Skip to main content
CVE-2026-22593 HIGH PATCH This Week

Stack-based buffer overflow in EVerest EV charging software stack enables local code execution when processing certificate filenames of exactly 100 characters due to off-by-one boundary check error in IsoMux component. EVerest-core versions prior to 2026.02.0 are affected (CPE cpe:2.3:a:everest:everest-core). The vulnerability has a CVSS score of 8.4 with local attack vector and no privilege requirements (AV:L/PR:N), allowing unauthenticated local attackers to achieve code execution. No public exploit identified at time of analysis, though technical details are available in GitHub security advisory GHSA-cpqf-mcqc-783m.

Buffer Overflow RCE Everest Core
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-33747 HIGH PATCH This Week

BuildKit versions prior to 0.28.1 allow untrusted custom frontends to write arbitrary files outside the execution state directory through crafted API messages, enabling path traversal attacks. This affects users who specify custom frontends via #syntax directives or --build-arg BUILDKIT_SYNTAX parameters with untrusted images. The vulnerability carries a CVSS score of 8.4 with local attack vector requiring no privileges or user interaction, posing high risk to confidentiality, integrity, and availability. No public exploit identified at time of analysis.

Docker Path Traversal Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-33757 HIGH PATCH This Week

Session fixation via remote phishing in OpenBao before 2.5.2 lets an unauthenticated attacker hijack a victim's identity when a JWT/OIDC auth role is configured with callback_mode=direct. Because direct mode skips any confirmation prompt and calls back straight to the API, an attacker initiates the auth flow, lures a victim into completing the login through a crafted URL, then polls the API to collect the OpenBao token that gets issued under the victim's identity. There is no public exploit identified at time of analysis, EPSS is low (0.06%, 19th percentile), and it is not in CISA KEV, though SSVC rates the technical impact as total.

Information Disclosure Session Fixation
NVD GitHub VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2025-55262 HIGH This Week

SQL injection in HCL Aftermarket DPC version 1.0.0 enables unauthenticated remote attackers to extract sensitive database contents and potentially compromise data integrity and availability. The vulnerability carries a CVSS score of 8.3 with network-based attack vector requiring user interaction. No public exploit is identified at time of analysis, and SSVC assessment indicates no current exploitation with non-automatable attack characteristics.

SQLi Aftermarket Dpc
NVD
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-0966 HIGH PATCH This Week

Remote denial-of-service in libssh 0.11.x and earlier allows unauthenticated attackers to crash SSH server daemon processes via malformed GSSAPI authentication OID payloads. The vulnerability affects the ssh_get_hexa() API function when processing zero-length input, exploitable remotely when GSSAPI authentication is enabled and logging verbosity is set to SSH_LOG_PATCH (level 3) or higher. Red Hat, Ubuntu, SUSE, and Debian have released patches (libssh 0.11.4 and 0.12.0). EPSS score of 0.09% and SSVC assessment indicate low real-world exploitation likelihood despite network attack vector, with no active exploitation confirmed. Ubuntu classified this as low priority, and CISA SSVC notes exploitation as 'none' but 'automatable' with partial impact.

Information Disclosure Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +2
NVD VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-33942 HIGH PATCH This Week

Saloon PHP library versions prior to 4.0.0 contain a PHP object injection vulnerability in the AccessTokenAuthenticator::unserialize() method, which unsafely deserializes OAuth token state using unserialize() with allowed_classes set to true. An attacker who can control the serialized token string-such as by overwriting a cached token file or injecting malicious data-can supply a crafted serialized gadget object that executes arbitrary code through PHP magic methods during deserialization. In environments with common dependencies like Monolog present, this vulnerability can be reliably chained to achieve remote code execution (RCE), making it a critical threat to any API integration or SDK built on vulnerable Saloon versions.

PHP RCE Deserialization
NVD GitHub
CVSS 4.0
8.1
EPSS
0.6%
CVE-2026-33009 HIGH PATCH This Week

Concurrent access to shared memory in EVerest EV charging software (versions prior to 2026.02.0) enables remote attackers to trigger undefined behavior and potential memory corruption through unauthenticated MQTT messages. The data race condition in Charger::shared_context occurs when processing switch_three_phases_while_charging commands without proper locking, yielding CVSS 8.2 (High) with potential for availability disruption and data integrity impact. No public exploit identified at time of analysis, though the attack vector is network-accessible without authentication requirements (CVSS:3.1/AV:N/AC:L/PR:N/UI:N).

Race Condition Buffer Overflow Everest Core
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-33748 HIGH PATCH GHSA This Week

Path traversal in Moby BuildKit allows remote unauthenticated attackers to read files outside Git repository roots during Docker image builds using crafted URL fragments. Affects builds using Git URLs with subdir components (e.g., git://repo#ref:subdir syntax). Exploitation probability is low (EPSS 2%, 4th percentile) with no public exploit identified at time of analysis. Vendor-released patch available in BuildKit v0.28.1.

Docker Path Traversal
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2025-12805 HIGH PATCH This Week

Red Hat OpenShift AI llama-stack-operator permits unauthorized cross-namespace access to Llama Stack service endpoints due to missing NetworkPolicy enforcement, enabling authenticated users in one namespace to view or modify sensitive data in another user's Llama Stack instances. CVSS 8.1 (High) reflects high confidentiality and integrity impact with low-privilege authenticated network access. No public exploit identified at time of analysis, though the authentication bypass weakness (CWE-653) is architecturally straightforward to leverage once cluster access is obtained.

Red Hat Authentication Bypass Information Disclosure
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-33149 HIGH This Week

Tandoor Recipes versions through 2.5.3 permit Host header injection attacks that enable invite link poisoning, allowing authenticated administrators with high privileges to be social-engineered into sending system-generated invite tokens to attacker-controlled servers. The Django application's default ALLOWED_HOSTS='*' configuration fails to validate HTTP Host headers, which combined with request.build_absolute_uri() usage allows manipulation of all absolute URLs including invite emails, API pagination, and OpenAPI schemas. No public exploit identified at time of analysis; CVSS 8.1 reflects network-based attack requiring high privileges and user interaction with changed scope.

Python Information Disclosure
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-34055 HIGH This Week

OpenEMR contains an Insecure Direct Object Reference (IDOR) vulnerability in the patient notes functionality where authenticated users can modify or delete notes belonging to any patient without proper authorization checks. This affects OpenEMR versions prior to 8.0.0.3 and allows attackers with low-level privileges to access, modify, or delete sensitive medical records they should not have access to. The vulnerability has a CVSS score of 8.1 with high confidentiality and integrity impact, though there is no current evidence of active exploitation in the wild or public proof-of-concept code.

PHP Authentication Bypass
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-55261 HIGH This Week

Missing functional level access control in HCL Aftermarket DPC version 1.0.0 enables privilege escalation attacks that can compromise application integrity and confidentiality. Unauthenticated attackers can leverage this access control flaw to manipulate and exfiltrate data with user interaction required (CVSS 8.1, AV:N/AC:L/PR:N/UI:R). No public exploit has been identified at time of analysis, with CISA SSVC rating the technical impact as partial and exploitation status as none.

Privilege Escalation Aftermarket Dpc
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-1961 HIGH PATCH NEWS This Week

Remote code execution is achievable in Red Hat Foreman and Satellite 6 via command injection in the WebSocket proxy implementation when users access VM VNC console functionality. An attacker controlling a malicious compute resource server can inject unsanitized hostname values into shell commands, compromising the Foreman server and potentially the entire managed infrastructure. A proof-of-concept exploit exists according to SSVC data, elevating real-world risk despite requiring low-privileged authentication and user interaction.

Command Injection RCE Red Hat Satellite 6
NVD VulDB
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-3108 HIGH PATCH GHSA This Week

Mattermost's mmctl command-line administration tool fails to sanitize ANSI and OSC escape sequences embedded in user-generated post content, enabling authenticated low-privilege attackers to inject malicious terminal control codes when administrators export or query messages. Exploitation allows screen manipulation, fake prompt injection, and clipboard hijacking against administrators running mmctl commands, potentially leading to secondary code execution if administrators are tricked into running injected commands. CISA SSVC framework indicates no current exploitation, non-automatable attack requiring high complexity and user interaction, but with total technical impact potential.

Information Disclosure Mattermost
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-32857 HIGH This Week

Firecrawl's Playwright scraping service through version 2.8.0 permits attackers to bypass SSRF protections and access internal network resources by exploiting a validation gap in redirect handling. Unauthenticated remote attackers can supply externally valid URLs that redirect to restricted internal endpoints, as network policy checks apply only to the initial request and not subsequent redirect destinations. With a CVSS score of 7.8 and high subsequent system confidentiality impact (SC:H), this represents a distinct post-redirect enforcement weakness separate from general redirect-based SSRF (CVE-2024-56800), though no public exploit is identified at time of analysis.

SSRF Firecrawl
NVD GitHub VulDB
CVSS 4.0
7.8
EPSS
0.0%
CVE-2026-33744 HIGH PATCH GHSA This Week

BentoML, a Python framework for ML model serving, contains a command injection vulnerability in the docker.system_packages configuration field of bentofile.yaml files. The vulnerability affects all versions supporting this feature (confirmed in version 1.4.36) and allows attackers to execute arbitrary commands during the Docker image build process (bentoml containerize). This is a high-severity supply chain risk with a CVSS score of 7.8, requiring user interaction to trigger but achieving full command execution as root during container builds.

Docker Python RCE Code Injection
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33491 HIGH PATCH This Week

The Zen C compiler (versions prior to 0.4.4) crashes or enables arbitrary code execution when processing maliciously crafted .zc source files containing excessively long identifiers for structs, functions, or traits, triggering a stack-based buffer overflow (CWE-121). A proof-of-concept exploit exists per SSVC assessment, though attack complexity remains moderate as it requires local access and user interaction (CVSS:3.1/AV:L/AC:L/PR:N/UI:R). Vendor-released patch: version 0.4.4.

Buffer Overflow RCE Stack Overflow Zenc
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-7338 HIGH This Week

Ruckus Unleashed contains a remote code execution vulnerability in the web-based management interface that allows authenticated remote attackers to execute arbitrary code on the system when gateway. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ruckus H350 Ruckus H550 Ruckus R350 +27
NVD
CVSS 4.0
7.7
EPSS
0.2%
CVE-2026-33153 HIGH PATCH This Week

Tandoor Recipes application versions prior to 2.6.0 expose complete database schema and access control logic through an undocumented debug parameter in the Recipe API endpoint, allowing any authenticated user to extract raw SQL queries including table structures, JOIN relationships, WHERE conditions, and multi-tenant space identifiers even in production environments with DEBUG=False. A proof-of-concept exploit is available (SSVC exploitation status: poc). The CVSS 4.0 score of 7.7 reflects network-based exploitation with no attack complexity, and SSVC indicates the vulnerability is automatable with partial technical impact.

SQLi Python
NVD GitHub
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-33530 HIGH PATCH This Week

Authenticated attackers with low-level privileges can exfiltrate sensitive database information from InvenTree open source inventory management systems prior to version 1.2.6 by abusing unvalidated filter parameters in bulk operation API endpoints. The vulnerability enables blind boolean-based data extraction through Django ORM relationship traversal, achieving high confidentiality impact with changed scope per CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N (score 7.7). No public exploit identified at time of analysis, and vendor-released patches are available in versions 1.2.6 and 1.3.0.

Python Information Disclosure
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-30463 HIGH This Week

SQL injection in Daylight Studio FuelCMS v1.5.2 Login.php component allows remote attackers to execute arbitrary SQL queries against the application database. The vulnerability affects the authentication mechanism, potentially enabling account enumeration, credential bypass, or unauthorized data extraction. No public exploit code or active exploitation has been confirmed at this time, though the specific attack vector suggests direct manipulation of login form parameters.

PHP SQLi N A
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-33636 HIGH PATCH NEWS This Week

Out-of-bounds read and write in libpng's ARM/AArch64 Neon-optimized palette expansion allows remote attackers to trigger memory corruption, information disclosure, and denial of service when processing malicious PNG files. libpng versions 1.6.36 through 1.6.55 are affected on ARM platforms with Neon optimization enabled. Version 1.6.56 contains the fix. No public exploit identified at time of analysis, with SSVC framework indicating no active exploitation, non-automatable attack vector, and partial technical impact.

Buffer Overflow Information Disclosure Red Hat
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-33932 HIGH This Week

A stored cross-site scripting (XSS) vulnerability exists in OpenEMR's CCDA document preview functionality that allows authenticated attackers to execute arbitrary JavaScript in clinician browser sessions. OpenEMR versions prior to 8.0.0.3 are affected. The vulnerability occurs because the XSL stylesheet fails to sanitize linkHtml attributes in CCDA documents, allowing javascript: URLs and event handlers to execute when documents are previewed.

XSS Openemr
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-2100 HIGH PATCH This Week

Denial of service in p11-kit's PKCS#11 RPC client allows a malicious remote token to trigger a NULL pointer dereference or undefined behavior in applications consuming derive-key operations. The flaw is reachable when an application calls C_DeriveKey against a remote token using IBM Kyber or IBM BTC derive mechanisms whose parameters are NULL, with the RPC client returning an uninitialized value. EPSS is low (0.10%) and no public exploit identified at time of analysis; SSVC marks exploitation as none but automatable.

IBM Denial Of Service Memory Corruption Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +4
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-2511 HIGH PATCH This Week

Unauthenticated SQL injection in JS Help Desk WordPress plugin versions up to 3.0.4 allows remote attackers to extract sensitive database information via the multiformid parameter in the storeTickets() function. The vulnerability exploits improper use of esc_sql() without SQL quote encapsulation, enabling injection of additional SQL queries without requiring quote characters. CVSS scored 7.5 (High) with no public exploit identified at time of analysis and SSVC assessment indicates automatable exploitation with partial technical impact.

WordPress SQLi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-33416 HIGH PATCH NEWS This Week

A security vulnerability in versions 1.2.1 (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Use After Free Memory Corruption Information Disclosure Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33891 HIGH PATCH This Week

The node-forge cryptographic library for Node.js suffers from a complete Denial of Service condition when the BigInteger.modInverse() function receives zero as input, causing an infinite loop that consumes 100% CPU and blocks the event loop indefinitely. All versions of node-forge (npm package) are affected, impacting applications that process untrusted cryptographic parameters through DSA/ECDSA signature verification or custom modular arithmetic operations. CVSS 7.5 (High severity) reflects network-reachable, unauthenticated exploitation with no user interaction required. A working proof-of-concept exists demonstrating the vulnerability triggers within 5 seconds. Vendor patch is available via GitHub commit 9bb8d67b99d17e4ebb5fd7596cd699e11f25d023.

Node.js Microsoft Apple Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-4926 HIGH PATCH GHSA This Week

The path-to-regexp library versions 8.0.0 through 8.3.0 suffer from catastrophic regular expression denial of service via exponential regex generation when route patterns contain multiple sequential optional groups in curly-brace syntax. Remote unauthenticated attackers can trigger resource exhaustion by submitting crafted route patterns, causing application-level denial of service with CVSS 7.5 (High severity). No public exploit identified at time of analysis, and the vendor has released version 8.4.0 to address the issue.

Denial Of Service Path To Regexp
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-26008 HIGH PATCH This Week

Out-of-bounds vector access in EVerest EV charging software (everest-core versions before 2026.02.0) enables remote unauthenticated attackers to crash the charging station software or corrupt memory by sending crafted UpdateAllowedEnergyTransferModes messages from a Charging Station Management System (CSMS). CVSS 7.5 severity reflects network-accessible denial of service with high availability impact. SSVC assessment indicates no current exploitation and non-automatable attack; no public exploit identified at time of analysis.

Buffer Overflow Information Disclosure Everest Core
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-4867 HIGH PATCH GHSA This Week

Catastrophic backtracking in path-to-regexp versions prior to 0.1.13 enables remote denial of service attacks through specially crafted URLs containing three or more parameters within a single route segment separated by non-period characters. The vulnerability stems from insufficient backtrack protection in regex generation for routes like /:a-:b-:c, allowing unauthenticated attackers to trigger exponential computation times. SSVC framework confirms the vulnerability is automatable with partial technical impact, though no public exploit is identified at time of analysis.

Denial Of Service Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33895 HIGH PATCH This Week

The digitalbazaar/forge npm package accepts forged Ed25519 signatures due to missing scalar canonicalization checks, allowing authentication and authorization bypass in applications that rely on signature uniqueness. All versions since Ed25519 implementation are affected (confirmed through version 1.3.3), identified as pkg:npm/node-forge. Publicly available exploit code exists with a complete proof-of-concept demonstrating how attackers can create multiple valid signatures for the same message by adding the group order L to the scalar component S, bypassing deduplication, replay protection, and signed-object canonicalization checks. The vendor has released a patch via commit bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85.

Node.js Canonical OpenSSL Authentication Bypass Jwt Attack
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33894 HIGH PATCH GHSA This Week

Signature forgery in node-forge npm package (all versions through v1.3.3) allows remote attackers to bypass RSASSA PKCS#1 v1.5 signature verification for RSA keys using low public exponent (e=3). Attackers can construct Bleichenbacher-style forged signatures by injecting malicious ASN.1 content within DigestInfo structures and exploiting missing padding length validation, enabling authentication bypass in systems relying on forge for cryptographic verification. Proof-of-concept code demonstrates successful forgery against forge while OpenSSL correctly rejects the same signature. CVSS score 7.5 (High) with network attack vector, low complexity, and no privileges required. No public exploit identified at time of analysis beyond the research POC.

Node.js OpenSSL Canonical Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33870 HIGH PATCH This Week

CVE-2026-33870 is a security vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Docker RCE Python Request Smuggling
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33487 HIGH PATCH This Week

XML Digital Signature validation in russellhaering/goxmldsig library prior to version 1.6.0 can be bypassed due to a Go loop variable capture bug, allowing remote unauthenticated attackers to forge or manipulate XML signatures without detection. The vulnerability affects applications using Go versions before 1.22 or older go.mod configurations, enabling integrity violations in SAML authentication, document signing, and other XML-DSig implementations. EPSS score of 0.02% suggests low observed exploitation probability, with no confirmed active exploitation (not in CISA KEV). Vendor patch available in version 1.6.0.

Jwt Attack Information Disclosure Goxmldsig
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-4652 HIGH This Week

NVMe/TCP targets are vulnerable to unauthenticated denial of service when a remote attacker sends a CONNECT command with an invalid CNTLID, triggering a kernel panic on the exposed system. The vulnerability exploits a null pointer dereference that allows any network-accessible attacker to crash the target without authentication. No patch is currently available for this high-severity flaw.

Denial Of Service Null Pointer Dereference Freebsd
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-28377 HIGH PATCH This Week

Grafana Tempo leaks S3 SSE-C encryption keys in plaintext through its /status/config endpoint, enabling unauthenticated remote attackers to retrieve encryption keys protecting trace data stored in AWS S3. The CVSS score of 7.5 reflects high confidentiality impact with network-accessible attack vector requiring no privileges or user interaction (AV:N/AC:L/PR:N/UI:N). No public exploit identified at time of analysis, though the attack path is straightforward given the information disclosure nature of the vulnerability.

Grafana Authentication Bypass Red Hat
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-32287 HIGH PATCH GHSA This Week

The antchfx/xpath Go library prior to version 1.3.6 contains a denial-of-service vulnerability in the logicalQuery.Select function where Boolean XPath expressions that evaluate to true (such as '1=1' or 'true()') trigger an infinite loop, consuming 100% CPU resources. Remote attackers can exploit this via top-level XPath selectors without authentication, potentially disrupting any application that uses this library to process untrusted XPath queries. Upstream fix is available in commit afd4762cc342af56345a3fb4002a59281fcab494, with no public exploit code identified at time of analysis.

Denial Of Service Github Com Antchfx Xpath
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-3573 HIGH PATCH This Week

Drupal AI module versions 0.0.0 before 1.1.11 and 1.2.0 before 1.2.12 contain an incorrect authorization vulnerability (CWE-863) that enables resource injection attacks. The flaw allows attackers to bypass authorization controls and inject malicious resources, potentially gaining unauthorized access to AI-driven functionality or data within affected Drupal installations. No public exploit code or active exploitation has been confirmed at the time of this analysis.

Authentication Bypass Ai Artificial Intelligence
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-32286 HIGH PATCH GHSA This Week

DataRow.Decode in github.com/jackc/pgproto3/v2 fails to validate field length parameters, allowing a malicious or compromised PostgreSQL server to send a DataRow message with a negative field length that triggers a slice bounds out of range panic in Go applications using this library. Affected applications experience denial of service through unexpected termination when connecting to an untrusted or compromised database server. No public exploit code or active exploitation has been confirmed; however, the attack requires only network access to a PostgreSQL endpoint that the vulnerable application connects to.

PostgreSQL Information Disclosure Github Com Jackc Pgproto3 V2
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-32285 HIGH PATCH GHSA This Week

The jsonparser library for Go fails to validate slice offsets when processing malformed JSON, enabling remote denial of service through crafted input that triggers negative array indices and runtime panics. The GitHub buger/jsonparser project across all versions is affected. Attackers can send specially crafted JSON payloads to applications using vulnerable versions, causing immediate service termination without requiring authentication or user interaction.

Denial Of Service Github Com Buger Jsonparser
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-32284 HIGH PATCH GHSA This Week

Truncated msgpack fixext format data (codes 0xd4-0xd8) decoded by shamaton/msgpack library versions across v1, v2, and v3 fail to validate input buffer boundaries, triggering out-of-bounds memory reads and runtime panics that enable denial of service. Remote attackers can craft malformed msgpack payloads to crash applications using affected library versions without requiring authentication or user interaction.

Buffer Overflow Denial Of Service Information Disclosure Github Com Shamaton Msgpack Github Com Shamaton Msgpack V2 +1
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-4933 HIGH PATCH This Week

Unpublished Node Permissions module for Drupal versions prior to 1.7.0 contains an incorrect authorization vulnerability (CWE-863) that permits forceful browsing of unpublished nodes by bypassing access controls. Attackers can view content that should be restricted to specific user roles by directly accessing node URLs, circumventing the module's permission enforcement logic. No public exploit code or active exploitation has been identified at the time of analysis.

Authentication Bypass Unpublished Node Permissions
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-4247 HIGH This Week

This vulnerability is a memory leak in FreeBSD's TCP stack where the tcp_respond() function fails to properly free allocated memory buffers (mbufs) when challenge ACKs are not sent in response to crafted packets. FreeBSD systems of all versions are affected. An attacker with network access (either on-path with an established connection or able to establish one, or via spoofed packets) can trigger this leak repeatedly by sending specially crafted packets that exceed rate limits, causing heap exhaustion and potential denial of service through resource depletion.

Information Disclosure Freebsd
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33664 HIGH This Week

Cross-site scripting in Kestra orchestration platform versions up to 1.3.3 enables authenticated flow authors to inject arbitrary JavaScript through unsanitized Markdown rendering in flow metadata fields (description, input displayName/description). The malicious scripts execute automatically when other users view the flow in the web UI, requiring zero interaction for input.displayName fields. This vulnerability (CVSS 7.3) differs from CVE-2026-29082 and affects different components with lower interaction requirements. No public exploit identified at time of analysis, and patch availability remains unconfirmed per the advisory.

XSS Kestra
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-55263 HIGH This Week

Hardcoded credentials in HCL Aftermarket DPC version 1.0.0 enable authenticated low-privilege attackers with user interaction to extract sensitive secrets from source code or insecure repositories, resulting in high confidentiality compromise and complete denial of service. CVSS score 7.3 reflects network-accessible attack requiring low privileges and user interaction. No public exploit identified at time of analysis, with SSVC framework indicating no current exploitation and non-automatable attack characteristics.

Information Disclosure Aftermarket Dpc
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-3328 HIGH This Week

The Frontend Admin by DynamiApps plugin for WordPress contains a PHP Object Injection vulnerability affecting all versions up to and including 3.28.31. Authenticated attackers with Editor-level privileges or higher can exploit unsafe deserialization of the 'post_content' field in admin_form posts to inject malicious PHP objects and achieve remote code execution through available POP chains. This represents a critical risk for WordPress sites using this plugin with elevated user accounts.

WordPress PHP RCE Deserialization
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2026-4329 HIGH This Week

The Blackhole for Bad Bots plugin for WordPress contains a Stored Cross-Site Scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the User-Agent HTTP header. All versions up to and including 3.8 are affected. The vulnerability stems from insufficient output escaping when displaying bot data in the admin interface, enabling arbitrary JavaScript execution when administrators view the Bad Bots log page.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-2231 HIGH This Week

Unauthenticated attackers can inject malicious scripts into Fluent Booking plugin for WordPress versions up to 2.0.01, enabling Stored Cross-Site Scripting attacks that execute in victim browsers whenever injected pages are accessed. The vulnerability stems from insufficient input sanitization across multiple parameters in LocationService.php, Booking.php, and FrontEndHandler.php. With a CVSS score of 7.2 and network-based attack vector requiring no privileges, this represents a significant threat to WordPress sites using the affected booking plugin. No public exploit identified at time of analysis, and SSVC framework indicates no current exploitation with non-automatable attack profile.

WordPress XSS
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-33906 HIGH PATCH This Week

Privilege escalation in ellanetworks/core allows NetworkManager role holders to replace the production SQLite database through an unvalidated restore endpoint, escalating to Admin privileges with full access to user management, audit logs, and system configuration. The NetworkManager role was improperly granted backup/restore permissions, and the restore function accepted arbitrary SQLite files without content validation. Vendor patch available in v1.7.0 (commit 1e47682). EPSS exploitation probability is low (0.03%, 8th percentile), and no active exploitation or public POC identified at time of analysis.

Privilege Escalation
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-33872 HIGH PATCH This Week

Cross-user data leakage in elixir-nodejs library versions prior to 3.1.4 allows authenticated users to receive sensitive data belonging to other users through a race condition in the worker protocol's request-response handling. The lack of request-response correlation causes stale responses to be delivered to unrelated callers in high-throughput environments, potentially exposing PII, authentication tokens, or private records. No public exploit identified at time of analysis, though the vulnerability is documented in GitHub issue #100 with technical details publicly available.

Race Condition Information Disclosure
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy