Skip to main content
CVE-2026-26740 HIGH POC PATCH This Week

Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when processing Graphic Control Extension blocks, enabling remote attackers to trigger denial of service conditions. Public exploit code exists for this vulnerability, though no patch is currently available. The flaw affects any application using the vulnerable giflib version to process GIF files from untrusted sources.

Buffer Overflow Denial Of Service Memory Corruption N A
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-30345 HIGH POC This Week

A zip slip vulnerability exists in CTFd v3.8.1-18-gdb5a18c4's Admin import functionality, allowing attackers to write arbitrary files outside intended directories by supplying a crafted import file. This path traversal vulnerability affects the CTFd Capture-The-Flag platform and can lead to information disclosure and potential remote code execution depending on file placement. A proof-of-concept exploit has been published on GitHub (syphonetic/CVE-2026-30345), and patch information is available in the CTFd v3.8.2 release blog post.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27135 HIGH POC PATCH This Week

nghttp2 before version 1.68.1 fails to properly validate internal state when session termination APIs are invoked, allowing an attacker to send a malformed frame that triggers an assertion failure and crashes the application. This denial of service vulnerability affects applications using the nghttp2 HTTP/2 library and can be triggered remotely without authentication or user interaction. No patch is currently available to remediate this issue.

Denial Of Service Nghttp2
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27811 HIGH This Week

Roxy-WI versions prior to 8.2.6.3 contain a command injection vulnerability in the configuration comparison endpoint that allows authenticated users to execute arbitrary system commands on the host server. The flaw stems from unsanitized user input being directly embedded into template strings executed by the application. An attacker with valid credentials can exploit this to achieve full system compromise with high impact on confidentiality, integrity, and availability.

Command Injection Apache Nginx
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-33063 HIGH PATCH This Week

The free5GC AUSF authentication service is vulnerable to denial of service through an improper null check in the GetSupiFromSuciSupiMap function, which crashes when processing crafted UE authentication requests that trigger unsafe interface conversion. Remote attackers can exploit this vulnerability to completely disable the AUSF service by sending a specially crafted authentication request containing a nil SuciSupiMap value. A patch is available for affected free5GC v4.0.1 deployments.

Denial Of Service Null Pointer Dereference Suse
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2026-1463 HIGH This Week

The NextGEN Gallery plugin for WordPress contains a Local File Inclusion vulnerability in the 'template' parameter of gallery shortcodes, affecting all versions up to and including 4.0.3. Authenticated attackers with Author-level privileges or higher can include and execute arbitrary PHP files on the server, potentially leading to remote code execution, data theft, or complete site compromise. This is a confirmed vulnerability reported by Wordfence with a high CVSS score of 8.8, though no active exploitation (KEV) status has been reported at this time.

WordPress PHP LFI RCE Information Disclosure
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-31963 HIGH PATCH This Week

HTSlib contains a heap buffer overflow vulnerability in its CRAM decoder caused by an out-by-one error when validating feature boundaries. When a user opens a maliciously crafted CRAM file, an attacker can write one controlled byte beyond the end of a heap buffer, potentially causing application crashes, data corruption, or arbitrary code execution. Versions 1.23.1, 1.22.2, and 1.21.1 include fixes, and patches are available via the official GitHub repository.

Buffer Overflow Heap Overflow Denial Of Service RCE Debian +2
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-31962 HIGH PATCH This Week

HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1 contain a heap buffer overflow vulnerability in the cram_decode_seq() function when processing CRAM-formatted bioinformatics files with omitted sequence and quality data. An attacker can craft a malicious CRAM file that triggers an out-of-bounds read followed by an attacker-controlled single-byte write to heap memory, potentially enabling arbitrary code execution, data corruption, or denial of service when a user opens the file. No public exploit proof-of-concept has been identified, but the vulnerability is confirmed and patched by the HTSlib project.

Buffer Overflow Heap Overflow Denial Of Service RCE Information Disclosure +3
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-27894 HIGH PATCH This Week

LDAP Account Manager (LAM), a web-based interface for managing LDAP directory entries, contains a local file inclusion vulnerability in its PDF export functionality that allows authenticated users to include and execute arbitrary PHP files. When chained with GHSA-88hf-2cjm-m9g8, this vulnerability enables complete remote code execution on the affected server. The vulnerability affects all versions prior to 9.5 and requires low-privilege authentication (CVSS 8.8, PR:L), tracking across 7 Ubuntu and 4 Debian releases indicates significant deployment in enterprise LDAP environments.

PHP LFI RCE
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-29056 HIGH PATCH This Week

Kanboard project management software contains a privilege escalation vulnerability in its user invite registration endpoint that allows invited users to inject the 'role=app-admin' parameter during account creation, granting themselves administrator privileges. This affects all Kanboard versions prior to 1.2.51. The vulnerability has documented proof-of-concept exploitation capability (CVSS E:P indicates PoC exists) and carries a CVSS 4.0 score of 7.0 with high integrity impact to both the vulnerable system and subsequent components.

Code Injection Ubuntu Debian Kanboard
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-32693 HIGH PATCH This Week

An authorization bypass vulnerability in Canonical's Juju versions 3.0.0 through 3.6.18 allows authenticated users with grantee privileges to incorrectly update secret content beyond their intended permissions, potentially accessing or modifying other secrets. The vulnerability (CWE-863: Incorrect Authorization) has a CVSS score of 8.8, indicating high severity with network-based exploitation requiring low attack complexity and low privileges. The flaw is particularly dangerous because even when exploitation attempts are logged as errors, the unauthorized secret updates still persist and become visible to both owners and grantees.

Authentication Bypass Debian Juju Suse
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-33053 HIGH PATCH GHSA This Week

An Insecure Direct Object Reference (IDOR) vulnerability exists in the Langflow API key deletion endpoint that allows any authenticated user to delete API keys belonging to other users. The delete_api_key_route() function in langflow version prior to 1.7.2 fails to verify ownership of API keys before deletion, enabling attackers to enumerate and delete arbitrary API keys by manipulating the api_key_id UUID parameter. A patch is available from the vendor as of version 1.7.2, addressing this authentication bypass that could lead to account takeover and denial of service.

Authentication Bypass Denial Of Service
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-22730 HIGH PATCH This Week

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter component allows authenticated attackers to bypass metadata-based access controls and execute arbitrary SQL commands due to missing input sanitization. VMware Spring AI versions 1.0.x prior to 1.0.4 and 1.1.x prior to 1.1.3 are affected. With a CVSS score of 8.8, this vulnerability enables attackers with low-level privileges to compromise confidentiality, integrity, and availability of the database system through network-based attacks with low complexity.

Java SQLi
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-32321 HIGH PATCH This Week

An authenticated time-based blind SQL injection vulnerability exists in the ClipBucket v5 open source video sharing platform, affecting versions prior to 5.5.3 #80. The vulnerability resides in the actions/ajax.php endpoint where the userid parameter lacks proper input sanitization, allowing authenticated attackers to execute arbitrary SQL queries. This can lead to full database disclosure and potential administrative account takeover with a CVSS score of 8.8.

SQLi PHP Clipbucket V5
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-31968 HIGH PATCH This Week

HTSlib contains a buffer overflow vulnerability in its CRAM format decoder affecting the VARINT and CONST encoding handlers, where incomplete context validation allows writes of up to eight bytes beyond heap allocation boundaries or into stack-allocated single-byte variables. This vulnerability affects HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1, and impacts any application using the library to process CRAM-formatted bioinformatics data files. An attacker can craft a malicious CRAM file to trigger heap or stack overflow conditions, potentially leading to denial of service, memory corruption, or arbitrary code execution when processed by a vulnerable application.

Buffer Overflow Stack Overflow Heap Overflow Denial Of Service RCE +3
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-23246 HIGH PATCH This Week

A stack out-of-bounds write vulnerability exists in the Linux kernel's mac80211 WiFi subsystem in the ieee80211_ml_reconfiguration function, where the link_id parameter extracted from the ML Reconfiguration element is not properly bounds-checked before being used as an array index. The vulnerability affects Linux kernel versions across multiple release branches (6.5 through 7.0-rc2), allowing an attacker with network proximity to craft a malicious WiFi frame to trigger a buffer overflow and potentially cause denial of service or code execution. While no CVSS score or EPSS data is currently published, the vulnerability has been assigned EUVD-2026-12809 and patches are available across stable kernel branches.

Linux Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-55040 HIGH This Week

MuraCMS versions through 10.1.10 contain a Cross-Site Request Forgery (CSRF) vulnerability in the cForm.importform function that lacks proper token validation, allowing attackers to deceive authenticated administrators into uploading and installing malicious form definitions. An attacker can craft a malicious webpage that, when visited by an authenticated MuraCMS administrator, automatically generates and submits a forged file upload request containing a ZIP archive with attacker-controlled form definitions. Successful exploitation results in the installation of data-harvesting forms on the target website that can steal sensitive user information collected through legitimate-appearing web forms. No active exploitation in the wild has been documented (KEV status unknown), and no formal CVSS score has been assigned, though the vulnerability requires user interaction (administrator must visit the malicious page) which moderates the overall risk profile.

CSRF File Upload
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-55044 HIGH This Week

A Cross-Site Request Forgery (CSRF) vulnerability exists in the cTrash.restore function of MuraCMS through version 10.1.10, which lacks CSRF token validation. An authenticated administrator can be tricked into restoring deleted content to arbitrary locations within the CMS by visiting a malicious webpage, enabling attackers to resurrect malicious or sensitive content, manipulate website structure, or restore intentionally-removed materials. No CVSS score, EPSS data, or known exploits-in-the-wild confirmation are available at this time, though the vulnerability is documented as requiring user interaction (an admin must visit a crafted page) and authenticated session context.

CSRF
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-33001 HIGH PATCH This Week

Jenkins versions 2.554 and earlier (LTS 2.541.2 and earlier) contain a path traversal vulnerability in their handling of tar and tar.gz archive extraction that fails to safely process symbolic links, allowing attackers to write files to arbitrary filesystem locations. Attackers with Item/Configure permission or control over Jenkins agent processes can exploit this to deploy malicious scripts and plugins on the Jenkins controller, achieving code execution with the privileges of the Jenkins process. The vulnerability is particularly concerning because it affects the core Jenkins application and enables privilege escalation through plugin installation mechanisms.

Information Disclosure Jenkins
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-33062 HIGH PATCH This Week

NRF discovery service denial of service in free5GC v4.0.1 allows remote attackers to crash the service by sending HTTP GET requests with malformed group-id-list parameters that trigger unvalidated array access. The EncodeGroupId function fails to check split data length before accessing specific indices, causing an index out of range panic. A patch is available to address this input validation flaw affecting all deployments using the vulnerable NRF service.

Denial Of Service Authentication Bypass Suse
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-33151 HIGH PATCH This Week

A specially crafted Socket.IO packet can cause the server to allocate unbounded memory by waiting for and buffering a large number of binary attachments, leading to denial of service through memory exhaustion. The vulnerability affects socket.io-parser versions across multiple major releases (v2.x, v3.x, and v4.x) used by Socket.IO server and client implementations. No EPSS score or KEV listing is available, but patches have been released by the vendor.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-33040 HIGH PATCH This Week

The Rust libp2p Gossipsub implementation contains an integer overflow vulnerability that allows remote unauthenticated attackers to crash affected nodes by sending a single crafted PRUNE control message with an extremely large backoff value (e.g., u64::MAX). The vulnerability affects the libp2p-gossipsub Rust crate and enables trivial denial of service against any application exposing a Gossipsub listener. This vulnerability was discovered through responsible disclosure to the Ethereum Foundation bug bounty program by @revofusion, and while no active exploitation (KEV) status is indicated, the attack complexity is extremely low and a detailed proof-of-concept attack scenario has been publicly disclosed in the advisory.

Denial Of Service Integer Overflow
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-33155 HIGH PATCH GHSA This Week

Memory exhaustion in Python's pickle deserialization allows attackers to crash applications by supplying a small malicious payload that forces allocation of gigabytes of memory through unrestricted constructor arguments in whitelisted classes. Applications using `_RestrictedUnpickler` to load untrusted pickle data are vulnerable to denial of service attacks. A patch is available.

Python Denial Of Service Deserialization RCE Red Hat +1
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-33172 HIGH PATCH This Week

A stored cross-site scripting (XSS) vulnerability in Statamic CMS allows authenticated users with asset upload permissions to bypass SVG sanitization during asset reuploads, enabling injection of malicious JavaScript that executes when other users view the compromised asset. The vulnerability affects Statamic CMS versions prior to 5.73.14 and 6.7.0, with patches available in those releases. The CVSS score of 8.7 (High) reflects the changed scope and high confidentiality/integrity impact, though exploitation requires low-privileged authenticated access and user interaction.

XSS
NVD GitHub VulDB
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-33226 HIGH This Week

Budibase, a low-code platform distributed as a Docker/Kubernetes application, contains a Server-Side Request Forgery (SSRF) vulnerability in its REST datasource query preview endpoint. Authenticated admin users can force the server to make HTTP requests to arbitrary URLs including cloud metadata services, internal networks, and Kubernetes APIs. A detailed proof-of-concept exists demonstrating theft of GCP OAuth2 tokens with cloud-platform scope, CouchDB credential extraction, and internal service enumeration. The CVSS score of 8.7 reflects high confidentiality and integrity impact with changed scope, requiring high privileges but low attack complexity.

Microsoft Redis Google SSRF Docker +1
NVD GitHub VulDB
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-33191 HIGH PATCH This Week

Null byte injection in the UDM's Nudm_SubscriberDataManagement API allows unauthenticated remote attackers to crash the service by embedding URL-encoded %00 characters in the supi parameter, triggering unhandled parsing errors and denial of service. The vulnerability stems from improper input validation that permits control characters to reach Go's URL parser, which rejects them with a 500 error instead of sanitizing the input upstream. A patch is available.

Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.2%
CVE-2026-32255 HIGH This Week

Kan, an open-source project management tool, contains a Server-Side Request Forgery (SSRF) vulnerability in its unauthenticated /api/download/attatchment endpoint in versions 0.5.4 and below. Attackers can exploit this to make arbitrary HTTP requests from the server to internal services, cloud metadata endpoints (such as AWS EC2 metadata at 169.254.169.254), or private network resources without any authentication. With a CVSS score of 8.6 (High) reflecting network-based attack vector, low complexity, and no privileges required, this poses significant risk for confidentiality breaches in affected deployments.

Nginx SSRF Kan
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-22729 HIGH PATCH This Week

Spring AI's AbstractFilterExpressionConverter fails to properly escape user-controlled input in JSONPath queries, allowing authenticated attackers to inject arbitrary expressions and bypass access controls in vector store implementations. This impacts applications relying on the converter for multi-tenant isolation, role-based access, or metadata-based document filtering, enabling attackers to access unauthorized documents. No patch is currently available.

Java Authentication Bypass
NVD VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-33166 HIGH PATCH This Week

Path traversal in Allure report generator for Jenkins allows unauthenticated attackers to read arbitrary files from the host system by crafting malicious test result files with specially crafted attachment paths. The vulnerability stems from insufficient path validation when processing attachments during report generation, enabling sensitive files to be included in generated reports. A patch is not currently available.

Jenkins Path Traversal Information Disclosure Java
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-2992 HIGH This Week

The KiviCare clinic management plugin for WordPress contains a critical privilege escalation vulnerability allowing unauthenticated attackers to create new clinics and administrative users through an unprotected REST API endpoint. All versions up to and including 4.1.2 are affected. With a CVSS score of 8.2 and network-based exploitation requiring no authentication, this represents a significant risk to healthcare data confidentiality and system integrity, though no active exploitation (KEV) or public proof-of-concept has been documented at this time.

WordPress Privilege Escalation Authentication Bypass
NVD VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-32763 HIGH PATCH This Week

Kysely through version 0.28.11 contains a SQL injection vulnerability in JSON path compilation affecting MySQL and SQLite dialects. The visitJSONPathLeg() function appends user-controlled values from .key() and .at() methods directly into single-quoted JSON path string literals without escaping single quotes, enabling attackers to break out of the string context and inject arbitrary SQL. A working proof-of-concept demonstrates UNION-based data exfiltration from SQLite databases. The vulnerability has CVSS score 8.2 and patches are available from the vendor.

SQLi PostgreSQL
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-22171 HIGH PATCH This Week

OpenClaw contains a path traversal vulnerability in the Feishu media download functionality where untrusted media key values are directly interpolated into temporary file paths without sanitization. OpenClaw versions prior to 2026.2.19 are affected, allowing remote unauthenticated attackers to write arbitrary files within the process permissions by using directory traversal sequences in media keys. No public evidence of active exploitation (KEV) or public proof-of-concept exists at this time, though the high CVSS score of 8.2 reflects the network-accessible attack vector and lack of authentication requirements.

Path Traversal Openclaw
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-32811 HIGH PATCH This Week

Heimdall, an authorization decision API for Envoy proxy, contains a path traversal bypass vulnerability when used in gRPC decision API mode. Attackers can bypass non-wildcard path expression rules by appending query parameters to URLs, which causes incorrect URL encoding that prevents rule matching. A proof-of-concept is publicly available demonstrating the bypass, though exploitation requires heimdall to be configured with an insecure 'allow all' default rule (which is blocked by secure defaults since v0.16.0 unless explicitly disabled).

Docker Authentication Bypass Suse
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-33163 HIGH PATCH This Week

Parse Server's LiveQuery component leaks protected fields and OAuth authentication data to unauthorized subscribers when an afterLiveQueryEvent trigger is registered for a class. The vulnerability affects Parse Server installations using LiveQuery with afterEvent triggers, allowing any user with basic subscription permissions to access sensitive personal information and third-party OAuth tokens belonging to other users. Patches are available from the vendor with workarounds documented.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-24063 HIGH This Week

Arturia Software Center on macOS installs plugin uninstall scripts with world-writable permissions (777) in root-owned directories, allowing local attackers to modify these scripts and achieve privilege escalation when the Privileged Helper executes them during plugin removal. This vulnerability affects any macOS user with the Arturia Software Center installed and requires local access and user interaction to exploit. No patch is currently available.

Privilege Escalation Apple
NVD VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-2603 HIGH PATCH GHSA This Week

Keycloak contains an authentication bypass vulnerability in its SAML broker functionality that allows remote attackers with low-level privileges to complete IdP-initiated broker logins even when the SAML Identity Provider has been administratively disabled. Red Hat Build of Keycloak versions 26.2 and 26.4 are affected, with patches available in versions 26.2-16, 26.2.14-1, 26.4-12, and 26.4.10-1. The CVSS score of 8.1 reflects high confidentiality and integrity impact, though no evidence of active exploitation (KEV) or public proof-of-concept has been reported at this time.

Authentication Bypass Red Hat Build Of Keycloak 26 2 Red Hat Build Of Keycloak 26 2 14 Red Hat Build Of Keycloak 26 4 Red Hat Build Of Keycloak 26 4 10
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-32730 HIGH PATCH This Week

A MongoDB query logic error in ApostropheCMS versions 3.0.0 through 4.27.1 allows complete bypass of multi-factor authentication (MFA/TOTP) protections. An attacker with knowledge of a victim's password can use an incomplete bearer token (returned after password verification but before MFA completion) to gain fully authenticated API access without providing TOTP codes. A proof-of-concept demonstration is included in the vulnerability report, and while no public KEV listing exists, the technical details and working POC make this immediately exploitable.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-33142 HIGH PATCH This Week

SQL injection in PostgreSQL StatementGenerator allows authenticated attackers to execute arbitrary SQL commands through unsanitized object keys in sort, select, and groupBy parameters on analytics endpoints. The vulnerability exists because column name validation was incompletely applied during a previous fix, leaving three query construction methods vulnerable to direct identifier injection. An attacker with valid credentials can exploit this to access or manipulate database contents without requiring user interaction.

PostgreSQL SQLi
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-55046 HIGH This Week

MuraCMS versions through 10.1.10 contain a Cross-Site Request Forgery (CSRF) vulnerability in the cTrash.empty function that lacks proper token validation, allowing attackers to permanently delete all content in the trash system. An authenticated administrator visiting a malicious webpage can be tricked into permanently destroying all deleted content without their knowledge or consent, resulting in catastrophic, irreversible data loss. While no CVSS score or EPSS data is currently available, the vulnerability's attack vector is network-based with low complexity, affecting any authenticated administrator, and the technical impact of complete data destruction in the trash system constitutes a critical business continuity threat.

CSRF
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-4396 HIGH This Week

Devolutions Hub Reporting Service versions 2025.3.1.1 and earlier contain improper certificate validation that disables TLS certificate verification, enabling network attackers to intercept and manipulate encrypted communications. An unauthenticated attacker on the network can conduct man-in-the-middle (MITM) attacks to eavesdrop on sensitive data exchanges or inject malicious content. While no CVSS score or EPSS probability is currently available, the vulnerability's classification under CWE-295 (Improper Certificate Validation) indicates a cryptographic bypass with potentially severe information disclosure implications.

Information Disclosure Hub Reporting Service
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-41258 HIGH This Week

A critical authentication bypass vulnerability exists in LibreChat version 0.8.1-rc2 where the same JWT secret is reused for both user session management and the RAG (Retrieval-Augmented Generation) API authentication. This design flaw allows authenticated users to compromise service-level authentication of the RAG API by leveraging their session tokens to access or manipulate the RAG service beyond intended privileges. No active exploitation (KEV) has been reported, but a detailed security advisory with technical analysis is publicly available from SBA Research.

Authentication Bypass Librechat
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-55041 HIGH This Week

MuraCMS through version 10.1.10 contains a Cross-Site Request Forgery (CSRF) vulnerability in the user management Add To Group functionality that allows attackers to escalate privileges by adding authenticated users to arbitrary groups without proper authorization validation. An authenticated administrator visiting a malicious webpage can be tricked into adding any user to the Admin group or other privileged groups, though escalation to the Super Admin (s2) group is blocked. This vulnerability enables both horizontal privilege escalation across different user groups and vertical privilege escalation to administrative roles, posing a significant risk to multi-user MuraCMS installations where administrator accounts are targeted.

Privilege Escalation CSRF
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-33139 HIGH PATCH This Week

PySpector versions 0.1.6 and earlier contain a security validation bypass in the plugin system that allows arbitrary code execution. The validate_plugin_code() function fails to detect dangerous API calls when invoked indirectly via getattr(), allowing malicious plugins to execute system commands. A public proof-of-concept exploit exists demonstrating the bypass, and while exploitation requires user interaction (installing and trusting a malicious plugin), successful exploitation grants full system access including filesystem manipulation, credential theft, and persistence mechanisms.

Information Disclosure RCE
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23243 HIGH PATCH This Week

A negative integer underflow vulnerability exists in the Linux kernel's RDMA/umad subsystem where the ib_umad_write function fails to validate user-controlled data_len calculations, allowing a mismatch between user MAD header size and RMPP header length to produce negative values. This negative data_len can propagate to ib_create_send_mad() and trigger an out-of-bounds memset in alloc_send_rmpp_list(), causing kernel memory corruption and denial of service. The vulnerability affects Linux kernel versions from 2.6.24 through multiple stable branches (5.10, 5.15, 6.1, 6.6, 6.12, 6.18, 6.19) and requires local access to RDMA user-mode interface to exploit, with patches available across multiple stable kernel versions as referenced in the git commits.

Linux Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23270 HIGH PATCH This Week

Use-after-free in Linux kernel traffic control (net/sched) occurs when act_ct action returns TC_ACT_CONSUMED while a packet is held by the defragmentation engine, allowing local authenticated attackers with low privileges to achieve code execution, denial of service, or information disclosure. Affects Linux kernel 6.8 through 6.12.x and 6.18.x series. Vendor patches available across multiple stable branches (commits 524ce8b4, 380ad8b7, 9deda0fc, 11cb63b0). EPSS score of 0.02% (4th percentile) indicates very low observed exploitation likelihood despite 7.8 CVSS rating. No active exploitation confirmed; not listed in CISA KEV.

Linux Information Disclosure Red Hat Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23253 HIGH PATCH This Week

Linux kernel DVB digital video recorder driver allows local authenticated users to trigger use-after-free conditions via stale waitqueue entries, potentially achieving privilege escalation to root or causing kernel crashes. The vulnerability stems from improper waitqueue reinitialization when reopening DVR devices, orphaning existing epoll/io_uring poll entries. Affects Linux kernel versions from 2.6.17 through 6.19.6, with patches available in 6.12.77, 6.18.17, 6.19.7, and 7.0-rc2. EPSS score of 0.02% (4th percentile) indicates low observed exploitation activity, though CVSS 7.8 reflects high impact if local access is obtained.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23248 HIGH PATCH This Week

A race condition in the Linux kernel's perf_mmap() function creates a use-after-free vulnerability when concurrent threads attempt to access a ring buffer during failed memory mapping operations. The vulnerability affects Linux kernel versions across 6.18.17, 6.19.7, and 7.0-rc2, allowing a local attacker with standard user privileges to trigger refcount saturation warnings and potential kernel crashes via denial of service. This issue was discovered by Syzkaller fuzzing and has patches available across multiple stable kernel branches.

Linux Information Disclosure Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23245 HIGH PATCH This Week

Race condition in Linux kernel's Traffic Control act_gate scheduler allows local authenticated users to trigger memory corruption and potentially execute arbitrary code or cause denial of service. Affects Linux kernel 5.8+ through 6.19.x and 7.0-rc3. Vulnerability arises when concurrent gate action replacement occurs during hrtimer callback or dump operations, creating a use-after-free scenario. No active exploitation confirmed (EPSS 0.02%, not in CISA KEV). Vendor patches available across multiple stable branches including 6.18.18, 6.19.8, and 7.0-rc3.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23268 HIGH PATCH This Week

Local privilege escalation in Linux kernel AppArmor allows low-privilege users to manipulate security policy via confused deputy attack. Attackers pass file descriptors for apparmorfs interfaces to privileged processes, enabling full policy management capabilities including disabling confinement and bypassing user namespace restrictions. Publicly available exploit code exists. EPSS score 0.01% suggests low widespread exploitation probability. Patches released for kernel 6.12.77, 6.18.18, 6.19.8, and 7.0-rc4 with multiple distribution advisories available.

Privilege Escalation Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24062 HIGH This Week

The Arturia Software Center on macOS contains insufficient code signature validation in its Privileged Helper component, allowing unauthenticated clients to connect and execute privileged actions without proper authorization. This vulnerability affects all versions of Arturia Software Center and enables local privilege escalation attacks where an unprivileged user can escalate to root or system-level privileges. While no CVSS score or EPSS data is publicly available, the authentication bypass nature and privilege escalation impact classify this as a high-severity issue; no KEV listing or public proof-of-concept has been confirmed at this time.

Privilege Escalation Apple Authentication Bypass
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy