THREAT ALERT

EMERGENCY CVE-2026-33017 9.3 Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-33017, CVSS 9.3) in the public flow build API that allows attackers to execute arbitrary Python code by supplying malicious flow data. KEV-listed with public PoC, this vulnerability enables anyone with network access to a Langflow instance to achieve server compromise through the API that builds public flows without authentication. | ACT NOW CVE-2026-3910 8.8 Chrome's V8 JavaScript engine contains an inappropriate implementation (CVE-2026-3910, CVSS 8.8) that allows remote attackers to execute arbitrary code within the browser sandbox via crafted HTML pages. KEV-listed with public PoC, this V8 vulnerability affects all Chromium-based browsers and enables drive-by exploitation through any web page containing malicious JavaScript. | ACT NOW CVE-2026-3909 8.8 Google Chrome's Skia graphics library contains an out-of-bounds write (CVE-2026-3909, CVSS 8.8) enabling remote attackers to perform memory corruption through crafted HTML pages. KEV-listed with public PoC and patches available, this vulnerability in the core graphics rendering engine affects all Chromium-based browsers. | ACT NOW CVE-2025-14558 7.2 The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified. resolvconf(8) is a shell script which does not validate its input. [CVSS 7.2 HIGH] | EMERGENCY CVE-2026-20131 10.0 Cisco Secure Firewall Management Center (FMC) contains a critical unauthenticated Java deserialization vulnerability (CVE-2026-20131, CVSS 10.0) in its web interface that enables remote code execution as root. KEV-listed with public PoC, this vulnerability allows complete compromise of the central management platform that controls all Cisco firewalls in the organization, enabling attackers to modify security policies, disable protections, and access all network traffic. | EMERGENCY CVE-2026-27971 9.8 RCE in Qwik JavaScript framework <= 1.19.0 via unsafe deserialization in server$ Runtime. EPSS 13.4% with PoC available. | ACT NOW CVE-2026-21385 7.8 A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memory allocation, enabling local privilege escalation to kernel level. KEV-listed and patched, this vulnerability affects Qualcomm-based mobile devices and embedded systems, potentially impacting billions of Android devices globally. | ACT NOW CVE-2026-22719 8.1 VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated remote attackers to execute arbitrary commands during support-assisted product migration. KEV-listed with patches available, this vulnerability targets the infrastructure monitoring platform that has visibility into the entire virtualized environment. | EMERGENCY CVE-2026-20127 10.0 Cisco Catalyst SD-WAN Controller and Manager contain a critical authentication bypass (CVE-2026-20127, CVSS 10.0) in the peering authentication mechanism that allows unauthenticated remote attackers to obtain full administrative privileges. The vulnerability exists because peering authentication does not properly validate credentials, enabling any attacker with network access to take over the SD-WAN management plane and control the entire WAN fabric. | EMERGENCY CVE-2026-27180 9.8 MajorDoMo home automation platform is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin() method without authentication due to improper use of gr() (which reads from $_REQUEST), allowing attackers to redirect update URLs and push malicious code packages. | EMERGENCY CVE-2026-27175 9.8 Unauthenticated OS command injection in MajorDoMo via rc/index.php. EPSS 41.7% — the $param variable is passed unsanitized to shell commands. PoC available. | EMERGENCY CVE-2026-27174 9.8 MajorDoMo home automation platform allows unauthenticated remote code execution through the admin panel's PHP console. An include order bug in panel.class.php causes execution to continue past a redirect() call that lacks an exit statement, allowing unauthenticated requests to reach the PHP code execution functionality in inc_panel_ajax.php. | ACT NOW CVE-2026-22769 10.0 Dell RecoverPoint for Virtual Machines prior to 6.0.3.1 HF1 contains hardcoded credentials (CVE-2026-22769, CVSS 10.0) that allow unauthenticated remote attackers with knowledge of the credentials to gain root-level access to the underlying operating system. KEV-listed, this vulnerability exposes disaster recovery infrastructure to complete compromise, potentially affecting the integrity of backup and replication data. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — March 19, 2026

264 CVEs tracked today. 33 Critical, 89 High, 124 Medium, 15 Low.

CVE-2026-33352 CRITICAL CVSS 9.8
An unauthenticated SQL injection vulnerability in AVideo allows remote attackers to execute arbitrary SQL queries through the doNotShowCats parameter in the getAllCategories() method. The vulnerability bypasses quote-stripping sanitization using backslash escape techniques, enabling attackers to extract sensitive data including user credentials, modify database contents, or potentially achieve remote code execution. No active exploitation has been reported in KEV, but proof-of-concept exploitation details are publicly available in the GitHub advisory.

PHP SQLi
CVE-2026-33351 CRITICAL CVSS 9.1
A Server-Side Request Forgery (SSRF) vulnerability in AVideo's Live plugin allows unauthenticated remote attackers to scan internal networks, access cloud metadata services, and bypass authentication mechanisms when the plugin is deployed in standalone mode. The vulnerability exists because user-controlled input is directly used to construct URLs for server-side requests without validation, enabling attackers to proxy requests through the vulnerable server and potentially chain this with command execution. With a CVSS score of 9.1 and requiring no authentication or user interaction, this represents a critical security risk for affected deployments.

PHP Authentication Bypass Information Disclosure Command Injection SSRF
CVE-2026-33322 CRITICAL CVSS 9.2
JWT algorithm confusion in MinIO's OpenID Connect authentication enables attackers with knowledge of the OIDC ClientSecret to forge identity tokens and obtain S3 credentials with unrestricted IAM policies, including administrative access. Affected users can have their identities impersonated and their data accessed, modified, or deleted with 100% attack success rate. The vulnerability impacts MinIO deployments across Docker, Apple, and Microsoft platforms, with no patch currently available.

Information Disclosure Docker Apple Microsoft
CVE-2026-33309 CRITICAL CVSS 9.9
An authenticated path traversal vulnerability in Langflow's file upload functionality allows attackers to write arbitrary files anywhere on the host system, leading to remote code execution. The vulnerability affects Langflow version 1.7.3 and earlier, where the multipart upload filename bypasses security checks due to missing boundary containment in the LocalStorageService layer. A proof-of-concept exploit is publicly available demonstrating successful arbitrary file write outside the intended user directory.

RCE Python Docker Path Traversal Canonical
CVE-2026-33297 CRITICAL CVSS 9.1
The CustomizeUser plugin in PHP and Python allows attackers to bypass channel-level access control by exploiting improper password validation in the setPassword.json.php endpoint. An administrator-level attacker can set any user's channel password to zero due to type coercion of non-numeric characters, enabling trivial authentication bypass for any visitor. No patch is currently available for this critical vulnerability.

PHP Authentication Bypass Privilege Escalation Python
CVE-2026-33228 CRITICAL CVSS 9.8
Prototype pollution in flatted's parse() function allows unauthenticated remote attackers to corrupt Array.prototype by injecting malicious JSON with "__proto__" keys, enabling global object manipulation and potential code execution in dependent applications. The vulnerability stems from insufficient validation of array index keys, allowing attacker-controlled strings to access inherited prototype properties. With no patch available and a critical CVSS score of 9.8, this affects any system using the flatted library for JSON deserialization.

RCE Denial Of Service Prototype Pollution
CVE-2026-32865 CRITICAL CVSS 9.2
A critical authentication bypass vulnerability in OPEXUS eComplaint and eCASE applications allows unauthenticated attackers to take over any user account by exploiting improper exposure of password reset verification codes in HTTP responses. The vulnerability affects all versions before 10.1.0.0 and enables attackers who know a user's email address to reset passwords and security questions without any verification, granting full account access. With a CVSS score of 9.8 and requiring no authentication or user interaction, this represents a severe risk to organizations using these complaint and case management systems.

Information Disclosure
CVE-2026-32754 CRITICAL CVSS 9.3
A stored cross-site scripting (XSS) vulnerability exists in FreeScout help desk software versions 1.8.208 and below, where malicious email content is stored unsanitized and executed when email notifications are sent to agents. An unauthenticated attacker can exploit this by simply sending a specially crafted email that executes malicious scripts when viewed by support staff in their email clients, potentially leading to session hijacking, credential theft, and account takeover. The vulnerability has a critical CVSS score of 9.3 due to its ease of exploitation and broad impact across all notification recipients.

XSS
CVE-2026-32238 CRITICAL CVSS 9.1
Command injection in OpenEMR's backup functionality (versions prior to 8.0.0.2) allows authenticated high-privilege users to execute arbitrary commands on the underlying system due to insufficient input validation. The CVSS 9.1 critical rating reflects the potential for complete system compromise, though exploitation requires valid administrative credentials. No patch is currently available for affected versions.

Command Injection
CVE-2026-32194 CRITICAL CVSS 9.8
A critical command injection vulnerability exists in Microsoft Bing Images that allows unauthenticated remote attackers to execute arbitrary commands on affected systems. The vulnerability stems from improper neutralization of special characters in user-supplied input, enabling attackers to inject and execute system commands without any user interaction or authentication. With a CVSS score of 9.8 and requiring no special privileges or user interaction, this represents a severe risk to any exposed Bing Images deployments.

Command Injection Microsoft
CVE-2026-32191 CRITICAL CVSS 9.8
A critical OS command injection vulnerability exists in Microsoft Bing Images that allows remote attackers to execute arbitrary commands without authentication. The vulnerability enables complete system compromise with high impact to confidentiality, integrity, and availability. With a CVSS score of 9.8 and requiring no user interaction, this represents a severe risk to any systems running vulnerable versions of Bing Images.

Command Injection Microsoft
CVE-2026-32169 CRITICAL CVSS 10.0
Azure Cloud Shell contains a server-side request forgery vulnerability that allows unauthenticated remote attackers to escalate privileges without user interaction. The vulnerability affects Microsoft products and has a critical CVSS score of 10.0, though no patch is currently available. Attackers can leverage network access to achieve privilege elevation across system boundaries.

SSRF Microsoft
CVE-2026-32038 CRITICAL CVSS 9.8
A sandbox network isolation bypass vulnerability in OpenClaw allows trusted operators to escape container network boundaries and join other containers' network namespaces. OpenClaw versions before 2026.2.24 are affected, enabling attackers who have operator privileges to configure the docker.network parameter with 'container:<id>' values to reach services in target container namespaces and bypass network segmentation controls. The vulnerability has a critical CVSS score of 9.8 but requires trusted operator access, and there is no evidence of active exploitation in KEV or high EPSS probability.

Authentication Bypass Docker
CVE-2026-30924 CRITICAL CVSS 9.0
Misconfigured CORS headers in this web application permit cross-origin requests from any domain, enabling attackers to craft malicious webpages that perform unauthorized actions or exfiltrate sensitive data from victims' browsers when they visit attacker-controlled sites. Although the application is typically deployed on trusted local networks, the vulnerability can be exploited remotely by leveraging victim browsers as intermediaries without requiring direct network access. An attacker can silently harvest credentials, session tokens, or other sensitive information through transparent cross-site requests made on page load.

Information Disclosure
CVE-2026-30872 CRITICAL CVSS 9.8
Remote code execution in OpenWrt's mDNS daemon (versions before 24.10.6 and 25.12.1) allows unauthenticated attackers to overflow a 46-byte stack buffer by sending malformed IPv6 PTR queries over multicast DNS on UDP port 5353. The vulnerability stems from insufficient validation of domain name length before copying to a fixed-size buffer, enabling arbitrary code execution on affected embedded devices. No patch is currently available.

RCE Buffer Overflow Stack Overflow
CVE-2026-30871 CRITICAL CVSS 9.8
Remote code execution in OpenWrt mdns daemon (versions before 24.10.6 and 25.12.1) allows unauthenticated attackers to crash the service or execute arbitrary code by sending specially crafted DNS PTR queries to UDP port 5353, exploiting a stack buffer overflow in the parse_question function. The vulnerability occurs when domain names are expanded and copied without bounds checking, with non-printable characters inflating the payload beyond the fixed 256-byte buffer. No patch is currently available for affected embedded device deployments.

Buffer Overflow Stack Overflow
CVE-2026-30836 CRITICAL CVSS 10.0
A critical authentication bypass vulnerability exists in Step CA, an open-source certificate authority, that allows remote unauthenticated attackers to completely bypass authentication mechanisms and gain unauthorized access with high privileges. The vulnerability affects all versions prior to v0.30.0 and has been assigned the maximum CVSS score of 10.0, indicating extreme severity with potential for both confidentiality and integrity compromise across security boundaries. While full technical details are embargoed until March 30, 2026, the vendor has urged immediate upgrades, suggesting active exploitation risk despite no current KEV listing or public POC availability.

Authentication Bypass
CVE-2026-30694 CRITICAL CVSS 9.8
A remote code execution vulnerability in DedeCMS v.5.7.118 and (CVSS 9.8) that allows a remote attacker. Critical severity with potential for significant impact on affected systems.

RCE Code Injection
CVE-2026-30402 CRITICAL CVSS 9.8
Remote code execution in wgcloud version 2.3.7 and earlier allows unauthenticated attackers to execute arbitrary code through the test connection function. The vulnerability carries a critical CVSS score of 9.8 with network-based exploitation requiring no privileges or user interaction. No public exploit has been identified at time of analysis, though the EPSS score of 0.29% (52nd percentile) indicates low predicted exploitation probability despite the critical severity rating.

RCE Code Injection
CVE-2026-29103 CRITICAL CVSS 9.1
A critical remote code execution vulnerability in SuiteCRM versions 7.15.0 and 8.9.2 allows authenticated administrators to execute arbitrary system commands through a bypass of previous security patches. This vulnerability circumvents the ModuleScanner.php security controls by exploiting improper PHP token parsing that resets security checks when encountering single-character tokens, enabling attackers to hide dangerous function calls. The vulnerability represents a direct bypass of the previously patched CVE-2024-49774 and has been assigned a CVSS score of 9.1.

PHP RCE Code Injection
CVE-2026-27542 CRITICAL CVSS 9.8
An incorrect privilege assignment vulnerability exists in the WooCommerce Wholesale Lead Capture plugin for WordPress, allowing unauthenticated attackers to escalate privileges on affected sites. All versions through 2.0.3.1 of the plugin developed by Rymera Web Co Pty Ltd. are vulnerable. With a CVSS score of 9.8 (Critical) and network-based exploitation requiring no privileges or user interaction, this represents a severe security risk for WordPress sites using this plugin.

WordPress Privilege Escalation Woocommerce Wholesale Lead Capture
CVE-2026-27540 CRITICAL CVSS 9.0
An unrestricted file upload vulnerability exists in the Woocommerce Wholesale Lead Capture plugin for WordPress, allowing remote attackers to upload and execute malicious files without authentication. The vulnerability affects all versions through 2.0.3.1 of the plugin developed by Rymera Web Co Pty Ltd. With a CVSS score of 9.0 (Critical), this vulnerability enables attackers to achieve complete system compromise through arbitrary file upload, though the attack complexity is rated as high.

File Upload WordPress Woocommerce Wholesale Lead Capture
CVE-2026-27413 CRITICAL CVSS 9.3
A Blind SQL Injection vulnerability exists in the Profile Builder Pro WordPress plugin that allows unauthenticated remote attackers to extract sensitive database information. Cozmoslabs Profile Builder Pro versions through 3.13.9 are affected. The vulnerability has a critical CVSS score of 9.3 due to network-based exploitation requiring no privileges or user interaction, with changed scope enabling attackers to access resources beyond the vulnerable component.

SQLi
CVE-2026-27067 CRITICAL CVSS 9.1
The Mobile App Editor WordPress plugin contains an unrestricted file upload vulnerability that allows authenticated administrators to upload malicious web shells to the web server. This affects all versions through 1.3.1 and carries a critical CVSS score of 9.1 due to the potential for complete system compromise with changed scope. While requiring high privileges (administrator access), successful exploitation enables full server control including data theft, integrity compromise, and service disruption.

File Upload
CVE-2026-27065 CRITICAL CVSS 9.8
ThimPress BuilderPress, a WordPress plugin, contains a Local File Inclusion vulnerability through improper filename control in PHP include/require statements that allows unauthenticated remote attackers to read arbitrary files from the server. All versions through 2.0.1 are affected. With a CVSS score of 9.8 (Critical) and no authentication required, this represents a severe vulnerability allowing unauthorized information disclosure, though EPSS and KEV status data are not provided in the intelligence sources.

PHP Information Disclosure
CVE-2026-26137 CRITICAL CVSS 9.9
Microsoft 365 Copilot's Business Chat contains a server-side request forgery vulnerability that allows authenticated users to escalate privileges across network boundaries. An attacker with valid credentials can exploit this flaw to access or manipulate resources beyond their intended authorization level. No patch is currently available, making this a significant risk for organizations using the affected service.

SSRF Microsoft
CVE-2026-22732 CRITICAL CVSS 9.1
Spring Security fails to properly write HTTP response headers in servlet applications across multiple versions (5.7.0-5.7.21, 5.8.0-5.8.23, 6.3.0-6.3.14, 6.4.0-6.4.14, 6.5.0-6.5.8, 7.0.0-7.0.3), allowing attackers to bypass security controls that rely on these headers such as HSTS, X-Frame-Options, or CSP policies. This header omission could enable various attacks including clickjacking, man-in-the-middle attacks, or other exploits depending on which protections are intended. No patch is currently available for this critical vulnerability.

Java Information Disclosure Redhat
CVE-2026-22557 CRITICAL CVSS 10.0
A critical path traversal vulnerability exists in the UniFi Network Application that allows unauthenticated remote attackers to access arbitrary files on the underlying system and manipulate them to gain account access. This vulnerability affects Ubiquiti's UniFi Network Application with a maximum CVSS score of 10.0, indicating critical severity with network-based exploitation requiring no user interaction or privileges. The vulnerability was reported through HackerOne, suggesting responsible disclosure, though current exploitation status in the wild is not confirmed.

Path Traversal Ubiquiti
CVE-2025-67114 CRITICAL CVSS 9.8
Use of a deterministic credential generation algorithm in /ftl/bin/calc_f2 in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote attackers to derive valid administrative/root credentials from the...

Authentication Bypass
CVE-2025-67113 CRITICAL CVSS 9.8
OS command injection in the CWMP client (/ftl/bin/cwmp) of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted...

Command Injection Code Injection RCE
CVE-2025-67112 CRITICAL CVSS 9.8
Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt...

Privilege Escalation
CVE-2025-60237 CRITICAL CVSS 9.8
A deserialization of untrusted data vulnerability in the Themeton Finag WordPress theme allows remote attackers to inject malicious PHP objects without authentication. This affects all versions of Finag through 1.5.0. The vulnerability carries a critical CVSS score of 9.8 due to network-based exploitation requiring no privileges or user interaction, enabling attackers to achieve complete compromise of confidentiality, integrity, and availability.

Deserialization
CVE-2025-60233 CRITICAL CVSS 9.8
A critical PHP object injection vulnerability exists in the Zuut WordPress theme due to insecure deserialization of untrusted data. The vulnerability affects all versions of Zuut through 1.4.2 and allows unauthenticated remote attackers to execute arbitrary PHP code, potentially leading to complete site compromise. With a CVSS score of 9.8, this vulnerability requires no privileges or user interaction and can be exploited over the network with low complexity.

Deserialization
CVE-2026-33409 HIGH CVSS 7.0
Parse Server authentication bypass in deployments with `allowExpiredAuthDataToken` enabled allows attackers to impersonate any user with a linked third-party authentication provider by knowing only their provider ID, gaining full account access including valid session tokens. This affects configurations that explicitly set the non-default `allowExpiredAuthDataToken` option to `true`. A patch is available that enforces auth provider validation regardless of this setting.

Authentication Bypass
CVE-2026-33354 HIGH CVSS 7.6
Authenticated file read vulnerability in PHP and Docker deployments allows users to exfiltrate arbitrary files from the server by exploiting insufficient path validation in the video upload endpoint, which copies attacker-specified local files to publicly accessible storage. An authenticated attacker can leverage this to read sensitive files from broad server directories including application roots, cache, and temporary locations. No patch is currently available, and the vulnerability carries a 10% exploit prediction score.

PHP RCE Docker
CVE-2026-33353 HIGH CVSS 7.1
Soft Serve's repo import functionality fails to validate authorization on source repositories, allowing any authenticated SSH user to clone private Git repositories belonging to other users. An attacker with valid credentials can bypass the private repository confidentiality boundary by importing another user's repo into a new repository under their control. No patch is currently available for this high-severity authorization bypass.

Information Disclosure
CVE-2026-33346 HIGH CVSS 8.7
A stored cross-site scripting vulnerability in OpenEMR's patient portal payment flow allows authenticated patient users to inject malicious JavaScript that executes when staff members review payment submissions. The vulnerability affects OpenEMR versions prior to 8.0.0.2 and enables attackers to compromise staff accounts, potentially accessing sensitive medical records and administrative functions. No evidence of active exploitation exists, and no KEV listing or public POC has been identified.

PHP XSS
CVE-2026-33344 HIGH CVSS 8.1
Path traversal in Apple and Kubernetes DAG management APIs allows authenticated attackers to access arbitrary files outside the intended directory by injecting URL-encoded forward slashes into file name parameters on GET, DELETE, RENAME, and EXECUTE endpoints. The vulnerability affects systems where a previous patch (CVE-2026-27598) only secured the CREATE endpoint while leaving other API functions unprotected. An attacker with valid credentials can read, modify, or execute unintended DAG files on the affected system.

Path Traversal Apple Kubernetes macOS
CVE-2026-33321 HIGH CVSS 7.6
OpenEMR versions prior to 8.0.0.2 allow authenticated users with the Notes role to trigger an out-of-band Server-Side Request Forgery (SSRF) vulnerability through unescaped HTML parsing in Eye Exam form PDF generation, enabling attackers to forge requests to arbitrary internal or external resources from the affected server. This vulnerability requires valid user credentials but no user interaction, and can lead to information disclosure or further internal network compromise. No patch is currently available for affected deployments.

SSRF
CVE-2026-33310 HIGH CVSS 8.8
Unauthenticated remote code execution in catalog parsing allows attackers to execute arbitrary commands on the host system by embedding shell() syntax in malicious catalog YAML files accessed by users. The vulnerability exploits automatic expansion of parameter default values during catalog source loading without proper sanitization. No patch is currently available, and exploitation requires only user interaction to load a compromised catalog.

Command Injection
CVE-2026-33302 HIGH CVSS 8.1
A remote code execution vulnerability in OpenEMR (CVSS 8.1). High severity vulnerability requiring prompt remediation.

Authentication Bypass
CVE-2026-33301 HIGH CVSS 8.1
A remote code execution vulnerability in OpenEMR (CVSS 8.1). High severity vulnerability requiring prompt remediation.

Information Disclosure
CVE-2026-33293 HIGH CVSS 8.1
Arbitrary file deletion in PHP CloneSite plugin allows authenticated attackers to bypass path validation and remove critical files via path traversal in the deleteDump parameter, causing denial of service or facilitating privilege escalation attacks. An attacker with valid clone credentials can leverage unvalidated input passed directly to unlink() to delete arbitrary files including configuration.php and other security-critical application files. No patch is currently available for this vulnerability.

PHP Denial Of Service Path Traversal
CVE-2026-33292 HIGH CVSS 7.5
Unauthenticated attackers can stream any private or paid video in PHP, Oracle, and Apple applications through a path traversal vulnerability in the HLS streaming endpoint. The flaw exploits a split-oracle condition where authorization validation and file access use different parsing logic on the videoDirectory parameter, allowing attackers to bypass authentication checks while accessing unauthorized content. No patch is currently available for this high-severity vulnerability.

PHP Path Traversal Oracle Apple
CVE-2026-33282 HIGH CVSS 7.5
Ella Core is vulnerable to a denial of service attack via a null pointer dereference when processing malformed NGAP LocationReport messages that omit the required UEPresenceInAreaOfInterestList field. An unauthenticated attacker with network access can crash the Ella Core process, disrupting service for all connected subscribers. No patch is currently available.

Denial Of Service Null Pointer Dereference
CVE-2026-33252 HIGH CVSS 7.1
The Go SDK's Streamable HTTP transport fails to validate the Origin header and Content-Type on POST requests, allowing attackers to send cross-site requests that bypass CORS protections and trigger MCP tool execution on vulnerable servers without authorization. This affects deployments using stateless or sessionless configurations where an attacker can host a malicious website to send arbitrary MCP requests to a victim's local server. A patch is available that implements Content-Type validation and configurable origin verification.

CSRF
CVE-2026-33242 HIGH CVSS 7.5
Nginx's path traversal vulnerability enables unauthenticated remote attackers to bypass proxy routing controls and access unintended backend resources by exploiting improper normalization of encoded path sequences. The flaw allows attackers to reach protected endpoints and administrative interfaces that should be restricted through the proxy's access controls. A patch is available for this high-severity issue with a CVSS score of 7.5.

Path Traversal Nginx
CVE-2026-33241 HIGH CVSS 7.5
Salvo web framework's form data parsing functions fail to enforce payload size limits before loading request bodies into memory, allowing attackers to trigger Out-of-Memory crashes by sending extremely large form payloads. This affects the Rust package salvo (pkg:rust/salvo) through multiple attack vectors including URL-encoded and multipart form data handling. A proof-of-concept demonstrates successful denial-of-service against containerized deployments with limited memory, and the vulnerability is publicly documented in GitHub security advisories GHSA-pp9r-xg4c-8j4x.

Denial Of Service File Upload Docker
CVE-2026-33236 HIGH CVSS 8.1
NLTK downloader contains a path traversal vulnerability that allows remote attackers to write arbitrary files to any location on the filesystem when a user downloads packages from a malicious server. Attackers controlling a remote XML index server can inject path traversal sequences (../) into package metadata to overwrite critical system files including /etc/passwd or SSH authorized_keys. A working proof-of-concept exploit exists demonstrating arbitrary file creation at /tmp/test_file.zip via malicious server and client script.

Python Path Traversal
CVE-2026-33231 HIGH CVSS 7.5
The NLTK (Natural Language Toolkit) WordNet Browser HTTP server contains an unauthenticated shutdown vulnerability that allows any remote attacker to terminate the service with a single GET request to the '/SHUTDOWN THE SERVER' endpoint. This affects users running nltk.app.wordnet_app in its default mode, where the server binds to all network interfaces without authentication. A proof-of-concept exploit is publicly available demonstrating the denial-of-service attack, though EPSS and KEV data are not yet available for this recent CVE.

CSRF Denial Of Service Docker Python Authentication Bypass
CVE-2026-33210 HIGH CVSS 8.3
A format string injection vulnerability exists in the Ruby JSON gem that can lead to denial of service attacks or information disclosure when parsing user-supplied documents with the non-default 'allow_duplicate_key: false' parsing option enabled. The vulnerability affects users of the pkg:rubygems/json package who have explicitly opted into using this specific parsing configuration. There is no evidence of active exploitation (not listed in CISA KEV), and no EPSS score is currently available for risk quantification.

Denial Of Service Information Disclosure
CVE-2026-33068 HIGH CVSS 8.8
Claude Code, an AI coding assistant, contains an authentication bypass vulnerability where malicious repositories can silently skip the workspace trust confirmation dialog by setting permissions.defaultMode to bypassPermissions in a committed .claude/settings.json file. This affects users of the @anthropic-ai/claude-code npm package who open untrusted repositories. An attacker can place users into a permissive execution mode without explicit consent, enabling tool execution without the user seeing trust prompts, though no evidence of active exploitation or public proof-of-concept is currently available.

Authentication Bypass
CVE-2026-32815 HIGH CVSS 7.5
SiYuan knowledge management system versions 3.6.0 and below allow unauthenticated WebSocket connections to the /ws endpoint via specific URL parameters, enabling attackers to bypass authentication and receive real-time server push events. An attacker can exploit this by connecting from a malicious website to monitor a victim's local SiYuan instance and exfiltrate sensitive metadata including document titles, notebook names, file paths, and user activity without the victim's knowledge. No patch is currently available for this high-severity information disclosure vulnerability.

Authentication Bypass
CVE-2026-32721 HIGH CVSS 8.6
A stored cross-site scripting (XSS) vulnerability exists in the OpenWrt LuCI web interface where malicious JavaScript code embedded in Wi-Fi network names (SSIDs) can execute when users open the wireless scan modal. The vulnerability affects OpenWrt versions newer than 23.05/22.03 up to 24.10.5 and 25.12.0, allowing attackers within wireless range to compromise users who scan for available networks. No active exploitation has been reported (not in KEV), and with an EPSS score not provided, the real-world exploitation risk appears limited despite the high CVSS score of 8.6.

XSS
CVE-2026-32622 HIGH CVSS 8.8
Remote code execution in SQLBot 1.5.0 and below allows authenticated users to inject malicious prompts through unsanitized terminology uploads, enabling attackers to manipulate the LLM into generating arbitrary PostgreSQL commands executed with database privileges. The vulnerability stems from missing permission checks on the Excel upload API combined with inadequate semantic isolation when injecting user-controlled data into the system prompt. An attacker can exploit this to achieve code execution on the database or application server running as the postgres user.

Authentication Bypass RCE PostgreSQL
CVE-2026-32032 HIGH CVSS 7.3
OpenClaw versions before 2026.2.22 allow local attackers with environment access to execute arbitrary commands by manipulating the SHELL environment variable, which is insufficiently validated during shell fallback operations. An attacker can leverage this to run malicious code with the privileges of the OpenClaw process. No patch is currently available for this vulnerability.

Code Injection
CVE-2026-32030 HIGH CVSS 8.2
OpenClaw versions before 2026.2.19 allow remote file disclosure when iMessage remote attachment fetching is enabled, as the stageSandboxMedia function fails to properly validate attachment paths and accepts arbitrary absolute paths. An attacker with the ability to manipulate attachment metadata can read files accessible to the OpenClaw process on the configured remote host via SCP. No patch is currently available for this vulnerability.

Path Traversal
CVE-2026-32027 HIGH CVSS 7.1
OpenClaw versions prior to 2026.2.26 contain a critical authorization bypass vulnerability where Direct Message (DM) pairing-store identities are incorrectly reused to satisfy group-level sender allowlist authorization checks. An attacker with valid DM pairing credentials can send messages to groups without being explicitly listed in the group's allowFrom access control list, effectively bypassing group message access controls. This vulnerability requires authenticated access (PR:L) but enables high-confidence information disclosure (C:H), with a CVSS score of 6.5 reflecting the combination of network accessibility and authentication requirement.

Path Traversal
CVE-2026-32025 HIGH CVSS 7.5
A WebSocket authentication bypass vulnerability in OpenClaw gateway software allows attackers to circumvent origin validation and rate limiting protections when deployed on localhost/loopback interfaces. The flaw enables malicious websites to conduct brute-force attacks against the gateway's authentication mechanism through a victim's browser, potentially gaining full administrative control over the OpenClaw control plane. With a 7.5 CVSS score and requiring only user interaction to exploit, this represents a significant risk for organizations running OpenClaw in loopback configurations.

Authentication Bypass
CVE-2026-32016 HIGH CVSS 7.3
OpenClaw prior to version 2026.2.22 on macOS allows local attackers with user-level privileges to execute unauthorized binaries by bypassing path validation in the exec-approval allowlist mode through basename-only entries. An attacker can execute same-named local binaries without approval when the security allowlist policy is enabled, circumventing intended path-based restrictions. A patch is not currently available.

Apple Authentication Bypass macOS
CVE-2026-32015 HIGH CVSS 7.3
OpenClaw versions before 2026.2.19 contain a path hijacking vulnerability in tools.exec.safeBins that allows local attackers with process environment control to execute arbitrary binaries by spoofing allowlisted tool names like jq. An attacker who can manipulate the gateway process PATH can bypass executable validation controls and achieve code execution with the privileges of the affected process. No patch is currently available.

Authentication Bypass
CVE-2026-32014 HIGH CVSS 8.0
A metadata spoofing vulnerability in OpenClaw allows attackers with paired node identities on the trusted network to bypass platform-based node command policies by manipulating unsigned reconnect platform and deviceFamily fields. This authentication bypass vulnerability affects OpenClaw versions prior to 2026.2.26 and enables unauthorized access to restricted commands with high impact on confidentiality, integrity, and availability (CVSS 8.0). No active exploitation has been reported in KEV and EPSS data is not available, but the vulnerability has been publicly disclosed with patches available.

Authentication Bypass
CVE-2026-32013 HIGH CVSS 8.8
A symlink traversal vulnerability in OpenClaw allows authenticated attackers to read and write arbitrary files on the host system through the agents.files.get and agents.files.set methods. The vulnerability affects OpenClaw versions prior to 2026.2.25 and can lead to remote code execution through strategic file overwrites. With a high CVSS score of 8.8 and an RCE tag, this represents a critical security risk for organizations using affected versions.

RCE
CVE-2026-32011 HIGH CVSS 7.5
OpenClaw webhook handlers for BlueBubbles and Google Chat prior to version 2026.3.2 fail to validate authentication before parsing request bodies, allowing unauthenticated remote attackers to trigger denial of service by sending maliciously crafted or oversized payloads. Successful exploitation exhausts parser resources and degrades service availability, with no patch currently available. The vulnerability affects all Google products using the vulnerable OpenClaw versions.

Denial Of Service Google
CVE-2026-31998 HIGH CVSS 8.3
Synology OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass in the synology-chat channel plugin where misconfigured allowlist policies with empty user IDs fail open, allowing authenticated Synology senders to dispatch unauthorized agents and execute downstream tool actions. The vulnerability requires network access and low-complexity exploitation, with a patch currently available.

Synology Authentication Bypass
CVE-2026-31994 HIGH CVSS 7.1
OpenClaw contains a local command injection vulnerability in Windows scheduled task script generation that allows authenticated local attackers to inject arbitrary commands through unsafe handling of cmd metacharacters and CR/LF sequences in gateway.cmd files. OpenClaw versions prior to 2026.2.19 are affected. Attackers with control over service script generation arguments can execute unintended code in the scheduled task context with high impact to integrity and availability.

Command Injection Microsoft Openclaw Windows
CVE-2026-31992 HIGH CVSS 7.1
OpenClaw contains an allowlist bypass vulnerability in system.run guardrails that enables authenticated operators to execute arbitrary commands by exploiting the env -S flag when /usr/bin/env is allowlisted. The vulnerability affects all OpenClaw versions prior to 2026.2.23, allowing attackers with low-level privileges to bypass policy controls and execute shell wrapper payloads at runtime. No KEV status or public POC has been reported, though vendor patches are available.

Authentication Bypass Openclaw
CVE-2026-31989 HIGH CVSS 7.4
OpenClaw versions prior to 2026.3.1 contain a server-side request forgery (SSRF) vulnerability in the web_search citation redirect resolution component that permits requests to private network ranges. Authenticated attackers with low privileges can manipulate citation redirect targets to force the OpenClaw server to make requests to loopback addresses, private networks, or internal infrastructure, potentially accessing sensitive internal services or data. The vulnerability has a CVSS score of 7.4 with changed scope, indicating potential lateral movement beyond the vulnerable component.

SSRF Openclaw
CVE-2026-30874 HIGH CVSS 7.8
OpenWrt versions prior to 24.10.6 allow local attackers with limited privileges to inject a malicious PATH environment variable into hotplug scripts due to improper filtering in the hotplug_call function, enabling execution of arbitrary binaries with elevated privileges. The vulnerability stems from a strcmp/strncmp logic error that fails to properly exclude the PATH variable when executing scripts in /etc/hotplug.d, resulting in local privilege escalation. No patch is currently available.

Privilege Escalation
CVE-2026-30711 HIGH CVSS 8.8
Authenticated attackers can execute arbitrary SQL queries in Devome GRR v4.5.0 through injection vulnerabilities in the referer and user-agent parameters within include/session.inc.php, enabling full database compromise including data exfiltration, modification, and potential remote code execution. The vulnerability carries a CVSS score of 8.8 (High) with low attack complexity requiring only low-level privileges and no user interaction. EPSS probability of exploitation is extremely low at 0.01% (2nd percentile), and no public exploit identified at time of analysis beyond technical disclosure and audit documentation.

PHP SQLi
CVE-2026-30404 HIGH CVSS 7.5
Wgcloud v3.6.3's database connection test feature contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated remote attackers to probe internal networks and retrieve malicious files. An attacker can exploit this high-severity flaw to conduct reconnaissance on network infrastructure and facilitate further compromise, though no patch is currently available.

SSRF
CVE-2026-30403 HIGH CVSS 7.5
A arbitrary file access vulnerability in the test connection function of backend database management in wgcloud (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Path Traversal
CVE-2026-29607 HIGH CVSS 7.1
OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in its allow-always wrapper persistence mechanism that enables remote code execution. Attackers with high privileges and user interaction can approve benign wrapped system.run commands, then subsequently execute arbitrary different payloads without requiring additional approval, compromising both gateway and node-host execution environments. A patch is available from the vendor, and this vulnerability is tagged as enabling both RCE and command injection attacks.

RCE Command Injection
CVE-2026-29102 HIGH CVSS 7.2
An authenticated remote code execution vulnerability exists in SuiteCRM modules that allows high-privileged users to execute arbitrary code on the server. The vulnerability affects SuiteCRM versions prior to 7.15.1 and 8.9.3, and stems from improper code injection protections (CWE-94). While exploitation requires high privileges (admin-level), successful attacks grant complete control over the CRM system containing sensitive customer data.

RCE Code Injection
CVE-2026-29100 HIGH CVSS 7.1
A reflected HTML injection vulnerability exists in the login page of SuiteCRM 7.15.0, allowing attackers to inject arbitrary HTML content that can be used for phishing attacks and page defacement. The vulnerability requires user interaction (clicking a malicious link) but needs no authentication, affecting this specific version of the open-source CRM platform. While no active exploitation has been reported in KEV and no public POC is mentioned, the vulnerability presents a moderate risk for targeted phishing campaigns.

XSS
CVE-2026-29099 HIGH CVSS 8.8
SQL injection in SuiteCRM versions prior to 7.15.1 and 8.9.3 allows authenticated users to execute arbitrary SQL queries through improper input validation in the EmailUIAjax module's retrieve() function. An attacker with valid credentials can exploit this vulnerability to read, modify, or delete sensitive database records without restrictions. The vulnerability requires authentication but has no patch currently available.

PHP SQLi
CVE-2026-29097 HIGH CVSS 7.5
The RSS Feed Dashlet in SuiteCRM versions before 7.15.1 and 8.9.3 is vulnerable to a server-side request forgery (SSRF) attack that can be exploited to trigger denial of service conditions. An unauthenticated remote attacker can leverage this vulnerability to disrupt service availability without requiring user interaction. No patch is currently available for this high-severity vulnerability affecting enterprise CRM deployments.

Denial Of Service SSRF
CVE-2026-29096 HIGH CVSS 8.1
A second-order SQL injection vulnerability exists in the Reports module of SuiteCRM, allowing authenticated users with reporting privileges to execute arbitrary SQL queries when viewing reports. The vulnerability affects SuiteCRM versions before 7.15.1 and 8.9.3, enabling attackers to extract sensitive database contents including password hashes, API tokens, and configuration values, with potential for remote code execution on MySQL installations with FILE privileges. While no public exploits or active exploitation have been reported, the vulnerability has a high CVSS score of 8.1 due to the potential for both data theft and system compromise.

SQLi
CVE-2026-29072 HIGH CVSS 7.5
A remote code execution vulnerability in Discourse (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Authentication Bypass
CVE-2026-28461 HIGH CVSS 7.5
OpenClaw contains an unbounded memory growth vulnerability in its Zalo webhook endpoint that allows unauthenticated remote attackers to exhaust system memory through query string manipulation. OpenClaw versions prior to 2026.3.1 are affected. Attackers can send repeated HTTP requests with varying query parameters to trigger in-memory key accumulation, leading to memory pressure, process instability, or complete denial of service through out-of-memory conditions.

Denial Of Service Openclaw
CVE-2026-28073 HIGH CVSS 7.1
A reflected cross-site scripting (XSS) vulnerability exists in the WP eMember WordPress plugin by Tips and Tricks HQ, affecting all versions up to and including 10.2.2. An attacker can craft malicious URLs that, when clicked by authenticated users, execute arbitrary JavaScript in the victim's browser context. This vulnerability has been publicly disclosed by Patchstack with no indication of active exploitation in the wild or KEV listing at this time.

XSS Wp Emember
CVE-2026-27953 HIGH CVSS 7.1
A critical validation bypass vulnerability in the ormar Python ORM library allows attackers to completely skip all Pydantic field validation by injecting a special '__pk_only__' parameter in JSON request bodies. This affects all applications using ormar's canonical FastAPI integration pattern (where ormar models are used directly as request body parameters), enabling attackers to persist invalid data, bypass security constraints, and potentially escalate privileges. A working proof-of-concept demonstrates the vulnerability is trivially exploitable, and with a CVSS score of 7.1, it poses significant risk to affected applications.

Privilege Escalation Python Deserialization Canonical
CVE-2026-27934 HIGH CVSS 8.7
Unauthorized information disclosure in Discourse discussion platform versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allows unauthenticated attackers to view restricted post titles and excerpts through inadequate permission validation on user action API endpoints. The vulnerability affects all deployments running vulnerable versions, with no available workarounds until patching to the fixed releases.

Information Disclosure
CVE-2026-27566 HIGH CVSS 7.1
OpenClaw contains an allowlist bypass vulnerability in its system.run exec analysis that fails to properly unwrap wrapper binaries like env and bash. Attackers with low-level privileges can chain wrapper binaries to smuggle malicious commands that appear to satisfy allowlist entries while actually executing non-allowlisted payloads. A patch is available from the vendor, and the vulnerability was disclosed through VulnCheck advisory; no public proof-of-concept code or active exploitation (KEV listing) has been reported at this time.

Command Injection Openclaw
CVE-2026-27096 HIGH CVSS 8.1
The ColorFolio Freelance Designer WordPress Theme versions up to 1.3 contains a deserialization of untrusted data vulnerability that allows attackers to perform PHP Object Injection. This enables remote unauthenticated attackers to execute arbitrary code or manipulate application logic, though exploitation requires high attack complexity. There is no evidence of active exploitation (not in CISA KEV), and EPSS score data is not provided, but the vulnerability has been publicly disclosed by Patchstack.

Deserialization WordPress Colorfolio Freelance Designer Wordpress Theme
CVE-2026-27093 HIGH CVSS 8.1
A PHP remote/local file inclusion vulnerability exists in the Ovatheme Tripgo WordPress theme due to improper control of filename parameters in include/require statements. Versions prior to 1.5.6 are affected, allowing unauthenticated remote attackers to potentially include arbitrary files and execute malicious code. This vulnerability has a CVSS score of 8.1 (High) with network attack vector but high attack complexity, and has been reported by Patchstack as exploitable for local file inclusion and information disclosure.

PHP Information Disclosure Tripgo
CVE-2026-27070 HIGH CVSS 7.1
A stored cross-site scripting (XSS) vulnerability exists in the Everest Forms Pro WordPress plugin that allows attackers to inject malicious scripts into web pages. The plugin versions through 1.9.10 are affected, and the vulnerability can be exploited over the network with low attack complexity requiring no privileges but user interaction. With a CVSS score of 7.1 and reported by Patchstack audit team, this represents a moderate-to-high severity issue with scope change indicating potential impact beyond the vulnerable component.

WordPress PHP XSS
CVE-2026-27068 HIGH CVSS 7.1
A reflected cross-site scripting (XSS) vulnerability exists in the Website LLMs.Txt WordPress plugin through version 8.2.6, allowing remote attackers to inject malicious scripts into web pages viewed by users. The vulnerability requires user interaction (UI:R) but no authentication (PR:N) and can be exploited over the network with low complexity (AC:L). With a CVSS score of 7.1 and changed scope (S:C), this represents a medium-to-high severity issue that could lead to session hijacking, credential theft, or malicious actions performed in the context of victim users.

XSS
CVE-2026-27043 HIGH CVSS 7.2
The ThemeGoods Photography WordPress theme through version 7.7.5 permits authenticated administrators to upload arbitrary files with path traversal capabilities, enabling remote code execution and complete site compromise. While the CVSS score of 7.2 indicates high severity, the requirement for high-privileged admin credentials (PR:H) significantly constrains real-world exploitability. The EPSS score of 0.04% (12th percentile) suggests minimal likelihood of active exploitation, with no public exploit code identified at time of analysis.

Path Traversal File Upload
CVE-2026-26139 HIGH CVSS 8.6
Microsoft Purview is vulnerable to server-side request forgery (SSRF) that enables unauthenticated remote attackers to escalate privileges across network boundaries. This network-accessible vulnerability requires no user interaction and impacts the confidentiality of affected systems. No patch is currently available.

SSRF Microsoft
CVE-2026-26138 HIGH CVSS 8.6
Microsoft Purview contains a server-side request forgery vulnerability that allows unauthenticated remote attackers to escalate privileges across network boundaries. An attacker can exploit this flaw without user interaction to gain unauthorized access to sensitive resources and functionality. No patch is currently available.

SSRF Microsoft
CVE-2026-25667 HIGH CVSS 7.5
A security vulnerability in Microsoft .NET 8.0 (CVSS 7.5) that allows a remote attacker. High severity vulnerability requiring prompt remediation.

Microsoft Denial Of Service
CVE-2026-25471 HIGH CVSS 8.1
The Admin Safety Guard WordPress plugin versions through 1.2.6 contains an authentication bypass vulnerability that allows attackers to exploit password recovery mechanisms through alternate paths or channels. Attackers can remotely compromise administrator accounts without authentication, leading to complete site takeover. The vulnerability has a CVSS score of 8.1 (High) with high attack complexity, though no EPSS data or KEV listing indicates limited observed exploitation to date.

Authentication Bypass
CVE-2026-25445 HIGH CVSS 8.8
WishList Member X, a WordPress membership plugin, contains a deserialization of untrusted data vulnerability that allows authenticated attackers with low-level privileges to perform PHP object injection attacks. This affects all versions up to and including 3.29.0. The vulnerability has a CVSS score of 8.8, indicating high severity with potential for complete compromise of confidentiality, integrity, and availability. There is no indication of active exploitation in KEV data, but the vulnerability has been publicly disclosed by Patchstack.

Deserialization
CVE-2026-25443 HIGH CVSS 7.5
Dotstore Fraud Prevention For Woocommerce versions through 2.3.3 contain an authorization bypass vulnerability that allows unauthenticated attackers to manipulate access control settings and cause denial of service. The missing authorization checks enable remote exploitation without user interaction, affecting WordPress installations using this plugin. No patch is currently available for this vulnerability.

WordPress Information Disclosure
CVE-2026-25442 HIGH CVSS 7.1
A reflected cross-site scripting (XSS) vulnerability exists in the QantumThemes Kentha WordPress theme that allows attackers to inject malicious scripts into web pages. The vulnerability affects all versions of Kentha through 4.7.2 and can be exploited remotely without authentication, though it requires user interaction. With a CVSS score of 7.1, this represents a high-severity issue, though no KEV listing or EPSS data suggests active widespread exploitation at this time.

XSS
CVE-2026-25438 HIGH CVSS 7.1
A reflected cross-site scripting (XSS) vulnerability exists in the ThemeHunk Gutenberg Blocks plugin for WordPress (also known as Unlimited Blocks for Gutenberg), affecting versions up to and including 1.2.8. An attacker can exploit this vulnerability by crafting malicious URLs that execute arbitrary JavaScript in victims' browsers when clicked, potentially leading to session hijacking, credential theft, or malicious actions performed on behalf of authenticated users. The vulnerability was reported by Patchstack's audit team and carries a CVSS score of 7.1, indicating high severity with cross-site scope impact.

XSS
CVE-2026-25312 HIGH CVSS 7.5
EventPrime versions through 4.2.8.3 contain an authorization bypass vulnerability that allows unauthenticated remote attackers to modify data through improperly configured access controls. The flaw enables integrity compromise without requiring authentication or user interaction, affecting all installations of the affected versions. No patch is currently available.

Authentication Bypass
CVE-2026-23659 HIGH CVSS 8.6
A sensitive information exposure vulnerability exists in Microsoft Azure Data Factory that allows unauthorized remote attackers to access and disclose confidential data over the network without authentication. The vulnerability has a high CVSS score of 8.6 due to its network-based attack vector requiring no privileges or user interaction, with scope change indicating potential impact beyond the vulnerable component. No active exploitation has been reported and no proof-of-concept is currently available.

Information Disclosure Microsoft
CVE-2026-23658 HIGH CVSS 8.6
This vulnerability involves insufficiently protected credentials in Azure DevOps that allows an unauthorized attacker to elevate privileges over a network. The vulnerability affects Azure DevOps versions up to and presents a high-risk authentication bypass issue that could allow attackers to gain unauthorized access with elevated privileges. With a CVSS score of 8.6 and no exploitation complexity barriers, this represents a critical security risk for organizations using affected Azure DevOps instances.

Microsoft Authentication Bypass
CVE-2026-22731 HIGH CVSS 8.2
Spring Boot Actuator endpoints can be bypassed for authentication when application endpoints are configured under Health Group paths in versions 4.0 before 4.0.3, 3.5 before 3.5.11, and 3.4 before 3.4.15. An unauthenticated attacker can exploit this path-based misconfiguration to gain unauthorized access to protected resources with high confidence in authentication bypass and partial information disclosure. No patch is currently available.

Authentication Bypass Java Redhat
CVE-2026-22558 HIGH CVSS 7.7
UniFi Network Application allows authenticated attackers to escalate privileges via NoSQL injection with high confidentiality impact. The vulnerability enables network-accessible attackers holding low-privilege credentials to exploit database queries and access sensitive information belonging to higher-privileged users or contexts. With an EPSS score of 0.03% (7th percentile) and no public exploit identified at time of analysis, real-world exploitation probability is currently assessed as low despite the 7.7 CVSS severity rating.

Ubiquiti Nosql Injection Privilege Escalation
CVE-2026-4428 HIGH CVSS 7.4
A logic error in AWS-LC's CRL (Certificate Revocation List) distribution point validation causes the cryptographic library to incorrectly reject partitioned CRLs as out of scope, allowing revoked certificates to bypass certificate revocation checks. This authentication bypass vulnerability affects AWS-LC versions before 1.71.0 and AWS-LC-FIPS versions before 3.3.0, potentially allowing attackers to use revoked certificates for unauthorized access to systems that rely on AWS-LC for certificate validation. No active exploitation has been reported in KEV, and no EPSS score is available yet.

Authentication Bypass
CVE-2026-4427 HIGH CVSS 7.5
PostgreSQL client applications using the pgproto3 Go library (github.com/jackc/pgproto3/v2) can be crashed remotely by malicious or compromised PostgreSQL servers sending specially crafted DataRow messages with negative field lengths, triggering slice bounds panics that result in denial of service. The vulnerability requires no authentication and has low attack complexity (CVSS:3.1/AV:N/AC:L/PR:N/UI:N), though the EPSS score of 0.07% (20th percentile) suggests minimal observed exploitation activity. Multiple detailed technical advisories exist including analysis from Security Infinity, and the issue is tracked in GitHub issue #2507 for the pgx project.

PostgreSQL Denial Of Service Buffer Overflow
CVE-2026-4424 HIGH CVSS 7.5
Information disclosure in libarchive's RAR processing allows remote attackers to leak sensitive heap memory by submitting specially crafted archives that exploit improper validation of compression method transitions. The vulnerability requires no authentication or user interaction and affects any application using libarchive to process untrusted RAR files. No patch is currently available.

Information Disclosure Buffer Overflow
CVE-2026-4342 HIGH CVSS 8.8
A configuration injection vulnerability in Kubernetes ingress-nginx controller allows authenticated attackers to inject arbitrary nginx configuration through specially crafted Ingress annotations, leading to remote code execution with controller privileges and exposure of all cluster Secrets. The vulnerability has a high CVSS score of 8.8 and affects the ingress-nginx controller's annotation parsing mechanism. No active exploitation (not in KEV) or public POC has been reported, though the attack requires only low privileges and network access.

RCE Nginx
CVE-2026-4267 HIGH CVSS 7.2
Query Monitor, a WordPress debugging plugin, contains a Reflected Cross-Site Scripting (XSS) vulnerability in versions up to 3.20.3 where user-controlled data from REQUEST_URI is insufficiently escaped before rendering in the admin interface. Unauthenticated attackers can craft malicious links that, when clicked by Administrator users, execute arbitrary JavaScript in their browser context. The vulnerability has a CVSS score of 6.1 (Medium) and requires user interaction, but represents a direct attack vector against high-privilege WordPress administrators.

WordPress XSS
CVE-2026-3658 HIGH CVSS 7.5
Unauthenticated attackers can exploit SQL injection in the Simply Schedule Appointments Booking Plugin for WordPress (versions up to 1.6.10.0) through the 'fields' parameter to extract sensitive database information including usernames, email addresses, and password hashes. The vulnerability stems from insufficient input escaping and improper SQL query preparation, allowing attackers to inject arbitrary SQL commands without authentication. No patch is currently available.

WordPress PHP SQLi Information Disclosure Appointment Booking Calendar Simply Schedule Appointments Booking Plugin
CVE-2026-3549 HIGH CVSS 8.3
Integer underflow in TLS 1.3 ECH (Encrypted Client Hello) extension parsing within wolfSSL allows remote attackers to trigger heap buffer overflow conditions with availability impact through specially crafted network packets. While ECH is disabled by default in wolfSSL and the specification remains unstable, exploitation requires no authentication and succeeds under specific timing conditions. No patch is currently available for this vulnerability.

Buffer Overflow Heap Overflow
CVE-2026-3548 HIGH CVSS 7.2
Buffer overflow vulnerabilities in wolfSSL's CRL parser enable heap and stack memory corruption when processing maliciously crafted Certificate Revocation Lists, allowing potential code execution on affected systems. This vulnerability only impacts installations with explicit CRL support enabled that load CRLs from untrusted sources. No patch is currently available.

Buffer Overflow Memory Corruption Debian
CVE-2026-3547 HIGH CVSS 7.5
Denial of service in Nginx via out-of-bounds read during ALPN protocol parsing when ALPN support is enabled, allowing unauthenticated remote attackers to crash the process by sending a crafted ALPN list. This vulnerability affects Nginx and other third-party applications that have compiled wolfSSL 5.8.4 or earlier with ALPN enabled. A patch is available to address this incomplete validation flaw.

Buffer Overflow Denial Of Service Nginx Information Disclosure
CVE-2026-3511 HIGH CVSS 8.6
An XML External Entity (XXE) vulnerability in the XMLUtils.java component of Slovensko.Digital Autogram allows remote unauthenticated attackers to conduct Server-Side Request Forgery (SSRF) attacks and read local files from the filesystem. The vulnerability affects Autogram software and can be exploited when a victim visits a specially crafted website that sends malicious XML to the application's local HTTP server /sign endpoint. A blog post detailing exploitation research is publicly available, increasing the likelihood of exploitation attempts.

XXE Java Authentication Bypass SSRF Autogram
CVE-2026-3029 HIGH CVSS 7.5
PyMuPDF versions up to 1.26.5 allow unauthenticated remote attackers to write arbitrary files to the system through path traversal in the embedded get function. This vulnerability enables denial of service attacks and potential system compromise without requiring authentication or user interaction. No patch is currently available.

Path Traversal
CVE-2026-1238 HIGH CVSS 7.2
The SlimStat Analytics plugin for WordPress contains a Stored Cross-Site Scripting vulnerability in the 'fh' (fingerprint) parameter that allows unauthenticated attackers to inject malicious scripts into pages. All versions up to and including 5.3.5 are affected due to insufficient input sanitization and output escaping. The vulnerability has a CVSS score of 7.2 with network-based attack vector requiring no privileges or user interaction, though no active exploitation (KEV) or EPSS data is currently reported.

WordPress XSS Slimstat Analytics
CVE-2025-71260 HIGH CVSS 8.8
BMC FootPrints ITSM contains a critical deserialization vulnerability in ASP.NET VIEWSTATE handling that allows authenticated attackers to execute arbitrary code remotely. Versions 20.20.02 through 20.24.01.001 are affected, and attackers with valid credentials can fully compromise the application by injecting malicious serialized objects. Security researchers from watchTowr have published detailed analysis of this vulnerability, significantly increasing exploitation risk.

Deserialization RCE
CVE-2025-71257 HIGH CVSS 7.3
BMC FootPrints ITSM contains an authentication bypass vulnerability allowing unauthenticated remote attackers to access restricted REST API endpoints and servlets without proper authorization. Affected versions range from 20.20.02 through 20.24.01.001, enabling attackers to invoke restricted functionality, access application data, and modify system resources. A public proof-of-concept exploit has been published by watchTowr Labs demonstrating pre-authentication remote code execution chains, significantly elevating the real-world risk.

Authentication Bypass
CVE-2025-69720 HIGH CVSS 7.3
A buffer overflow vulnerability exists in ncurses versions 6.4 and 6.5 within the infocmp utility's analyze_string() function in progs/infocmp.c. This vulnerability allows an attacker to trigger a buffer overflow by providing maliciously crafted input to the infocmp program, potentially leading to denial of service or arbitrary code execution. A proof-of-concept exploit has been publicly released on GitHub, increasing the practical risk of exploitation.

Buffer Overflow Redhat Suse
CVE-2025-68836 HIGH CVSS 7.1
A reflected cross-site scripting (XSS) vulnerability exists in the Table of Contents Creator WordPress plugin that allows attackers to inject malicious scripts into web pages. The vulnerability affects all versions through 1.6.4.1 and can be exploited remotely without authentication, though it requires user interaction. With a CVSS score of 7.1 and a changed scope, this represents a moderate severity issue reported by Patchstack's audit team.

XSS
CVE-2025-67618 HIGH CVSS 7.1
A reflected cross-site scripting (XSS) vulnerability exists in the ArtstudioWorks Brookside WordPress theme through version 1.4. An attacker can inject malicious scripts that execute in victims' browsers when they click a specially crafted link, potentially leading to session hijacking, credential theft, or defacement. The CVSS score of 7.1 indicates high severity with a changed scope, and this vulnerability was disclosed by Patchstack as a database entry.

XSS
CVE-2025-53222 HIGH CVSS 7.1
The tagDiv Opt-In Builder WordPress plugin versions up to and including 1.7.3 contains a reflected cross-site scripting (XSS) vulnerability due to improper neutralization of user input during web page generation. An attacker can exploit this by tricking a user into clicking a malicious link, allowing the execution of arbitrary JavaScript in the victim's browser within the context of the vulnerable site. This vulnerability has a CVSS score of 7.1 with network-based attack vector and low attack complexity, though no active exploitation (KEV) or public proof-of-concept has been documented at this time.

XSS
CVE-2025-50001 HIGH CVSS 7.1
tagDiv Composer, a WordPress plugin used by tagDiv themes, contains a reflected cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to inject malicious scripts into web pages. Versions up to and including 5.4.2 are affected. The vulnerability requires user interaction (victim must click a malicious link) but can be exploited remotely without authentication, making it a moderate-severity threat with a CVSS score of 7.1.

XSS
CVE-2024-42210 HIGH CVSS 7.6
A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

XSS
CVE-2026-33410 MEDIUM CVSS 5.4
A remote code execution vulnerability in Discourse (CVSS 5.4). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
CVE-2026-33397 MEDIUM CVSS 6.9
Open Redirect in Angular SSR allows remote attackers to bypass redirect validation through a single backslash character in the X-Forwarded-Prefix header, causing browsers to interpret the malformed URL as a protocol-relative redirect to attacker-controlled domains. This vulnerability affects Angular SSR applications deployed behind proxies and represents an incomplete fix for a prior open redirect issue. An attacker can craft requests to redirect authenticated users away from the legitimate application without user interaction.

Open Redirect
CVE-2026-33395 MEDIUM CVSS 4.4
Authenticated users can inject persistent JavaScript through malicious DOT graph definitions in the discourse-graphviz plugin on Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, enabling stored XSS attacks when Content Security Policy is disabled. Affected instances should upgrade to patched versions, disable the plugin, or enforce a CSP as a temporary mitigation, as no patch is currently available for all deployment scenarios.

XSS
CVE-2026-33393 MEDIUM CVSS 4.3
A remote code execution vulnerability in Discourse (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
CVE-2026-33355 MEDIUM CVSS 6.5
A post-type visibility filtering bypass in Discourse's `/private-posts` endpoint allows authenticated users with access to private message (PM) topics to view whisper posts that should be restricted to specific recipients. This information disclosure vulnerability affects Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, and requires only low-privilege user authentication to exploit. No active exploitation in the wild has been reported, but patches are available from the vendor.

Information Disclosure
CVE-2026-33349 MEDIUM CVSS 5.9
The fast-xml-parser library contains a logic error in DocTypeReader.js where JavaScript's falsy evaluation of the number 0 causes entity size and count limits to be completely bypassed when explicitly configured to 0. An attacker who can supply crafted XML input to an application using fast-xml-parser with these limits set to 0 can trigger unbounded entity expansion, exhausting server memory and causing denial of service. A proof-of-concept exists demonstrating the vulnerability, and the CVSS score of 5.9 reflects medium severity with high attack complexity, though the real-world impact is significant for applications that explicitly configure these restrictive limits.

Denial Of Service
CVE-2026-33347 MEDIUM CVSS 6.3
Mozilla's Embed extension contains a domain allowlist bypass in the DomainFilteringAdapter due to insufficient hostname boundary validation in its regex pattern, allowing attacker-controlled domains like youtube.com.evil to pass validation checks for youtube.com. This vulnerability enables Server-Side Request Forgery attacks via the OscaroteroEmbedAdapter to probe internal services, and Cross-Site Scripting attacks through unsanitized oEmbed HTML responses returned by compromised domains. No patch is currently available for this medium-severity flaw.

XSS SSRF Mozilla
CVE-2026-33332 MEDIUM CVSS 6.9
NiceGUI's media file serving functions fail to validate user-supplied query parameters used in range-response handling, allowing attackers to bypass streaming protections and force servers to load entire files into memory simultaneously. Applications using app.add_media_file() or app.add_media_files() to serve large media content are vulnerable to denial of service through memory exhaustion and performance degradation when handling concurrent malicious requests. No patch is currently available.

Denial Of Service
CVE-2026-33326 MEDIUM CVSS 4.3
CVE-2026-33326 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
CVE-2026-33323 MEDIUM CVSS 6.3
Email verification resend endpoints in the Pages and legacy PublicAPI routes leak information about valid usernames through distinguishable responses, enabling unauthenticated attackers to enumerate active accounts. The default `emailVerifySuccessOnInvalidEmail` configuration option, which mitigates this issue, was not applied to these specific routes. A patch is available that extends the protection to both routes.

Information Disclosure
CVE-2026-33320 MEDIUM CVSS 6.2
The dasel YAML reader contains an unbounded alias expansion vulnerability (CWE-674) that allows attackers to trigger extreme CPU and memory consumption through specially crafted YAML documents. Affected versions include dasel v3.0.0 through v3.3.1 and the current default branch. An attacker who can supply YAML input-via CLI, file processing, or library usage-can cause denial of service with a malicious 342-byte payload that fails to complete within 5 seconds and exhibits unbounded resource growth, as demonstrated by the provided proof-of-concept.

Denial Of Service Apple macOS
CVE-2026-33319 MEDIUM CVSS 5.9
A command injection vulnerability (CVSS 5.9). Remediation should follow standard vulnerability management procedures.

PHP RCE Command Injection
CVE-2026-33314 MEDIUM CVSS 6.5
A Host Header Spoofing vulnerability in the @local_check decorator of pyload-ng allows unauthenticated external attackers to bypass local-only IP address restrictions on the Click'N'Load API endpoints by sending a crafted HTTP Host header. This authentication bypass enables remote attackers to queue arbitrary downloads on the affected pyload instance, leading to Server-Side Request Forgery (SSRF) attacks against internal or external systems and Denial of Service through resource exhaustion. A proof-of-concept exploit exists in the form of a simple curl command that demonstrates immediate exploitability without user interaction.

Authentication Bypass Denial Of Service Python SSRF
CVE-2026-33311 MEDIUM CVSS 4.7
DiceBear avatar generation libraries (@dicebear/core and @dicebear/initials) are vulnerable to stored XSS through unescaped SVG attributes when user-supplied options like backgroundColor, fontFamily, and textColor are directly interpolated into SVG output. Attackers can inject malicious JavaScript that executes when the resulting SVG is rendered inline or served with SVG content-type, affecting any application that passes untrusted input to the createAvatar() function. No patch is currently available.

XSS
CVE-2026-33306 MEDIUM CVSS 4.5
JRuby's BCrypt implementation suffers from a signed integer overflow when the cost parameter is set to 31, causing the key-strengthening loop to execute zero iterations and reducing password hashing to a negligible computational cost. Applications using bcrypt-ruby with cost=31 generate seemingly valid hashes that verify correctly but provide virtually no protection against brute-force attacks. No patch is currently available for this vulnerability.

Java Integer Overflow Buffer Overflow
CVE-2026-33305 MEDIUM CVSS 5.4
A remote code execution vulnerability in OpenEMR (CVSS 5.4) that allows any authenticated openemr user. Remediation should follow standard vulnerability management procedures.

Authentication Bypass
CVE-2026-33304 MEDIUM CVSS 6.5
An authorization bypass vulnerability in OpenEMR versions prior to 8.0.0.2 allows authenticated non-administrator users to access reminder messages and associated patient information belonging to other users by manipulating GET request parameters. Any authenticated user can view sensitive data including patient names and message content from arbitrary user accounts without proper authorization checks. This vulnerability has a CVSS score of 6.5 (Medium) with high confidentiality impact but no integrity or availability impact, and a proof-of-concept has been published via the GitHub security advisory.

Authentication Bypass
CVE-2026-33303 MEDIUM CVSS 5.4
Stored XSS in OpenEMR versions before 8.0.0.2 allows authenticated patient portal users to inject malicious scripts into their login username, which execute in the browsers of clinic staff when viewing the portal credential creation page. This vulnerability enables attackers to compromise staff and admin sessions through the patient context, potentially leading to unauthorized access or data manipulation within the healthcare system. A patch is available in version 8.0.0.2 and later.

XSS
CVE-2026-33299 MEDIUM CVSS 5.4
Stored XSS in OpenEMR prior to 8.0.0.2 allows authenticated users with the "Notes - my encounters" role to inject malicious JavaScript into Eye Exam form fields, which executes when other users with the same role view the form responses. An attacker can exploit this to steal session tokens, perform unauthorized actions, or compromise patient data through form manipulation. No patch is currently available for affected versions.

XSS
CVE-2026-33296 MEDIUM CVSS 6.1
WWBN/AVideo fails to properly validate the redirectUri parameter in its login flow, allowing attackers to craft malicious URLs that redirect authenticated users to attacker-controlled sites after successful login. The vulnerability stems from insufficient encoding of user input before it is embedded into JavaScript code that executes a redirect via document.location. An attacker can exploit this open redirect to perform phishing attacks or distribute malware by tricking users into clicking a login link with an attacker-controlled redirect destination.

PHP Python Open Redirect
CVE-2026-33295 MEDIUM CVSS 5.4
Stored cross-site scripting in the WWBN/AVideo CDN plugin allows authenticated attackers to inject malicious JavaScript through improperly sanitized video titles, which executes when users access download pages. An attacker with video creation or modification privileges can compromise any user viewing the affected download interface. No patch is currently available for PHP and Python implementations.

PHP XSS Python
CVE-2026-33294 MEDIUM CVSS 5.0
The BulkEmbed plugin in AVideo fails to validate thumbnail URLs in its save endpoint, allowing authenticated attackers to conduct Server-Side Request Forgery (SSRF) attacks and retrieve responses from internal network resources. An attacker can supply malicious URLs via the bulk embed feature to force the server to make HTTP requests to internal systems and view the cached thumbnail responses. This vulnerability affects PHP-based AVideo installations and requires authentication to exploit.

PHP SSRF Google Microsoft
CVE-2026-33283 MEDIUM CVSS 6.5
Ella Core contains a null pointer dereference vulnerability (CWE-476) that causes the process to panic when processing malformed UL NAS Transport NAS messages that lack a Request Type field, particularly when no SM Context is present. An attacker with network access and minimal privileges can send crafted NAS messages to trigger this crash, resulting in complete denial of service for all connected subscribers without requiring authentication. The CVSS 6.5 score reflects the high availability impact, though the requirement for low privileges (PR:L) and network-only access (AV:N) constrains the overall severity.

Denial Of Service Null Pointer Dereference
CVE-2026-33281 MEDIUM CVSS 6.5
Ella Core contains an input validation flaw that causes the process to panic when receiving NGAP messages with PDU Session IDs outside the valid range of 1-15, enabling unauthenticated attackers to trigger denial of service affecting all connected subscribers. The vulnerability (CWE-129: Improper Validation of Array Index) carries a CVSS score of 6.5 with network-level attack vector and low complexity, though it requires low privilege context according to the vector string. No active exploitation in the wild has been confirmed, but the straightforward nature of crafting malformed NGAP messages means proof-of-concept development is feasible.

Denial Of Service
CVE-2026-33238 MEDIUM CVSS 4.3
The `listFiles.json.php` endpoint in AVideo accepts an unsanitized POST parameter `path` and passes it directly to PHP's `glob()` function without restricting traversal to an allowed base directory, enabling authenticated uploaders to enumerate `.mp4` files anywhere on the server filesystem. An attacker with the standard `canUpload` permission can discover private, premium, or access-controlled video files stored outside the intended upload directory by supplying arbitrary absolute paths, revealing both filenames and full filesystem paths that may aid further exploitation. A proof-of-concept is available demonstrating traversal from the web root to arbitrary locations such as `/var/private/premium-content/` and the root filesystem.

Path Traversal PHP
CVE-2026-33237 MEDIUM CVSS 5.5
The AVideo Scheduler plugin fails to validate callback URLs against Server-Side Request Forgery (SSRF) protections, allowing authenticated administrators to configure scheduled tasks that make HTTP requests to internal networks, cloud metadata services, and private IP ranges. An attacker with admin access can retrieve AWS/GCP/Azure instance metadata credentials (including IAM role tokens) or probe internal APIs not exposed to the internet. A proof-of-concept exists demonstrating credential extraction from AWS metadata endpoints at 169.254.169.254.

SSRF PHP Privilege Escalation Microsoft
CVE-2026-32869 MEDIUM CVSS 5.1
This vulnerability is a stored/reflected cross-site scripting (XSS) flaw in OPEXUS eComplaint and eCASE that allows authenticated attackers to inject malicious JavaScript into the 'Name of Organization' field during case creation. When a victim views the affected case information page, the unvalidated payload executes in their browser session, potentially leading to session hijacking, credential theft, or unauthorized actions. With a CVSS score of 5.5 (medium severity) requiring low attack complexity and user interaction, this represents a meaningful risk to authenticated users, though the requirement for prior authentication and user interaction limits its immediate exploitability.

XSS
CVE-2026-32868 MEDIUM CVSS 5.1
This is a stored cross-site scripting (XSS) vulnerability in OPEXUS eComplaint and eCASE platforms where the first and last name fields in the 'My Information' screen fail to properly sanitize user input. An authenticated attacker can inject malicious JavaScript code into these fields, which executes in the context of victim sessions when the full name is rendered, allowing credential theft, session hijacking, or malicious actions on behalf of the victim. The CVSS 5.5 score reflects moderate risk (low integrity/confidentiality/availability impact) mitigated by authentication requirements and user interaction necessity, though the practical risk depends on deployment context and whether patches are available.

XSS
CVE-2026-32867 MEDIUM CVSS 5.3
OPEXUS eComplaint versions before 10.1.0.0 allow unauthenticated attackers to enumerate case numbers and upload arbitrary files to the public document upload interface, potentially cluttering cases with malicious content and consuming server storage. The vulnerability requires user interaction but has no authentication requirements, affecting all instances running vulnerable versions with no available patch.

Authentication Bypass
CVE-2026-32866 MEDIUM CVSS 5.1
This is a stored cross-site scripting (XSS) vulnerability in OPEXUS eComplaint and eCASE versions before 10.2.0.0, where user profile first and last name fields lack proper input sanitization. An authenticated attacker can inject malicious JavaScript payloads into these fields, which execute in the context of any victim's session when the attacker's full name is rendered, allowing theft of session tokens, credential harvesting, or account manipulation. The vulnerability carries a CVSS 5.5 (medium) score but poses real risk due to its authenticated-but-no-special-privileges requirement and user interaction dependency; exploitation is likely straightforward given the simplicity of XSS injection techniques.

XSS
CVE-2026-32818 MEDIUM CVSS 6.5
Admidio versions 5.0.0 through 5.0.6 contain an authorization bypass vulnerability in the forum module that allows any authenticated user to permanently delete forum topics and posts without proper permission checks. An attacker with basic forum access can delete any topic or post by knowing its UUID, which is publicly visible in URLs, completely circumventing the authorization controls that are properly enforced in edit/save operations. This vulnerability was fixed in version 5.0.7, and exploitation requires only low privileges (authenticated user status) with no user interaction.

PHP CSRF Authentication Bypass
CVE-2026-32816 MEDIUM CVSS 5.7
Admidio versions 5.0.0 through 5.0.6 contain a critical cross-site request forgery (CSRF) vulnerability in the groups-roles management module that allows unauthenticated attackers to trick privileged users into permanently deleting organizational roles, deactivating groups, or revoking memberships through forged POST requests. The vulnerability affects users with rol_assign_roles privileges, and exploited attacks result in permanent data loss including cascading deletion of role memberships, event associations, and access rights with no built-in undo mechanism. A patch is available in version 5.0.7, and the vulnerability is not currently tracked in active exploitation databases but poses significant organizational impact due to the permanent nature of role deletion and the low barrier to discovery of target role UUIDs from publicly accessible card views.

PHP CSRF
CVE-2026-32753 MEDIUM CVSS 5.4
Stored XSS in FreeScout 1.8.208 and earlier allows authenticated attackers to execute arbitrary JavaScript in victims' browsers by uploading a malicious SVG file with a .png extension and image/svg+xml content type, bypassing both the attachment view logic and SVG sanitizer. The vulnerability exploits a fallback mechanism that unsafely processes invalid XML, enabling script execution when the file is rendered inline. An attacker with upload permissions can compromise other users' sessions and data through this cross-site scripting attack.

XSS
CVE-2026-32743 MEDIUM CVSS 6.5
Stack-based buffer overflow in PX4 autopilot versions 1.17.0-rc2 and below allows attackers with MAVLink link access to crash the flight controller by exploiting an unconstrained sscanf operation in the MavlinkLogHandler. An attacker can trigger this by creating deeply nested directories via MAVLink FTP and then requesting the log list, causing the MAVLink task to crash and resulting in loss of telemetry and command capability. This denial of service affects drone and unmanned vehicle systems relying on vulnerable PX4 versions.

Buffer Overflow Denial Of Service Stack Overflow IoT
CVE-2026-32119 MEDIUM CVSS 4.4
DOM-based stored XSS in OpenEMR's SearchHighlight plugin (versions prior to 8.0.0.2) enables authenticated users with encounter form write access to inject malicious JavaScript that executes in other clinicians' browsers during report searches. An attacker can leverage this to steal session tokens, modify patient data, or perform actions on behalf of targeted medical staff. The vulnerability stems from improper handling of HTML entity decoding when parsing search results.

XSS
CVE-2026-32099 MEDIUM CVSS 4.3
Discourse's profile hiding feature fails to protect user bio, location, and website fields when accessed through onebox previews, allowing authenticated attackers to retrieve this information despite the `hide_profile` setting. An attacker can request a onebox preview of a hidden user's profile URL to bypass privacy controls and expose sensitive profile data. The vulnerability affects Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, with no workarounds currently available.

Information Disclosure
CVE-2026-32041 MEDIUM CVSS 6.9
OpenClaw versions prior to 2026.3.1 contain an authentication bypass vulnerability where failed authentication bootstrap during startup leaves browser-control routes accessible without credentials. An attacker with local process access or ability to reach the application via loopback SSRF can exploit this to access sensitive browser-control functionality including code evaluation capabilities without valid authentication. This is a moderate-risk vulnerability with a CVSS score of 6.9 and realistic exploitation potential for local/SSRF-capable threats.

SSRF Authentication Bypass
CVE-2026-32040 MEDIUM CVSS 4.6
OpenClaw prior to version 2026.2.23 allows local authenticated attackers to inject malicious code into exported HTML sessions through specially crafted mimeType values in image content blocks. When a user opens the exported HTML file, the injected code executes arbitrary JavaScript in their browser context. Exploitation requires local access and user interaction to open the malicious HTML file.

XSS
CVE-2026-32039 MEDIUM CVSS 5.9
OpenClaw versions before 2026.2.22 allow authenticated attackers to bypass sender authorization checks through identifier collision attacks, enabling them to gain unauthorized access to privileged tools. By exploiting untyped sender keys and forcing collisions with mutable identity fields like senderName or senderUsername, attackers can inherit elevated permissions not granted to their account. No patch is currently available for this medium-severity vulnerability.

Authentication Bypass
CVE-2026-32037 MEDIUM CVSS 6.0
OpenClaw versions prior to 2026.2.22 contain a Server-Side Request Forgery (SSRF) vulnerability in MSTeams media attachment handling where redirect chain validation against the mediaAllowHosts allowlist is inconsistently applied. An authenticated attacker with low privileges can supply or influence attachment URLs that redirect to non-allowlisted targets, allowing them to bypass SSRF boundary controls and potentially access internal resources. The vulnerability has confirmed patch availability and security advisories from the vendor.

SSRF
CVE-2026-32036 MEDIUM CVSS 6.5
OpenClaw gateway plugin versions before 2026.2.26 allow remote attackers to bypass authentication by exploiting path traversal in the /api/channels endpoint through encoded dot-segment sequences. Attackers can manipulate these paths to access protected plugin routes that should be restricted, gaining unauthorized access to sensitive channel functionality. No patch is currently available for this medium-severity vulnerability.

Path Traversal
CVE-2026-32035 MEDIUM CVSS 5.9
OpenClaw versions prior to 2026.3.2 contain an authorization bypass vulnerability in Discord voice transcript processing where the senderIsOwner flag is not properly validated in the agentCommand handler, causing it to default to true. This allows non-owner participants in mixed-trust Discord channels to gain unauthorized access to owner-only tools including gateway and cron functionality. The vulnerability has a CVSS score of 5.9 (medium severity) with high integrity impact, though real-world exploitation requires user interaction and moderate attack complexity.

Authentication Bypass
CVE-2026-32034 MEDIUM CVSS 6.1
OpenClaw versions before 2026.2.21 allow authenticated attackers to bypass device identity verification and gain high-privilege Control UI access when insecure authentication is enabled and the gateway uses unencrypted HTTP. An attacker with compromised credentials can exploit the lack of secure authentication enforcement to obtain unauthorized control access. The vulnerability requires network access and valid credentials but poses significant risk in environments where plaintext HTTP is used.

Authentication Bypass Command Injection
CVE-2026-32033 MEDIUM CVSS 6.0
OpenClaw versions before 2026.2.24 allow authenticated attackers to bypass path traversal protections by using @-prefixed absolute paths that evade workspace boundary validation, enabling unauthorized file access outside the intended directory scope when workspace-only restrictions are configured. The vulnerability stems from a canonicalization mismatch that fails to properly validate these specially-crafted paths, allowing attackers to read arbitrary files on the system.

Path Traversal
CVE-2026-32031 MEDIUM CVSS 4.8
OpenClaw server-http versions before 2026.2.26 permit unauthenticated access to protected plugin channel APIs through path canonicalization mismatches between gateway and routing handlers. Remote attackers can exploit this authentication bypass by crafting requests with alternative path encodings to reach sensitive endpoints without valid credentials. No patch is currently available for this medium-severity issue.

Authentication Bypass
CVE-2026-32029 MEDIUM CVSS 6.3
CVE-2026-32029 is a security vulnerability (CVSS 6.3). Remediation should follow standard vulnerability management procedures.

Code Injection
CVE-2026-32028 MEDIUM CVSS 6.3
A remote code execution vulnerability (CVSS 6.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
CVE-2026-32026 MEDIUM CVSS 6.5
OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability (CWE-22: Path Traversal) in sandbox media handling that allows attackers with low privileges to read and exfiltrate arbitrary files from the host temporary directory. An authenticated attacker can exploit this by crafting malicious media references delivered through attachment mechanisms, bypassing sandbox isolation to access sensitive files outside the intended sandbox root. No active exploitation in the wild (KEV status unknown), but proof-of-concept code references are available in GitHub commit history.

Path Traversal
CVE-2026-32024 MEDIUM CVSS 5.5
OpenClaw versions before 2026.2.22 suffer from a symlink traversal flaw in avatar processing that enables local attackers with user-level privileges to read sensitive files beyond the intended workspace directory. An attacker can leverage this through gateway interfaces to access arbitrary files with OpenClaw process permissions, resulting in unauthorized information disclosure. No patch is currently available for this vulnerability.

Information Disclosure
CVE-2026-32023 MEDIUM CVSS 6.0
OpenClaw versions prior to 2026.2.24 contain an approval gating bypass vulnerability in the system.run allowlist mode where attackers with local privileges can chain multiple transparent dispatch wrappers (such as /usr/bin/env) to suppress shell-wrapper detection and execute arbitrary shell commands without triggering expected approval prompts in allowlist plus ask=on-miss configurations. This authentication bypass has a CVSS score of 5.9 (medium severity) with high integrity impact, allowing privilege escalation or unauthorized command execution on affected systems. A proof-of-concept and security advisory are available from GitHub and VulnCheck.

Authentication Bypass
CVE-2026-32022 MEDIUM CVSS 6.0
A arbitrary file access vulnerability in the grep tool within tools (CVSS 6.0) that allows attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure
CVE-2026-32021 MEDIUM CVSS 6.3
CVE-2026-32021 is a security vulnerability (CVSS 6.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
CVE-2026-32017 MEDIUM CVSS 6.0
OpenClaw versions before 2026.2.19 allow authenticated attackers to bypass the exec safeBins policy and write arbitrary files by injecting short-option flags into whitelisted binary commands. An attacker with login credentials can exploit this allowlist bypass to perform unauthorized file-write operations that should be blocked by the safeBins security controls. No patch is currently available for this medium-severity vulnerability.

Authentication Bypass
CVE-2026-32010 MEDIUM CVSS 6.3
OpenClaw versions before 2026.2.22 allow local authenticated attackers to bypass the safe-bin allowlist by exploiting sort's --compress-program flag, enabling execution of arbitrary programs despite allowlist restrictions. This command injection vulnerability affects deployments using safe-bin configuration with ask=on-miss mode enabled, permitting unauthorized code execution without operator approval.

Command Injection
CVE-2026-32009 MEDIUM CVSS 5.7
Arbitrary command execution in OpenClaw prior to version 2026.2.24 results from improper validation of binaries in package manager directories that are included in the safeBins allowlist. An attacker with write access to trusted paths such as /opt/homebrew/bin or /usr/local/bin can plant a malicious binary to achieve code execution within the OpenClaw runtime. No patch is currently available.

Authentication Bypass
CVE-2026-32008 MEDIUM CVSS 6.5
OpenClaw versions before 2026.2.21 allow authenticated users with browser-tool access to bypass URL scheme validation and navigate to file:// URLs, enabling local file exfiltration through browser snapshot and extraction features. An attacker with valid credentials could read sensitive files accessible to the OpenClaw process and extract them from the system. No patch is currently available.

Information Disclosure
CVE-2026-32007 MEDIUM CVSS 6.8
OpenClaw versions before 2026.2.23 allow authenticated users with sandbox access to bypass workspace restrictions through a path traversal flaw in the apply_patch tool, enabling arbitrary file modification on the system. The vulnerability stems from inconsistent validation of mounted paths outside the workspace directory, permitting attackers to write to writable mounts beyond the intended sandbox boundaries. No patch is currently available for this MEDIUM severity issue.

Path Traversal
CVE-2026-32005 MEDIUM CVSS 6.8
OpenClaw versions prior to 2026.2.25 contain an authorization bypass vulnerability in interactive callback handlers (block_action, view_submission, view_closed) that allows authenticated but unauthorized workspace members to bypass sender authorization checks and enqueue arbitrary system events into active sessions. This affects shared workspace deployments where multiple users with varying permission levels coexist, enabling privilege escalation and information disclosure attacks without requiring elevated privileges or user interaction.

Authentication Bypass
CVE-2026-32004 MEDIUM CVSS 6.5
OpenClaw prior to version 2026.3.2 allows unauthenticated attackers to bypass authentication controls on the /api/channels endpoint through path canonicalization mismatches, enabling access to protected API resources. The vulnerability exploits inconsistent handling of multi-encoded slash characters (%2f variants) between authentication checks and route processing. No patch is currently available, and exploitation requires only network access with no user interaction.

Authentication Bypass
CVE-2026-32003 MEDIUM CVSS 6.6
OpenClaw versions before 2026.2.22 allow high-privileged attackers to execute arbitrary shell commands by injecting malicious environment variables into the system.run function, bypassing the intended command allowlist protections. By exploiting bash xtrace expansion through SHELLOPTS and PS4 variables, an attacker with request-scoped environment variable access can achieve code execution beyond the restricted command set. No patch is currently available for this command injection vulnerability.

Command Injection
CVE-2026-32002 MEDIUM CVSS 5.3
OpenClaw versions before 2026.2.23 allow authenticated users to bypass sandbox restrictions and read files outside the intended workspace by exploiting inadequate path validation in the sandboxed image tool. An attacker with valid credentials can exfiltrate sensitive files by leveraging vision model provider integrations, compromising the confidentiality of restricted data.

Information Disclosure
CVE-2026-32001 MEDIUM CVSS 5.4
OpenClaw prior to version 2026.2.22 allows authenticated users to bypass device identity verification and assume a node role during WebSocket connections, enabling injection of unauthorized node events that trigger sensitive agent and voice transcript operations. An attacker with a shared gateway token can exploit this to perform actions without proper device pairing, potentially compromising system integrity and confidentiality. No patch is currently available.

Authentication Bypass
CVE-2026-32000 MEDIUM CVSS 5.8
Command injection in OpenClaw versions before 2026.2.19 allows local attackers with limited privileges to execute arbitrary commands when the Lobster extension tool falls back to Windows shell execution after subprocess failures. The vulnerability exists because the tool uses shell: true after spawn errors, enabling attackers to inject shell metacharacters into command arguments. A patch is available for affected users.

Command Injection Microsoft Windows
CVE-2026-31999 MEDIUM CVSS 6.3
OpenClaw versions prior to 2026.3.1 contain a current working directory (cwd) injection vulnerability in Windows wrapper resolution for .cmd/.bat files that allows local attackers to manipulate command execution through directory control during shell fallback mechanisms. An authenticated local attacker with low privileges can exploit this vulnerability to achieve command execution integrity loss by controlling the working directory, potentially leading to unauthorized code execution or privilege escalation. While no active in-the-wild exploitation has been reported in KEV databases, the vulnerability is documented with a proof-of-concept available through the vendor's security advisory on GitHub.

Command Injection Microsoft Openclaw Windows
CVE-2026-31997 MEDIUM CVSS 6.0
OpenClaw versions prior to 2026.3.1 contain a post-approval executable rebind vulnerability in the system.run approval mechanism that fails to pin executable identity when argv[0] is not a full path. An attacker with local access and low privileges can modify PATH environment variables after an operator approves a command execution to redirect the approval to execute a different binary, achieving arbitrary command execution with the privileges of the OpenClaw process. The vulnerability has a moderate CVSS score of 6.0 reflecting local attack vector and high privilege requirements, but poses significant risk in environments where approval workflows are relied upon for security boundaries.

Information Disclosure Openclaw
CVE-2026-31995 MEDIUM CVSS 5.3
OpenClaw versions prior to 2026.2.19 allow local attackers with limited privileges to execute arbitrary commands through the Lobster extension's Windows shell fallback mechanism by injecting malicious arguments into workflow processes. The vulnerability exploits cmd.exe command interpretation when spawn operations fail and trigger shell execution, enabling command injection with potential impact on system integrity and availability. A patch is available for affected versions.

Command Injection Microsoft Openclaw Windows
CVE-2026-31993 MEDIUM CVSS 4.8
OpenClaw versions before 2026.2.22 contain an allowlist parsing flaw in the macOS companion app that enables authenticated operators with elevated privileges to bypass command execution controls and run arbitrary commands on paired hosts. The vulnerability affects systems with operator.write access and macOS beta nodes, allowing attackers to craft malicious shell-chain payloads that circumvent validation checks. A security patch is available.

Apple Authentication Bypass Openclaw macOS
CVE-2026-31990 MEDIUM CVSS 6.1
OpenClaw versions prior to 2026.3.2 contain a symlink traversal vulnerability in the stageSandboxMedia function that fails to validate destination symlinks during media staging operations. This allows local attackers with low privileges to write files outside the intended sandbox workspace by placing malicious symlinks in the media/inbound directory, resulting in arbitrary file overwrite on the host system. A patch is available from the vendor, and the vulnerability was reported by VulnCheck with public references including a GitHub security advisory and commit fix.

Information Disclosure Openclaw
CVE-2026-30873 MEDIUM CVSS 4.9
A security vulnerability in versions (CVSS 4.9). Remediation should follow standard vulnerability management procedures.

Information Disclosure
CVE-2026-29608 MEDIUM CVSS 6.7
OpenClaw 2026.3.1 contains an approval integrity bypass vulnerability in the system.run node-host execution feature where attackers can rewrite command-line arguments (argv) to change the semantics of operator-approved commands. An authenticated local attacker with low privileges can place malicious scripts in the working directory to execute unintended code despite the operator approving different command text, resulting in high-impact confidentiality, integrity, and availability violations. A patch is available from the vendor, and no public exploit code has been widely reported, but the vulnerability represents a critical trust boundary violation in approval workflows.

Information Disclosure Openclaw
CVE-2026-29107 MEDIUM CVSS 5.0
Server-Side Request Forgery in SuiteCRM versions prior to 7.15.1 and 8.9.3 allows authenticated users to craft malicious PDF templates containing image tags that trigger server-side HTTP requests when PDFs are generated. An attacker with login credentials can exploit this to scan internal networks, access local services, or exfiltrate data from the server's perspective. No patch is currently available for affected versions.

SSRF
CVE-2026-29106 MEDIUM CVSS 5.9
SuiteCRM versions prior to 7.15.1 and 8.9.3 contain a stored cross-site scripting (XSS) vulnerability in the return_id request parameter, which is insufficiently sanitized before being reflected into HTML event handler attributes. An authenticated attacker with high privileges can craft malicious payloads that execute arbitrary JavaScript in the context of other users' browsers, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of victims. While this vulnerability requires authenticated access and user interaction to trigger, it affects a widely-deployed open-source CRM platform used by many enterprises.

XSS
CVE-2026-29105 MEDIUM CVSS 5.4
SuiteCRM versions prior to 7.15.1 and 8.9.3 contain an unauthenticated open redirect vulnerability in the WebToLead feature that allows attackers to redirect users to arbitrary external websites by manipulating an unvalidated POST parameter. An attacker can leverage the trusted SuiteCRM domain to conduct phishing and social engineering attacks against users without requiring authentication or user interaction beyond clicking a malicious link. No patch is currently available for affected versions.

Open Redirect
CVE-2026-29101 MEDIUM CVSS 4.9
SuiteCRM versions prior to 7.15.1 and 8.9.3 contain a denial-of-service vulnerability that allows authenticated attackers with high privileges to crash the application through path traversal manipulation. An attacker with administrative credentials can exploit this remotely to disrupt service availability without requiring user interaction. No patch is currently available for this vulnerability.

Information Disclosure
CVE-2026-29098 MEDIUM CVSS 4.9
Path traversal in SuiteCRM's ModuleBuilder module (versions prior to 7.15.1 and 8.9.3) allows authenticated administrators to read arbitrary files from the server by manipulating the `$modules` and `$name` parameters, which are improperly validated before being used in file operations. An attacker with ModuleBuilder access can exploit this to copy sensitive files from any readable directory into the web root, exposing their contents through the web server.

PHP Path Traversal
CVE-2026-28460 MEDIUM CVSS 6.0
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the system.run function that allows authenticated attackers to execute non-allowlisted commands by exploiting shell line-continuation characters to fold malicious command substitution past security controls. An attacker with low privileges (PR:L) can inject shell metacharacters (specifically $\ followed by newline and parenthesis within double quotes) to circumvent approval boundaries and execute arbitrary commands, resulting in integrity compromise and potential availability impact. A public advisory and patch are available from the vendor, though no EPSS score or KEV status was provided in the intelligence sources.

Command Injection
CVE-2026-28449 MEDIUM CVSS 6.3
OpenClaw versions prior to 2026.2.25 suffer from a webhook replay vulnerability where valid signed Nextcloud Talk webhook requests lack durable replay state suppression, allowing attackers to capture and replay previously legitimate signed requests to trigger duplicate inbound message processing. This can result in message duplication, data integrity issues, and potential availability degradation. While the CVSS score of 4.8 is moderate, the attack requires no authentication and can be executed over the network with medium complexity, making it a viable attack vector for threat actors with network visibility to webhook traffic.

Information Disclosure Nextcloud
CVE-2026-28282 MEDIUM CVSS 6.5
A remote code execution vulnerability in Discourse (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
CVE-2026-28070 MEDIUM CVSS 5.3
WP eMember through version 10.2.2 contains an authorization bypass flaw that allows unauthenticated remote attackers to circumvent access control restrictions and view protected content. The vulnerability stems from improper validation of security level configurations, enabling unauthorized information disclosure without user interaction. No patch is currently available for this issue.

Authentication Bypass Wp Emember
CVE-2026-28044 MEDIUM CVSS 5.9
WP Rocket, a popular WordPress performance optimization plugin, contains a Stored Cross-Site Scripting (XSS) vulnerability in versions up to 3.19.4 that allows authenticated attackers with high privileges to inject malicious scripts into web pages. An attacker with administrator or equivalent access can craft specially-formatted input that bypasses input sanitization, resulting in persistent XSS that executes in the browsers of other site users. The vulnerability has a CVSS score of 5.9 (Medium), requiring high privileges and user interaction, with no evidence of active exploitation in the wild or public proof-of-concept code.

XSS Wp Rocket
CVE-2026-27936 MEDIUM CVSS 5.3
A remote code execution vulnerability in Discourse (CVSS 5.3) that allows restricted post action counts. Remediation should follow standard vulnerability management procedures.

Authentication Bypass
CVE-2026-27935 MEDIUM CVSS 6.5
A remote code execution vulnerability in Discourse (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure
CVE-2026-27740 MEDIUM CVSS 6.1
Cross-site scripting in Discourse's Review Queue interface allows remote attackers to inject malicious payloads through prompt injection attacks against the AI triage system, which renders unsanitized LLM output to staff members. When administrators or moderators view flagged posts, the injected payload executes in their browser context, potentially compromising their sessions or performing unauthorized actions. The vulnerability affects Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, with patches available in these releases.

XSS
CVE-2026-27670 MEDIUM CVSS 5.3
OpenClaw versions before 2026.3.2 are vulnerable to a race condition in ZIP extraction that permits local attackers with limited privileges to write arbitrary files outside the intended extraction directory. By manipulating symlinks between path validation and write operations, an attacker can achieve arbitrary file placement on the system. A patch is available to resolve this integrity issue.

Information Disclosure Openclaw
CVE-2026-27570 MEDIUM CVSS 6.1
Reflected cross-site scripting in Discourse AI conversation sharing allows unauthenticated attackers to inject malicious scripts through improperly sanitized conversation titles in the onebox rendering feature. An attacker can craft a malicious shared conversation link to execute arbitrary JavaScript in the context of other users' browsers, potentially stealing session tokens or performing unauthorized actions. The vulnerability affects versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, and currently has no patch available as a preventive measure.

XSS
CVE-2026-27491 MEDIUM CVSS 4.3
Unauthorized user warnings in Discourse prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 can be issued by authenticated non-staff users due to a type coercion flaw in the post actions API endpoint. Attackers with valid login credentials can exploit this to send warnings meant only for staff moderators, though no data exposure or further privilege escalation occurs. No patch workaround is currently available.

Privilege Escalation Information Disclosure Authentication Bypass
CVE-2026-27454 MEDIUM CVSS 5.3
Unauthorized access to hidden post revisions in Discourse through version enumeration allows unauthenticated users to bypass authorization checks and read staff-concealed edit history. The /posts/:id.json endpoint fails to validate user permissions before displaying revision content, enabling attackers to enumerate version numbers and access sensitive historical data. Affected deployments should upgrade to versions 2026.3.0-latest.1, 2026.2.1, or 2026.1.2 as no workarounds are available.

Authentication Bypass
CVE-2026-27397 MEDIUM CVSS 6.5
An authorization bypass vulnerability in Really Simple Security Pro versions through 9.5.4.0 allows unauthenticated attackers to exploit incorrectly configured access control through user-controlled keys, resulting in integrity and availability impacts. The vulnerability is classified as CWE-639 (Authorization Bypass Through User-Controlled Key) with a CVSS score of 6.5, indicating medium severity with network-based attack vector requiring no privileges or user interaction. Patchstack has documented this issue affecting the Really Simple Plugins B.V. Really Simple Security Pro WordPress plugin, though active exploitation status and POC availability from public sources require verification against current threat intelligence feeds.

Authentication Bypass Really Simple Security Pro
CVE-2026-27166 MEDIUM CVSS 4.1
Insufficient sanitization of Codepen iframe parameters in Discourse prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allows authenticated attackers to manipulate users into changing the main page URL through social engineering. The vulnerability requires user interaction and network access but has no available patch, making disabling Codepen embeds the recommended mitigation.

XSS
CVE-2026-27091 MEDIUM CVSS 6.3
UiPress Lite versions through 3.5.09 contain a missing authorization vulnerability (CWE-862) that allows authenticated users to exploit incorrectly configured access control security levels, enabling privilege escalation or unauthorized resource access. An attacker with low-level user credentials can bypass authorization checks to access or modify functionality restricted to higher-privilege roles. The vulnerability has a CVSS score of 6.3 with network-based attack vector requiring only low privileges, indicating moderate real-world exploitability.

Information Disclosure Uipress Lite
CVE-2026-26940 MEDIUM CVSS 6.5
A Denial of Service vulnerability exists in Kibana's Timelion visualization plugin that allows authenticated users to trigger excessive memory allocation through improper validation of specially crafted Timelion expressions. An attacker with valid Kibana credentials can overwrite internal series data properties with excessively large quantity values, causing the application to exhaust system resources and become unavailable. This is a network-accessible vulnerability requiring low privileges with a CVSS score of 6.5 and documented as a confirmed denial-of-service attack vector affecting multiple active Kibana versions.

Denial Of Service Elastic Redhat
CVE-2026-26939 MEDIUM CVSS 6.5
Kibana's Detection Rule Management lacks proper authorization controls, allowing authenticated users with rule management privileges to configure unauthorized endpoint response actions including host isolation and process termination. An attacker with these privileges could exploit this missing access control to execute sensitive endpoint operations beyond their intended scope. No patch is currently available for this medium-severity vulnerability affecting Elastic products.

Elastic Authentication Bypass Redhat
CVE-2026-26933 MEDIUM CVSS 5.7
Packetbeat contains an improper array index validation vulnerability (CWE-129) in its protocol parser components that allows attackers to trigger out-of-bounds read operations through specially crafted network packets. Affected versions include Packetbeat 8.0.0 through 8.19.10 and 9.0.0 through 9.2.4, with the vulnerability requiring network-level access or traffic control to the monitored interface. An attacker exploiting this flaw can cause denial of service through application crashes or resource exhaustion; while the CVSS score of 5.7 indicates moderate severity and there is no indication of widespread active exploitation in public KEV databases, the patch availability through Elastic's security update (ESA-2026-11) released in version 8.19.11 and 9.2.5 suggests this is a confirmed and prioritized vulnerability worthy of timely remediation.

Buffer Overflow Denial Of Service
CVE-2026-26931 MEDIUM CVSS 5.7
Metricbeat's Prometheus remote_write HTTP handler is vulnerable to denial of service through excessive memory allocation when processing specially crafted requests from authenticated network-adjacent attackers. An attacker with local privileges can trigger unbounded memory allocation to exhaust system resources and crash the service. No patch is currently available for this vulnerability.

Denial Of Service
CVE-2026-26136 MEDIUM CVSS 6.5
Microsoft Copilot is vulnerable to command injection through improper neutralization of special elements in user input, allowing an unauthenticated attacker to execute arbitrary commands and disclose sensitive information over the network. The vulnerability affects Microsoft Copilot (version details unspecified in available advisories) and requires user interaction to trigger. While no public proof-of-concept or active exploitation in the wild has been confirmed in the provided intelligence, the moderate CVSS score of 6.5 with high confidentiality impact warrants prompt patching.

Command Injection Microsoft
CVE-2026-26120 MEDIUM CVSS 6.5
Microsoft Bing contains a server-side request forgery vulnerability that enables unauthenticated remote attackers to manipulate network communications and access sensitive information. An attacker can exploit this flaw without user interaction to retrieve confidential data or cause service disruption. No patch is currently available.

SSRF Microsoft
CVE-2026-25928 MEDIUM CVSS 6.5
Improper path sanitization in OpenEMR's DICOM export feature prior to version 8.0.0.2 allows authenticated users with DICOM permissions to write arbitrary files outside the intended directory through path traversal sequences. An attacker could exploit this to place malicious PHP files within the web root, potentially achieving remote code execution. The vulnerability requires valid credentials but poses significant risk to systems containing sensitive healthcare data.

PHP RCE Path Traversal
CVE-2026-25744 MEDIUM CVSS 6.5
OpenEMR versions prior to 8.0.0.2 contain an authorization bypass vulnerability in the encounter vitals API that allows authenticated users with encounters/notes permissions to overwrite any patient's vital signs by supplying another patient's vital ID in the request body. This constitutes medical record tampering with integrity implications rated CVSS 6.5. No evidence of active exploitation in KEV or public POC availability was identified in the provided intelligence, though the vulnerability is straightforward to exploit given valid API credentials.

Authentication Bypass
CVE-2026-24299 MEDIUM CVSS 5.3
M365 Copilot is vulnerable to command injection that enables unauthenticated remote attackers to extract sensitive information through the network. The vulnerability stems from inadequate sanitization of special characters in command inputs, requiring user interaction to trigger. No patch is currently available for this medium-severity flaw.

Command Injection
CVE-2026-22176 MEDIUM CVSS 6.1
OpenClaw versions before 2026.2.19 allow local authenticated users to execute arbitrary commands by injecting shell metacharacters into environment variable values during Windows Scheduled Task script generation. The vulnerability stems from unquoted variable assignments in gateway.cmd that fail to sanitize special characters like &, |, ^, %, and !, enabling command injection when the task script runs. A patch is available to address this local privilege escalation risk.

Command Injection Microsoft Openclaw Windows
CVE-2026-21788 MEDIUM CVSS 5.4
HCL Connections contains a reflected or stored cross-site scripting (XSS) vulnerability that allows authenticated attackers to inject malicious JavaScript into the application, which executes in the browsers of other users who interact with the crafted payload. An attacker with valid credentials can steal session cookies and authentication tokens, potentially compromising victim accounts and enabling further attacks such as lateral movement or data exfiltration. The vulnerability requires user interaction and authentication to exploit, resulting in a CVSS score of 5.4 (Medium severity), though the impact is cross-site scope.

XSS
CVE-2026-4426 MEDIUM CVSS 6.5
Libarchive fails to properly validate the pz_log2_bs field in ISO9660 Rock Ridge extensions during zisofs decompression, allowing remote attackers to supply a crafted ISO file that triggers undefined behavior and causes denial-of-service through incorrect memory allocation and application crashes. The vulnerability requires user interaction (ISO file opening) but no authentication, affects libarchive across multiple distributions, and carries a moderate EPSS score (0.11%, 30th percentile) suggesting low current exploitation probability despite the moderate CVSS severity.

Denial Of Service
CVE-2026-4120 MEDIUM CVSS 6.4
The Info Cards - Add Text and Media in Card Layouts WordPress plugin versions up to 2.0.7 contains a Stored Cross-Site Scripting vulnerability in the 'btnUrl' parameter of the Info Cards block that allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript code. The vulnerability exists because the plugin fails to validate URL protocols (specifically javascript: schemes) on the server side, and the client-side rendering directly inserts unsanitized URLs into anchor href attributes, enabling script execution when users click the malicious button links. While there is no indication of active KEV exploitation, the low attack complexity and low privilege requirements make this a practical threat in multi-author WordPress environments.

WordPress PHP XSS
CVE-2026-4068 MEDIUM CVSS 4.3
The Add Custom Fields to Media WordPress plugin versions up to 2.0.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in the field deletion functionality that allows unauthenticated attackers to delete arbitrary custom media fields. The vulnerability exists because the plugin validates nonces for the 'add field' operation but fails to validate nonces on the 'delete field' operation, which processes the $_GET['delete'] parameter directly. An attacker can exploit this by tricking a site administrator into clicking a malicious link, resulting in unauthorized deletion of custom media field configurations with no authentication required beyond social engineering.

WordPress PHP CSRF Add Custom Fields To Media
CVE-2026-4006 MEDIUM CVSS 6.4
The Simple Draft List WordPress plugin for Dartiss contains a Stored Cross-Site Scripting vulnerability in versions up to 2.6.2, caused by insufficient input sanitization and output escaping of the 'display_name' post meta field. Authenticated attackers with Contributor-level access or higher can inject arbitrary JavaScript via the {{author+link}} template tag when no author URL is present, which will execute whenever users visit pages containing the [drafts] shortcode. The vulnerability has a CVSS score of 6.4 with a network attack vector and low attack complexity, requiring only low-level privileges.

WordPress PHP XSS Draft List
CVE-2026-3849 MEDIUM CVSS 6.9
Stack buffer overflow in wolfSSL 5.8.4's ECH (Encrypted Client Hello) implementation allows remote attackers to crash TLS clients or achieve code execution by sending a maliciously crafted ECH configuration. The vulnerability affects clients that have explicitly enabled ECH support, which is disabled by default. An attacker controlling a TLS server can exploit this remotely without authentication or user interaction.

Buffer Overflow Memory Corruption
CVE-2026-3580 MEDIUM CVSS 4.7
CVE-2026-3580 is a security vulnerability (CVSS 4.7). Remediation should follow standard vulnerability management procedures.

Information Disclosure
CVE-2026-3579 MEDIUM CVSS 5.9
CVE-2026-3579 is a security vulnerability (CVSS 5.9). Remediation should follow standard vulnerability management procedures.

Information Disclosure
CVE-2026-3503 MEDIUM CVSS 4.3
CVE-2026-3503 is a security vulnerability (CVSS 4.3) that allows a physical attacker. Remediation should follow standard vulnerability management procedures.

Information Disclosure Memory Corruption
CVE-2026-3475 MEDIUM CVSS 5.3
A remote code execution vulnerability in Instant Popup Builder (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

WordPress PHP RCE Code Injection Instant Popup Builder Powerful Popup Maker For Opt Ins Email Newsletters Lead Generation
CVE-2026-2646 MEDIUM CVSS 5.0
Heap buffer overflow in wolfSSL's session deserialization function allows local attackers with low privileges to corrupt heap memory by crafting malicious session data with invalid certificate lengths. The vulnerability affects systems with SESSION_CERTS enabled that load external session data, requiring user interaction or specific configuration to exploit. No patch is currently available.

Buffer Overflow Deserialization Heap Overflow
CVE-2026-2645 MEDIUM CVSS 5.5
CVE-2026-2645 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure
CVE-2026-2571 MEDIUM CVSS 4.3
The Download Manager plugin for WordPress contains a missing capability check in the 'reviewUserStatus' function that allows authenticated subscribers and above to access sensitive user information without proper authorization. Affected versions include all releases up to and including 3.3.49, enabling attackers with minimal privileges to retrieve email addresses, display names, and registration dates for any user on the site. While the CVSS score of 4.3 is moderate and the vulnerability requires authentication, the ease of exploitation and the breadth of exposed personal data present a meaningful information disclosure risk for WordPress installations using this plugin.

WordPress PHP Information Disclosure Privilege Escalation Download Manager
CVE-2026-2369 MEDIUM CVSS 6.5
libsoup versions prior to the patched release contain an integer underflow vulnerability in zero-length resource processing that enables unauthenticated remote attackers to read adjacent memory or trigger denial of service. The vulnerability stems from improper bounds checking during content handling, affecting any application using the vulnerable libsoup library for HTTP operations. No public exploit code has been identified, and the low EPSS score (0.04%, percentile 11%) indicates exploitation is unlikely in practice despite the moderate CVSS score of 6.5.

Denial Of Service Redhat Suse
CVE-2026-1276 MEDIUM CVSS 5.4
IBM QRadar SIEM versions 7.5.0 through 7.5.0 Update Package 14 contain a cross-site scripting (XSS) vulnerability in the Web UI that allows authenticated users to inject arbitrary JavaScript code. An attacker with valid credentials can exploit this vulnerability to alter UI functionality and potentially steal session credentials or perform actions on behalf of the victim user within their trusted session. A patch is available from the vendor, though no public exploitation toolkit or widespread active exploitation has been reported at the time of this analysis.

IBM XSS
CVE-2025-71259 MEDIUM CVSS 4.3
BMC FootPrints ITSM contains a blind server-side request forgery (SSRF) vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Affected versions range from 20.20.02 through 20.24.01.001, and attackers can exploit insufficient validation of externally supplied resource references to interact with internal services or cause resource exhaustion impacting availability. The vulnerability carries a CVSS score of 4.3 with low complexity and low attack vector, requiring only authentication; no active exploitation in the wild has been confirmed, but the disclosure references suggest potential chaining with pre-authentication RCE vectors documented by security researchers.

SSRF Denial Of Service
CVE-2025-71258 MEDIUM CVSS 4.3
A blind server-side request forgery (SSRF) vulnerability exists in the searchWeb API component of BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001, allowing authenticated attackers to cause the server to initiate arbitrary outbound requests through improper URL validation. Attackers can exploit this to perform internal network scanning or interact with internal services, potentially impacting system availability and confidentiality. A publicly available proof-of-concept exists, and vendor patches are available.

SSRF
CVE-2025-67115 MEDIUM CVSS 6.5
A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the...

Path Traversal
CVE-2025-62043 MEDIUM CVSS 6.5
A DOM-based cross-site scripting (XSS) vulnerability exists in WPSight WPCasa WordPress plugin versions through 1.4.1, allowing authenticated attackers to inject malicious JavaScript that executes in users' browsers. The vulnerability stems from improper neutralization of user input during web page generation, enabling an attacker with login credentials to craft malicious payloads that execute in the context of other users' sessions. With a CVSS score of 6.5 and network-accessible attack vector requiring only user interaction, this vulnerability poses a moderate risk to WordPress installations using affected WPCasa versions, particularly those managing real estate listings where authenticated users have content creation privileges.

XSS
CVE-2025-36051 MEDIUM CVSS 6.2
IBM QRadar SIEM versions 7.5.0 through 7.5.0 Update Package 14 contain an information disclosure vulnerability where sensitive configuration data is stored in plaintext or insufficiently protected files readable by unprivileged local users. An attacker with local filesystem access can read these configuration files to extract sensitive information such as credentials, API keys, or system parameters, potentially enabling lateral movement or further compromise of the SIEM infrastructure. A patch is available from IBM, and this vulnerability should be prioritized for organizations running affected QRadar versions as SIEM systems are high-value targets.

IBM Information Disclosure
CVE-2025-32223 MEDIUM CVSS 6.5
An authorization bypass vulnerability exists in Themeum Tutor LMS through version 3.9.4 that allows authenticated users to access resources they should not have permission to view through user-controlled keys in the access control mechanism. This Insecure Direct Object Reference (IDOR) vulnerability affects all Tutor LMS installations up to and including version 3.9.4, enabling an attacker with low privileges to read sensitive data by manipulating object identifiers. The vulnerability has a CVSS score of 6.5 reflecting moderate severity with high confidentiality impact, and while no KEV or widespread POC exploitation has been publicly confirmed, the attack requires only network access and valid authentication credentials.

Authentication Bypass
CVE-2025-15051 MEDIUM CVSS 5.4
IBM QRadar SIEM contains a reflected or stored cross-site scripting (XSS) vulnerability in the Web UI that allows authenticated users to inject arbitrary JavaScript code, potentially altering system functionality and compromising the integrity of security monitoring. The vulnerability affects QRadar SIEM versions 7.5.0 through 7.5.0 Update Package 14. An attacker with valid credentials can craft malicious payloads to execute client-side code in the context of other users' sessions, leading to session hijacking, credential theft, or unauthorized configuration changes. A patch is available from IBM, and this vulnerability is not currently listed in CISA's KEV catalog, suggesting limited evidence of active exploitation in the wild at this time.

IBM XSS
CVE-2025-14716 MEDIUM CVSS 6.5
An improper authentication vulnerability in Secomea GateManager's webserver modules allows authenticated users to bypass authentication controls and access resources they should not be permitted to access. This affects GateManager version 11.4.0 and potentially other versions within the 11.4 release line. An attacker with valid login credentials can exploit this flaw to gain unauthorized access to sensitive information, achieving high confidentiality impact without modifying data or degrading availability.

Authentication Bypass Gatemanager
CVE-2025-13995 MEDIUM CVSS 5.0
IBM QRadar SIEM versions 7.5.0 through 7.5.0 Update Package 14 contain a cross-tenant information disclosure vulnerability that allows an authenticated attacker with access to one tenant account to retrieve hostname data belonging to other tenants. The vulnerability has a CVSS score of 5.0 with low attack complexity and requires only user-level privileges, making it a practical risk in multi-tenant deployments. A patch is available from IBM, and there is no indication of active exploitation in the wild or public proof-of-concept code.

IBM Information Disclosure
CVE-2026-33408 LOW CVSS 2.2
Discourse is an open-source discussion platform.

Authentication Bypass
CVE-2026-33394 LOW CVSS 2.7
Discourse is an open-source discussion platform.

Information Disclosure
CVE-2026-32843 None
Linkit ONE Location Aware Sensor System (LASS) up to commit f06bd20 contains reflected cross-site scripting (XSS) in PM25.php that permits remote attackers to execute arbitrary JavaScript in victim browsers through unencoded GET parameters (site, city, district, channel, apikey). The vulnerability affects a sensor data collection platform and carries a low exploitation probability (EPSS 0.21%, percentile 43%), suggesting limited real-world attack activity despite public disclosure through VulnCheck.

PHP XSS
CVE-2026-32752 NONE
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework.

Authentication Bypass
CVE-2026-32020 LOW CVSS 3.3
OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads.

Path Traversal
CVE-2026-32019 LOW CVSS 2.3
OpenClaw versions prior to 2026.2.22 contain incomplete validation of IPv4 special-use ranges in the isPrivateIpv4() function, allowing attackers to bypass Server-Side Request Forgery (SSRF) policy checks and access RFC-reserved address ranges that should be blocked. An authenticated attacker with network reachability to special-use IPv4 ranges such as 198.18.0.0/15 can exploit the web_fetch functionality to access blocked internal addresses, resulting in information disclosure and potential lateral movement. The vulnerability has been patched and security advisories are available from the OpenClaw project.

SSRF
CVE-2026-32018 LOW CVSS 3.6
OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in concurrent updateRegistry and removeRegistryEntry operations for sandbox containers and browsers.

Information Disclosure Race Condition
CVE-2026-32006 LOW CVSS 3.1
CVE-2026-32006 is a security vulnerability (CVSS 3.1). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
CVE-2026-31996 LOW CVSS 2.0
OpenClaw versions prior to 2026.2.19 contain an input validation bypass in the tools.exec.safeBins component that allows local attackers with command execution privileges to circumvent stdin-only restrictions and perform arbitrary filesystem operations. By exploiting sort output flags (specifically the -o flag for arbitrary file writes) or recursive grep flags (-R for recursive file reads), authenticated attackers can read sensitive files or overwrite critical files despite intended access controls. While the CVSS score of 3.6 is moderate and requires local access with low privileges, the vulnerability represents a privilege escalation or sandbox escape technique rather than a critical remote exploit.

Command Injection
CVE-2026-31991 LOW CVSS 3.7
OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability in Signal group allowlist enforcement where the system incorrectly accepts sender identities derived from direct message (DM) pairing-store approvals. An authenticated attacker with low privileges can exploit this boundary weakness by obtaining DM pairing approval, allowing them to bypass group allowlist checks and gain unauthorized access to Signal groups. While the CVSS score is moderate (3.7) and attack complexity is high, the vulnerability represents a direct authentication control bypass in a messaging security context, and patches are available from the vendor.

Authentication Bypass
CVE-2026-29104 LOW CVSS 2.7
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application.

File Upload
CVE-2026-4395 LOW CVSS 1.3
Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point.

Buffer Overflow Heap Overflow Microsoft
CVE-2026-4159 LOW CVSS 1.2
1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content.

Buffer Overflow Information Disclosure
CVE-2026-3948 None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Information Disclosure
CVE-2026-3230 LOW CVSS 1.2
CVE-2026-3230 is a security vulnerability (CVSS 1.2). Remediation should follow standard vulnerability management procedures.

Information Disclosure
CVE-2026-3229 LOW CVSS 1.2
An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssl_add_to_chain is called by these...

Buffer Overflow Heap Overflow Nginx
CVE-2026-1005 LOW CVSS 2.1
Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket.

Buffer Overflow Integer Overflow
CVE-2026-0819 LOW CVSS 2.2
A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality.

Buffer Overflow Stack Overflow

Today's Vulnerabilities Vulnerabilities