Skip to main content
CVE-2026-3502 HIGH POC KEV THREAT NEWS Act Now

Arbitrary code execution in TrueConf Client allows authenticated attackers on adjacent networks to deliver malicious updates due to missing integrity verification. The auto-update mechanism accepts unsigned or unverified payloads, enabling man-in-the-middle attackers with high privileges to substitute trojanized updates that execute with the application's permissions. EPSS data not available; no confirmed active exploitation (not in CISA KEV); publicly available exploit code not identified at time of analysis. CVSS 7.8 reflects the adjacent network attack vector and user interaction requirement, reducing immediate internet-scale risk.

RCE Trueconf Client
NVD VulDB GitHub
CVSS 3.1
7.8
EPSS
0.0%
Threat
4.6
CVE-2019-25654 HIGH POC This Week

Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Core Ftp Sftp Server
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-34714 HIGH POC PATCH This Week

{expr} payload embedded in a modeline to be evaluated even when the protective 'modelineexpr' setting is off (the default). A publicly available exploit exists, though EPSS rates real-world exploitation probability at just 0.02% (6th percentile) and CISA SSVC marks exploitation as 'none' - indicating no observed in-the-wild activity. The flaw is severe (CVSS 8.6) because it needs only that the user open a file in Vim's default configuration.

RCE Command Injection Vim
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-5156 HIGH POC This Week

Stack-based buffer overflow in Tenda CH22 router firmware version 1.0.0.1 allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in the formQuickIndex function's handling of the mit_linktype parameter in the /goform/QuickIndex endpoint. Publicly available exploit code exists on GitHub, significantly lowering the barrier to exploitation. With a CVSS score of 8.8 and low attack complexity requiring only low-privilege authentication, this represents a critical risk to deployed Tenda CH22 devices, though CISA KEV status is not confirmed.

Tenda Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5154 HIGH POC This Week

Stack-based buffer overflow in Tenda CH22 router (versions 1.0.0.1 and 1.If) allows authenticated remote attackers to achieve code execution via crafted 'funcname' parameter to the /goform/setcfm endpoint. Publicly available exploit code exists (GitHub POC), significantly lowering exploitation barrier. CVSS 7.4 with low attack complexity and authenticated remote vector indicates moderate risk for targeted attacks against devices with compromised credentials.

Tenda Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5152 HIGH POC This Week

Stack-based buffer overflow in Tenda CH22 router version 1.0.0.1 allows authenticated remote attackers to achieve arbitrary code execution via the formCreateFileName function. The vulnerability resides in the /goform/createFileName endpoint where insufficient input validation of the 'fileNameMit' parameter enables memory corruption. Publicly available exploit code exists on GitHub, significantly lowering the barrier to exploitation. While requiring low-privilege authentication (PR:L), the attack complexity is low (AC:L) and can be executed remotely over the network.

Tenda Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5155 HIGH POC This Week

Stack-based buffer overflow in Tenda CH22 router (version 1.0.0.1) allows authenticated remote attackers to achieve code execution or denial of service via the wanmode parameter in the /goform/AdvSetWan endpoint. Public exploit code exists (GitHub POC), significantly lowering exploitation barriers. CVSS 7.4 reflects network-accessible attack requiring only low-privilege authentication, with high impact to confidentiality, integrity, and availability.

Tenda Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-34472 HIGH POC This Week

Unauthenticated credential disclosure in ZTE ZXHN H188A routers (versions V6.0.10P2_TE and V6.0.10P3N3_TE) allows local network attackers to retrieve sensitive credentials including default administrator passwords, WLAN PSK, and PPPoE credentials via the wizard interface, with some cases enabling unauthenticated configuration changes. No CVSS or EPSS data is available, and KEV status is unconfirmed; however, a publicly available technical analysis exists on GitHub indicating detailed exploitation methodology.

Information Disclosure Zte
NVD GitHub Exploit-DB VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-28228 HIGH PATCH This Week

Server-side template injection in OpenOlat e-learning platform versions prior to 19.1.31, 20.1.18, and 20.2.5 enables authenticated users with Author role to execute arbitrary operating system commands via crafted Velocity directives in reminder email templates. Exploitation requires low-privilege authentication (PR:L) but is network-accessible (AV:N) with low complexity (AC:L), achieving full system compromise (C:H/I:H/A:H). The vulnerability leverages Java reflection through Velocity templates to instantiate ProcessBuilder and execute commands with Tomcat process privileges, often root in containerized environments. EPSS data not provided; no CISA KEV status confirmed; publicly available exploit code exists per GitHub security advisory disclosure.

Java Tomcat Ssti Code Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-33373 HIGH This Week

Cross-Site Request Forgery in Zimbra Collaboration Server 10.0 and 10.1 allows remote attackers to perform sensitive account actions such as disabling two-factor authentication by inducing authenticated users to submit crafted requests, exploiting insufficient CSRF protection on authentication tokens issued during account state transitions like password changes or 2FA enablement. No public exploit code has been identified at time of analysis, and patch availability has been confirmed in vendor advisories for versions 10.0.18 and 10.1.13.

CSRF
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5130 HIGH This Week

Unauthenticated privilege escalation in Debugger & Troubleshooter WordPress plugin (versions ≤1.3.2) allows remote attackers to gain administrator access by manipulating a cookie value. Attackers can set the wp_debug_troubleshoot_simulate_user cookie to any user ID without cryptographic validation, bypassing all authentication and authorization checks to immediately impersonate administrators. No public exploit code confirmed at time of analysis, though the attack mechanism is straightforward requiring only cookie manipulation. CVSS 8.8 with network-based attack vector and low complexity indicates significant real-world risk for unpatched installations. Vendor-released patch in version 1.4.0 implements cryptographic token validation.

WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-33030 HIGH GHSA This Week

Insecure Direct Object Reference (IDOR) in nginx-ui up to v2.3.3 allows authenticated low-privilege users to access, modify, and delete any resource across all user accounts, including plaintext DNS provider API tokens (Cloudflare, AWS Route53, Alibaba Cloud) and ACME private keys. The application's base Model struct lacks user_id fields, and all resource endpoints query by ID without ownership verification. CVSS 8.8 reflects scope change to external services—stolen Cloudflare tokens enable DNS hijacking and fraudulent certificate issuance. No public exploit identified at time of analysis, but trivial to execute via standard HTTP requests. Vendor-released patch: v2.3.4.

Nginx Information Disclosure Command Injection Docker Suse
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2370 HIGH PATCH This Week

Improper authorization in GitLab CE/EE Jira Connect integration allows authenticated users with minimal workspace permissions to steal installation credentials and impersonate the GitLab application. Affects versions 14.3 through 18.8.6, 18.9.0-18.9.2, and 18.10.0. Vendor-released patches available in versions 18.8.7, 18.9.3, and 18.10.1. High CVSS score (8.1) reflects significant confidentiality and integrity impact with low attack complexity. No public exploit identified at time of analysis, though detailed disclosure exists via HackerOne report.

Gitlab Information Disclosure Atlassian
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-31831 HIGH PATCH This Week

Path traversal in Tautulli's /newsletter/image/images API endpoint allows unauthenticated remote attackers to read arbitrary files from the server filesystem. Tautulli, a Python-based monitoring tool for Plex Media Server, is affected in all versions prior to 2.17.0. The vulnerability carries a CVSS 4.0 score of 8.7 with network attack vector, low complexity, and no authentication required (PR:N), enabling trivial exploitation for sensitive information disclosure. No active exploitation confirmed at time of analysis, though the unauthenticated nature and public disclosure significantly elevate real-world risk.

Python Path Traversal
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-3321 HIGH This Week

{EVENTID}/{TIMESTAMP}/ endpoint. This exposure leaks sensitive data including user identifiers, private URLs, messages, and internal references that should be restricted to authenticated users. The compromised information can facilitate reconnaissance for lateral movement, system exploitation, or unauthorized access to connected applications.

Authentication Bypass On24 Q A Chat
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-3945 HIGH PATCH This Week

Remote denial of service in tinyproxy versions through 1.11.3 allows unauthenticated attackers to exhaust all proxy worker connections via malformed HTTP chunked transfer encoding. An integer overflow in chunk size parsing (using strtol() without ERANGE validation) enables attackers to send LONG_MAX values that bypass size checks and trigger arithmetic overflow during chunklen+2 calculations. This forces the proxy to attempt reading unbounded request body data, holding worker slots indefinitely until all connections are exhausted and new clients are rejected. Upstream fix available (commits bb7edc4, 969852c) but latest stable release 1.11.3 remains unpatched. EPSS data not available; no public exploit identified at time of analysis, though attack complexity is low (CVSS AC:L) and requires no authentication (PR:N).

Integer Overflow Denial Of Service Suse Debian
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-4416 HIGH PATCH This Week

Insecure deserialization in Gigabyte Control Center's Performance Library component allows authenticated local users to escalate privileges to SYSTEM by sending crafted serialized payloads to the EasyTune Engine service. Affecting Gigabyte Performance Library across versions, this CWE-502 flaw enables low-privileged users to gain complete control of the Windows system. EPSS data not available; no public exploit identified at time of analysis, though the local attack vector and low complexity (CVSS:3.1/AV:L/AC:L/PR:L) suggest exploitation is technically straightforward for attackers with initial local access.

Deserialization Privilege Escalation Performance Library
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-34377 HIGH PATCH GHSA This Week

Zebra cryptocurrency nodes prior to version 4.3.0 can be forced into consensus split by malicious miners who craft blocks containing V5 transactions with matching txids but invalid authorization data. The vulnerability stems from a cache lookup that used ZIP-244 txid (which excludes authorization data) to bypass full verification, allowing nodes to accept blocks with invalid signatures. While this does not enable invalid transaction acceptance, it isolates vulnerable nodes from the Zcash network, creating fork conditions exploitable for service disruption and potential double-spend scenarios against partitioned nodes. No public exploit code or CISA KEV listing exists, but the technical complexity is low for actors with mining capabilities. Affected products are zebrad and zebra-consensus Rust packages supporting Network Upgrade 5 (V5 transactions). Vendor-released patch: Zebra 4.3.0.

Information Disclosure Jwt Attack
NVD GitHub
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-4266 HIGH This Week

Insecure deserialization in WatchGuard Fireware OS enables local code execution as the portald user when combined with a filesystem write primitive. Affects Fireware OS versions 12.1 through 12.11.8 and 2025.1 through 2026.1.2 on platforms supporting Access Portal (excludes T-15/T-35 models). CVSS 8.4 severity reflects high impact but requires prior high-privilege local access and an existing write vulnerability to exploit. No public exploit identified at time of analysis, with EPSS data unavailable for risk probability assessment.

Deserialization RCE Fireware Os
NVD VulDB
CVSS 4.0
8.4
EPSS
0.1%
CVE-2026-34363 HIGH PATCH GHSA This Week

Parse Server LiveQuery leaks protected fields and authentication data across concurrent subscribers due to shared mutable object state. When multiple clients subscribe to the same class, race conditions in the sensitive data filter allow one subscriber's field filtering to affect other subscribers, exposing data that should remain protected or delivering incomplete objects to authorized clients. Deployments using LiveQuery with protected fields or afterEvent triggers face unauthorized information disclosure. Vendor-released patches are available for Parse Server 8 and 9. No public exploit identified at time of analysis, though the vulnerability is straightforward to trigger in affected configurations.

Information Disclosure Race Condition
NVD GitHub
CVSS 4.0
8.2
EPSS
0.1%
CVE-2026-34219 HIGH PATCH GHSA This Week

Unchecked arithmetic in Rust libp2p-gossipsub heartbeat processing allows remote unauthenticated denial of service via crafted PRUNE control messages. Network-reachable Gossipsub peers can crash vulnerable nodes by sending PRUNE messages with near-maximum backoff values (~i64::MAX), triggering an instant overflow panic during subsequent heartbeat cycles (43-74 seconds later). This is a distinct vulnerability from CVE-2026-33040, affecting a different code path in expiry handling rather than initial insertion. Reported by Ethereum Foundation security team; no public exploit identified at time of analysis, but attack vector is straightforward for any peer capable of establishing libp2p sessions.

Denial Of Service Integer Overflow
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.1%
CVE-2026-29872 HIGH This Week

Cross-session credential leakage in awesome-llm-apps Streamlit-based GitHub MCP Agent allows unauthenticated users to retrieve previously stored API tokens and secrets from process-wide environment variables, compromising GitHub Personal Access Tokens and LLM API keys across concurrent session boundaries. The vulnerability stems from improper session isolation in a multi-user Streamlit application that persists credentials in os.environ without clearing them between user sessions, enabling attackers to escalate privileges and access private resources without authentication.

Python Information Disclosure Authentication Bypass
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-32877 HIGH PATCH This Week

Heap over-read in Botan C++ cryptography library versions 2.3.0 through 3.10.x allows remote, unauthenticated attackers to trigger crashes or undefined behavior during SM2 decryption. The vulnerability stems from insufficient length validation of authentication code (C3) values in SM2 ciphertexts, enabling reads of up to 31 bytes beyond allocated heap memory. With CVSS 8.2 (AV:N/AC:L/PR:N/UI:N) and EPSS data not provided, this represents a remotely exploitable memory safety issue in a cryptographic primitive. No public exploit identified at time of analysis. Patched in version 3.11.0.

Information Disclosure Buffer Overflow Red Hat
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-33949 HIGH PATCH GHSA This Week

Path traversal in TinaCMS GraphQL (@tinacms/graphql) enables unauthenticated remote attackers to write and overwrite arbitrary files within the project root, including critical configuration files like package.json and build scripts. The vulnerability stems from platform-specific path validation failures that treat backslash characters differently on Unix-based systems, allowing traversal sequences like 'x\..\..\..\package.json' to bypass security checks. With a CVSS score of 8.1 and publicly available exploit code demonstrating the attack, this represents a critical security risk for TinaCMS deployments, particularly those exposed to untrusted networks. No CISA KEV listing exists, but the proof-of-concept demonstrates clear exploitation paths to arbitrary code execution via build script modification.

Path Traversal RCE Microsoft
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-33641 HIGH POC PATCH GHSA This Week

Command injection in Glances Python monitoring tool allows local authenticated users to execute arbitrary system commands via malicious configuration files. Attackers with write access to Glances configuration files can embed shell commands in backtick-enclosed strings that execute automatically during config parsing with the privileges of the Glances process. In environments where Glances runs as a system service with elevated privileges, this enables privilege escalation from low-privileged user to root. CVSS 7.8 (High) with local attack vector requiring low privileges. Public exploit code exists in the advisory. EPSS data not available, not listed in CISA KEV.

Python Command Injection Privilege Escalation Suse
NVD GitHub VulDB Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27018 HIGH PATCH GHSA This Week

Arbitrary file read in Gotenberg versions prior to 8.29.0 allows unauthenticated remote attackers to bypass URL deny-list protections and access sensitive container files via case-variant URI schemes. The default deny-list regex `^file:(?!//\/tmp/).*` only matches lowercase 'file:', but Chromium normalizes mixed-case schemes (FILE://, File://, fILE://) to lowercase after the deny-list check, enabling access to /etc/passwd, environment variables, and configuration files. This bypasses the incomplete fix for CVE-2024-21527. Vendor-released patch available in version 8.29.0. POC confirmed in GitHub advisory. EPSS exploitation probability is low (0.02%) despite public POC, suggesting limited real-world targeting to date.

Path Traversal Information Disclosure Docker Google
NVD GitHub
CVSS 4.0
7.8
EPSS
0.0%
CVE-2026-3991 HIGH This Week

Elevation of privilege in Symantec Data Loss Prevention Windows Endpoint allows authenticated local users to gain SYSTEM-level access and compromise protected resources. Affects all versions prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15. CVSS 7.8 (High) reflects the local attack vector but complete system compromise upon successful exploitation. No public exploit identified at time of analysis, though the CWE-829 (Inclusion of Functionality from Untrusted Control Sphere) classification suggests potential DLL hijacking or similar trust boundary violations.

Information Disclosure Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-29925 HIGH This Week

Invoice Ninja versions 5.12.46 and 5.12.48 contain a Server-Side Request Forgery (SSRF) vulnerability in the CheckDatabaseRequest.php component that allows remote attackers to perform unauthorized requests to internal or external systems. The vulnerability affects the setup and database configuration functionality, potentially enabling attackers to access internal services, probe private networks, or interact with restricted resources from the server's perspective.

PHP SSRF
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-29924 HIGH This Week

Grav CMS versions 1.7.x and earlier allow XML External Entity (XXE) injection through SVG file uploads in the administrative panel and File Manager plugin, potentially enabling remote code execution or information disclosure to authenticated administrators. No CVSS score, CVSS vector, or CWE classification has been assigned; exploitation status and patch availability cannot be confirmed from available data.

XXE File Upload
NVD GitHub
CVSS 3.1
7.6
EPSS
0.1%
CVE-2026-29954 HIGH This Week

KubePlus 4.1.4 allows server-side request forgery (SSRF) and arbitrary HTTP header injection through improperly validated chartURL fields in ResourceComposition resources. The mutating webhook and kubeconfiggenerator components concatenate user-supplied chartURL values directly into wget command invocations without proper escaping, enabling attackers to inject wget options such as --header to forge HTTP requests or exfiltrate sensitive data. No patch version information is currently available, and exploitation status remains unconfirmed from authoritative sources.

SSRF
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-30077 HIGH This Week

OpenAirInterface AMF version 2.2.0 crashes during message decoding when processing specific malformed input sequences, enabling a denial of service condition. A remote attacker can trigger a consistent crash by sending specially crafted hex-encoded packets (example: 80 00 00 0E 00 00 01 00 0F 80 02 02 40 00 58 00 01 88) to the AMF component. No public exploit code has been identified, but the crash is reproducible with known input patterns.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-5121 HIGH PATCH This Week

Remote code execution in libarchive on 32-bit systems allows unauthenticated attackers to execute arbitrary code via specially crafted ISO9660 images. The vulnerability affects Red Hat Enterprise Linux versions 6 through 10 and OpenShift Container Platform 4, with vendor patches released across multiple RHSA advisories. Despite the CVSS 7.5 score and network attack vector, EPSS exploitation probability is low (0.05%, 16th percentile) and no public exploit is identified at time of analysis, though SSVC classifies the vulnerability as automatable with total technical impact.

RCE Integer Overflow Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +4
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-4046 HIGH PATCH This Week

Remote denial of service in GNU C Library (glibc) 2.43 and earlier allows unauthenticated remote attackers to crash applications via malformed input during character set conversion from IBM1390 or IBM1399 encodings. The vulnerability triggers an assertion failure in the iconv() function with high attack reliability (CVSS 7.5, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Proof-of-concept code exists and CISA SSVC assessment confirms the issue is automatable with partial technical impact, making this a practical denial-of-service vector for any networked application processing untrusted character encoding conversions.

Denial Of Service Glibc
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33986 HIGH PATCH This Week

Heap buffer overflow in FreeRDP's H.264 YUV decoder (versions before 3.24.2) allows remote attackers to potentially achieve code execution via specially crafted RDP sessions. The vulnerability stems from premature dimension updates in yuv_ensure_buffer() that persist when memory reallocation fails, creating exploitable memory corruption conditions. Attack requires user interaction (connecting to malicious RDP server) and moderate complexity (CVSS AC:H). No public exploit identified at time of analysis, though CVSS 7.5 HIGH score reflects potential for complete system compromise (C:H/I:H/A:H).

Heap Overflow Buffer Overflow Freerdp
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33984 HIGH PATCH This Week

Heap buffer overflow in FreeRDP's CLEAR codec implementation allows remote attackers to execute arbitrary code when processing malicious RDP server responses. Affects all FreeRDP versions prior to 3.24.2. Attack requires high complexity and user interaction (victim must connect to attacker-controlled RDP server), but no authentication is required. CVSS 7.5 reflects the network-accessible attack vector with potential for complete system compromise. No public exploit identified at time of analysis, though technical details are publicly disclosed via GitHub security advisory.

Heap Overflow Buffer Overflow Freerdp
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-2285 HIGH This Week

CrewAI's JSON loader tool fails to validate file paths before reading, allowing arbitrary local file access that exposes sensitive server files to attackers with network access to the application. The vulnerability enables information disclosure without authentication, affecting all versions of CrewAI that include the vulnerable JSON loader component. No active exploitation has been confirmed, but the straightforward nature of the attack (unsanitized file path input) makes this a practical concern for production deployments.

Information Disclosure Crewai
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-3124 HIGH This Week

Insecure Direct Object Reference in WP Download Monitor plugin (≤5.1.7) enables unauthenticated attackers to complete arbitrary pending orders by manipulating PayPal transaction tokens, allowing theft of paid digital goods. Attackers can pay minimal amounts for low-cost items and use those payment tokens to finalize high-value orders, effectively bypassing payment validation. CVSS 7.5 (High) reflects network-based attack with no authentication required. No public exploit identified at time of analysis, though the attack mechanism is clearly documented in vendor advisories.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-2328 HIGH PATCH This Week

Path traversal in WAGO Device Sphere and Solution Builder allows unauthenticated remote attackers to access backend components and expose sensitive information. The vulnerability stems from insufficient input validation (CWE-790), enabling attackers to bypass intended access boundaries with low complexity over network vectors. CVSS 7.5 (High) reflects significant confidentiality impact. EPSS data unavailable; no public exploit identified at time of analysis, and CISA KEV status not confirmed.

Path Traversal Device Sphere Solution Builder
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-21710 HIGH PATCH This Week

Uncaught TypeError in Node.js HTTP server crashes applications when clients send specially crafted `__proto__` headers and code accesses `req.headersDistinct`. The exception occurs synchronously in a property getter, bypassing standard error handling mechanisms and causing immediate service disruption. Affects Node.js versions 20.x, 22.x, 24.x, and 25.x with CVSS 7.5 (High). EPSS data not available; no public exploit identified at time of analysis, though exploitation requires only sending a malformed HTTP header with no authentication (CVSS:3.0/AV:N/AC:L/PR:N/UI:N).

Node.js Denial Of Service Node
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-28505 HIGH PATCH This Week

Remote code execution in Tautulli (Python-based Plex Media Server monitoring tool) versions prior to 2.17.0 allows authenticated administrators to bypass sandbox restrictions in notification templates via lambda expressions, enabling arbitrary Python code execution. The vulnerability exploits a flaw in the str_eval() sandbox implementation that only inspects outer code object names (co_names) while nested lambda code objects store attribute accesses in co_consts, evading security checks. CVSS 7.5 with high attack complexity and high privilege requirement (PR:H) indicates limited real-world risk scope, with no public exploit identified at time of analysis.

Python Code Injection RCE
NVD GitHub
CVSS 4.0
7.5
EPSS
0.0%
CVE-2026-32275 HIGH PATCH This Week

Cross-site scripting (XSS) in Tautulli 1.3.10 through 2.16.x allows remote attackers to inject malicious scripts via unsanitized JSONP callback parameters, enabling API key theft from authenticated users who click crafted links. The vulnerability requires social engineering (UI:A in CVSS) and affects the Plex monitoring tool's web interface. No public exploit or active exploitation (CISA KEV) confirmed at time of analysis, though the attack complexity is rated high (AC:H) suggesting practical exploitation requires specific conditions. GitHub security advisory indicates vendor-patched release available.

Python XSS
NVD GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-33643 HIGH This Week

SQL injection in SchemaHero 0.23.0 allows remote attackers to execute arbitrary SQL commands through the column parameter in the mysqlColumnAsInsert function located in plugins/mysql/lib/column.go. The vulnerability affects the MySQL plugin component and enables attackers to manipulate database queries, potentially leading to unauthorized data access, modification, or deletion. Public proof-of-concept code is available, and CVSS/EPSS data are not yet assigned by NVD.

SQLi Schemahero
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-29953 HIGH This Week

SQL injection in SchemaHero 0.23.0 allows remote attackers to execute arbitrary SQL commands through the column parameter in the columnAsInsert function within the PostgreSQL plugin, potentially compromising database integrity and confidentiality. Public exploit documentation is available, indicating proof-of-concept code exists. CVSS and EPSS data are unavailable, limiting formal severity quantification.

SQLi PostgreSQL
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-34359 HIGH PATCH GHSA This Week

Authentication credential theft in HAPI FHIR Core library allows network attackers to intercept Bearer tokens, Basic auth credentials, and API keys through malicious URL prefix matching. The vulnerable `ManagedWebAccessUtils.getServer()` method uses unsafe `String.startsWith()` checks without host boundary validation, causing credentials configured for `http://tx.fhir.org` to be dispatched to attacker-controlled domains like `http://tx.fhir.org.attacker.com` when HTTP redirects occur. Affects Maven packages `ca.uhn.hapi.fhir:org.hl7.fhir.core` and `ca.uhn.hapi.fhir:org.hl7.fhir.utilities`. CVSS 7.4 (High) reflects network attack vector with high attack complexity requiring redirect manipulation. EPSS data not available; no confirmed active exploitation (CISA KEV), but detailed proof-of-concept code demonstrates the exploit chain through both SimpleHTTPClient and OkHttp redirect paths.

Java Information Disclosure
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-33028 HIGH PATCH GHSA This Week

Race condition in nginx-ui web interface allows remote authenticated attackers to corrupt the primary configuration file (app.ini) through concurrent API requests, resulting in persistent denial of service and potential remote code execution. The vulnerability affects nginx-ui versions prior to 2.3.4 deployed in production environments including Docker containers. Concurrent POST requests to /api/settings trigger unsynchronized file writes that interleave at the OS level, corrupting configuration sections and creating cross-contamination between INI fields. In non-deterministic scenarios, user-controlled input can overwrite shell command fields (ReloadCmd, RestartCmd), enabling arbitrary command execution during nginx reload operations. Public exploit code demonstrates the attack path using standard HTTP testing tools. No CISA KEV listing or EPSS data available at time of analysis, but proof-of-concept with detailed reproduction steps exists in the GitHub security advisory.

Race Condition Denial Of Service RCE Nginx Docker +2
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-33533 HIGH PATCH GHSA This Week

Cross-origin data exfiltration in Glances XML-RPC server (glances -s) allows any website to steal complete system monitoring data including hostname, OS details, process lists with command-line arguments, and network configuration through CORS misconfiguration. The server sends Access-Control-Allow-Origin: * on all responses and processes XML-RPC POST requests with Content-Type: text/plain without validation, bypassing browser CORS preflight checks. Default deployments run unauthenticated, making all network-accessible instances immediately exploitable. No public exploit identified at time of analysis, though detailed proof-of-concept code is included in the advisory.

Cors Misconfiguration Python Buffer Overflow Suse
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-33987 HIGH PATCH This Week

Heap buffer overflow in FreeRDP's persistent bitmap cache handling allows local attackers to corrupt memory integrity and crash the RDP client. Affecting all versions prior to 3.24.2, the vulnerability (CWE-122) occurs when memory reallocation fails but the buffer size variable is prematurely updated, creating a size/pointer mismatch. EPSS data not available, but marked medium priority by Ubuntu. No public exploit identified at time of analysis, though technical details are disclosed in the GitHub Security Advisory.

Heap Overflow Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-33982 HIGH PATCH This Week

Heap-buffer-overflow in FreeRDP's winpr_aligned_offset_recalloc() function allows local attackers with no privileges but requiring user interaction to trigger high-severity information disclosure and denial of service in versions prior to 3.24.2. The vulnerability involves a READ operation at 24 bytes before heap allocation boundaries (CWE-125: Out-of-bounds Read). Vendor-released patch version 3.24.2 available via GitHub commit a48dbde2c8. EPSS data not provided; no public exploit identified at time of analysis. Affects all FreeRDP installations below 3.24.2, tracked across 7 Debian releases.

Information Disclosure Buffer Overflow Suse Red Hat
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-4315 HIGH This Week

Cross-Site Request Forgery (CSRF) in WatchGuard Fireware OS WebUI allows remote attackers to trigger a denial-of-service condition against the Web UI by tricking an authenticated administrator into visiting a malicious webpage. This affects Fireware OS versions 11.8 through 11.12.4+541730, 12.0 through 12.11.8, and 2025.1 through 2026.1.2. The CVSS v4.0 score of 7.1 reflects high availability impact (VA:H) with no user authentication required (PR:N) but requiring user interaction (UI:P). No public exploit identified at time of analysis, though the attack complexity is low and the CSRF nature makes weaponization straightforward for adversaries targeting firewall administrators.

CSRF Fireware Os
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy