Skip to main content
CVE-2026-26928 HIGH PATCH This Week

Cryptographic verification bypass in SzafirHost (e-signature client software) allows remote attackers to deliver and execute malicious native libraries (DLL/SO/JNILIB/DYLIB) without authentication. While JAR files are hash- and signature-verified during auto-update, native libraries downloaded into the user's /temp folder skip all integrity checks, enabling code execution in the context of the web page initiating the download. Fixed in version 1.1.0. No public exploit identified at time of analysis, though attack complexity is low (CVSS AC:L) and requires no user interaction (UI:N), suggesting straightforward exploitation against users running vulnerable versions.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-43257 HIGH PATCH This Week

Sandbox escape in macOS Sequoia prior to 15.6 allows local applications with low privileges to break containment via symlink manipulation, potentially accessing restricted system resources and user data. Apple resolved this via improved symlink handling in macOS 15.6. CVSS score of 8.7 reflects high confidentiality and integrity impact with scope change. No public exploit identified at time of analysis, though SSVC framework indicates partial technical impact with no current exploitation evidence.

Apple Information Disclosure
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2022-4986 HIGH PATCH This Week

Hirschmann EagleSDV contains a denial-of-service vulnerability that causes the device to crash during session establishment when using TLS 1.0 or TLS 1.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Eaglesdv Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2023-7342 HIGH This Week

HiSecOS web server contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Hirschmann Hisecos Eagle
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2024-14033 HIGH This Week

Hirschmann Industrial IT products contain a heap overflow vulnerability in the HiLCOS web interface that allows unauthenticated remote attackers to trigger a denial-of-service condition by sending. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Hirschmann Hilcos Bat R Hirschmann Hilcos Bat F Hirschmann Hilcos Bat450 F +4
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-34577 HIGH PATCH This Week

Server-side request forgery in Postiz AI social media scheduling tool (versions < 2.21.3) allows unauthenticated remote attackers to read internal network resources and cloud metadata endpoints through the /public/stream proxy endpoint. The vulnerability bypasses trivial .mp4 validation via query parameters or URL fragments, enabling unauthorized access to internal services without authentication. No public exploit identified at time of analysis, but CVSS 8.6 reflects high confidentiality impact with network-level attack vector and low complexity. EPSS data not available, but the combination of no authentication requirement and cloud metadata access risk makes this a priority for organizations running Postiz in cloud environments.

SSRF Postiz App
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-34932 HIGH PATCH This Week

Stored cross-site scripting (XSS) in Hoppscotch versions prior to 2026.3.0 enables remote attackers to execute arbitrary JavaScript in victim browsers without authentication, potentially escalating to cross-site request forgery (CSRF) attacks against authenticated users. CVSS 8.5 (High) reflects network accessibility with low complexity but user interaction required. No public exploit identified at time of analysis, though the attack surface is well-understood for stored XSS vectors in API development tools where malicious payloads persist in shared workspaces or collections.

CSRF XSS Hoppscotch
NVD GitHub
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-2737 HIGH This Week

Progress Flowmon 12.x and 13.0.x contain a cross-site scripting (XSS) vulnerability allowing authenticated attackers to execute malicious JavaScript in administrator sessions via crafted links. Affected versions: Flowmon 12.x prior to 12.5.8 and 13.x prior to 13.0.6. CVSS 8.5 (High) reflects network-based delivery with low complexity requiring privileged access and user interaction. EPSS score of 0.05% (15th percentile) indicates minimal observed exploitation activity. No active exploitation confirmed (not in CISA KEV); SSVC designates exploitation status as 'none' with non-automatable attack requiring user interaction for total technical impact. Vendor Progress Software released patches addressing the XSS flaw.

XSS Flowmon
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-34931 HIGH PATCH This Week

Open redirect in Hoppscotch API development platform prior to version 2026.3.0 enables token exfiltration leading to complete account takeover. Attackers can craft malicious URLs that redirect authenticated users to attacker-controlled domains, stealing authentication tokens in transit. The vulnerability requires no authentication and minimal attack complexity (CVSS:4.0 AV:N/AC:L/PR:N), though user interaction is required (UI:A). No public exploit code or active exploitation confirmed at time of analysis, though the attack pattern is well-understood for CWE-601 vulnerabilities.

Open Redirect
NVD GitHub
CVSS 4.0
8.5
EPSS
0.0%
CVE-2023-7343 HIGH This Week

HiSecOS web server contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Hirschmann Industrial Hivision
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-34576 HIGH PATCH This Week

Server-side request forgery (SSRF) in Postiz social media scheduling tool versions prior to 2.21.3 allows authenticated API users to fetch arbitrary URLs by exploiting the POST /public/v1/upload-from-url endpoint, which performs server-side URL fetching via axios without SSRF protections and relies solely on a bypassable file extension check. Attackers can retrieve internal network resources, cloud metadata, and internal service data, with responses captured and returned to the attacker. Vendor-released patch available in version 2.21.3.

SSRF Postiz App
NVD GitHub
CVSS 4.0
8.3
EPSS
0.0%
CVE-2024-44250 HIGH PATCH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

RCE Apple Privilege Escalation
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-4347 HIGH This Week

Arbitrary file movement in MW WP Form plugin for WordPress (all versions ≤5.1.0) allows unauthenticated remote attackers to relocate server files and achieve remote code execution by moving critical files like wp-config.php. Exploitation requires a form with file upload capability and database inquiry storage enabled. CVSS 8.1 with network attack vector and high attack complexity. EPSS data not provided; no public exploit or CISA KEV status identified at time of analysis, though Wordfence threat intelligence has documented the vulnerability with source code references.

WordPress PHP Path Traversal RCE File Upload
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-34840 HIGH PATCH This Week

Authentication bypass in OneUptime SAML SSO implementation allows authenticated attackers to impersonate arbitrary users by exploiting XML signature verification logic flaws. Affected versions prior to 10.0.42 decouple signature validation from identity extraction, enabling XML injection attacks where an unsigned assertion with attacker-controlled identity precedes a legitimately signed assertion. EPSS and exploitation signals indicate publicly available exploit code exists with moderate technical complexity (CVSS AC:L, PR:L). No confirmed active exploitation (not in CISA KEV).

Authentication Bypass Jwt Attack
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-35385 HIGH PATCH This Week

Privilege-escalation exposure in OpenSSH before 10.3 (fixed in 10.3p1) where scp, when run by root using the legacy SCP protocol flag -O and without -p (preserve mode), may write a downloaded file with setuid or setgid bits set, contrary to user expectation. A malicious or compromised SSH server (or a man-in-the-middle on the transfer) could thereby cause an attacker-controlled binary to land on disk as a setuid/setgid-root executable, enabling local privilege escalation when it is later run. There is no public exploit identified at time of analysis, EPSS is very low (0.04%), and CISA SSVC rates exploitation as 'none' though technical impact as 'total'.

SSH Information Disclosure Openssh
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-4636 HIGH PATCH GHSA This Week

Authenticated users with uma_protection role in Red Hat Keycloak can bypass User-Managed Access policy validation to gain unauthorized access to victim-owned resources. The vulnerability (confirmed actively exploited - CISA KEV) enables attackers to inject arbitrary resource identifiers during policy creation, obtaining Requesting Party Tokens for resources they do not own. With CVSS 8.1 (High), network-accessible attack vector, and low complexity, this represents a significant access control bypass in enterprise identity management deployments. EPSS data and public exploit status not confirmed from available data.

Information Disclosure Red Hat Build Of Keycloak
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-35386 HIGH PATCH This Week

Argument/command injection in OpenSSH before 10.3 lets shell metacharacters embedded in an untrusted username trigger command execution on the SSH-client host. It affects deployments that both feed an attacker-influenced username to the ssh command line and use a non-default ssh_config where %-token expansion (e.g. in ProxyCommand/LocalCommand) is enabled. There is no public exploit identified at time of analysis, EPSS is negligible (0.01%), and it is not in CISA KEV; a fixed release (10.3/10.3p1) is available.

Information Disclosure SSH Openssh
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-0634 HIGH This Week

Local privilege escalation via command injection in TECNO Pova7 Pro 5G AssistFeedbackService allows unprivileged Android applications to execute arbitrary code with system privileges. The vulnerability affects all TECNO Pova7 Pro 5G firmware versions and requires local app installation but no user interaction or special permissions beyond app execution capability. No public exploit code or active exploitation has been confirmed at time of analysis.

Command Injection Google RCE
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-29144 HIGH PATCH This Week

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers to bypass subject sanitization and forge security tags by exploiting Unicode lookalike characters, enabling email spoofing and phishing attacks that evade gateway security controls. This vulnerability affects all versions prior to 15.0.3, impacts organizations relying on SEPPmail for email security, and requires immediate patching. No public exploit code has been identified at the time of analysis.

Authentication Bypass Secure Email Gateway
NVD
CVSS 4.0
7.8
EPSS
0.1%
CVE-2026-29143 HIGH PATCH This Week

SEPPmail Secure Email Gateway before version 15.0.3 fails to properly authenticate inner messages within S/MIME-encrypted MIME entities, permitting attackers to manipulate trusted email headers and potentially forge message authenticity. This vulnerability affects the cryptographic validation layer of the gateway, enabling header injection attacks that could deceive users about message origin or content integrity. No CVSS score, EPSS data, or active exploitation confirmation is available in current intelligence.

Information Disclosure Secure Email Gateway
NVD
CVSS 4.0
7.8
EPSS
0.1%
CVE-2026-29139 HIGH PATCH This Week

Account takeover in SEPPmail Secure Email Gateway versions before 15.0.3 allows unauthenticated attackers to reset victim account passwords by abusing GINA account initialization functionality, enabling full mailbox compromise without requiring legitimate credentials or administrative access.

Information Disclosure Secure Email Gateway
NVD
CVSS 4.0
7.8
EPSS
0.0%
CVE-2026-23413 HIGH PATCH This Week

Use-after-free in Linux kernel clsact qdisc initialization and destruction rollback allows local denial of service or potential information disclosure when qdisc replacement fails midway during tcf_block_get_ext() operations. The vulnerability stems from asymmetric initialization and cleanup paths where egress_entry references from a previous clsact instance remain valid during failure scenarios, leading to double-free or use-after-free conditions. Affected Linux kernel versions across all distributions that include the clsact traffic control qdisc require patching.

Linux Use After Free Information Disclosure Memory Corruption Red Hat
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23412 HIGH PATCH This Week

Use-after-free in Linux kernel netfilter BPF hook memory management allows local attackers to read sensitive kernel memory via concurrent nfnetlink_hooks dumping operations. The vulnerability arises from premature memory release in hook structures before RCU readers complete their access, enabling information disclosure through netlink interface. No active exploitation confirmed, but the KASAN report demonstrates reliable reproducer availability.

Linux Use After Free Information Disclosure Memory Corruption Red Hat
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23415 HIGH PATCH This Week

Use-after-free vulnerability in Linux kernel futex handling allows local attackers to read freed memory via race condition between futex_key_to_node_opt() and vma_replace_policy(). When mbind() concurrently replaces virtual memory area policies, __futex_key_to_node() may dereference a freed mempolicy structure, enabling information disclosure of kernel memory. The vulnerability requires local access and precise timing but poses memory safety risk in multi-threaded applications using futex operations alongside memory policy changes.

Linux Use After Free Information Disclosure Memory Corruption Red Hat
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-29141 HIGH PATCH This Week

SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to bypass subject line sanitization controls and forge authentication tags such as [signed OK], enabling email spoofing attacks that could deceive recipients into trusting fraudulent or malicious messages. The vulnerability affects all versions prior to 15.0.3 and has been publicly disclosed by NCSC.ch; no public exploit code or active exploitation has been independently confirmed at time of analysis.

Authentication Bypass Secure Email Gateway
NVD
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-29140 HIGH PATCH This Week

SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to inject malicious certificates into S/MIME signatures, enabling them to substitute attacker-controlled certificates for future encryption communications with victims. An attacker can exploit this by crafting a specially-formed signed email that embeds unauthorized certificates, which the gateway may then use for subsequent encrypted messages to the targeted recipient, resulting in compromise of encryption confidentiality. No public exploit code or active CISA KEV listing is currently confirmed, but the vulnerability was reported by Swiss national security authority NCSC.ch.

Information Disclosure Secure Email Gateway
NVD
CVSS 4.0
7.7
EPSS
0.0%
CVE-2024-44286 HIGH PATCH This Week

This issue was addressed through improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apple
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-44219 HIGH PATCH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-44303 HIGH PATCH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-40849 HIGH PATCH This Week

A race condition was addressed with additional validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apple Race Condition
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-4634 HIGH PATCH GHSA This Week

Denial of Service in Red Hat Build of Keycloak allows unauthenticated remote attackers to exhaust server resources by submitting specially crafted POST requests with excessively long scope parameters to the OpenID Connect token endpoint. No public exploit identified at time of analysis, but CVSS 7.5 (High) with network attack vector and low complexity indicates straightforward exploitation. Authentication requirements: unauthenticated (CVSS PR:N). The vulnerability stems from improper resource management (CWE-1050), enabling attackers to cause prolonged processing times and service disruption without any authentication or user interaction.

Denial Of Service Red Hat Build Of Keycloak
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-5032 HIGH This Week

W3 Total Cache plugin for WordPress exposes security tokens to unauthenticated remote attackers through User-Agent header manipulation. Versions up to 2.9.3 bypass output buffering when requests contain 'W3 Total Cache' in the User-Agent, leaking W3TC_DYNAMIC_SECURITY tokens embedded in dynamic fragment HTML comments. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicating trivial exploitation requiring no authentication, attackers can extract these tokens from any page using fragment caching, enabling potential security bypass or escalation attacks. Patch available in version 2.9.4+ per upstream changeset.

WordPress Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-33616 HIGH This Week

Blind SQL injection in MB Connect Line mbCONNECT24 and mymbCONNECT24 allows unauthenticated remote attackers to extract sensitive database contents via the mb24api endpoint. The vulnerability enables complete confidentiality breach through crafted SQL SELECT commands with CVSS 7.5 (High). EPSS data not available; no public exploit identified at time of analysis. Vendor advisory published by CERT@VDE with remediation guidance.

SQLi Mbconnect24 Mymbconnect24
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33614 HIGH This Week

SQL injection in MB Connect Line's mbCONNECT24 and mymbCONNECT24 products allows unauthenticated remote attackers to extract sensitive data through the getinfo endpoint. The vulnerability permits direct database queries without authentication, enabling complete confidentiality breach of stored information. EPSS and KEV data not provided; exploitation status unknown beyond technical disclosure by CERT@VDE.

SQLi Mbconnect24 Mymbconnect24
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-31931 HIGH PATCH This Week

NULL pointer dereference in Suricata 8.0.0 through 8.0.3 causes denial of service when processing malformed TLS traffic with the 'tls.alpn' rule keyword. Remote unauthenticated attackers can crash the IDS/IPS engine by sending specially crafted network packets, completely disabling network security monitoring. EPSS data not available, but the low attack complexity (AC:L) and network vector (AV:N) combined with high availability impact (A:H) indicate significant operational risk for organizations relying on Suricata for traffic inspection. No evidence of active exploitation (no CISA KEV listing) or public exploit code identified at time of analysis.

Denial Of Service Null Pointer Dereference Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34829 HIGH PATCH GHSA This Week

Unbounded disk consumption in Rack's multipart parser allows remote denial of service when HTTP requests lack Content-Length headers. Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 fail to enforce size limits on multipart/form-data uploads sent via chunked transfer encoding, enabling unauthenticated attackers to exhaust disk space by streaming arbitrarily large file uploads. CVSS 7.5 (High) reflects the network-accessible, low-complexity attack requiring no privileges. No public exploit identified at time of analysis, though the attack technique is well-understood.

Denial Of Service File Upload Rack
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34827 HIGH PATCH GHSA This Week

Denial of service via algorithmic complexity in Rack multipart parser allows unauthenticated remote attackers to exhaust CPU resources by sending specially crafted multipart/form-data requests with backslash-heavy escaped parameter values. Affects Rack 3.0.0.beta1-3.1.20 and 3.2.0-3.2.5, a critical Ruby web server interface used across Rails and Sinatra applications. CVSS 7.5 (High) with network-accessible attack vector and low complexity. Vendor-released patches available in versions 3.1.21 and 3.2.6. No public exploit identified at time of analysis, though EPSS data not provided to assess probability of exploitation.

Denial Of Service Rack
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-58136 HIGH This Week

Denial of service in Apache Traffic Server 9.0.0-9.2.12 and 10.0.0-10.1.1 caused by improper handling of POST requests that triggers a server crash under specific conditions. The vulnerability affects all instances of the affected versions and requires no authentication or special privileges to exploit. Vendor-released patches are available in versions 9.2.13 and 10.1.2.

Apache Denial Of Service
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-31937 HIGH PATCH This Week

Network denial-of-service in Suricata prior to 7.0.15 allows remote unauthenticated attackers to degrade intrusion detection performance via inefficient DCERPC buffering. The flaw enables attackers to bypass or impair network security monitoring by exhausting system resources through malformed DCERPC traffic, effectively blinding detection capabilities. No public exploit identified at time of analysis, though EPSS score and exploitation likelihood were not provided in available data.

Information Disclosure Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-31935 HIGH PATCH This Week

Memory exhaustion in Suricata network IDS/IPS via HTTP/2 CONTINUATION frame flooding allows remote unauthenticated attackers to trigger denial of service, typically forcing operating system termination of the Suricata process. Affects all versions prior to 7.0.15 and 8.0.4. EPSS data not available, but CVSS 7.5 (High) reflects network-accessible attack with low complexity requiring no privileges. No public exploit identified at time of analysis, though the attack technique (HTTP/2 frame flooding) is well-documented in protocol security research.

Denial Of Service Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-31934 HIGH PATCH This Week

Denial of service in Suricata 8.0.0 through 8.0.3 allows unauthenticated remote attackers to degrade performance via specially crafted SMTP traffic containing MIME-encoded messages with URLs. The quadratic complexity vulnerability (CWE-407) triggers excessive processing when the IDS/IPS engine searches for URLs in malformed messages. EPSS data not provided, but exploitation probability appears low given no public exploit identified at time of analysis and the requirement for sustained malicious SMTP traffic to achieve impact.

Information Disclosure Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-31933 HIGH PATCH This Week

Network-accessible resource exhaustion in Suricata IDS allows remote attackers to degrade detection performance via specially crafted traffic. Affects versions prior to 7.0.15 and 8.0.4 (CVSS 7.5 HIGH). Attack requires no authentication (PR:N) and low complexity (AC:L), enabling trivial performance degradation that could blind security monitoring. EPSS data not available, but no public exploit identified at time of analysis. Vendor patches released for both affected branches (7.0.15, 8.0.4).

Information Disclosure Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-31932 HIGH PATCH This Week

Performance degradation in Suricata IDS/IPS engine allows remote unauthenticated attackers to cause denial of service through inefficient Kerberos 5 buffering. Affects versions prior to 7.0.15 and 8.0.4. CVSS 7.5 with high availability impact. No public exploit identified at time of analysis, EPSS data not provided. Vendor-released patches available in versions 7.0.15 and 8.0.4.

Information Disclosure Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34785 HIGH PATCH GHSA This Week

Information disclosure in Rack web server interface (versions <2.2.23, <3.1.21, <3.2.6) allows unauthenticated remote attackers to access sensitive files due to flawed prefix matching in Rack::Static. The vulnerability enables access to unintended files sharing configured URL prefixes (e.g., '/css' matching '/css-backup.sql'), exposing configuration files, database backups, or environment variables. CVSS 7.5 (High) with network vector and no complexity. No public exploit identified at time of analysis.

Information Disclosure Rack
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-65114 HIGH This Week

Apache Traffic Server versions 9.0.0-9.2.12 and 10.0.0-10.1.1 are vulnerable to HTTP request smuggling through malformed chunked transfer encoding, allowing attackers to bypass security controls and smuggle malicious requests. The vulnerability stems from improper parsing of chunked messages (CWE-444: Inconsistent Interpretation of HTTP Requests) and affects all deployments using these versions as reverse proxies or intermediaries. Apache has released patched versions 9.2.13 and 10.1.2; no public exploit code or active exploitation has been reported at the time of analysis.

Apache Request Smuggling Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34876 HIGH PATCH This Week

Out-of-bounds read in Mbed TLS 3.x before 3.6.6 allows attackers to leak adjacent CCM context data through the multipart CCM API by passing an oversized tag_len parameter to mbedtls_ccm_finish(), which lacks validation against the internal 16-byte authentication buffer. Mbed TLS 4.x contains the same vulnerability in internal code but does not expose the vulnerable function publicly; exploitation requires direct application-level invocation of the affected API. No public exploit code or active exploitation has been reported, but the attack requires no special privileges.

Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-30332 HIGH This Week

TOCTOU race condition in Balena Etcher for Windows (versions prior to 2.1.4) enables local privilege escalation to arbitrary code execution when attackers replace legitimate scripts with malicious payloads during disk flashing operations. The vulnerability requires low privileges and user interaction but achieves high impact across confidentiality, integrity, and availability with scope change. No public exploit identified at time of analysis, though technical details are available via researcher disclosure (B1tBreaker). EPSS data not available, but the local attack vector and high complexity reduce immediate remote exploitation risk.

RCE Microsoft
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-35467 HIGH PATCH This Week

Stored API keys in CERT/CC's cveClient encrypt-storage.js are not marked as protected in browser temporary storage, enabling extraction of encryption credentials through JavaScript console access or error messages. Attackers with local access to a user's browser environment can retrieve sensitive API keys without authentication, affecting all versions before 1.1.15.

Information Disclosure Cveclient Encrypt Storage Js
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-4282 HIGH PATCH GHSA This Week

Authorization code forgery in Red Hat Keycloak enables unauthenticated attackers to escalate privileges to admin-level access tokens. The SingleUseObjectProvider's lack of type and namespace isolation permits attackers to forge valid authorization codes remotely, though exploitation requires high complexity (AC:H). No public exploit identified at time of analysis, with CVSS 7.4 indicating high confidentiality and integrity impact but no availability disruption.

Privilege Escalation Red Hat Build Of Keycloak
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-3872 HIGH PATCH GHSA This Week

Open redirect in Red Hat Build of Keycloak allows authenticated attackers with control over another path on the same web server to bypass wildcard-based redirect URI validation and steal OAuth access tokens. Attack requires low complexity and user interaction (CVSS 7.3). EPSS and KEV status not available; no public exploit identified at time of analysis. This CWE-601 flaw enables token theft through maliciously crafted redirect flows, posing significant risk to SSO deployments where Keycloak shares a web server with attacker-controllable content.

Open Redirect Information Disclosure Red Hat Build Of Keycloak
NVD
CVSS 3.1
7.3
EPSS
0.0%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy