THREAT ALERT

EMERGENCY CVE-2026-33017 9.3 Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-33017, CVSS 9.3) in the public flow build API that allows attackers to execute arbitrary Python code by supplying malicious flow data. KEV-listed with public PoC, this vulnerability enables anyone with network access to a Langflow instance to achieve server compromise through the API that builds public flows without authentication. | ACT NOW CVE-2026-3910 8.8 Chrome's V8 JavaScript engine contains an inappropriate implementation (CVE-2026-3910, CVSS 8.8) that allows remote attackers to execute arbitrary code within the browser sandbox via crafted HTML pages. KEV-listed with public PoC, this V8 vulnerability affects all Chromium-based browsers and enables drive-by exploitation through any web page containing malicious JavaScript. | ACT NOW CVE-2026-3909 8.8 Google Chrome's Skia graphics library contains an out-of-bounds write (CVE-2026-3909, CVSS 8.8) enabling remote attackers to perform memory corruption through crafted HTML pages. KEV-listed with public PoC and patches available, this vulnerability in the core graphics rendering engine affects all Chromium-based browsers. | ACT NOW CVE-2025-14558 7.2 The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified. resolvconf(8) is a shell script which does not validate its input. [CVSS 7.2 HIGH] | EMERGENCY CVE-2026-20131 10.0 Cisco Secure Firewall Management Center (FMC) contains a critical unauthenticated Java deserialization vulnerability (CVE-2026-20131, CVSS 10.0) in its web interface that enables remote code execution as root. KEV-listed with public PoC, this vulnerability allows complete compromise of the central management platform that controls all Cisco firewalls in the organization, enabling attackers to modify security policies, disable protections, and access all network traffic. | EMERGENCY CVE-2026-27971 9.8 RCE in Qwik JavaScript framework <= 1.19.0 via unsafe deserialization in server$ Runtime. EPSS 13.4% with PoC available. | ACT NOW CVE-2026-21385 7.8 A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memory allocation, enabling local privilege escalation to kernel level. KEV-listed and patched, this vulnerability affects Qualcomm-based mobile devices and embedded systems, potentially impacting billions of Android devices globally. | ACT NOW CVE-2026-22719 8.1 VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated remote attackers to execute arbitrary commands during support-assisted product migration. KEV-listed with patches available, this vulnerability targets the infrastructure monitoring platform that has visibility into the entire virtualized environment. | ACT NOW CVE-2026-20128 7.5 Privilege escalation in Cisco Catalyst SD-WAN Manager (versions prior to 20.18) enables authenticated local attackers with valid vmanage credentials to obtain Data Collection Agent (DCA) user privileges by reading an unprotected credential file from the filesystem. Confirmed actively exploited (CISA KEV) with publicly available exploit code despite low EPSS score (0.02%), indicating targeted attacks rather than widespread scanning. High-privileged initial access requirement (PR:H) and high attack complexity (AC:H) limit exploitability, but scope change (S:C) enables lateral movement to other SD-WAN systems. | EMERGENCY CVE-2026-20127 10.0 Cisco Catalyst SD-WAN Controller and Manager contain a critical authentication bypass (CVE-2026-20127, CVSS 10.0) in the peering authentication mechanism that allows unauthenticated remote attackers to obtain full administrative privileges. The vulnerability exists because peering authentication does not properly validate credentials, enabling any attacker with network access to take over the SD-WAN management plane and control the entire WAN fabric. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Get CVEs that hit your stack — not 200/day

Pick your technologies, get a weekly digest by email. Free, no spam.

React Python Postgres +200 more

React Next.js Python Postgres AWS +200 more

Trending Now See all

Critical Watch See all

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Incoming 20

Pre-NVD – not yet scored

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — March 22, 2026

45 CVEs tracked today. 0 Critical, 21 High, 10 Medium, 14 Low.

CVE-2026-4558 HIGH CVSS 7.4
OS command injection in Linksys MR9600 mesh router firmware 2.0.6.206937 allows authenticated remote attackers to execute arbitrary system commands with router privileges via crafted Smart Connect configuration parameters. The vulnerability exists in the SmartConnect.lua file's smartConnectConfigure function, which fails to sanitize user input in configApSsid, configApPassphrase, srpLogin, and srpPassword arguments before passing them to system commands. Publicly available exploit code exists (GitHub POC), but EPSS indicates low (0.15%) exploitation probability and CISA has not listed this in KEV, suggesting limited real-world targeting. Vendor (Linksys) did not respond to researcher disclosure.

Command Injection Linksys
CVE-2026-4555 HIGH CVSS 7.4
Remote code execution in D-Link DIR-513 1.10 through stack-based buffer overflow in the /goform/formEasySetTimezone endpoint allows authenticated attackers to achieve full system compromise. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from the vendor. An attacker with valid credentials can exploit this remotely without user interaction to execute arbitrary commands with system privileges.

Buffer Overflow D-Link Stack Overflow
CVE-2026-4553 HIGH CVSS 7.4
Tenda F453 1.0.0.3 contains a stack-based buffer overflow in the Natlimit parameter handler that allows authenticated remote attackers to achieve full system compromise through a malicious page argument. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can trigger the overflow to execute arbitrary code with high integrity and confidentiality impact.

Buffer Overflow Stack Overflow Tenda
CVE-2026-4552 HIGH CVSS 7.4
Stack-based buffer overflow in Tenda F453 firmware version 1.0.0.3 allows remote attackers to achieve complete system compromise through manipulation of the page parameter in the VirtualSer handler. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access can execute arbitrary code with high impact on confidentiality, integrity, and availability.

Buffer Overflow Stack Overflow Tenda
CVE-2026-4551 HIGH CVSS 7.4
Tenda F453 version 1.0.0.3 contains a stack-based buffer overflow in the SafeClientFilter parameter handler that allows authenticated remote attackers to execute arbitrary code by manipulating the manufacturer/Go argument. Public exploit code exists for this vulnerability and no patch is currently available, creating significant risk for affected deployments.

Buffer Overflow Stack Overflow Tenda
CVE-2026-4546 HIGH CVSS 7.3
DLL hijacking in Flos Freeware Notepad2 4.2.25 enables local privilege escalation when an attacker with low-privilege access can place a malicious TextShaping.dll in the application's search path, achieving high confidentiality, integrity, and availability impact. Exploitation requires high attack complexity and is considered difficult per vendor assessment. No public exploit identified at time of analysis, with EPSS score of 0.01% indicating minimal observed exploitation activity. Vendor unresponsive to disclosure, leaving patch status uncertain.

Information Disclosure
CVE-2026-4545 HIGH CVSS 7.3
DLL hijacking in Notepad2 4.2.25 allows local attackers with low privileges to achieve code execution by exploiting an uncontrolled search path vulnerability in PROPSYS.dll loading. The attack vector requires local access with high complexity (CVSS 7.3, CVSS v4.0), classified as difficult to exploit by the reporting source (VulDB). EPSS score of 0.01% (1st percentile) indicates minimal observed exploitation activity, and no active exploitation or public POC has been confirmed. Vendor (Flos Freeware) did not respond to coordinated disclosure, leaving patch status uncertain.

Information Disclosure
CVE-2026-4535 HIGH CVSS 7.4
Stack-based buffer overflow in Tenda FH451 1.0.0.9 allows authenticated remote attackers to achieve complete system compromise through crafted input to the WrlclientSet endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables attackers with valid credentials to execute arbitrary code with full system privileges.

Buffer Overflow Stack Overflow Tenda
CVE-2026-4534 HIGH CVSS 7.4
Stack overflow in Tenda FH451 firmware version 1.0.0.9 allows authenticated remote attackers to execute arbitrary code through improper input validation in the WrlExtraSet function. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw requires network access and valid credentials but can completely compromise the affected device's confidentiality, integrity, and availability.

Buffer Overflow Stack Overflow Tenda
CVE-2026-4314 HIGH CVSS 8.8
The Ultimate WordPress Toolkit - WP Extended plugin for WordPress contains a privilege escalation vulnerability affecting all versions up to and including 3.2.4. Authenticated attackers with Subscriber-level access can exploit an insecure URL check to gain administrative capabilities, enabling them to modify WordPress options and create new administrator accounts. This is a critical vulnerability with a CVSS score of 8.8, requiring low attack complexity and no user interaction.

WordPress Privilege Escalation
CVE-2026-2580 HIGH CVSS 7.5
A time-based SQL injection vulnerability exists in the WP Maps - Store Locator plugin for WordPress through version 4.9.1, allowing unauthenticated attackers to extract sensitive database information via the insufficiently sanitized 'orderby' parameter. With a CVSS score of 7.5 (High), this vulnerability requires no privileges or user interaction and can be exploited remotely over the network. No KEV listing or EPSS data is provided, but the vulnerability has been publicly disclosed by Wordfence with technical details and code references available.

WordPress SQLi Google
CVE-2019-25615 HIGH CVSS 8.6
Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field.

RCE Buffer Overflow Memory Corruption
CVE-2019-25612 HIGH CVSS 8.5
Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field.

RCE Buffer Overflow Memory Corruption
CVE-2019-25611 HIGH CVSS 8.6
MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values.

RCE Buffer Overflow Memory Corruption
CVE-2019-25610 HIGH CVSS 7.1
NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences.

Path Traversal
CVE-2019-25609 HIGH CVSS 8.6
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers.

RCE Buffer Overflow Memory Corruption
CVE-2019-25608 HIGH CVSS 8.6
Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs.

Privilege Escalation RCE
CVE-2019-25607 HIGH CVSS 8.6
Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename.

RCE Buffer Overflow Memory Corruption
CVE-2019-25604 HIGH CVSS 8.6
DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files.

RCE Buffer Overflow Memory Corruption
CVE-2019-25603 HIGH CVSS 8.6
TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string.

RCE Buffer Overflow Memory Corruption
CVE-2019-25600 HIGH CVSS 7.1
UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field.

Buffer Overflow Denial Of Service Memory Corruption
CVE-2026-33549 MEDIUM CVSS 6.7
SPIP versions 4.4.10 through 4.4.12 contain a privilege escalation vulnerability that allows authenticated users with limited permissions to assign administrator privileges to themselves or other accounts through improper handling of the STATUT field during author data structure editing. An attacker with login credentials and user interaction can exploit this to gain full administrative control, leading to complete compromise of the CMS instance. The vulnerability was patched in version 4.4.13.

Information Disclosure
CVE-2026-4562 MEDIUM CVSS 5.5
MacCMS version 2025.1000.4052 contains a missing authentication vulnerability in the Timming API endpoint (application/api/controller/Timming.php). An unauthenticated remote attacker can access protected functionality, potentially leading to unauthorized data access, modification, or service disruption. A public proof-of-concept exploit is available on GitHub, significantly increasing the risk of active exploitation in the wild.

PHP Authentication Bypass
CVE-2026-4548 MEDIUM CVSS 5.3
Improper authorization in mickasmt next-saas-stripe-starter 1.0.0 allows authenticated users to manipulate userId and role parameters in the updateUserRole function, enabling unauthorized modification of user permissions. An attacker with valid credentials can exploit this vulnerability remotely to escalate privileges or modify other users' roles. No patch is currently available.

Authentication Bypass
CVE-2026-4547 MEDIUM CVSS 5.3
A business logic vulnerability exists in mickasmt next-saas-stripe-starter version 1.0.0 within the generateUserStripe function of the Checkout Handler component, where manipulation of the priceId parameter can lead to unauthorized modification of transaction data. An authenticated remote attacker can exploit this vulnerability to alter billing information or trigger unintended payment processing logic, potentially causing financial discrepancies or service abuse. With a CVSS score of 4.3 and low attack complexity, this vulnerability represents a moderate risk requiring prompt attention despite the low impact rating.

Information Disclosure
CVE-2026-4540 MEDIUM CVSS 5.5
SQL injection in projectworlds Online Notes Sharing System 1.0 allows unauthenticated remote attackers to manipulate the Benutzer parameter in /login.php, enabling unauthorized data access, modification, or denial of service. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP SQLi
CVE-2026-4536 MEDIUM CVSS 5.5
An unrestricted file upload vulnerability exists in Acrel Environmental Monitoring Cloud Platform version 1.1.0, allowing unauthenticated remote attackers to upload arbitrary files to the system. The vendor was notified but did not respond, and a public proof-of-concept exploit is available on GitHub. With a CVSS score of 7.3 and public exploit code, this presents an elevated risk for organizations using the affected platform.

File Upload
CVE-2026-4532 MEDIUM CVSS 5.5
The Simple Food Ordering System through version 1.0 allows unauthenticated remote attackers to access sensitive database files through improper access controls in the Database Backup Handler component. Public exploit code exists for this vulnerability, which could enable attackers to retrieve database backups containing sensitive information. Configuration changes are recommended as no patch is currently available.

Information Disclosure Path Traversal
CVE-2026-4531 MEDIUM CVSS 6.9
Free5GC 4.1.0's AMF component is susceptible to a denial of service attack in the HandleRegistrationComplete function that can be exploited remotely without authentication. An attacker can manipulate the registration process to crash or disable the affected service. A patch is available and should be applied to restore normal operation.

Denial Of Service
CVE-2026-3427 MEDIUM CVSS 6.4
A Stored Cross-Site Scripting (XSS) vulnerability exists in Yoast SEO plugin for WordPress versions up to 27.1.1, where the `jsonText` block attribute fails to properly sanitize and escape user input, allowing authenticated contributors and above to inject malicious scripts that execute in the browsers of all users accessing the compromised pages. The vulnerability has a CVSS score of 6.4 (Medium severity) and requires only low-level authenticated access with no user interaction needed for payload execution, though it is limited to authenticated attackers and does not affect confidentiality or availability significantly.

WordPress XSS
CVE-2025-71276 MEDIUM CVSS 6.4
SOGo before version 5.12.5 contains a cross-site scripting (XSS) vulnerability affecting the events, tasks, and contacts categories that allows authenticated attackers to inject malicious scripts. An attacker with valid SOGo credentials can craft malicious input in these modules that will execute in the context of other users' browsers, potentially leading to session hijacking, credential theft, or unauthorized actions. No public exploit code or active exploitation has been documented in known exploit databases, but the vulnerability carries a moderate CVSS score of 6.4 reflecting its requirement for prior authentication combined with its ability to affect confidentiality and integrity across security domain boundaries.

XSS
CVE-2026-33550 LOW CVSS 2.0
SOGo versions prior to 5.12.5 contain two related one-time password (OTP) implementation weaknesses: the OTP is not regenerated when users disable and re-enable two-factor authentication, and the OTP length is only 12 digits instead of the cryptographically recommended 20 digits. While the CVSS score is low (2.0) due to high attack complexity and privileges required, this vulnerability could allow authenticated administrators or high-privilege users with social engineering capability to bypass or weaken OTP protections. No known active exploitation or public proof-of-concept exists, but the issue has been acknowledged and patched by the vendor.

Information Disclosure
CVE-2026-4557 LOW CVSS 2.1
A Stored Cross-Site Scripting (XSS) vulnerability exists in code-projects Exam Form Submission version 1.0, affecting the /admin/update_s1.php file where the 'sname' parameter is not properly sanitized. An unauthenticated attacker can remotely inject malicious JavaScript by manipulating this parameter, which will execute in the browsers of administrators or other users who view the affected page. A public proof-of-concept exploit is available on GitHub, and the vulnerability has an EPSS score indicating probable exploitation likelihood.

PHP XSS
CVE-2026-4554 LOW CVSS 2.1
Unauthenticated attackers can execute arbitrary commands on Tenda F453 routers (version 1.0.0.3) by injecting malicious input through the mac parameter in the /goform/WriteFacMac endpoint. Public exploit code exists for this vulnerability, enabling remote code execution with minimal attack complexity. A patch is not currently available.

Command Injection Tenda
CVE-2026-4550 LOW CVSS 2.0
SQL injection in Simple Gym Management System up to version 1.0 allows remote attackers with high privileges to manipulate the Trainer_id and fname parameters in /gym/func.php, enabling unauthorized database queries and potential data exfiltration or modification. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP SQLi
CVE-2026-4549 LOW CVSS 2.3
An authorization bypass vulnerability exists in mickasmt next-saas-stripe-starter version 1.0.0 within the openCustomerPortal function of the Stripe API integration component. Authenticated users with low privileges can bypass authorization controls to access Stripe customer portal functionality they should not be permitted to access, potentially gaining unauthorized view access to sensitive customer data. While the vulnerability requires authentication and has high attack complexity, exploitation is considered difficult but possible; no evidence of active exploitation in the wild or public proof-of-concept code has been reported.

Authentication Bypass
CVE-2026-4544 LOW CVSS 1.9
A Stored/Reflected Cross-Site Scripting (XSS) vulnerability exists in the Wavlink WL-WN578W2 wireless router (firmware version 221110 and potentially others) within the POST request handler of /cgi-bin/login.cgi. An attacker with high privileges can manipulate the homepage, hostname, or login_page parameters to inject malicious JavaScript that executes in the context of other users' browsers. A proof-of-concept has been publicly disclosed on GitHub, and the vendor has not responded to early disclosure notifications, leaving affected devices unpatched.

XSS
CVE-2026-4543 LOW CVSS 2.1
Wavlink WL-WN578W2 routers contain a command injection vulnerability in the /cgi-bin/firewall.cgi POST handler that allows authenticated attackers to execute arbitrary commands by manipulating the dmz_flag or del_flag parameters. The vulnerability is remotely exploitable and has public exploit code available, though no patch has been released. An attacker with network access and valid credentials could achieve code execution with the privileges of the web service.

Command Injection
CVE-2026-4542 LOW CVSS 2.1
SSCMS 4.7.0's layerImage endpoint allows authenticated attackers to manipulate the filePaths parameter in LayerImageController.Submit.cs, enabling path traversal attacks that can modify or delete arbitrary files on the server. Public exploit code exists for this vulnerability, and no patch is currently available.

Path Traversal
CVE-2026-4541 LOW CVSS 1.1
A cryptographic signature verification flaw exists in tinyssh's Ed25519 signature handler (crypto_sign_ed25519_tinyssh.c) that allows improper validation of signatures, potentially enabling an attacker to forge or bypass signature checks. Affected versions of janmojzis tinyssh up to 20250501 are impacted, with the vulnerability requiring local execution and high attack complexity. A public exploit has been disclosed, and vendor patches are available in version 20260301.

Information Disclosure Jwt Attack
CVE-2026-4539 LOW CVSS 1.9
A regular expression denial-of-service (ReDoS) vulnerability exists in Pygments up to version 2.19.2, specifically in the AdlLexer component within pygments/lexers/archetype.py. An attacker with local access can craft malicious input that triggers inefficient regex pattern matching, causing high CPU consumption and service degradation. A public proof-of-concept exploit is available, though the vulnerability requires local access and low privileges to exploit, resulting in a CVSS score of 3.3 with Proof-of-Concept availability (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P).

Denial Of Service
CVE-2026-4538 LOW CVSS 1.9
A deserialization vulnerability exists in PyTorch 2.10.0 within the pt2 Loading Handler component, allowing local attackers with low privileges to achieve confidentiality, integrity, and availability impacts through untrusted data processing. The vulnerability (CWE-502) is confirmed to have a publicly available exploit and has been reported to the project via pull request PR#176791, though remediation status remains unclear. With a CVSS score of 5.3 and exploitation probability marked as probable (E:P), this represents a moderate real-world risk primarily affecting local development and deployment environments.

Deserialization
CVE-2026-4537 LOW CVSS 2.0
Command injection in the IPSec controller of Cudy TR1200 routers (R46-2.4.15-20250721-164017) allows remote attackers with administrative privileges to execute arbitrary commands through the action_ipsec_conn function. Public exploit code is available for this vulnerability, and the vendor has not released a patch despite early notification. The attack requires high-level access but involves minimal complexity and affects confidentiality, integrity, and availability.

Command Injection
CVE-2026-4533 LOW CVSS 2.1
SQL injection in Simple Food Ordering System 1.0 allows authenticated remote attackers to manipulate the Status parameter in all-tickets.php and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, enabling attackers with valid credentials to read, modify, or delete database contents. The affected PHP application currently lacks a security patch.

PHP SQLi
CVE-2026-4115 LOW CVSS 2.9
PuTTY versions up to 0.83 contain a weak authentication vulnerability in the Ed25519 signature verification function (eddsa_verify in crypto/ecc-ssh.c) that allows remote attackers to potentially forge or manipulate digital signatures due to improper validation of Ed25519 signature components. While a public proof-of-concept exploit exists and the vulnerability affects signature verification, the real-world impact remains unproven, with CVSS 3.7 (low severity) and EPSS probability indicating exploitation is difficult and requires high complexity. The vendor (PuTTY developers) has already released a patch addressing this issue.

Information Disclosure Jwt Attack

Track CVEs for your stack Sign up free →

Today's Vulnerabilities Vulnerabilities