week

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the macOS node-host system.run function that permits remote attackers with high privileges to execute arbitrary commands by exploiting improper parsing of command substitution tokens. Attackers can craft malicious shell payloads using command substitution syntax within double-quoted strings to circumvent security allowlists and achieve code execution. A patch is available from the vendor, and the vulnerability has been documented by VulnCheck with public advisory and GitHub security advisory references.

Command Injection Apple macOS
NVD GitHub VulDB
CVSS 4.0
7.5
EPSS
0.1%
CVE-2026-33203 HIGH PATCH This Week

The SiYuan kernel, a Go-based note-taking application, contains an authentication bypass vulnerability in its WebSocket server that allows unauthenticated attackers to crash the kernel process through malformed JSON messages. SiYuan kernel versions exposed via Docker or network-accessible deployments are affected, with the issue stemming from unsafe type assertions on attacker-controlled input after bypassing authentication via a specific query parameter pattern. A proof-of-concept demonstrating the attack exists in the GitHub advisory, and while CVSS rates this as 7.5 High severity for availability impact, real-world exploitation risk depends heavily on network exposure beyond localhost.

Authentication Bypass Docker Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-32874 HIGH PATCH This Week

ujson versions 5.4.0 through 5.11.0 contain a memory leak in JSON parsing of large integers outside the range [-2^63, 2^64 - 1], allowing remote denial of service attacks against services processing untrusted JSON input. An attacker can craft malicious JSON payloads with oversized integers to exhaust memory and crash vulnerable applications. A patch is available.

Python Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33154 HIGH PATCH GHSA This Week

Dynaconf, a Python configuration management library, contains a Server-Side Template Injection (SSTI) vulnerability in its @jinja resolver that allows arbitrary command execution when attackers can control configuration sources such as environment variables, .env files, or CI/CD secrets. The vulnerability affects pip package dynaconf and includes a public proof-of-concept demonstrating command execution via Jinja2 template evaluation without sandboxing. The @format resolver additionally enables object graph traversal to expose sensitive runtime data including API keys and credentials.

RCE Code Injection Python Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33204 HIGH PATCH This Week

The SimpleJWT PHP library version 1.1.0 contains an algorithmic complexity denial-of-service vulnerability in its PBES2 password-based encryption implementation. An unauthenticated attacker can send a crafted JWE token with an extremely large p2c (PBKDF2 iteration count) parameter in the header, forcing the server to perform hundreds of billions of iterations during key derivation and causing CPU exhaustion. A working proof-of-concept exploit is publicly available demonstrating how a single malicious request can block PHP workers until execution timeouts are reached.

PHP Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33128 HIGH PATCH This Week

The h3 JavaScript framework for Node.js contains a Server-Sent Events (SSE) injection vulnerability in its createEventStream function due to missing newline sanitization. Applications using h3's SSE functionality (pkg:npm/h3) are vulnerable to attackers who can control any part of SSE message fields (id, event, data, or comments), allowing injection of arbitrary events to all connected clients. A proof-of-concept exploit exists demonstrating event injection, cross-user content manipulation, and denial-of-service attacks.

Code Injection
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-32875 HIGH PATCH This Week

The ujson Python library prior to version 5.12.0 contains an integer overflow/underflow vulnerability in the dumps() function that can crash the Python interpreter (segmentation fault) or cause an infinite loop, leading to denial of service. The vulnerability affects applications that allow untrusted users to control the indent parameter when serializing JSON, or that use large negative indent values with nested data structures. A proof-of-concept demonstrating both the segfault and infinite loop conditions is provided in the vulnerability disclosure, though there is no evidence of active exploitation (not in KEV).

Integer Overflow Python Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33180 HIGH PATCH This Week

A header leakage vulnerability exists in the internal HTTP client of HAPI FHIR Core library that causes sensitive headers (such as authentication tokens) to be forwarded to third-party hosts when following HTTP redirects. Multiple HAPI FHIR packages including org.hl7.fhir.utilities, org.hl7.fhir.convertors, and various FHIR version implementations (DSTU2, DSTU3, R4, R4B, R5) are affected in versions prior to 6.8.3. With a CVSS score of 9.8 (Critical), this vulnerability allows network-based attackers to capture sensitive credentials without authentication or user interaction, though no EPSS score, KEV listing, or public POC is currently documented.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33143 HIGH PATCH This Week

The OneUptime monitoring platform (specifically version 10.0.23 and likely earlier versions) contains an authentication bypass vulnerability in its WhatsApp webhook handler that fails to verify the X-Hub-Signature-256 HMAC signature required by Meta/WhatsApp. Any unauthenticated remote attacker can send forged webhook payloads to manipulate notification delivery status records, suppress critical alerts, and corrupt audit trails. A working proof-of-concept exploit has been published demonstrating successful injection of arbitrary webhook events via simple HTTP POST requests with no authentication required.

Docker Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-23242 HIGH PATCH This Week

A null pointer dereference vulnerability exists in the Linux kernel's RDMA/siw (Software iWARP) module in the TCP receive data path handler. When siw_get_hdr() returns an error before initializing the receive FPDU context, the error handling code attempts to dereference qp->rx_fpdu without null checking, potentially causing a kernel panic and denial of service. The vulnerability affects multiple Linux kernel versions across stable branches (5.10, 5.15, 6.1, 6.6, 6.12, and others) and has been patched across numerous kernel releases.

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33002 HIGH PATCH This Week

Jenkins versions 2.442 through 2.554 and LTS 2.426.3 through 2.541.2 contain an origin validation bypass vulnerability in the CLI WebSocket endpoint that allows attackers to conduct DNS rebinding attacks. The vulnerability stems from improper use of Host and X-Forwarded-Host headers to compute expected request origins, enabling attackers to bypass authentication controls and potentially execute arbitrary commands through the CLI WebSocket interface. While no CVSS score, EPSS data, or active exploitation in the wild (KEV) status has been publicly disclosed, the vulnerability affects a critical Jenkins component and was responsibly disclosed by the Jenkins security team.

Jenkins Authentication Bypass Red Hat
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-3278 HIGH This Week

OpenText ZENworks Service Desk contains an improper input neutralization vulnerability (CWE-79 Cross-Site Scripting) that allows attackers to inject and execute arbitrary JavaScript in the context of a user's browser session. Affected versions are 25.2 and 25.3. Successful exploitation enables unauthorized actions on behalf of the user, including session hijacking, credential theft, or lateral movement within the service desk application.

XSS Zenworks Service Desk
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-33131 HIGH PATCH This Week

A Host header manipulation vulnerability in the h3 Node.js web framework allows attackers to bypass authentication middleware by polluting the event.url object. The vulnerability affects h3 npm package and allows unauthorized access to protected routes by crafting malicious Host headers that trigger internal URL reconstruction logic. A working proof-of-concept exploit is publicly available demonstrating the authentication bypass.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-2991 HIGH This Week

The KiviCare Clinic & Patient Management System (EHR) plugin for WordPress contains a critical authentication bypass vulnerability allowing unauthenticated attackers to log in as any patient by simply providing their email address and an arbitrary access token value. All versions up to and including 4.1.2 are affected, exposing sensitive medical records, appointments, prescriptions, and billing information (PII/PHI). The CVSS score of 9.8 reflects the severity of unauthenticated remote exploitation with high impact to confidentiality, integrity, and availability.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2026-33080 HIGH PATCH GHSA This Week

A stored cross-site scripting (XSS) vulnerability exists in Filament Table's Range and Values summarizers, which render database values without HTML escaping. Affected products include filament_tables (Composer package), where an attacker with low privileges can inject malicious HTML or JavaScript into database columns used by these summarizers, executing arbitrary scripts when other users view the table. No KEV listing or EPSS data is available, but proof-of-concept details are documented in GitHub advisories GHSA-vv3x-j2x5-36jc.

XSS
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-28673 HIGH PATCH This Week

xiaoheiFS versions up to and including 0.3.15 contain a critical remote code execution vulnerability in the plugin upload mechanism. Administrators can upload plugin ZIP files containing arbitrary binaries which the server executes without validation based on the manifest.json 'binaries' field. This allows authenticated administrators with high privileges to achieve full system compromise by uploading malicious plugin packages.

RCE Command Injection Xiaoheifs
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-3090 HIGH This Week

A stored cross-site scripting (XSS) vulnerability exists in the Post SMTP WordPress plugin through version 3.8.0, allowing unauthenticated attackers to inject malicious scripts via the 'event_type' parameter. The vulnerability requires the Post SMTP Pro plugin with its Reporting and Tracking extension to be enabled for exploitation. With a CVSS score of 7.2 and unauthenticated network-based exploitation possible, this represents a moderate-to-high severity risk for WordPress sites using both the free and Pro versions of Post SMTP together.

WordPress XSS
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-22317 HIGH PATCH This Week

Arbitrary command execution with root privileges affects multiple Fl Switch and Fl Nat devices through improper handling of HTTP POST requests in the Root CA certificate transfer workflow. An authenticated high-privileged attacker can exploit this command injection flaw to execute arbitrary commands on the underlying Linux operating system. No patch is currently available for the affected product versions.

Command Injection Fl Switch 2316 Pn Fl Switch 2005 Fl Switch Tsn 2316 Fl Switch 2206 2fx Sm +67
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-28674 HIGH PATCH This Week

xiaoheiFS, a self-hosted financial and operational system for cloud service businesses, contains a critical authenticated remote code execution vulnerability in versions up to 0.3.15. An attacker who knows the hardcoded password 'qweasd123456' can upload arbitrary executable files through the AdminPaymentPluginUpload endpoint, which are then automatically executed by a background watcher service every 5 seconds. While EPSS data is not provided, the combination of hardcoded credentials (CWE-434, Authentication Bypass tag) and automatic execution significantly elevates real-world risk despite requiring high privileges (PR:H) in the CVSS vector.

File Upload Xiaoheifs
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-31971 HIGH PATCH This Week

HTSlib, a widely-used bioinformatics library for reading and writing sequence alignment formats, contains a critical buffer overflow vulnerability in its CRAM format decoder. The vulnerability exists in the `cram_byte_array_len_decode()` function which fails to validate that unpacked data matches the output buffer size, affecting HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1. An attacker can craft a malicious CRAM file that, when opened by a user, triggers either a heap or stack overflow with attacker-controlled bytes, potentially leading to arbitrary code execution, program crash, or memory corruption.

Buffer Overflow Stack Overflow Heap Overflow Denial Of Service RCE +3
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-22322 HIGH PATCH This Week

A cross-site scripting vulnerability (CVSS 7.1) that allows an unauthenticated remote attacker. High severity vulnerability requiring prompt remediation.

XSS Fl Switch 2005 Fl Switch 2008 Fl Switch 2016 Fl Switch 2105 +73
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-31969 HIGH PATCH This Week

HTSlib versions prior to 1.21.1, 1.22.2, and 1.23.1 contain an out-by-one error in the CRAM decoder's `cram_byte_array_stop_decode_char()` function that allows a single attacker-controlled byte to be written beyond the end of a heap allocation. This heap buffer overflow (CWE-122) affects bioinformatics applications using HTSlib to process CRAM-formatted DNA sequence alignment files, and could enable arbitrary code execution if exploited. No public exploit code or KEV status is currently documented, but patch availability exists for multiple stable release branches.

Buffer Overflow Heap Overflow Denial Of Service RCE Debian +1
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-22175 HIGH PATCH This Week

OpenClaw contains an execution approval bypass vulnerability in allowlist mode that allows authenticated attackers to circumvent allow-always grants through unrecognized multiplexer shell wrappers like busybox and toybox. Attackers with low-level privileges can invoke arbitrary payloads under these multiplexer wrappers to satisfy stored allowlist rules while executing unintended commands. This affects all OpenClaw versions prior to 2026.2.23, with a patch now available from the vendor.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-31970 HIGH PATCH This Week

HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1 contain a heap buffer overflow vulnerability in the GZI index loading function `bgzf_index_load_hfile()`. An integer overflow during buffer allocation allows attackers to craft malicious `.gzi` files that trigger heap memory corruption, potentially leading to denial of service, data corruption, or remote code execution when a user opens the compromised file. No evidence of active exploitation in the wild has been reported, but the vulnerability is demonstrable and patch availability is confirmed.

Buffer Overflow Heap Overflow Integer Overflow Denial Of Service RCE +2
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-32937 HIGH PATCH This Week

Out-of-bounds slice access in the Free5GC CHF nchf-convergedcharging service allows authenticated attackers to trigger server-side panics via malformed PUT requests to the recharge endpoint, causing denial of service and log flooding. An attacker with valid authentication credentials can repeatedly exploit this vulnerability to degrade recharge functionality and disrupt service availability. A patch is available to remediate this high-severity vulnerability.

Buffer Overflow Suse
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-22169 HIGH PATCH This Week

OpenClaw versions before 2026.2.22 allow local attackers with high privileges to execute arbitrary commands through a safeBins allowlist bypass in the compress-program option, enabling unauthorized external program execution despite security constraints. The vulnerability exploits improper validation of the sort tool configuration to circumvent intended access controls. A patch is available to remediate this command injection flaw.

Command Injection Openclaw
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-22323 HIGH PATCH This Week

A CSRF vulnerability in A CSRF vulnerability in the Link Aggregation configuration interface (CVSS 7.1) that allows an unauthenticated remote attacker. High severity vulnerability requiring prompt remediation.

CSRF Fl Switch 2005 Fl Switch 2008 Fl Switch 2016 Fl Switch 2105 +73
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-33125 HIGH PATCH This Week

Frigate video surveillance software contains an authentication bypass vulnerability allowing users with viewer role privileges to delete administrator and other user accounts via an unrestricted API endpoint. The vulnerability affects the Frigate Python package (pkg:pip/frigate) and has been confirmed with a proof-of-concept demonstration successfully deleting the admin user on the demo.frigate.video instance. This leads to denial of service and compromises data integrity by allowing unauthorized account deletions.

Authentication Bypass Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-23269 HIGH PATCH This Week

Out-of-bounds read in Linux kernel's AppArmor subsystem allows local authenticated attackers to disclose kernel memory and potentially crash the system via maliciously crafted security policies. Affects Linux kernels from 3.4 onwards with patches released for stable branches 6.12.77, 6.18.18, 6.19.8, and 7.0-rc4. No active exploitation confirmed (not in CISA KEV), EPSS probability low at 0.02%, but Ubuntu rates priority as medium with patches deployed across 729 releases. Requires local access with low privileges (PR:L) and ability to load AppArmor policies.

Linux Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-23244 HIGH PATCH This Week

A memory allocation vulnerability exists in the Linux kernel's NVMe Persistent Reservation implementation where the nvme_pr_read_keys() function fails to properly handle large num_keys values passed from userspace, resulting in excessive memory allocation attempts up to 4MB that trigger page allocator warnings and potential denial of service. This affects Linux kernel versions across multiple stable branches (6.5, 6.12.77, 6.18.17, 6.19.7, and 7.0-rc3) and requires local access with ioctl privileges to trigger. The vulnerability is addressed through replacement of kzalloc() with kvzalloc() to support larger allocations via vmalloc fallback, and patches are available across multiple kernel stable branches.

Linux Information Disclosure Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-55045 HIGH This Week

A Cross-Site Request Forgery (CSRF) vulnerability exists in MuraCMS through version 10.1.10 affecting the cUsers.updateAddress function, which lacks proper CSRF token validation. Attackers can exploit this by crafting malicious webpages that, when visited by an authenticated administrator, automatically submit hidden forms to add, modify, or delete user address records without the administrator's knowledge or consent. Successful exploitation enables unauthorized manipulation of user address data, potentially redirecting sensitive communications to attacker-controlled addresses, compromising user privacy, and disrupting legitimate business operations through injection of malicious contact information.

CSRF
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy