Skip to main content
CVE-2026-35091 HIGH PATCH This Week

Out-of-bounds read in Corosync allows unauthenticated remote attackers to crash cluster nodes and potentially leak memory via malformed UDP packets. Affects default totemudp/totemudpu configurations across Red Hat Enterprise Linux 7/8/9/10 and OpenShift Container Platform 4. CVSS 8.2 (High) with network attack vector, low complexity, and no authentication required. EPSS and exploitation status data not available; no public exploit identified at time of analysis. Impacts high-availability clustering infrastructure commonly used in enterprise production environments.

Denial Of Service Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +2
NVD VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-4924 HIGH This Week

Devolutions Server 2026.1.11 and earlier allows authenticated remote attackers to bypass two-factor authentication by reusing a partially authenticated session token, enabling unauthorized account access without completing the second authentication factor. The vulnerability affects all versions up to and including 2026.1.11, with no CVSS score or public exploit confirmation available at analysis time.

Authentication Bypass Server
NVD VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-4828 HIGH This Week

Devolutions Server versions 2026.1.11 and earlier allow authenticated remote attackers to bypass multi-factor authentication through improper validation of OAuth login requests, enabling account takeover without second-factor verification. CISA KEV status and exploit availability not confirmed at time of analysis.

Authentication Bypass Server
NVD VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-34593 HIGH PATCH GHSA This Week

BEAM VM atom table exhaustion in Ash Framework's Module type allows remote denial-of-service against Elixir applications. The ash package (all versions prior to v3.22.0) unconditionally creates Erlang atoms from user-supplied strings in Ash.Type.Module.cast_input/2 before validation, enabling attackers to crash the entire VM by submitting ~1 million unique 'Elixir.*' strings to any API endpoint with :module-typed attributes. Vendor patch released in commit 7031103 (v3.22.0). No public exploit identified at time of analysis, though the advisory provides detailed proof-of-concept code demonstrating trivial exploitation via repeated API requests.

Denial Of Service
NVD GitHub
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-34725 HIGH PATCH GHSA This Week

Stored XSS in DbGate npm package escalates to remote code execution in Electron desktop app via unsanitized SVG icon rendering. Attackers who inject malicious SVG payloads into application definition files can execute arbitrary JavaScript when victims view matching database entries. In the Electron desktop client, insecure configuration (nodeIntegration: true, contextIsolation: false) allows XSS payloads to invoke Node.js APIs, enabling local code execution including file system access. Web depl

XSS RCE PostgreSQL
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-34236 HIGH PATCH GHSA This Week

Insufficient entropy in cookie encryption within Auth0 PHP SDK versions 8.0.0 through 8.18.x enables brute-force attacks against session cookie encryption keys, potentially allowing authenticated threat actors with network access to forge arbitrary session cookies and bypass authentication controls. Vendor-released patch available in version 8.19.0. No public exploit identified at time of analysis, though CVSS score of 8.2 reflects high severity due to potential for complete authentication bypass with cross-scope impact.

PHP Information Disclosure Auth0
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2024-49048 HIGH PATCH GHSA This Week

### Impact TorchGeo 0.4-0.6.0 used an [`eval`](https://docs.python.org/3/library/functions.html#eval) statement in its model weight API that could allow an unauthenticated, remote attacker to execute. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft Python
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2026-34783 HIGH PATCH GHSA This Week

Path traversal in Ferret's IO::FS::WRITE and IO::FS::READ functions enables remote code execution when web scraping operators process attacker-controlled filenames. The vulnerability affects github.com/MontFerret/ferret (all v2.x and earlier versions), allowing malicious websites to write arbitrary files outside intended directories by injecting '../' sequences into filenames returned via scraped content. Attackers can achieve RCE by writing to /etc/cron.d/, ~/.ssh/authorized_keys, shell profile

Path Traversal RCE Privilege Escalation PHP Python
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-4101 HIGH PATCH This Week

Authentication bypass in IBM Verify Identity Access and IBM Security Verify Access (versions 10.0-10.0.9.1 and 11.0-11.0.2, both container and non-container deployments) allows remote attackers to gain unauthorized access under specific high-load conditions without authentication. The vulnerability carries an EPSS score indicating moderate exploitation probability, with vendor patch available but no confirmed active exploitation or public proof-of-concept at time of analysis. Attack complexity is rated high (AC:H), suggesting exploitation requires specific timing or environmental conditions related to load stress.

IBM Authentication Bypass
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-34522 HIGH PATCH GHSA This Week

Authenticated path traversal in SillyTavern's chat import API enables authenticated users to write arbitrary files outside intended directories. Attackers exploit unsanitized 'character_name' parameters in /api/chats/import (versions prior to 1.17.0) to inject traversal sequences (e.g., '../../../../tmp/malicious'), causing file writes to arbitrary filesystem locations accessible to the service account. With CVSS 8.1 (AV:N/AC:L/PR:L), this requires low-privilege authentication but no user intera

CSRF Path Traversal
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-5282 HIGH PATCH This Week

Out-of-bounds read in WebCodecs functionality in Google Chrome prior to version 146.0.7680.178 allows remote attackers to read arbitrary memory contents via a crafted HTML page. The vulnerability affects all Chrome versions before the patched release and requires only user interaction (visiting a malicious webpage) to trigger. No public exploit code or active exploitation has been confirmed at time of analysis.

Google Information Disclosure Buffer Overflow Debian Red Hat +2
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-34581 HIGH GHSA This Week

Authentication bypass in goshs (Go Simple HTTP Server) allows unauthenticated attackers to execute arbitrary system commands via WebSocket connections by exploiting a logic flaw in the BasicAuthMiddleware's share token validation. The middleware processes share tokens before credential checks, and attackers can combine a legitimate share token (intended for single-file downloads) with WebSocket query parameters to gain full CLI access. Confirmed actively exploited (CISA KEV). Public proof-of-concept code demonstrates remote command execution retrieving /etc/passwd. EPSS score indicates elevated exploitation probability given the simplicity of the attack chain.

Authentication Bypass Python
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-20155 HIGH This Week

Improper authorization in Cisco EPNM's REST API allows authenticated low-privilege attackers to access active user session data, including administrative credentials, enabling full device compromise. The vulnerability (CWE-862: Missing Authorization) affects the web management interface with CVSS 8.0 severity. Authentication is required (PR:L) but exploitation complexity is low once authenticated. No public exploit identified at time of analysis, with EPSS data unavailable for this 2026-dated CVE identifier.

Cisco Authentication Bypass Cisco Evolved Programmable Network Manager Epnm
NVD VulDB
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-34937 HIGH PATCH GHSA This Week

Command injection in PraisonAI's run_python() function allows authenticated local attackers to execute arbitrary operating system commands with the privileges of the application process. The vulnerability stems from incomplete input sanitization that fails to escape shell metacharacters ($() and backticks) before passing user-controlled code to subprocess.run() with shell=True. Attackers with low-privilege local access can exploit this to achieve full system compromise (confidentiality, integrity, and availability impact rated High). Proof-of-concept code demonstrates successful command injection via the praisonaiagents Python package. No active exploitation confirmed via CISA KEV at time of analysis, but publicly available exploit code exists in the GitHub security advisory.

Python Command Injection
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-3779 HIGH This Week

Use-after-free in Foxit PDF Reader and Editor allows arbitrary code execution when processing maliciously crafted PDF documents containing list box calculation arrays. The vulnerability (CVSS 7.8) occurs when stale references to deleted or re-created page/form objects persist in calculation logic, enabling local attackers to execute code with user privileges when victims open weaponized PDFs. No public exploit identified at time of analysis, though the memory corruption primitive is well-understood by exploit developers.

Use After Free RCE Memory Corruption Foxit Pdf Editor Foxit Pdf Reader
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23411 HIGH PATCH This Week

Use-after-free in Linux kernel AppArmor allows local authenticated users to achieve high confidentiality, integrity, and availability impact through a race condition between inode eviction and filesystem callbacks. The vulnerability stems from premature reference release of i_private data before inode cleanup completes. Patch available from kernel.org stable branches affecting Linux 4.13+ with Ubuntu marking priority=high across 729 releases. EPSS score of 0.02% suggests limited observed exploitation attempts despite widespread kernel deployment.

Linux Information Disclosure Race Condition
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23410 HIGH PATCH This Week

Use-after-free in Linux kernel AppArmor allows local authenticated attackers to achieve high-impact code execution, privilege escalation, or denial of service via race condition on rawdata inode dereference. Affects kernel 4.13+ including current LTS branches. Patches available for 6.6.130, 6.12.77, 6.18.18, 6.19.8, and 7.0-rc4. EPSS score is low (0.02%) with no public exploit identified at time of analysis, but Ubuntu rated this priority=high affecting 729 releases.

Linux Denial Of Service Race Condition
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23408 HIGH PATCH This Week

Double-free memory corruption in Linux kernel's AppArmor profile replacement allows local authenticated users to trigger kernel crashes or potentially execute arbitrary code with kernel privileges. The flaw affects Linux kernel versions from 5.5 onwards, with vendor patches available across multiple stable branches (6.6.130, 6.12.77, 6.18.18, 6.19.8, 7.0-rc4). EPSS exploitation probability is low (0.02%, 5th percentile) and no public exploit identified at time of analysis, though Ubuntu rates this medium priority with patches deployed across 729 releases.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23407 HIGH PATCH This Week

Out-of-bounds read and write in Linux kernel AppArmor DFA verification allows local authenticated users to cause memory corruption and potential privilege escalation. Affects Linux kernel 4.17+ through 6.12.x, actively patched in stable branches 6.6.130, 6.12.77, 6.18.18, and 6.19.8. The vulnerability occurs during AppArmor policy loading when malformed DFA structures bypass bounds checking in verify_dfa(). EPSS score of 0.02% suggests low exploitation probability in the wild; no public exploit code or CISA KEV listing identified. Ubuntu rates this medium priority with patches released via USN-8152-1.

Linux Buffer Overflow Debian Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23406 HIGH PATCH This Week

Out-of-bounds memory read in Linux kernel AppArmor DFA matching affects kernel versions since 4.17 due to macro side-effect bug. The match_char() macro evaluates its character parameter multiple times when called with *str++, causing the pointer to advance past buffer boundaries during differential encoding chain traversal. Ubuntu has released patches (USN-8152-1) with fixes available in kernels 6.6.130, 6.12.77, 6.18.18, 6.19.8, and 7.0-rc4. EPSS score of 0.02% (5th percentile) indicates very low exploitation probability, and no public exploit or CISA KEV listing exists. CVSS 7.8 reflects local high-privilege impact, but real-world risk is limited to authenticated local users who can trigger AppArmor path permission checks.

Linux Buffer Overflow Debian Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-3775 HIGH This Week

DLL search path hijacking in Foxit PDF Editor and Foxit PDF Reader update services enables local privilege escalation to SYSTEM. Low-privileged authenticated users can plant malicious libraries in writable directories that are resolved during update checks, achieving arbitrary code execution with elevated privileges. CVSS 7.8 (High) with low attack complexity. No public exploit identified at time of analysis, EPSS data not provided.

Privilege Escalation RCE Foxit Pdf Editor Foxit Pdf Reader
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33544 HIGH PATCH GHSA This Week

Authentication bypass via OAuth token race condition in tinyauth allows concurrent attackers to hijack user sessions and gain unauthorized access to victim accounts. The vulnerability affects tinyauth v5.0.4 and earlier versions where singleton OAuth service instances share mutable PKCE verifier and access token fields across all concurrent requests. When two users authenticate simultaneously with the same OAuth provider (GitHub, Google, or generic OAuth), the second request overwrites the first

Race Condition Authentication Bypass Microsoft
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-34936 HIGH PATCH GHSA This Week

Server-Side Request Forgery in PraisonAI's passthrough API allows authenticated remote attackers to access internal cloud metadata services and private network resources. The vulnerability affects the praisonai Python package where the passthrough() and apassthrough() functions accept unvalidated caller-controlled api_base parameters that are directly concatenated and passed to httpx requests. With default AUTH_ENABLED=False configuration, this is remotely exploitable to retrieve EC2 IAM credent

SSRF Elastic Redis Kubernetes Python
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-34746 HIGH PATCH GHSA This Week

Server-Side Request Forgery in Payload CMS versions prior to 3.79.1 allows authenticated users with upload permissions to force the server to make HTTP requests to arbitrary URLs, potentially exposing internal network resources and sensitive data. The vulnerability affects the upload functionality and enables information disclosure with high confidentiality impact. CVSS score of 7.7 reflects network-accessible attack vector with low complexity requiring only low-privilege authentication. No public exploit identified at time of analysis, though the vulnerability requires only basic authenticated access to upload-enabled collections.

SSRF Payload
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-25835 HIGH PATCH This Week

Mbed TLS before version 3.6.6 and TF-PSA-Crypto before version 1.1.0 contain a PRNG seed misuse vulnerability that enables information disclosure. An attacker who gains access to a seeded PRNG instance can potentially predict or replicate pseudo-random number generation, compromising cryptographic material confidentiality. The vulnerability affects cryptographic libraries used in embedded systems and IoT devices, with confirmed availability of vendor security advisories but no CVSS score assigned at time of analysis.

Information Disclosure
NVD VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-34222 HIGH PATCH GHSA This Week

Broken access control in Open WebUI allows authenticated users to access tool values across tenant boundaries, exposing sensitive information from other users' AI tool configurations. The vulnerability affects self-hosted Open WebUI instances prior to version 0.8.11. With CVSS 7.7 (High) and network-accessible attack vector requiring only low-privilege authentication, this represents a significant confidentiality breach in multi-tenant deployments. No public exploit identified at time of analysis, with EPSS data not yet available for this recent CVE.

Authentication Bypass Open Webui
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-13855 HIGH PATCH This Week

SQL injection in IBM Storage Protect Server 8.2.0 and Storage Protect Plus Server allows authenticated remote attackers to execute arbitrary SQL commands against the back-end database, enabling unauthorized data access, modification, or deletion. The vulnerability requires low attack complexity and low-level privileges (CVSS 7.6, PR:L), making it exploitable by any authenticated user. No public exploit identified at time of analysis, though SQL injection techniques are well-documented. EPSS data not provided, but SQL injection vulnerabilities historically see moderate exploitation rates when authentication barriers are low.

IBM SQLi
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2026-34742 HIGH PATCH GHSA This Week

DNS rebinding attacks can bypass same-origin policy in Model Context Protocol (MCP) Go SDK versions prior to 1.4.0, enabling malicious websites to send unauthorized requests to localhost HTTP servers. Affects servers using StreamableHTTPHandler or SSEHandler when run without authentication on localhost. No public exploit identified at time of analysis, though the attack technique (DNS rebinding) is well-documented. CVSS scoring unavailable, but real-world risk is constrained to non-recommended configurations lacking authentication.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.1%
CVE-2026-34874 HIGH PATCH This Week

NULL pointer dereference in Mbed TLS distinguished name (X.509) parsing allows remote attackers to trigger a denial of service by writing to address 0, affecting Mbed TLS versions 3.6.5 and earlier, and 4.0.0. The vulnerability is reachable during X.509 certificate processing and does not require authentication. No public exploit code or active exploitation has been confirmed at the time of analysis.

Null Pointer Dereference Denial Of Service
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-35092 HIGH PATCH This Week

Remote denial of service via integer overflow in Corosync cluster engine affects Red Hat Enterprise Linux 7-10 and OpenShift Container Platform 4. Unauthenticated attackers can send crafted UDP packets to crash Corosync services running in totemudp/totemudpu mode (CVSS 7.5, AV:N/PR:N). EPSS data not provided; no public exploit identified at time of analysis. Impacts high-availability cluster deployments where Corosync provides quorum and messaging services.

Denial Of Service Integer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-34376 HIGH PATCH This Week

Unauthorized access to password-protected PDFs in PdfDing versions prior to 1.7.0 allows unauthenticated remote attackers to bypass shared-link password verification and retrieve confidential documents via direct file-serving endpoint calls. The vulnerability (CWE-863: Incorrect Authorization) has CVSS 7.5 (High) severity with network attack vector requiring no privileges or user interaction. EPSS data not available; no evidence of active exploitation (not in CISA KEV). Publicly available exploit code exists via GitHub commit demonstrating the bypass mechanism. Vendor-released patch available in version 1.7.0.

Authentication Bypass Pdfding
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34601 HIGH PATCH NEWS GHSA This Week

XML injection in xmldom's CDATA serialization allows remote attackers to inject arbitrary markup into generated XML documents without authentication. The vulnerability affects both the legacy xmldom package and @xmldom/xmldom when applications embed untrusted input into CDATA sections. Attackers can break out of CDATA context by including the sequence ]]> in user-controlled strings, causing downstream XML consumers to parse injected elements as legitimate markup. Vendor-released patches are avai

Code Injection Mozilla
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25833 HIGH PATCH This Week

Buffer overflow in Mbed TLS versions 3.5.0 through 3.6.5 allows remote attackers to cause a denial of service or potentially execute arbitrary code via crafted input to the x509_inet_pton_ipv6() function used in X.509 certificate parsing. The vulnerability is fixed in Mbed TLS 3.6.6 and 4.1.0. No public exploit code or confirmed active exploitation has been identified at the time of analysis.

Buffer Overflow Stack Overflow
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-5284 HIGH PATCH This Week

Remote code execution in Google Chrome prior to 146.0.7680.178 via use-after-free vulnerability in Dawn graphics subsystem allows an attacker who has already compromised the renderer process to execute arbitrary code through a crafted HTML page. This vulnerability requires prior renderer compromise but presents significant risk in multi-process exploitation chains; vendor has released patched version 146.0.7680.178 to address the issue.

Google Use After Free RCE Memory Corruption Denial Of Service +4
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-5277 HIGH PATCH This Week

Integer overflow in ANGLE (Google's OpenGL abstraction layer) in Chrome on Windows before version 146.0.7680.178 enables out-of-bounds memory writes if the renderer process is compromised, allowing an attacker to execute arbitrary code with renderer privileges. The vulnerability requires prior renderer process compromise, limiting the immediate attack surface but representing a critical post-compromise escalation vector. Chromium severity is rated High; patch availability confirms vendor remediation.

Google Buffer Overflow Microsoft Debian Red Hat +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-4748 HIGH This Week

Packet filter (pf) rule hash calculation regression in FreeBSD causes rules with address range syntax (x.x.x.x - y.y.y.y) differing only in address ranges to be silently dropped as duplicates, loading only the first rule and potentially causing unexpected packet filtering behavior including unintended blocking or allowing of traffic. The regression affects pf's duplicate detection mechanism but does not impact rules using CIDR notation (address/mask-bits syntax). Only the first of multiple such rules is loaded, creating a silent configuration failure with no warning to administrators.

Information Disclosure Freebsd
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-0522 HIGH PATCH This Week

Local file inclusion in VertiGIS FM's upload/download mechanism allows authenticated attackers to read arbitrary server files by manipulating file paths during upload, with potential for remote code execution if web.config is obtained and NTLM-relay attacks via UNC path resolution. VertiGIS FM version 10.5.00119 and earlier are affected, and the vulnerability requires valid application credentials to exploit.

RCE Vertigis Fm
NVD VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2026-35099 HIGH PATCH This Week

Local privilege escalation to SYSTEM via race condition in Lakeside SysTrack Agent 11 (versions prior to 11.2.1.28) allows unauthenticated local attackers to gain complete system control through timing-dependent exploitation. EPSS risk assessment and KEV status not available at time of analysis; no public exploit identified at time of analysis. Attack complexity is rated high, requiring precise timing manipulation of concurrent operations.

Privilege Escalation Race Condition Systrack Agent
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-1345 HIGH PATCH This Week

Command injection vulnerability in IBM Security Verify Access and IBM Verify Identity Access (versions 10.0-10.0.9.1 and 11.0-11.0.2, both containerized and non-containerized deployments) allows remote unauthenticated attackers to execute arbitrary commands with lower user privileges. The vulnerability stems from improper validation of user-supplied input (CWE-78). With CVSS 7.3 and network-accessible attack vector requiring no authentication or user interaction, this represents a significant exposure for internet-facing identity and access management infrastructure. No public exploit identified at time of analysis, though EPSS data not provided. Vendor patch available per IBM advisory.

IBM Command Injection
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-3877 HIGH PATCH This Week

Reflected cross-site scripting in VertiGIS FM dashboard search functionality allows authenticated attackers to execute arbitrary JavaScript in victim browsers through malicious URLs. The vulnerability affects VertiGIS FM across versions and requires user interaction (victim clicking a crafted link), but provides no authentication bypass-victims must already be logged into the application. CVSS score is not available; exploitation requires victim interaction and authentication context.

XSS Vertigis Fm
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-20151 HIGH This Week

Privilege escalation in Cisco Smart Software Manager On-Prem (SSM On-Prem) web interface allows authenticated remote attackers with System User role to gain administrative access by intercepting session credentials from status messages. CVSS 7.3 (High severity) with network attack vector, low complexity, and requires low privileges plus user interaction. No public exploit code or active exploitation confirmed at time of analysis (EPSS data not provided).

Cisco Information Disclosure Cisco Smart Software Manager On Prem
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-30273 HIGH This Week

SQL injection in pandas-ai v3.0.0 allows remote code execution through the pandasai.agent.base._execute_sql_query component, enabling attackers to manipulate SQL queries and potentially access, modify, or exfiltrate database contents. No CVSS score, EPSS data, or KEV status is available; however, the vulnerability affects a widely-used data analysis library and publicly available proof-of-concept code exists, elevating real-world risk despite incomplete severity metrics.

SQLi
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-22768 HIGH PATCH This Week

Incorrect permission assignment in Dell AppSync 4.6.0 enables local privilege escalation to high-impact system access. Authenticated attackers with low-privilege local access can exploit misconfigured resource permissions to elevate privileges, achieving full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis. Dell has released security advisory DSA-2026-163 addressing this vulnerability. EPSS data unavailable; CVSS 7.3 reflects significant local threat requiring user interaction.

Dell Information Disclosure
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-22767 HIGH PATCH This Week

UNIX symbolic link following in Dell AppSync 4.6.0 allows local authenticated attackers with low privileges to tamper with information and potentially escalate impact to high integrity and availability compromise. CVSS 7.3 (High) with low attack complexity. No public exploit identified at time of analysis. EPSS data not available, but local-only access requirement significantly reduces real-world attack surface compared to remotely exploitable vulnerabilities.

Dell Information Disclosure
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-3780 HIGH This Week

Installer privilege escalation in Foxit PDF Reader and Foxit PDF Editor allows local authenticated users to execute arbitrary code with elevated system privileges via DLL search path manipulation. The installer's failure to use absolute paths for system executables enables attackers to plant malicious DLLs in user-writable directories that take precedence during installation, exploiting the trusted installer's elevated permissions. EPSS data not available; no public exploit identified at time of analysis; not listed in CISA KEV.

Privilege Escalation Foxit Pdf Reader Foxit Pdf Editor
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-29782 HIGH PATCH GHSA This Week

Remote code execution in OpenSTAManager v2.10.1 and earlier allows authenticated attackers to achieve unauthenticated RCE via chained exploitation of arbitrary SQL injection (GHSA-2fr7-cc4f-wh98) and insecure PHP deserialization in the oauth2.php endpoint. The unauthenticated oauth2.php file calls unserialize() on attacker-controlled database content without class restrictions, enabling gadget chain exploitation (Laravel/RCE22) to execute arbitrary system commands as www-data. Attack requires in

PHP Deserialization Docker Denial Of Service Google +2
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-34591 HIGH PATCH GHSA This Week

Path traversal in Poetry's wheel installer (versions prior to 2.3.3) allows malicious Python packages to write arbitrary files outside the installation directory during package installation. Attackers can craft wheel files containing ../ directory traversal sequences that bypass containment checks, enabling file overwrite with Poetry process privileges. This directly threatens CI/CD pipelines and developer workstations installing untrusted packages from PyPI or private repositories. No active exploitation confirmed at time of analysis, but a functional proof-of-concept is publicly documented in the GitHub advisory.

Path Traversal Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-34598 HIGH PATCH GHSA This Week

Stored cross-site scripting (XSS) in YesWiki allows unauthenticated attackers to inject malicious JavaScript through form title fields, achieving persistent code execution in browsers of all users viewing affected pages. The vulnerability requires no authentication and affects the BazaR form component, with publicly available exploit code demonstrating injection via the 'Name of the event' and 'Description' fields. Successful exploitation enables session hijacking, credential theft, and arbitrary actions in victim contexts including administrative users.

XSS
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-34604 HIGH PATCH GHSA This Week

Path traversal via symlink/junction bypass in @tinacms/graphql FilesystemBridge allows authenticated remote attackers with low privileges to read, write, and delete arbitrary files outside the configured content root. The vulnerability exploits a realpath canonicalization gap where path validation checks lexical string paths but filesystem operations follow symlink targets. Attack complexity is high (CVSS AC:H) as it requires pre-existing symlinks/junctions within the content tree or the ability

Path Traversal Microsoft Canonical
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-34603 HIGH PATCH GHSA This Week

TinaCMS CLI media handlers can be bypassed via symlink/junction traversal, allowing authenticated low-privilege attackers to list, write, and delete files outside the configured media root directory. The vulnerability exists in @tinacms/cli's dev server media routes despite recent path-traversal hardening, because validation performs only lexical string checks without resolving symlink targets. Attack complexity is high (requires pre-existing symlink under media root), but impact is significant with confirmed read/write primitives. Vendor patch available via GitHub commit f124eaba. EPSS and KEV data not provided; no public exploit identified at time of analysis beyond researcher's local Windows junction proof-of-concept.

Path Traversal Microsoft Canonical
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy