Skip to main content
CVE-2026-33634 CRITICAL POC KEV PATCH THREAT GHSA Emergency

Trivy security scanner v0.69.4 was compromised in a supply chain attack where a threat actor used stolen credentials to publish malicious releases and force-push credential-stealing malware to GitHub Actions repositories.

Information Disclosure Suse
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.0%
Threat
4.9
CVE-2026-3055 CRITICAL POC KEV PATCH THREAT NEWS Act Now

An insufficient input validation vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway when configured as a SAML Identity Provider, allowing attackers to trigger a memory overread condition. The vulnerability affects both the NetScaler ADC and NetScaler Gateway products across multiple versions, and successful exploitation could lead to information disclosure by reading adjacent memory contents. While no CVSS score or EPSS data is currently published, the CWE-125 classification (Out-of-bounds Read) combined with the SAML IDP configuration context suggests moderate to high real-world risk for organizations relying on these devices for identity management.

Information Disclosure Citrix Buffer Overflow
NVD VulDB GitHub
CVSS 4.0
9.3
EPSS
0.0%
Threat
4.9
CVE-2025-60949 CRITICAL POC PATCH Act Now

Census CSWeb 8.0.1 contains an information disclosure vulnerability where the app/config endpoint is reachable via HTTP without authentication in certain deployments, allowing remote attackers to retrieve sensitive configuration data including secrets. This vulnerability has a CVSS score of 9.1 (Critical) and affects Census CSWeb versions prior to 8.1.0 alpha. A public proof-of-concept exploit is available on GitHub (https://github.com/hx381/cspro-exploits), significantly increasing the risk of active exploitation.

Information Disclosure Csweb
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-3587 CRITICAL CISA Act Now

A hidden function in the CLI prompt of multiple WAGO industrial and lean managed switches allows unauthenticated remote attackers to escape the restricted interface and gain root access to the underlying Linux operating system. This results in complete device compromise with a maximum CVSS score of 10.0. The vulnerability affects over a dozen WAGO switch models used in industrial automation environments, and was disclosed by CERT@VDE.

Information Disclosure Lean Managed Switch 852 1812 Lean Managed Switch 852 1813 Lean Managed Switch 852 1813 000 001 Lean Managed Switch 852 1816 +12
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-4606 CRITICAL Act Now

GV Edge Recording Manager (ERM) v2.3.1 improperly executes application components with SYSTEM-level privileges, allowing any local user to escalate privileges and gain full control of the operating system. The vulnerability stems from the Windows service running under the LocalSystem account and spawning child processes with elevated privileges, particularly when file dialogs are invoked during operations like data import. This is a local privilege escalation vulnerability with high real-world risk due to the ease of exploitation and the severity of the impact.

Privilege Escalation Microsoft
NVD VulDB
CVSS 4.0
10.0
EPSS
0.0%
CVE-2026-4001 CRITICAL Act Now

The Woocommerce Custom Product Addons Pro plugin for WordPress contains a critical remote code execution vulnerability caused by unsafe use of PHP's eval() function when processing custom pricing formulas. All versions up to and including 5.4.1 are affected, allowing unauthenticated attackers to execute arbitrary PHP code on the server by submitting malicious input to WCPA text fields configured with custom pricing formulas. With a CVSS score of 9.8, this represents a maximum severity issue requiring immediate attention, though EPSS and KEV status data are not provided in the available intelligence.

Code Injection WordPress PHP RCE
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-32968 CRITICAL Act Now

This is a critical OS command injection vulnerability in the com_mb24sysapi module of several MB Connect Line and Helmholz industrial remote access products. An unauthenticated remote attacker can execute arbitrary OS commands without any user interaction, leading to complete system compromise. This is a variant of CVE-2020-10383, suggesting similar attack patterns may be applicable, and the 9.8 CVSS score reflects the severe nature of network-accessible, authentication-free remote code execution in industrial control system components.

Command Injection Mb Connect Line Mbconnect24 Mymbconnect24 Myrex24V2 Myrex24V2 Virtual
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-33716 CRITICAL Act Now

WWBN AVideo versions up to and including 26.0 contain an authentication bypass vulnerability in the standalone live stream control endpoint. The endpoint accepts a user-supplied 'streamerURL' parameter that redirects token verification to an attacker-controlled server, allowing complete bypass of authentication without any user interaction. With a CVSS score of 9.4, an attacker gains unauthenticated control over any live stream including the ability to drop publishers, manipulate recordings, and probe stream existence.

PHP Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
9.4
EPSS
0.1%
CVE-2026-4404 CRITICAL PATCH Act Now

GoHarbor Harbor versions 2.15.0 and earlier contain hardcoded default credentials that allow unauthenticated attackers to gain administrative access to the web UI using the default username 'admin' and password 'Harbor12345'. This vulnerability enables complete compromise of the container registry, including image manipulation, deletion, and unauthorized access to stored artifacts. The issue has been documented in GitHub issues and pull requests within the Harbor project, indicating active awareness and remediation efforts by the development team.

Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
9.4
EPSS
0.0%
CVE-2026-2298 CRITICAL Act Now

An Improper Neutralization of Argument Delimiters (Argument Injection) vulnerability exists in Salesforce Marketing Cloud Engagement that allows attackers to manipulate Web Services Protocol interactions through command injection. All versions of Marketing Cloud Engagement released before January 30th, 2026 are affected. An attacker with network access to the affected service can inject malicious arguments into commands, potentially leading to unauthorized actions, data exfiltration, or service compromise. No CVSS score, EPSS data, or confirmed public POC are currently available, but the vulnerability has been officially disclosed by Salesforce with a patch deadline, indicating active remediation efforts.

Code Injection Marketing Cloud Engagement
NVD VulDB
CVSS 3.1
9.4
EPSS
0.0%
CVE-2026-4681 CRITICAL POC CISA Act Now

A critical remote code execution vulnerability exists in PTC Windchill PDMLink and PTC FlexPLM products due to unsafe deserialization of untrusted data, allowing unauthenticated attackers to execute arbitrary code on affected systems. The vulnerability affects multiple versions of both products spanning from version 11.0 through 13.1.3.0 for Windchill and 11.0 through 13.0.3.0 for FlexPLM. An attacker can craft malicious serialized objects that, when deserialized by the vulnerable application, trigger code execution with the privileges of the Windchill or FlexPLM service account.

RCE Deserialization Windchill Pdmlink Flexplm
NVD VulDB GitHub
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-30849 CRITICAL PATCH Act Now

MantisBT versions prior to 2.28.1 contain an authentication bypass vulnerability in the SOAP API caused by improper type checking on the password parameter when running on MySQL family databases. An attacker who knows a victim's username can log in to the SOAP API without knowing the correct password and execute any API function available to that account. While a CVE CVSS score is not yet assigned, the vulnerability is patched in version 2.28.1, and disabling the SOAP API reduces but does not eliminate the risk.

Authentication Bypass Mantisbt
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-41008 CRITICAL Act Now

A SQL injection vulnerability exists in Sinturno that allows unauthenticated or low-privileged attackers to execute arbitrary SQL commands through the 'client' parameter in the '/_adm/scripts/modalReport_data.php' endpoint. This vulnerability enables complete database compromise including retrieval, creation, updating, and deletion of database objects. The vulnerability was reported by INCIBE and affects all versions of Sinturno; no CVSS score, EPSS data, or KEV status has been published, but the ability to perform CRUD operations on databases represents critical severity regardless of formal scoring.

PHP SQLi
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-41007 CRITICAL PATCH Act Now

A SQL injection vulnerability exists in Cuantis that allows unauthenticated attackers to execute arbitrary SQL commands through the 'search' parameter in the '/search.php' endpoint. This vulnerability enables complete database compromise including retrieval, creation, modification, and deletion of database contents. A patch is available from the vendor, and exploitation requires only network access to the affected application with no special privileges or user interaction.

PHP SQLi
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-4599 CRITICAL PATCH GHSA Act Now

The jsrsasign JavaScript cryptographic library contains a critical vulnerability in its random number generation functions that allows attackers to recover private DSA keys through nonce bias exploitation. Versions 7.0.0 through 11.1.0 are affected. A proof-of-concept is publicly available (referenced in GitHub Gist), demonstrating the attack feasibility, and the vulnerability requires no authentication or user interaction for remote exploitation.

Information Disclosure Jsrsasign
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-32913 CRITICAL PATCH GHSA Act Now

OpenClaw versions prior to 2026.3.7 contain a critical header validation flaw in the fetchWithSsrFGuard function that leaks sensitive authorization headers (including X-Api-Key and Private-Token) across cross-origin redirects. An attacker can exploit this remotely without authentication by triggering HTTP redirects to attacker-controlled domains, intercepting credentials intended for legitimate services. With a CVSS score of 9.3 and network-accessible attack vector requiring low complexity, this represents a significant information disclosure risk, though no active exploitation (KEV) or public POC has been reported at this time.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-33202 CRITICAL PATCH Act Now

Rails Active Storage's DiskService#delete_prefixed method fails to escape glob metacharacters when passing blob keys to Dir.glob, allowing attackers to delete unintended files from the storage directory if blob keys contain attacker-controlled input or custom-generated keys with glob metacharacters. This affects Ruby on Rails versions prior to 7.2.3.1, 8.0.4.1, and 8.1.2.1, and while no CVSS score or EPSS data is currently available, the vulnerability represents a significant integrity and availability risk as it enables arbitrary file deletion on the server filesystem.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-0898 CRITICAL Act Now

An arbitrary file-write vulnerability exists in Pega Browser Extension (PBE) affecting Pega Robot Studio developers using versions 22.1 or R25 who automate Google Chrome and Microsoft Edge browsers. A threat actor can craft a malicious website that, when visited by a developer during interrogation mode in Robot Studio, executes arbitrary file-write operations on the developer's system. This vulnerability does not affect end-user Robot Runtime deployments, limiting its blast radius to development environments.

Google RCE Microsoft Pega Robot Studio Chrome
NVD VulDB
CVSS 4.0
9.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy