Skip to main content
CVE-2026-2699 CRITICAL POC PATCH NEWS Act Now

Unauthenticated remote code execution affects Progress ShareFile Storage Zones Controller versions up to 5.12.3 via unauthorized access to restricted configuration pages. Attackers can modify system configuration remotely without authentication, leading to complete system compromise. Publicly available exploit code exists (watchTowr Labs GitHub). EPSS score of 0.41% suggests relatively low observed exploitation despite critical CVSS 9.8 rating and POC availability. Vendor patch released per ShareFile security advisory.

RCE Sharefile Storage Zones Controller
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-2701 CRITICAL POC NEWS Act Now

Remote code execution in Progress ShareFile Storage Zones Controller versions up to 5.12.3 allows high-privileged authenticated users to upload and execute malicious files on the server. The CVSS 9.1 score reflects scope change and total system compromise. Publicly available exploit code exists (confirmed by Italian CERT), though EPSS probability remains low at 0.19% and no active exploitation is confirmed by CISA KEV. Real-world risk depends heavily on authentication controls and privileged account management in ShareFile deployments.

RCE File Upload Sharefile Storage Zones Controller
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-5350 HIGH POC Monitor

Stack-based buffer overflow in Trendnet TEW-657BRM 1.00.1 wireless router allows authenticated remote attackers to achieve code execution via the update_pcdb function in /setup.cgi by manipulating the mac_pc_dba parameter. This vulnerability affects a product discontinued since June 2011 (14+ years end-of-life) with no vendor support or patches available. Publicly available exploit code exists, elevating immediate risk for organizations still operating legacy deployments. CVSS 7.4 with low attack complexity and proof-of-concept availability make this a practical exploitation target despite requiring low-privilege authentication.

Buffer Overflow Stack Overflow Tew 657Brm
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5349 HIGH POC Monitor

Stack-based buffer overflow in Trendnet TEW-657BRM router firmware 1.00.1 allows authenticated remote attackers to achieve arbitrary code execution via the mac_pc_dba parameter in /setup.cgi's add_apcdb function. The product was discontinued in 2011 and receives no vendor support. A public exploit exists on GitHub, significantly lowering the barrier for exploitation against unpatched devices still deployed in production environments.

Buffer Overflow Stack Overflow Tew 657Brm
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-1540 HIGH POC PATCH This Week

Remote code execution in Spam Protect for Contact Form 7 WordPress plugin before version 1.2.10 allows authenticated users with editor-level privileges to achieve arbitrary code execution by crafting malicious headers that are logged to a PHP file. The vulnerability is publicly exploitable with proof-of-concept code available, making it a critical risk for WordPress installations using affected plugin versions.

WordPress PHP RCE Code Injection
NVD VulDB WPScan
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-34976 CRITICAL PATCH GHSA Act Now

Unauthenticated remote attackers can trigger complete database overwrites, server-side file reads, and SSRF attacks against Dgraph graph database servers (v24.x, v25.x prior to v25.3.1) via the admin API's restoreTenant mutation. The mutation bypasses all authentication middleware due to missing authorization configuration, allowing attackers to provide arbitrary backup source URLs (including file:// schemes for local filesystem access), S3/MinIO credentials, Vault configuration paths, and encry

Authentication Bypass SSRF Hashicorp Docker Kubernetes
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-34838 CRITICAL PATCH Act Now

Remote Code Execution in Group-Office enterprise CRM via insecure deserialization allows authenticated attackers to write arbitrary files and execute code on the server. Affects all versions prior to 6.8.156, 25.0.90, and 26.0.12 across multiple product branches. CVSS 9.9 (Critical) with network-based attack vector requiring only low-privileged authentication. No public exploit identified at time of analysis, though the technical details in the GitHub Security Advisory provide sufficient impleme

Microsoft Deserialization RCE
NVD GitHub
CVSS 3.1
9.9
EPSS
0.5%
CVE-2026-34717 CRITICAL PATCH Act Now

SQL injection in OpenProject's reporting module allows authenticated attackers to execute arbitrary database queries via the =n operator. Affects all versions prior to 17.2.3. Attack complexity is low with no user interaction required, enabling authenticated users to escalate privileges, modify data integrity, and potentially compromise availability across scope boundaries. Vendor-released patch confirms fix in version 17.2.3. EPSS score of 0.04% (13th percentile) indicates low probability of mass exploitation, though the CVSS 9.9 critical rating reflects severe potential impact in targeted scenarios. No CISA KEV listing or public exploit code identified at time of analysis.

SQLi Openproject
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-25212 CRITICAL Act Now

Percona PMM (Percona Monitoring and Management) versions prior to 3.7 allow authenticated users with pmm-admin privileges to execute arbitrary operating system commands by exploiting excessive database superuser privileges through the 'Add data source' feature. This privilege escalation vulnerability enables container/system breakout from database context to shell access. EPSS score is low (0.04%, 13th percentile) indicating minimal observed exploitation activity, and CISA SSVC assessment confirms no active exploitation with non-automatable attack characteristics, though technical impact is rated total.

Privilege Escalation
NVD
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-33746 CRITICAL PATCH Act Now

JWT signature verification bypass in ConvoyPanel 3.9.0-beta through 4.5.0 allows unauthenticated remote attackers to forge authentication tokens and impersonate any user account. The JWTService::decode() method validates only time-based claims while ignoring cryptographic signatures, enabling complete authentication bypass in the SSO flow by crafting tokens with arbitrary user_uuid values. CVSS 9.8 (Critical) with network attack vector, low complexity, and no privileges required. No public exploit identified at time of analysis, though the vulnerability mechanism is straightforward to exploit given the technical details in the GitHub advisory.

Authentication Bypass Panel
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-34877 CRITICAL PATCH Act Now

Mbed TLS versions 2.19.0 through 3.6.5 and 4.0.0 allow remote code execution through memory corruption when attackers modify serialized SSL context or session structures. The vulnerability stems from insufficient validation of deserialized data, enabling arbitrary code execution on systems using affected versions. CISA KEV status and active exploitation data not confirmed in provided intelligence.

RCE Privilege Escalation Buffer Overflow Mbed Tls
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-34841 CRITICAL PATCH GHSA Act Now

Supply chain compromise of @usebruno/cli (Bruno API testing tool) deployed a cross-platform Remote Access Trojan via malicious axios dependency versions 1.14.1 and 0.30.4 on npm during a 3-hour window (00:21-03:30 UTC, March 31, 2026). Unauthenticated remote attackers gained full system compromise including credential exfiltration and persistent RAT installation on affected developer workstations. No public exploit code required as the malicious payload executed automatically via npm postinstall

Node.js Information Disclosure
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-5333 MEDIUM POC This Month

Remote command injection in DefaultFuction Content-Management-System 1.0 allows unauthenticated attackers to execute arbitrary OS commands via the host parameter in /admin/tools.php. The flaw has a publicly available exploit (POC published on GitHub) and is exploitable over the network with low attack complexity. EPSS data not available, not listed in CISA KEV. CVSS 7.3 reflects network-accessible, unauthenticated command injection with potential for confidentiality, integrity, and availability compromise.

Command Injection PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.8%
CVE-2026-5320 MEDIUM POC This Month

Missing authentication in vanna-ai vanna Chat API endpoint (/api/vanna/v2/) allows unauthenticated remote attackers to perform unauthorized operations with low-complexity attacks. Affects vanna-ai vanna versions up to 2.0.2. Publicly available exploit code exists (GitHub POC published), increasing immediate exploitation risk. CVSS 7.3 reflects network-accessible attack vector with no authentication required and impacts to confidentiality, integrity, and availability. Vendor did not respond to early disclosure notification.

Authentication Bypass Vanna
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-5342 MEDIUM POC PATCH This Month

Out-of-bounds read in LibRaw up to 0.22.0 allows remote unauthenticated attackers to cause denial of service via manipulation of load_flags or raw_width parameters in the TIFF/NEF decoder (nikon_load_padded_packed_raw function). Publicly available exploit code exists, and vendor-released patch version 0.22.1 is available. CVSS 5.3 with low availability impact and confirmed exploit publication indicates moderate real-world risk.

Buffer Overflow Information Disclosure Libraw
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5418 MEDIUM POC This Month

Server-side request forgery (SSRF) in Appsmith Dashboard component allows unauthenticated remote attackers to manipulate the computeDisallowedHosts function in WebClientUtils.java, enabling unauthorized server-side requests. Affecting all versions through 1.97, this vulnerability carries moderate real-world risk (CVSS 6.9, EPSS P) with publicly available exploit code. Vendor released patched version 1.99 and responded professionally to early disclosure.

Java SSRF
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5330 MEDIUM POC This Month

Improper access controls in SourceCodester Best Courier Management System 1.0 allow unauthenticated remote attackers to delete users by manipulating the ID parameter in the /ajax.php?action=delete_user endpoint, bypassing authentication requirements. The vulnerability has publicly available exploit code and impacts all versions of the affected software with a CVSS 6.9 score reflecting moderate integrity impact through an easily exploitable network vector.

PHP Authentication Bypass
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5326 MEDIUM POC This Month

Remote authentication bypass in SourceCodester Leave Application System 1.0 allows unauthenticated attackers to access user information via insecure direct object reference (IDOR) in the /index.php?page=manage_user endpoint by manipulating the ID parameter. The vulnerability has a publicly available exploit and CVSS 5.3 (low-moderate confidentiality impact), though actual risk depends on the sensitivity of exposed user data and system context.

Authentication Bypass PHP
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5414 MEDIUM POC This Month

Improper control of resource identifiers in Newgen OmniDocs up to version 12.0.00 allows unauthenticated remote attackers to access sensitive information via manipulation of the DocumentId parameter in the /omnidocs/WebApiRequestRedirection endpoint. The vulnerability has publicly available exploit code and a low CVSS score (5.5) reflecting confidentiality impact only, but the combination of network-based attack vector, no authentication requirement, and public exploit availability warrants immediate assessment. The vendor has not responded to disclosure attempts.

Information Disclosure Omnidocs
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5368 MEDIUM POC This Month

SQL injection in projectworlds Car Rental Project 1.0 login.php allows unauthenticated remote attackers to bypass authentication, extract sensitive database contents, and potentially modify or delete data via the 'uname' parameter. Publicly available exploit code exists (GitHub POC published), significantly lowering the barrier to exploitation. EPSS data not available, but the combination of network-accessible attack vector, no authentication requirement, and public exploit makes this a practical threat for internet-facing deployments of this vulnerable application.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5322 MEDIUM POC This Month

SQL injection in AlejandroArciniegas mcp-data-vis MCP Handler allows remote unauthenticated attackers to manipulate database queries via the Request function in src/servers/database/server.js. Publicly available exploit code exists. CVSS 7.3 (High) with low attack complexity enables unauthorized data access, modification, and partial availability disruption. The vendor did not respond to disclosure, and the product uses a rolling release model without fixed version tracking, complicating patch verification (EPSS data not provided).

SQLi Mcp Data Vis
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-33950 CRITICAL PATCH GHSA Act Now

Unauthenticated privilege escalation in SignalK Server (versions prior to 2.24.0-beta.4) allows remote attackers to inject administrator roles via the /enableSecurity endpoint, granting full administrative control without credentials. Attackers can modify vessel routing data, alter server configurations, and access all restricted endpoints. No public exploit identified at time of analysis, but the critical CVSS 9.4 score reflects the trivial exploit complexity (AV:N/AC:L/PR:N) and high confidentiality/integrity impact to marine vessel control systems.

Privilege Escalation Authentication Bypass Signalk Server
NVD GitHub VulDB
CVSS 3.1
9.4
EPSS
0.0%
CVE-2026-35002 CRITICAL PATCH GHSA Act Now

Remote code execution in Agno prior to version 2.3.24 allows attackers to execute arbitrary Python code by manipulating the field_type parameter in FunctionCall objects, which is passed unsafely to eval(). The vulnerability affects all versions before 2.3.24 and requires network access to influence the field_type value, enabling complete system compromise through code injection in the model execution component.

Python RCE Code Injection Agno
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-14034 CRITICAL PATCH Act Now

Hirschmann HiEOS devices contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by sending. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Hirschmann Hieos Lrs11
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-35053 CRITICAL PATCH Act Now

Unauthenticated remote code execution in OneUptime monitoring platform (versions < 10.0.42) allows attackers to trigger arbitrary workflow execution with controlled input data via exposed Worker service ManualAPI endpoints. The vulnerability enables JavaScript code execution, notification system abuse, and data manipulation without any authentication requirement. CVSS 9.2 (Critical) with network attack vector and low complexity; no public exploit identified at time of analysis, though the authentication bypass combined with RCE capability presents immediate risk to exposed instances.

Authentication Bypass RCE Oneuptime
NVD GitHub
CVSS 4.0
9.2
EPSS
0.1%
CVE-2026-34759 CRITICAL PATCH Act Now

Authentication bypass in OneUptime notification API endpoints allows unauthenticated remote attackers to manipulate Twilio account resources via missing authorization middleware. Affects all versions prior to 10.0.42. Attackers can purchase phone numbers on victim Twilio accounts and delete configured alerting numbers by exploiting unprotected /notification/ endpoints, using leaked projectId values from public Status Page APIs. No public exploit identified at time of analysis, though attack complexity is rated high (CVSS AC:H) and proof-of-concept details are available in the GitHub security advisory.

Authentication Bypass Nginx
NVD GitHub
CVSS 4.0
9.2
EPSS
0.1%
CVE-2025-15620 CRITICAL Act Now

Remote denial-of-service in Belden Hirschmann HiOS Switch Platform allows unauthenticated attackers to reboot switches via crafted HTTP GET requests to the web interface. Affects versions 9.1.00-9.4.05 and 10.0.00-10.3.01. Exploitation requires no authentication (PR:N) and low complexity (AC:L), enabling trivial service disruption of network infrastructure. CVSS 9.2 (critical) reflects high availability impact on both vulnerable component and subsequent systems. No public exploit identified at time of analysis, though the attack vector is straightforward HTTP-based.

Authentication Bypass Hirschmann Hios Switch Platform
NVD VulDB
CVSS 4.0
9.2
EPSS
0.0%
CVE-2026-34745 CRITICAL PATCH Act Now

Arbitrary file write in Fireshare <1.5.3 allows unauthenticated remote attackers to upload malicious files to any writable server path via path traversal in the /api/uploadChunked/public endpoint's checkSum parameter. This represents an incomplete fix for CVE-2026-33645, where remediation was applied only to the authenticated endpoint while leaving the public variant exploitable. SSVC confirms publicly available exploit code exists and the vulnerability is automatable with partial technical impact. CVSS 9.1 (Critical) reflects network-accessible, low-complexity exploitation requiring no authentication or user interaction, enabling both integrity and availability compromise.

Path Traversal Fireshare
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-33615 CRITICAL Act Now

SQL injection in MB Connect Line's mbCONNECT24 and mymbCONNECT24 platforms allows unauthenticated remote attackers to execute arbitrary SQL commands via the setinfo endpoint, potentially destroying database integrity and causing complete service disruption. The vulnerability stems from insufficient input validation in SQL UPDATE operations. With CVSS 9.1 (Critical), CVSS vector PR:N confirms no authentication required, and attack complexity is low (AC:L), making this trivially exploitable. No public exploit identified at time of analysis, though the technical details disclosed in CERT@VDE advisory provide sufficient information for rapid weaponization.

SQLi Mbconnect24 Mymbconnect24
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-34758 CRITICAL PATCH Act Now

Unauthenticated access to notification and phone management endpoints in OneUptime <10.0.42 allows remote attackers to abuse SMS, voice call, email, and WhatsApp messaging services and purchase phone numbers without authentication. The CVSS 9.1 (Critical) rating reflects network-accessible attack vector with no authentication required (PR:N) and low complexity (AC:L), enabling immediate abuse of platform communication services and potential financial fraud. Vendor-released patch available in version 10.0.42. No public exploit identified at time of analysis, though EPSS risk assessment would likely be elevated given the simplicity of exploitation and clear abuse potential.

Authentication Bypass Oneuptime
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-34950 CRITICAL PATCH GHSA Act Now

JWT algorithm confusion in fast-jwt npm package allows remote attackers to forge authentication tokens with arbitrary claims by exploiting incomplete CVE-2023-48223 remediation. The vulnerability (CVSS 9.1 Critical) affects applications using RS256 with public keys containing leading whitespace-a common scenario in database-stored keys, YAML configurations, and environment variables. Attackers possessing the RSA public key (inherently public information) can craft HS256 tokens accepted as valid

RCE Python PostgreSQL
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-35168 HIGH PATCH GHSA This Week

Arbitrary SQL execution in OpenSTAManager's database conflict resolution module allows authenticated attackers with access to the Aggiornamenti (Updates) feature to execute unrestricted SQL commands. Affecting versions prior to 2.10.2, attackers can submit JSON arrays of SQL statements that execute directly against the MySQL database with foreign key checks disabled, enabling complete database compromise including data exfiltration, modification, deletion, and schema manipulation. No public exploit identified at time of analysis, though EPSS data not available; authentication requirement (PR:L) and low attack complexity (AC:L) indicate straightforward exploitation for internal threats or compromised accounts.

SQLi Openstamanager
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-43264 HIGH PATCH This Week

Memory corruption in macOS Sequoia's image processing subsystem allows unauthenticated remote attackers to potentially execute arbitrary code when a user opens a specially crafted image file. Apple has patched this buffer overflow vulnerability in macOS 15.6. With a CVSS score of 8.8 and requiring only user interaction, this represents a significant attack surface for social engineering campaigns. EPSS data not available, but no public exploit or active exploitation confirmed at time of analysis. The SSVC framework rates this as total technical impact, reinforcing the criticality of applying the vendor patch.

Apple Buffer Overflow
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-43219 HIGH PATCH This Week

Memory corruption in macOS Sequoia image processing allows remote attackers to achieve arbitrary code execution via maliciously crafted images requiring user interaction. Affects macOS Sequoia versions prior to 15.6, with CVSS 8.8 (High) severity due to potential for complete system compromise. EPSS data unavailable; no public exploit identified at time of analysis. Apple addressed the vulnerability through improved memory handling in macOS 15.6 (released June 2025). Attack requires victim to process a weaponized image file, making social engineering or malicious websites likely delivery vectors.

Apple Memory Corruption Buffer Overflow
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-43202 HIGH PATCH This Week

Memory corruption vulnerability in Apple iOS, iPadOS, and macOS allows local attackers to achieve denial of service or potentially arbitrary code execution through malicious file processing. The vulnerability affects iOS and iPadOS versions below 18.6 and macOS Sequoia below 15.6, and has been patched in iOS 18.6, iPadOS 18.6, and macOS Sequoia 15.6. No public exploit identified at time of analysis, and CVSS severity is not numerically specified by Apple, though the buffer overflow classification and file processing attack vector indicate moderate to high real-world risk for users who encounter malicious content.

Apple Buffer Overflow Memory Corruption
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-21765 HIGH This Week

Local privilege escalation in HCL BigFix Platform on Windows allows authenticated users with low privileges to access cryptographic private keys due to overly permissive file system permissions, potentially enabling complete system compromise with cross-scope impact. Authentication required (PR:L). No public exploit identified at time of analysis, though the attack is rated low complexity and fully automated. CVSS 8.8 severity driven by scope change and complete confidentiality/integrity/availability impact.

Microsoft Privilege Escalation
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-34797 HIGH This Week

Remote command execution in Endian Firewall Community Edition 3.3.25 and earlier allows authenticated users to inject arbitrary OS commands through the DATE parameter in /cgi-bin/logs_smtp.cgi. The vulnerability stems from incomplete regular expression validation enabling Perl open() injection. With CVSS 8.7 severity and a low attack complexity (AC:L), this represents a critical post-authentication compromise vector. No public exploit identified at time of analysis, though the technical details disclosed by VulnCheck provide sufficient information for exploit development by threat actors with valid credentials.

Command Injection Firewall Community
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-34796 HIGH This Week

Remote code execution in Endian Firewall versions ≤3.3.25 allows authenticated users with low privileges to execute arbitrary operating system commands through command injection in the logs_openvpn.cgi DATE parameter. The vulnerability stems from inadequate input validation in a Perl open() call, enabling attackers to break out of intended file path operations. CVSS 8.7 reflects the severe impact (complete system compromise) despite requiring authentication. EPSS and KEV data not provided; no public exploit identified at time of analysis, though the technical details disclosed suggest exploitation development is straightforward for authenticated attackers.

Command Injection Firewall Community
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-34795 HIGH This Week

Remote code execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers with low-level privileges to execute arbitrary OS commands via command injection in the DATE parameter of /cgi-bin/logs_log.cgi. The vulnerability stems from incomplete regular expression validation in Perl open() file path handling. No public exploit identified at time of analysis, though CVSS 8.7 severity reflects high potential impact across confidentiality, integrity, and availability. EPSS data not provided; exploitation requires network access with low-privilege authentication but no user interaction.

Command Injection Firewall Community
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-34794 HIGH This Week

Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers to execute arbitrary OS commands with firewall appliance privileges via command injection in the DATE parameter of /cgi-bin/logs_ids.cgi. The vulnerability stems from incomplete regular expression validation before passing user input to Perl's open() function. CVSS score of 8.7 reflects network-accessible attack with low complexity requiring only low-privilege authentication. No CISA KEV listing or public exploit code identified at time of analysis, though VulnCheck public disclosure increases weaponization risk for organizations using this legacy firewall appliance.

Command Injection Firewall Community
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-34793 HIGH This Week

Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject arbitrary OS commands through the DATE parameter in /cgi-bin/logs_firewall.cgi. The vulnerability stems from inadequate regular expression validation that fails to prevent command injection in Perl open() calls. Authentication is required (PR:L), but once accessed, attackers gain high-impact control over confidentiality, integrity, and availability. No public exploit identified at time of analysis, though the technical details disclosed by VulnCheck provide sufficient information for weaponization. EPSS data not available for this recent CVE.

Command Injection Firewall Community
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-34792 HIGH This Week

Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject arbitrary OS commands through the DATE parameter in /cgi-bin/logs_clamav.cgi. The vulnerability stems from incomplete input validation before passing user-controlled data to Perl's open() function, enabling command injection. With CVSS 8.7 (High severity) and network-based exploitation requiring only low-privilege authentication, this represents a significant post-authentication attack surface. No public exploit identified at time of analysis, though the technical details provided enable reproduction.

Command Injection Firewall Community
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-34791 HIGH This Week

Remote command execution in Endian Firewall Community ≤3.3.25 allows authenticated users to inject OS commands through the DATE parameter in /cgi-bin/logs_proxy.cgi due to incomplete input validation in Perl open() calls. Attack requires only low-privilege authentication (CVSS PR:L) with network access and no user interaction. No public exploit identified at time of analysis, though the technical details disclosed by VulnCheck provide a clear exploitation path for threat actors.

Command Injection Firewall Community
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-34121 HIGH PATCH This Week

TP-Link Tapo C520WS v2.6 contains an authentication bypass in its HTTP-based DS configuration service that allows unauthenticated attackers to execute privileged device configuration actions by appending authentication-exempt parameters to requests. The vulnerability stems from inconsistent JSON request parsing and authorization logic, enabling unauthorized modification of device state without requiring valid credentials. No public exploit code has been identified at time of analysis, and a vendor-released patch is available.

TP-Link Authentication Bypass
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-34834 HIGH PATCH This Week

Unauthenticated authentication bypass in Bulwark Webmail versions prior to 1.4.10 allows remote attackers to access and modify user settings without credentials. The vulnerability stems from flawed verifyIdentity() logic that returns true when session cookies are absent, enabling unauthorized manipulation of the /api/settings endpoint through arbitrary header injection. CVSS 8.7 (High) with attack vector network, low complexity, and no privileges required. No public exploit identified at time of analysis, though the authentication bypass mechanism is technically straightforward. Vendor-released patch: version 1.4.10.

Authentication Bypass Webmail
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-34735 HIGH This Week

Remote code execution in Hytale Modding Wiki version 1.2.0 and earlier allows authenticated users to upload malicious PHP files through a MIME type validation bypass. The quickUpload() endpoint performs independent validation of file content (via MIME type) and filename extension, enabling attackers to craft files with benign content signatures but executable .php extensions. Uploaded files are stored in a publicly accessible location, allowing direct URL access for server-side code execution. EPSS data unavailable; publicly available exploit code exists per SSVC assessment. No vendor-released patch identified at time of analysis.

PHP File Upload RCE
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-32145 HIGH PATCH GHSA This Week

Denial of service in gleam-wisp wisp 0.2.0 through 2.2.1 allows unauthenticated remote attackers to exhaust server memory or disk by sending arbitrarily large multipart form submissions that bypass configured size limits. The multipart_body and multipart_headers parsing functions fail to properly decrement resource quotas for chunks lacking multipart boundaries, enabling attackers to accumulate unbounded data in a single HTTP request. Patch available as of version 2.2.2.

Denial Of Service Wisp
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-3692 HIGH This Week

Progress Flowmon versions prior to 12.5.8 allow authenticated low-privileged users to execute arbitrary commands on the server by crafting malicious requests during the report generation process. The vulnerability stems from improper input validation in the report generation functionality, enabling command injection attacks. While no CVSS score or public exploit code has been disclosed at time of analysis, the direct path to remote code execution via an authenticated user represents a significant risk to Flowmon deployments.

Command Injection Flowmon
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-34833 HIGH PATCH This Week

Bulwark Webmail prior to version 1.4.10 exposes user plaintext passwords through its session API endpoint, allowing network-positioned attackers to harvest credentials from browser logs, local caches, and network proxies. The /api/auth/session endpoint returns authentication credentials in JSON responses without encryption, creating an information disclosure vulnerability (CWE-312: Cleartext Storage of Sensitive Information). No public exploit identified at time of analysis, though exploitation requires only network access with no authentication (CVSS vector AV:N/AC:L/PR:N), making this a straightforward attack for adversaries monitoring network traffic or accessing browser storage.

Information Disclosure Webmail
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-34847 MEDIUM POC PATCH This Month

Hoppscotch prior to version 2026.3.0 contains a DOM-based open redirect vulnerability in the /enter page that allows unauthenticated remote attackers to redirect users to arbitrary external URLs through an unvalidated redirect query parameter. The vulnerability requires user interaction (clicking a malicious link) and has limited impact (integrity only), but poses a real phishing risk. Vendor-released patch available in version 2026.3.0.

Open Redirect
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy