Skip to main content
CVE-2026-22557 CRITICAL POC Act Now

A critical path traversal vulnerability exists in the UniFi Network Application that allows unauthenticated remote attackers to access arbitrary files on the underlying system and manipulate them to gain account access. This vulnerability affects Ubiquiti's UniFi Network Application with a maximum CVSS score of 10.0, indicating critical severity with network-based exploitation requiring no user interaction or privileges. The vulnerability was reported through HackerOne, suggesting responsible disclosure, though current exploitation status in the wild is not confirmed.

Path Traversal Ubiquiti
NVD VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-33309 CRITICAL POC PATCH GHSA Act Now

An authenticated path traversal vulnerability in Langflow's file upload functionality allows attackers to write arbitrary files anywhere on the host system, leading to remote code execution. The vulnerability affects Langflow version 1.7.3 and earlier, where the multipart upload filename bypasses security checks due to missing boundary containment in the LocalStorageService layer. A proof-of-concept exploit is publicly available demonstrating successful arbitrary file write outside the intended user directory.

RCE Python Docker Path Traversal Canonical
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-33352 CRITICAL PATCH Act Now

An unauthenticated SQL injection vulnerability in AVideo allows remote attackers to execute arbitrary SQL queries through the doNotShowCats parameter in the getAllCategories() method. The vulnerability bypasses quote-stripping sanitization using backslash escape techniques, enabling attackers to extract sensitive data including user credentials, modify database contents, or potentially achieve remote code execution. No active exploitation has been reported in KEV, but proof-of-concept exploitation details are publicly available in the GitHub advisory.

PHP SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
10.0%
CVE-2026-32169 CRITICAL PATCH Act Now

Azure Cloud Shell contains a server-side request forgery vulnerability that allows unauthenticated remote attackers to escalate privileges without user interaction. The vulnerability affects Microsoft products and has a critical CVSS score of 10.0, though no patch is currently available. Attackers can leverage network access to achieve privilege elevation across system boundaries.

SSRF Microsoft
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-30836 CRITICAL PATCH GHSA Act Now

Authentication bypass in Smallstep Step CA (GitHub certificates package) allows remote unauthenticated attackers to completely circumvent authentication controls and gain high-level unauthorized access to certificate authority operations. Affects all versions before 0.30.0. Vendor has released patch version 0.30.0 with full vulnerability details embargoed until March 30, 2026. Despite maximum CVSS 10.0 severity, current EPSS score of 0.01% suggests no widespread exploitation activity detected, though limited public disclosure may suppress scanning/exploitation until full details release.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-26137 CRITICAL PATCH Act Now

Microsoft 365 Copilot's Business Chat contains a server-side request forgery vulnerability that allows authenticated users to escalate privileges across network boundaries. An attacker with valid credentials can exploit this flaw to access or manipulate resources beyond their intended authorization level. No patch is currently available, making this a significant risk for organizations using the affected service.

SSRF Microsoft
NVD VulDB
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-30402 CRITICAL Act Now

Remote code execution in wgcloud version 2.3.7 and earlier allows unauthenticated attackers to execute arbitrary code through the test connection function. The vulnerability carries a critical CVSS score of 9.8 with network-based exploitation requiring no privileges or user interaction. No public exploit has been identified at time of analysis, though the EPSS score of 0.29% (52nd percentile) indicates low predicted exploitation probability despite the critical severity rating.

RCE Code Injection Wgcloud
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-27065 CRITICAL Act Now

ThimPress BuilderPress, a WordPress plugin, contains a Local File Inclusion vulnerability through improper filename control in PHP include/require statements that allows unauthenticated remote attackers to read arbitrary files from the server. All versions through 2.0.1 are affected. With a CVSS score of 9.8 (Critical) and no authentication required, this represents a severe vulnerability allowing unauthorized information disclosure, though EPSS and KEV status data are not provided in the intelligence sources.

PHP Information Disclosure LFI
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-32194 CRITICAL PATCH Act Now

A critical command injection vulnerability exists in Microsoft Bing Images that allows unauthenticated remote attackers to execute arbitrary commands on affected systems. The vulnerability stems from improper neutralization of special characters in user-supplied input, enabling attackers to inject and execute system commands without any user interaction or authentication. With a CVSS score of 9.8 and requiring no special privileges or user interaction, this represents a severe risk to any exposed Bing Images deployments.

Command Injection Microsoft
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-32191 CRITICAL PATCH Act Now

A critical OS command injection vulnerability exists in Microsoft Bing Images that allows remote attackers to execute arbitrary commands without authentication. The vulnerability enables complete system compromise with high impact to confidentiality, integrity, and availability. With a CVSS score of 9.8 and requiring no user interaction, this represents a severe risk to any systems running vulnerable versions of Bing Images.

Command Injection Microsoft
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-67113 CRITICAL Act Now

OS command injection in the CWMP client (/ftl/bin/cwmp) of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted...

Command Injection Code Injection RCE
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-30872 CRITICAL Act Now

Remote code execution in OpenWrt's mDNS daemon (versions before 24.10.6 and 25.12.1) allows unauthenticated attackers to overflow a 46-byte stack buffer by sending malformed IPv6 PTR queries over multicast DNS on UDP port 5353. The vulnerability stems from insufficient validation of domain name length before copying to a fixed-size buffer, enabling arbitrary code execution on affected embedded devices. No patch is currently available.

RCE Buffer Overflow Stack Overflow Openwrt
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-67114 CRITICAL Act Now

Use of a deterministic credential generation algorithm in /ftl/bin/calc_f2 in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote attackers to derive valid administrative/root credentials from the...

Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-30694 CRITICAL Act Now

A remote code execution vulnerability in DedeCMS v.5.7.118 and (CVSS 9.8) that allows a remote attacker. Critical severity with potential for significant impact on affected systems.

RCE Code Injection
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-67112 CRITICAL Act Now

Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt...

Privilege Escalation
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-32038 CRITICAL PATCH Act Now

A sandbox network isolation bypass vulnerability in OpenClaw allows trusted operators to escape container network boundaries and join other containers' network namespaces. OpenClaw versions before 2026.2.24 are affected, enabling attackers who have operator privileges to configure the docker.network parameter with 'container:<id>' values to reach services in target container namespaces and bypass network segmentation controls. The vulnerability has a critical CVSS score of 9.8 but requires trusted operator access, and there is no evidence of active exploitation in KEV or high EPSS probability.

Authentication Bypass Docker
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-60237 CRITICAL Act Now

A deserialization of untrusted data vulnerability in the Themeton Finag WordPress theme allows remote attackers to inject malicious PHP objects without authentication. This affects all versions of Finag through 1.5.0. The vulnerability carries a critical CVSS score of 9.8 due to network-based exploitation requiring no privileges or user interaction, enabling attackers to achieve complete compromise of confidentiality, integrity, and availability.

Deserialization
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-60233 CRITICAL Act Now

A critical PHP object injection vulnerability exists in the Zuut WordPress theme due to insecure deserialization of untrusted data. The vulnerability affects all versions of Zuut through 1.4.2 and allows unauthenticated remote attackers to execute arbitrary PHP code, potentially leading to complete site compromise. With a CVSS score of 9.8, this vulnerability requires no privileges or user interaction and can be exploited over the network with low complexity.

Deserialization
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-27542 CRITICAL Act Now

An incorrect privilege assignment vulnerability exists in the WooCommerce Wholesale Lead Capture plugin for WordPress, allowing unauthenticated attackers to escalate privileges on affected sites. All versions through 2.0.3.1 of the plugin developed by Rymera Web Co Pty Ltd. are vulnerable. With a CVSS score of 9.8 (Critical) and network-based exploitation requiring no privileges or user interaction, this represents a severe security risk for WordPress sites using this plugin.

WordPress Privilege Escalation
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-30871 CRITICAL PATCH Act Now

Remote code execution in OpenWrt mdns daemon (versions before 24.10.6 and 25.12.1) allows unauthenticated attackers to crash the service or execute arbitrary code by sending specially crafted DNS PTR queries to UDP port 5353, exploiting a stack buffer overflow in the parse_question function. The vulnerability occurs when domain names are expanded and copied without bounds checking, with non-printable characters inflating the payload beyond the fixed 256-byte buffer. No patch is currently available for affected embedded device deployments.

Buffer Overflow Stack Overflow Openwrt
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-32754 CRITICAL Act Now

A stored cross-site scripting (XSS) vulnerability exists in FreeScout help desk software versions 1.8.208 and below, where malicious email content is stored unsanitized and executed when email notifications are sent to agents. An unauthenticated attacker can exploit this by simply sending a specially crafted email that executes malicious scripts when viewed by support staff in their email clients, potentially leading to session hijacking, credential theft, and account takeover. The vulnerability has a critical CVSS score of 9.3 due to its ease of exploitation and broad impact across all notification recipients.

XSS Freescout
NVD GitHub VulDB
CVSS 3.1
9.3
EPSS
0.1%
CVE-2026-27413 CRITICAL Act Now

Blind SQL injection in Profile Builder Pro WordPress plugin versions up to 3.13.9 allows remote unauthenticated attackers to extract database contents and cause service degradation. The vulnerability exploits improper input sanitization in SQL queries, enabling attackers to manipulate database commands without authentication. CVSS score of 9.3 (Critical) reflects network-accessible attack surface with no authentication barrier, though EPSS score of 0.03% (8th percentile) indicates minimal observed exploitation attempts. Patchstack database confirms vulnerability details; no CISA KEV listing indicates no confirmed active exploitation at time of analysis.

SQLi Profile Builder Pro
NVD VulDB
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-32865 CRITICAL PATCH Act Now

A critical authentication bypass vulnerability in OPEXUS eComplaint and eCASE applications allows unauthenticated attackers to take over any user account by exploiting improper exposure of password reset verification codes in HTTP responses. The vulnerability affects all versions before 10.1.0.0 and enables attackers who know a user's email address to reset passwords and security questions without any verification, granting full account access. With a CVSS score of 9.8 and requiring no authentication or user interaction, this represents a severe risk to organizations using these complaint and case management systems.

Information Disclosure Ecomplaint Ecase
NVD VulDB
CVSS 4.0
9.2
EPSS
0.0%
CVE-2026-33322 CRITICAL PATCH Act Now

JWT algorithm confusion in MinIO's OpenID Connect authentication enables attackers with knowledge of the OIDC ClientSecret to forge identity tokens and obtain S3 credentials with unrestricted IAM policies, including administrative access. Affected users can have their identities impersonated and their data accessed, modified, or deleted with 100% attack success rate. The vulnerability impacts MinIO deployments across Docker, Apple, and Microsoft platforms, with no patch currently available.

Information Disclosure Docker Apple Microsoft Suse
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.0%
CVE-2026-29103 CRITICAL Act Now

A critical remote code execution vulnerability in SuiteCRM versions 7.15.0 and 8.9.2 allows authenticated administrators to execute arbitrary system commands through a bypass of previous security patches. This vulnerability circumvents the ModuleScanner.php security controls by exploiting improper PHP token parsing that resets security checks when encountering single-character tokens, enabling attackers to hide dangerous function calls. The vulnerability represents a direct bypass of the previously patched CVE-2024-49774 and has been assigned a CVSS score of 9.1.

PHP RCE Code Injection
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-32238 CRITICAL PATCH Act Now

Command injection in OpenEMR's backup functionality (versions prior to 8.0.0.2) allows authenticated high-privilege users to execute arbitrary commands on the underlying system due to insufficient input validation. The CVSS 9.1 critical rating reflects the potential for complete system compromise, though exploitation requires valid administrative credentials. No patch is currently available for affected versions.

Command Injection Openemr
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-33351 CRITICAL Act Now

A Server-Side Request Forgery (SSRF) vulnerability in AVideo's Live plugin allows unauthenticated remote attackers to scan internal networks, access cloud metadata services, and bypass authentication mechanisms when the plugin is deployed in standalone mode. The vulnerability exists because user-controlled input is directly used to construct URLs for server-side requests without validation, enabling attackers to proxy requests through the vulnerable server and potentially chain this with command execution. With a CVSS score of 9.1 and requiring no authentication or user interaction, this represents a critical security risk for affected deployments.

PHP Authentication Bypass Information Disclosure Command Injection SSRF
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-27067 CRITICAL Act Now

The Mobile App Editor WordPress plugin contains an unrestricted file upload vulnerability that allows authenticated administrators to upload malicious web shells to the web server. This affects all versions through 1.3.1 and carries a critical CVSS score of 9.1 due to the potential for complete system compromise with changed scope. While requiring high privileges (administrator access), successful exploitation enables full server control including data theft, integrity compromise, and service disruption.

File Upload
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-22732 CRITICAL POC PATCH Act Now

Spring Security fails to properly write HTTP response headers in servlet applications across multiple versions (5.7.0-5.7.21, 5.8.0-5.8.23, 6.3.0-6.3.14, 6.4.0-6.4.14, 6.5.0-6.5.8, 7.0.0-7.0.3), allowing attackers to bypass security controls that rely on these headers such as HSTS, X-Frame-Options, or CSP policies. This header omission could enable various attacks including clickjacking, man-in-the-middle attacks, or other exploits depending on which protections are intended. No patch is currently available for this critical vulnerability.

Java Information Disclosure
NVD VulDB HeroDevs GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-33297 CRITICAL Act Now

The CustomizeUser plugin in PHP and Python allows attackers to bypass channel-level access control by exploiting improper password validation in the setPassword.json.php endpoint. An administrator-level attacker can set any user's channel password to zero due to type coercion of non-numeric characters, enabling trivial authentication bypass for any visitor. No patch is currently available for this critical vulnerability.

PHP Authentication Bypass Privilege Escalation Python
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-27540 CRITICAL Act Now

An unrestricted file upload vulnerability exists in the Woocommerce Wholesale Lead Capture plugin for WordPress, allowing remote attackers to upload and execute malicious files without authentication. The vulnerability affects all versions through 2.0.3.1 of the plugin developed by Rymera Web Co Pty Ltd. With a CVSS score of 9.0 (Critical), this vulnerability enables attackers to achieve complete system compromise through arbitrary file upload, though the attack complexity is rated as high.

File Upload WordPress
NVD VulDB
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-30924 CRITICAL PATCH GHSA Act Now

Misconfigured CORS headers in this web application permit cross-origin requests from any domain, enabling attackers to craft malicious webpages that perform unauthorized actions or exfiltrate sensitive data from victims' browsers when they visit attacker-controlled sites. Although the application is typically deployed on trusted local networks, the vulnerability can be exploited remotely by leveraging victim browsers as intermediaries without requiring direct network access. An attacker can silently harvest credentials, session tokens, or other sensitive information through transparent cross-site requests made on page load.

Information Disclosure Cors Misconfiguration
NVD GitHub VulDB
CVSS 4.0
9.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy