Skip to main content
CVE-2026-4399 HIGH This Week

Prompt injection in 1millionbot Millie chatbot allows remote attackers to bypass chat restrictions using Boolean logic techniques, enabling retrieval of prohibited information and execution of unintended tasks including potential abuse of OpenAI API keys. The vulnerability exploits insufficient input validation in the LLM's containment mechanisms, permitting attackers to reformulate queries in ways that trigger affirmative responses ('true') that then execute injected instructions outside the chatbot's intended scope.

Code Injection Millie Chat
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-27489 HIGH PATCH GHSA This Week

Symlink-based path traversal in ONNX Python library allows local attackers to read arbitrary files on the host system when loading maliciously crafted ONNX models with external data. Affected users who load untrusted ONNX models from compressed archives or external sources may inadvertently expose sensitive files (/etc/passwd, environment variables via /proc/1/environ, etc.). Publicly available exploit code exists with a detailed proof-of-concept demonstrating the vulnerability. No EPSS score or CISA KEV listing available at time of analysis, suggesting exploitation is not yet widespread.

Path Traversal Python
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-32957 HIGH PATCH GHSA This Week

Arbitrary code execution in baserCMS versions before 5.2.3 allows authenticated administrators to achieve remote code execution via malicious PHP files embedded in backup restore archives. The vulnerability exploits unsafe file inclusion during ZIP extraction in the restore function, where uploaded PHP files are executed via require_once without filename validation. No public exploit identified at time of analysis, though EPSS score of 0.00043 (0.043%) and CVSS 8.7 indicate moderate theoretical risk mitigated by high privilege requirements (PR:H).

PHP RCE File Upload
NVD GitHub VulDB
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-10553 HIGH This Week

Stored cross-site scripting in Dassault Systèmes DELMIA Factory Resource Manager (R2023x through R2025x) allows authenticated attackers to inject malicious scripts that execute in victims' browser sessions with changed scope impact. CVSS 8.7 severity reflects the scope change (S:C) enabling attacks beyond the vulnerable component's privileges. No public exploit code identified and not listed in CISA KEV at time of analysis, though the low attack complexity (AC:L) indicates straightforward exploitation once authenticated access is obtained.

XSS Delmia Factory Resource Manager
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-10551 HIGH This Week

Stored Cross-Site Scripting (XSS) in Dassault Systèmes ENOVIA Collaborative Industry Innovator's Document Management module enables authenticated attackers to inject malicious scripts that execute in other users' browser sessions across 3DEXPERIENCE releases R2023x through R2025x. With CVSS 8.7 (High severity) and scope change (S:C), successful exploitation allows session hijacking, credential theft, and persistent compromise of users accessing manipulated documents. EPSS data not available; no public exploit identified at time of analysis, though the low attack complexity (AC:L) makes exploitation straightforward once an attacker gains low-privilege access (PR:L).

XSS Enovia Collaborative Industry Innovator
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-32982 HIGH PATCH This Week

Telegram bot token exposure in OpenClaw's media download error handling allows unauthenticated remote attackers to harvest sensitive API credentials through information disclosure. Versions prior to 2026.3.13 embed complete Telegram file URLs containing bot tokens in MediaFetchError exceptions, leaking credentials to application logs and error surfaces. With EPSS data unavailable and no CISA KEV listing, no public exploit identified at time of analysis, though the vulnerability requires minimal technical sophistication to exploit given the network-accessible attack vector and low complexity (CVSS:3.1/AV:N/AC:L/PR:N).

Information Disclosure Openclaw
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-34585 HIGH PATCH GHSA This Week

Stored cross-site scripting (XSS) in SiYuan personal knowledge management system versions prior to 3.6.2 escalates to remote code execution in the Electron desktop client. Attackers craft malicious .sy.zip import files containing HTML entities mixed with raw special characters that bypass server-side attribute escaping, injecting event handlers into imported notes. When victims open the compromised note in the Electron client, injected JavaScript executes with full Node/Electron API access, enabling arbitrary code execution. CVSS 8.6 (High) with local attack vector requiring user interaction; no public exploit identified at time of analysis.

XSS RCE Siyuan
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-32920 HIGH PATCH GHSA This Week

Remote code execution in OpenClaw (versions prior to 2026.3.12) enables attackers to execute arbitrary malicious code when users open compromised repositories. The vulnerability stems from automatic plugin loading from .OpenClaw/extensions/ directories without trust verification, allowing attackers to embed malicious workspace plugins in cloned Git repositories. CVSS 9.8 (Critical) reflects network-based exploitation requiring no authentication or user interaction. No public exploit identified at time of analysis, though the attack mechanism is straightforward for social engineering scenarios targeting developers.

RCE Openclaw
NVD GitHub
CVSS 4.0
8.6
EPSS
0.1%
CVE-2026-33276 HIGH PATCH This Week

Stored cross-site scripting (XSS) in Checkmk 2.5.0 beta versions before 2.5.0b2 allows authenticated users with host or service creation permissions to inject malicious JavaScript that executes in the browsers of other users when they perform searches via the Unified Search feature, potentially enabling session hijacking, credential theft, or administrative account compromise.

XSS Checkmk
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-34503 HIGH PATCH GHSA This Week

WebSocket session fixation in OpenClaw before version 2026.3.28 enables attackers to maintain unauthorized access after credential revocation. The vulnerability permits unauthenticated remote attackers (CVSS PR:N) to exploit persistent WebSocket connections that fail to terminate when device tokens are revoked, resulting in high confidentiality impact. No public exploit identified at time of analysis, though the attack vector is network-accessible with low complexity. EPSS data not available; affects OpenClaw deployments with WebSocket-based device communication.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-30284 HIGH This Week

Arbitrary file overwrite in UXGROUP LLC Voice Recorder v10.0 allows remote attackers to overwrite critical internal files through the file import mechanism, enabling arbitrary code execution or sensitive information exposure. No CVSS score, EPSS data, or KEV status was available at analysis time; exploitation likelihood cannot be quantified from standard metrics, but the presence of publicly documented vulnerability research suggests active security scrutiny.

RCE Information Disclosure Voice Recorder
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-2123 HIGH This Week

Privilege escalation in OpenText Operations Agent versions 12.29 and earlier on Windows allows local attackers to execute arbitrary code by placing malicious executables in specific writeable directories, which the agent subsequently executes with elevated privileges. The vulnerability requires local access and specific conditions to be present but does not require prior authentication to the agent itself. No public exploit code has been identified, and there is no confirmation of active exploitation at time of analysis.

Microsoft Privilege Escalation
NVD VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-33577 HIGH PATCH GHSA This Week

Privilege escalation in OpenClaw versions prior to 2026.3.28 enables unauthenticated remote attackers to approve node pairings with unauthorized elevated scopes, bypassing authorization controls through missing callerScopes validation in the node pairing approval mechanism. This vulnerability (CWE-863: Incorrect Authorization) allows attackers to extend privileges onto paired nodes beyond their intended authorization level. CVSS 9.8 Critical with network-accessible attack vector requiring no authentication or user interaction. No public exploit identified at time of analysis, with EPSS data not available for this recent CVE.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-20915 HIGH PATCH This Week

Stored cross-site scripting (XSS) in Checkmk 2.5.0 beta allows authenticated users with pending change permissions to inject malicious JavaScript into the Pending Changes sidebar, executing in the browsers of other users who view that sidebar. This vulnerability affects the beta release 2.5.0 before version 2.5.0b2 and requires existing user authentication with specific permissions to exploit.

XSS Checkmk
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-30279 HIGH This Week

Arbitrary file overwrite in My Location Travel Timeline v11.80 by Squareapps LLC permits attackers to overwrite critical internal files through the file import process, resulting in arbitrary code execution or information disclosure. Attack vector and complexity details are not confirmed from available CVSS data, and active exploitation status is unconfirmed.

Path Traversal RCE Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-30277 HIGH This Week

Arbitrary file overwrite in PDF Reader App TA/UTAX Mobile Print v3.7.2.251001 allows remote attackers to overwrite critical internal files during the file import process, potentially leading to remote code execution or unauthorized information exposure. The vulnerability affects a mobile print utility with demonstrated proof-of-concept documentation available on GitHub, though CVSS scoring and formal vendor patch status remain unavailable at time of analysis.

Path Traversal RCE Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-30290 HIGH This Week

Arbitrary file overwrite in InTouch Contacts & Caller ID APP v6.38.1 allows remote attackers to overwrite critical internal files through the file import process, enabling arbitrary code execution or sensitive information exposure. Affected versions are limited to 6.38.1; no CVSS score, EPSS, or active exploitation status (KEV) is available at this time, though the vulnerability chain to RCE presents material risk.

Path Traversal RCE Information Disclosure
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-14213 HIGH This Week

Command injection in Cato Networks Socket (versions prior to 25) enables authenticated administrators with web interface access to execute arbitrary commands as root on the underlying system. The vulnerability requires high-level privileges (CVSS PR:H) but offers complete system compromise once accessed, with network-based attack vector and low complexity. No public exploit identified at time of analysis, though the command injection class (CWE-78) is well-understood and straightforward to weaponize once administrative credentials are obtained.

Command Injection Socket
NVD
CVSS 4.0
8.3
EPSS
0.3%
CVE-2026-32725 HIGH PATCH This Week

Authorization bypass in scitokens-cpp library (all versions prior to 1.4.1) allows authenticated attackers to escape path-based scope restrictions via parent-directory traversal in token scope claims. The library incorrectly normalizes '..' components instead of rejecting them, enabling privilege escalation to access resources outside intended directories. EPSS data not provided, but the vulnerability is network-exploitable with low attack complexity (CVSS 8.3). No confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis, though the fix commit is publicly documented.

Path Traversal Suse
NVD GitHub
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-24148 HIGH NEWS This Week

NVIDIA Jetson system initialization flaw allows authenticated remote attackers to exploit insecure default machine IDs, enabling cross-device information disclosure of encrypted data and tampering. Affects JetPack on Xavier and Orin series devices. CVSS 8.3 (High) with network attack vector and low complexity. EPSS data not available; no confirmed active exploitation (CISA KEV status not present). The vulnerability enables attackers with low-level privileges to compromise multiple devices sharing identical default machine identifiers, undermining cryptographic protections and system integrity across the device fleet.

Information Disclosure Denial Of Service Nvidia
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-27124 HIGH PATCH GHSA This Week

FastMCP OAuthProxy allows authentication bypass through a Confused Deputy attack, enabling attackers to hijack victim OAuth sessions and gain unauthorized access to MCP servers. When victims who previously authorized a legitimate MCP client are tricked into opening a malicious authorization URL, the OAuthProxy fails to validate browser-bound consent, redirecting valid authorization codes to attacker-controlled clients. This affects the GitHubProvider integration and potentially all OAuth providers that skip consent prompts for previously authorized applications. No public exploit identified at time of analysis, though detailed reproduction steps are publicly documented in the GitHub security advisory.

Authentication Bypass Microsoft
NVD GitHub
CVSS 4.0
8.2
EPSS
0.1%
CVE-2026-34573 HIGH PATCH GHSA This Week

GraphQL query complexity validator in Parse Server allows remote denial-of-service via crafted queries with binary fan-out fragment spreads, blocking the Node.js event loop for seconds with a single unauthenticated request. Parse Server versions prior to 8.6.68 and 9.7.0-alpha.12 are affected when requestComplexity.graphQLDepth or requestComplexity.graphQLFields options are enabled. EPSS data not provided; no public exploit identified at time of analysis. CVSS 8.2 (High) reflects network-accessible attack with low complexity requiring no privileges, causing high availability impact.

Node.js Information Disclosure
NVD GitHub
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-34784 HIGH PATCH GHSA This Week

Parse Server versions prior to 8.6.71 and 9.7.1-alpha.1 allow HTTP Range requests to bypass the afterFind trigger and its validators when downloading files from streaming-capable storage adapters like GridFS, enabling unauthorized access to protected files that should be restricted by authentication or authorization logic. This authentication bypass affects all deployments using affected versions with file protection policies enforced via afterFind triggers.

Node.js Authentication Bypass
NVD GitHub
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-34528 HIGH PATCH GHSA This Week

File Browser's self-registration mechanism grants arbitrary shell command execution to unauthenticated attackers when administrators enable signup alongside server-side execution. The signupHandler inherits Execute permissions and Commands lists from default user templates but only strips Admin privileges, allowing newly registered users to immediately execute arbitrary commands via WebSocket with the process's full privileges. Vendor patch available. EPSS data not provided, but the specific configuration requirement (signup + enableExec + Execute in defaults) significantly narrows the attack surface despite the network-accessible, unauthenticated attack vector (CVSS 8.1 High). No confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis beyond the detailed proof-of-concept in the advisory.

Privilege Escalation Node.js
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-32727 HIGH PATCH GHSA This Week

Path traversal in SciTokens library (all versions before 1.9.7) allows authenticated attackers to bypass directory access restrictions and access unauthorized files. Attackers can inject dot-dot-slash sequences (..) into JWT scope claims to escape intended authorization boundaries due to improper path normalization during enforcement checks. CVSS 8.1 (High) with network attack vector and low complexity. EPSS data not available; no confirmed active exploitation (CISA KEV) identified at time of analysis, though publicly available exploit code exists via GitHub advisory and commit references.

Path Traversal Scitokens
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-25726 HIGH PATCH GHSA This Week

Weak pseudo-random number generation in Cloudreve enables JWT forgery and complete account takeover on instances initialized before v4.10.0. Attackers can brute-force the PRNG seed (achievable in under 3 hours on consumer hardware) by obtaining administrator creation timestamps via public APIs and validating against known hashids, then forge valid JWTs for any user including administrators. No public exploit confirmed at time of analysis, though detailed attack methodology is disclosed. CVSS 8.1 (High) reflects network-accessible privilege escalation despite high attack complexity requiring cryptographic brute-forcing.

Privilege Escalation OpenSSL
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-32726 HIGH PATCH This Week

Authorization bypass in SciTokens C++ library (versions prior to 1.4.1) allows authenticated attackers to access unauthorized filesystem paths via flawed scope validation. The library's path-prefix matching does not enforce path-segment boundaries, enabling a token scoped to '/data/project1' to incorrectly authorize access to '/data/project10' or '/data/project1-backup'. CVSS 8.1 (High) reflects the significant confidentiality and integrity impact, though exploitation requires low-privilege authenticated access (PR:L). No public exploit identified at time of analysis, with EPSS data not available for recent CVE. Vendor-released patch available in version 1.4.1.

Authentication Bypass Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-32716 HIGH PATCH GHSA This Week

Authorization bypass in SciTokens library (versions prior to 1.9.6) allows authenticated users with valid tokens scoped to specific paths to access unintended sibling paths through flawed prefix-matching validation logic. An attacker with a token for '/john' can access '/johnathan' or '/johnny' due to incorrect string prefix validation in the Enforcer component, enabling unauthorized data access and modification (CVSS 8.1, High integrity/confidentiality impact). No public exploit identified at time of analysis, though the vulnerability is straightforward to exploit with valid credentials (EPSS data not provided, CVSS complexity rated Low).

Authentication Bypass Scitokens
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2024-14031 HIGH PATCH This Week

Sereal::Encoder versions from 4.000 through 4.009_002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Sereal
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2024-14030 HIGH PATCH This Week

Sereal::Decoder versions from 4.000 through 4.009_002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Sereal
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-34394 HIGH GHSA This Week

Cross-site request forgery in WWBN AVideo 26.0 and earlier enables remote attackers to reconfigure critical plugin settings through forged requests targeting admin/save.json.php. The endpoint lacks CSRF token validation while the application sets SameSite=None cookies, allowing attackers to manipulate payment processors, authentication providers, and cloud storage credentials by tricking authenticated administrators into visiting malicious pages. No vendor-released patch identified at time of analysis. EPSS data unavailable; not listed in CISA KEV; no public exploit identified at time of analysis, though exploitation requires only standard CSRF techniques.

CSRF PHP
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-0596 HIGH PATCH GHSA This Week

Command injection in MLflow's MLServer integration allows unauthenticated adjacent network attackers to execute arbitrary commands when models are served with enable_mlserver=True. Unsanitized model_uri parameters embedded in bash -c commands enable shell metacharacter exploitation (command substitution via $() or backticks). With CVSS 9.6 (Critical) and adjacent network attack vector, this poses significant risk in multi-tenant MLOps environments where lower-privileged users can control model URIs served by higher-privileged services. No public exploit code identified at time of analysis, with EPSS data not yet available for this recent CVE.

Command Injection Privilege Escalation Mlflow Mlflow
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-34054 HIGH PATCH This Week

Local privilege escalation via hardcoded build path in vcpkg's OpenSSL binaries affects Windows users of the C/C++ package manager prior to version 3.6.1#3. The vulnerability allows authenticated local attackers with low privileges to achieve high confidentiality, integrity, and availability impact (CVSS 7.8) by exploiting the hardcoded openssldir path that references the original build machine. Upstream fix available (PR #50518, commit 5111afd); patched version 3.6.1#3 released. No public exploit identified at time of analysis, with EPSS data not available for this recent CVE.

OpenSSL Microsoft Information Disclosure
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24165 HIGH This Week

Deserialization of untrusted data in NVIDIA BioNeMo Framework enables local attackers to execute arbitrary code, cause denial of service, disclose sensitive information, or tamper with data when users open malicious files. CVSS 7.8 (High) reflects local attack vector requiring user interaction. EPSS data not available; no public exploit identified at time of analysis. Affects NVIDIA BioNeMo Framework, a platform for AI-driven drug discovery and biomolecular research.

Deserialization RCE Denial Of Service Information Disclosure Nvidia
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-30309 HIGH This Week

InfCode's terminal auto-execution module fails to properly validate PowerShell commands due to an ineffective blacklist and lack of semantic parsing, allowing attackers to bypass command filtering through syntax obfuscation. When a user imports a specially crafted file into the IDE, the Agent executes arbitrary PowerShell commands without user confirmation, leading to remote code execution or sensitive data exfiltration. No public exploit code or active exploitation has been confirmed at time of analysis.

Command Injection Information Disclosure Microsoft
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-3308 HIGH This Week

Heap overflow in MuPDF 1.27.0 PDF parser enables arbitrary code execution when victims open maliciously crafted PDF files. Integer overflow in pdf_load_image_imp function allows heap-based buffer overflow through crafted PDF image objects. Upstream fix committed (a26f0142e7) but packaged release version unconfirmed. EPSS probability low (0.02%, 4th percentile) indicates theoretical risk without active exploitation campaigns. Requires local file access and user interaction (opening malicious PDF), limiting remote attack scenarios but viable for phishing/watering hole attacks.

Integer Overflow RCE Buffer Overflow Mupdf PyMuPDF
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34200 HIGH PATCH This Week

Nhost CLI MCP server before version 1.41.0 allows cross-origin requests without authentication when explicitly configured to listen on a network port, enabling malicious websites to invoke privileged tools using developer credentials. The vulnerability requires two explicit non-default configuration steps and does not affect the default configuration, significantly limiting real-world exposure.

Authentication Bypass Nhost
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-34163 HIGH PATCH This Week

Server-Side Request Forgery (SSRF) in FastGPT's Model Context Protocol (MCP) tools endpoints allows authenticated attackers to probe internal networks, access cloud metadata services (e.g., AWS/GCP instance credentials), and interact with backend databases like MongoDB and Redis. Affects FastGPT versions prior to 4.14.9.5. The vulnerability has CVSS 7.7 (High) with scope change indicating potential lateral movement to other system components. EPSS data not available; no confirmed active exploitation (not in CISA KEV). Public exploit code exists via GitHub security advisory GHSA-x9vj-5m4j-9mfv with technical details and proof-of-concept guidance.

SSRF Redis
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-5190 HIGH PATCH This Week

Memory corruption leading to arbitrary code execution affects AWS C Event Stream library versions before 0.6.0 when clients process malicious event-stream messages from attacker-controlled servers. The out-of-bounds write vulnerability in the streaming decoder requires high attack complexity and user interaction (CVSS:3.1/AV:N/AC:H/PR:N/UI:R), but grants complete control over confidentiality, integrity, and availability if successfully exploited. No public exploit identified at time of analysis, with EPSS data unavailable for this 2026-dated CVE. Vendor-released patch version 0.6.0 addresses the issue.

Buffer Overflow RCE Memory Corruption Suse
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-29870 HIGH This Week

Directory traversal in agentic-context-engine up to version 0.7.1 enables arbitrary file writes through the checkpoint_dir parameter in OfflineACE.run, exploiting inadequate path normalization in the save_to_file method. Unauthenticated attackers can overwrite arbitrary files within the application process's permissions scope, potentially achieving code execution, privilege escalation, or application compromise depending on deployment context and file system layout.

Path Traversal Privilege Escalation RCE
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.1%
CVE-2026-34529 HIGH PATCH GHSA This Week

Stored XSS in File Browser's EPUB preview function (versions ≤v2.62.1) allows authenticated attackers to steal JWT tokens and escalate privileges by uploading malicious EPUB files. The vulnerability arises from passing allowScriptedContent:true to the epub.js library combined with an ineffective iframe sandbox (allow-scripts + allow-same-origin), enabling JavaScript in crafted EPUBs to access parent frame localStorage. CVSS 7.6 (AV:N/AC:L/PR:L/UI:R/S:C). No public exploit identified at time of analysis beyond the detailed PoC in the advisory. EPSS data not available. Vendor-released patch available per GitHub advisory. Low-privilege users with file upload permissions can weaponize this to compromise administrator sessions.

XSS Privilege Escalation Python Docker Mozilla
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-24154 HIGH This Week

Command injection in NVIDIA Jetson Linux initrd allows physical attackers to execute arbitrary code with elevated privileges across Jetson Xavier, Orin, and Thor series devices. An attacker with physical access can inject malicious command-line arguments during boot without authentication (CVSS:3.1/AV:P/AC:L/PR:N), leading to complete system compromise including root-level code execution, denial of service, and data exfiltration. EPSS data not available; no public exploit identified at time of analysis, though the low attack complexity (AC:L) and physical-only requirement (AV:P) suggest exploitation is straightforward for adversaries with device access.

Command Injection RCE Denial Of Service Information Disclosure Nvidia
NVD VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-34365 HIGH PATCH This Week

Server-Side Request Forgery in InvoiceShelf 2.x allows authenticated administrators to exfiltrate internal network data via malicious HTML in estimate PDF generation. The vulnerability stems from unsanitized user input passed to the Dompdf rendering library, enabling arbitrary HTTP requests from the server. Exploitable through PDF preview and customer view endpoints without requiring email functionality. Patched in version 2.2.0. CVSS 7.6 reflects high confidentiality impact with scope change (C:H/S:C), requiring high privileges (PR:H) but low attack complexity over network vector. No confirmed active exploitation (not in CISA KEV), but the technical barrier is low for authenticated attackers with administrative access.

SSRF Invoiceshelf
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-34367 HIGH PATCH This Week

Server-Side Request Forgery in InvoiceShelf prior to version 2.2.0 allows authenticated high-privilege users to force the server to make arbitrary HTTP requests through the invoice PDF generation module. Attackers can inject malicious HTML into the invoice Notes field, which Dompdf processes without sanitization, fetching remote resources and potentially accessing internal network services or exfiltrating data via out-of-band channels. EPSS data not available; no public exploit identified at time of analysis. The CVSS score of 7.6 reflects high confidentiality impact with scope change, indicating potential for significant internal network reconnaissance.

SSRF Invoiceshelf
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-34366 HIGH PATCH This Week

Server-Side Request Forgery in InvoiceShelf's PDF payment receipt generation allows authenticated high-privilege users to make arbitrary HTTP requests from the server through unsanitized HTML injection in payment Notes fields. The vulnerability affects InvoiceShelf versions prior to 2.2.0, leveraging the Dompdf library's resource fetching behavior to pivot attacks against internal network resources or exfiltrate data via DNS/HTTP channels. CVSS 7.6 reflects network-accessible attack with low complexity but high privileges required and cross-scope impact. No public exploit identified at time of analysis, with EPSS data unavailable for this recent CVE. Vendor-released patch available in version 2.2.0 per GitHub security advisory.

SSRF Invoiceshelf
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-5201 HIGH PATCH This Week

Heap-based buffer overflow in gdk-pixbuf's JPEG image loader enables remote denial of service through malformed JPEG images without user interaction. The vulnerability triggers during automated image processing operations like thumbnail generation across Red Hat Enterprise Linux 6 through 10, allowing unauthenticated network attackers to crash applications that process JPEG images. EPSS score of 0.09% (25th percentile) suggests low observed exploitation activity, consistent with SSVC assessment showing no active exploitation despite the vulnerability being fully automatable.

Heap Overflow Denial Of Service Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-34731 HIGH PATCH GHSA This Week

Unauthenticated attackers can remotely terminate any active live stream in WWBN AVideo 26.0 and prior by sending crafted POST requests to the on_publish_done.php endpoint in the Live plugin. The vulnerability combines two weaknesses: an unauthenticated stats.json.php endpoint that exposes active stream keys, and the on_publish_done.php RTMP callback handler that processes stream termination requests without authentication or authorization checks. This enables complete denial-of-service against all platform live streaming functionality. CVSS 7.5 (High) with network attack vector, low complexity, and no privileges required. No vendor-released patch identified at time of analysis; EPSS data not available.

PHP Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-34381 HIGH PATCH GHSA This Week

Unauthenticated remote access to restricted documents in Admidio 5.0.0-5.0.7 Docker deployments allows disclosure of role-protected files. The Docker image's Apache configuration disables .htaccess processing (AllowOverride None), bypassing intended access controls on uploaded documents. Attackers can directly retrieve files via HTTP without authentication using paths disclosed in upload response JSON. CVSS 7.5 (High) with network-based attack vector and no authentication required. No public exploit identified at time of analysis, though exploitation is straightforward given the configuration flaw.

Apache Docker Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-5087 HIGH This Week

PAGI::Middleware::Session::Store::Cookie through version 0.001003 generates cryptographically weak initialization vectors (IVs) for session cookie encryption by falling back to Perl's built-in rand() function when /dev/urandom is unavailable, particularly affecting Windows systems. This predictable IV generation enables attackers to decrypt and tamper with session data stored in cookies, compromising session confidentiality and integrity. No active exploitation has been confirmed, but the vulnerability affects all deployments on systems lacking /dev/urandom access.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34240 HIGH PATCH GHSA This Week

JWT token forgery in appsup-dart/jose library (versions prior to 0.3.5+1) enables remote attackers to bypass authentication by embedding attacker-controlled public keys in JOSE headers. The library incorrectly accepts header-supplied 'jwk' parameters as trusted verification keys without validating they exist in the application's trusted keystore, allowing unauthenticated attackers to sign arbitrary tokens with their own key pairs. EPSS data not available; no public exploit identified at time of analysis, though exploitation requires only standard JWT manipulation tools.

Jwt Attack Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy