Skip to main content
CVE-2026-35164 HIGH PATCH This Week

Remote code execution in Brave CMS versions prior to 2.0.6 allows authenticated users to upload and execute arbitrary PHP scripts through the CKEditor upload functionality. The vulnerability stems from unrestricted file upload in the ckupload method of CkEditorController.php, which fails to validate uploaded file types. No public exploit identified at time of analysis, though the attack requires only low-privilege authentication (PR:L) with low complexity (AC:L). CVSS 8.8 High severity reflects the complete system compromise possible post-authentication.

File Upload PHP RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-33510 HIGH PATCH This Week

DOM-based Cross-Site Scripting in Homarr dashboard versions prior to 1.57.0 allows unauthenticated remote attackers to execute arbitrary JavaScript in victims' browsers via malicious callbackUrl parameters on the /auth/login page. Despite the high CVSS score of 8.8, no public exploit code or active exploitation has been identified at time of analysis. The vulnerability enables credential theft and unauthorized actions when authenticated users click crafted links, with scope change indicating potential cross-domain impact.

XSS Homarr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-35182 HIGH PATCH This Week

{id} route, enabling complete takeover of the CMS by any user with valid credentials. No public exploit identified at time of analysis, but exploitation is trivial given the straightforward API endpoint access. With EPSS data unavailable and no KEV listing, risk primarily affects organizations using affected Brave CMS versions in multi-user environments.

PHP Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-35395 HIGH PATCH This Week

SQL injection in WeGIA 3.6.8 and earlier allows authenticated users to execute arbitrary SQL commands through the id_memorando parameter in DespachoDAO.php. The vulnerability affects WeGIA, a web-based management system for charitable institutions, enabling attackers with valid credentials to potentially exfiltrate sensitive donor/beneficiary data, modify records, or compromise database integrity. No public exploit identified at time of analysis, with EPSS data not available for this recent CVE. Vendor-released patch available in version 3.6.9.

SQLi PHP
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-31409 HIGH PATCH This Week

Session hijacking in Linux kernel ksmbd SMB server allows authenticated network attackers to escalate privileges and access arbitrary sessions via failed multichannel binding requests. When SMB2_SESSION_SETUP with SMB2_SESSION_REQ_FLAG_BINDING fails, ksmbd incorrectly leaves the connection in a binding state, causing all subsequent session lookups to fall back to the global sessions table instead of connection-specific sessions. This enables attackers to access sessions across different connections, potentially leading to unauthorized data access and privilege escalation. Exploitation probability is extremely low (EPSS 0.01%, 1st percentile) with no public exploits or CISA KEV listing. Patches available for kernel versions 6.1.167, 6.6.130, 6.12.78, 6.18.20, 6.19.10, and mainline 7.0-rc5.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-31408 HIGH PATCH This Week

Use-after-free in Linux kernel Bluetooth SCO subsystem allows adjacent network attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability exists in sco_recv_frame() which releases a lock on conn->sk without holding a socket reference, creating a race condition where concurrent close() operations can free the socket before subsequent access. Vendor patches available across multiple stable kernel versions (6.6.131, 6.12.80, 6.18.21, 6.19.11, 7.0-rc6). EPSS score of 0.01% suggests minimal observed exploitation probability despite high CVSS 8.8 rating. No CISA KEV listing or public exploit identified at time of analysis.

Information Disclosure Linux Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-47392 HIGH This Week

Memory corruption in Qualcomm Snapdragon chipsets allows adjacent network attackers to achieve arbitrary code execution without authentication when processing malformed satellite data files containing invalid signature offsets. The vulnerability stems from an integer overflow (CWE-190) that leads to buffer overflow conditions during satellite data decoding. With a CVSS score of 8.8 and adjacent network attack vector, this represents a significant risk for devices with satellite communication capabilities in proximity-based attack scenarios. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.

Integer Overflow Buffer Overflow Snapdragon
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3524 HIGH This Week

Authorization bypass in Mattermost Plugin Legal Hold versions <=1.1.4 allows authenticated attackers to manipulate legal hold data without proper permission validation. After failed authorization checks, the plugin continues processing requests instead of terminating them, enabling low-privileged authenticated users to access, create, download, and delete sensitive legal hold data through direct API calls. This represents a critical failure in access control enforcement for compliance-critical data. EPSS data not available; no confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis.

Authentication Bypass Mattermost
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5707 HIGH PATCH This Week

Remote code execution as root in AWS Research and Engineering Studio (RES) versions 2025.03 through 2025.12.01 allows authenticated remote attackers to execute arbitrary OS commands via unsanitized input in virtual desktop session names. The vulnerability stems from improper neutralization of special elements in OS commands (CWE-78 command injection), enabling privilege escalation to root on virtual desktop hosts. Vendor-released patch available in version 2026.03. CVSS 8.7 (High) with network attack vector, low complexity, and low privileges required. No public exploit identified at time of analysis, though the technical details in GitHub issue #151 may facilitate weaponization.

Command Injection Research And Engineering Studio Res
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-5708 HIGH PATCH This Week

Privilege escalation in AWS Research and Engineering Studio (RES) versions prior to 2026.03 allows authenticated remote attackers to assume virtual desktop host instance profile permissions and interact with AWS resources via crafted API requests. The vulnerability stems from unsanitized user-modifiable attributes in session creation. CVSS 8.7 (High) with network attack vector, low complexity, and requiring low privileges. Vendor-released patch available (version 2026.03). EPSS data not provided; no public exploit identified at time of analysis.

Privilege Escalation Research And Engineering Studio Res
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-35185 HIGH PATCH This Week

Information disclosure in HAX CMS/HAXiam prior to 25.0.0 exposes authentication tokens, user activity logs, client IP addresses, and server configuration through a publicly accessible /server-status endpoint requiring no authentication. Remote unauthenticated attackers can harvest active session tokens and infrastructure details to facilitate credential theft and reconnaissance. EPSS score of 0.06% (19th percentile) suggests limited observed exploitation attempts, with no CISA KEV listing or public exploit identified at time of analysis.

PHP Authentication Bypass
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-35184 HIGH PATCH This Week

SQL injection in EcclesiaCRM v2/templates/query/queryview.php allows authenticated remote attackers to execute arbitrary SQL commands via unsanitized 'custom' and 'value' parameters. All versions prior to 8.0.0 are affected. CVSS 8.7 (High) with network vector, low complexity, and low privileges required. Publicly available exploit code exists (detailed PoC published in referenced Gist). EPSS data not provided, but the combination of public PoC, clear attack path, and critical CWE-89 classification elevates real-world exploitation risk. No confirmed active exploitation (CISA KEV) at time of analysis.

SQLi PHP
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-35389 HIGH PATCH This Week

S/MIME signature verification in Bulwark Webmail prior to 1.4.11 fails to validate certificate trust chains, allowing attackers to forge digitally signed emails using self-signed or untrusted certificates that appear legitimate to recipients. This integrity bypass affects all unauthenticated remote attackers (CVSS:4.0 AV:N/AC:L/PR:N) with high integrity impact. No public exploit identified at time of analysis, though the attack is straightforward given the disabled trust validation (checkChain: false configuration flaw). ENISA EUVD-2026-19478 classifies this as an information disclosure issue, though the primary risk is message authenticity compromise in encrypted email workflows.

Information Disclosure Webmail
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-35391 HIGH PATCH This Week

IP address spoofing in Bulwark Webmail versions prior to 1.4.11 allows unauthenticated remote attackers to bypass IP-based rate limiting and forge audit log entries by manipulating the X-Forwarded-For HTTP header. The vulnerability enables brute-force attacks against admin login interfaces and allows malicious actors to mask their true origin in security logs. CVSS 8.7 reflects high integrity impact (VI:H) with network-accessible attack vector requiring no privileges (AV:N, PR:N). No public exploit identified at time of analysis, though exploitation is straightforward given the trust-boundary violation in HTTP header processing.

Authentication Bypass Webmail
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-34588 HIGH PATCH GHSA This Week

Integer overflow in OpenEXR's PIZ wavelet decompression leads to out-of-bounds memory access when processing malicious EXR image files. Affects OpenEXR 3.1.0 through 3.2.6, 3.3.0-3.3.8, and 3.4.0-3.4.8. Local attackers can trigger memory corruption through crafted EXR files without authentication (CVSS:4.0 AV:L/PR:N), achieving high confidentiality, integrity, and availability impact. EPSS data not available; no public exploit identified at time of analysis. Vendor-released patches available in versions 3.2.7, 3.3.9, and 3.4.9.

Buffer Overflow Information Disclosure Openexr
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-35399 HIGH PATCH This Week

Stored cross-site scripting (XSS) in WeGIA Web manager for charitable institutions allows remote attackers to inject malicious scripts via specially crafted backup filenames, leading to session hijacking or unauthorized actions performed in victim browsers. Affects versions prior to 3.6.9. No public exploit identified at time of analysis, though CVSS 8.5 reflects high impact to confidentiality and integrity with low attack complexity and no authentication requirements.

XSS Wegia
NVD GitHub
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-34975 HIGH PATCH This Week

CRLF injection in Plunk email platform's SESService.ts allows authenticated API users to inject arbitrary MIME headers by embedding carriage return/line feed sequences in user-controlled fields (from.name, subject, custom headers, attachment filenames). Attackers can silently add Bcc headers for email forwarding, manipulate Reply-To addresses, or spoof senders by exploiting the lack of input sanitization before MIME message construction. CVSS 8.5 severity reflects network-accessible exploitation with low complexity requiring only low-privilege authentication. No public exploit identified at time of analysis, with EPSS data unavailable for this 2026 CVE identifier. Vendor-released patch: version 0.8.0 implements schema-level validation rejecting CR/LF characters.

Code Injection Plunk
NVD GitHub VulDB
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-34589 HIGH PATCH GHSA This Week

Integer overflow in OpenEXR's DWA lossy decoder (versions 3.2.0-3.2.6, 3.3.0-3.3.8, 3.4.0-3.4.8) enables local attackers to trigger out-of-bounds memory writes when processing maliciously crafted EXR image files. The vulnerability stems from signed 32-bit arithmetic overflow in block pointer calculations for large image widths, causing decoder operations to write outside allocated memory buffers. User interaction is required (victim must open a malicious EXR file), but no authentication is needed. No public exploit identified at time of analysis, though the technical details in the GitHub security advisory provide sufficient information for proof-of-concept development.

Integer Overflow Buffer Overflow Openexr
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-34982 HIGH PATCH This Week

Arbitrary OS command execution in Vim prior to version 9.2.0276 occurs when users open maliciously crafted files containing modeline directives that bypass sandbox protections. The vulnerability exploits missing security flags on the complete, guitabtooltip, and printheader options, plus an unchecked mapset() function, enabling attackers to escape Vim's modeline sandbox and execute system commands. Publicly available exploit code exists. With EPSS data unavailable and no CISA KEV listing, real-world exploitation risk depends heavily on social engineering success, though the low attack complexity (CVSS AC:L) and no authentication requirement (PR:N) lower the barrier for opportunistic attacks against users who routinely open untrusted files.

Command Injection Vim
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-39307 HIGH PATCH GHSA This Week

Arbitrary file write in PraisonAI's template installation feature allows remote attackers to overwrite system files when users install malicious templates via social engineering. The vulnerability stems from unsafe ZIP extraction in templates.py using Python's zipfile.extractall() without path validation, enabling classic Zip Slip attacks. Public exploit code exists with proof-of-concept demonstrating /tmp file creation via path traversal. EPSS probability is low (0.04%, 13th percentile) indicating limited observed exploitation attempts, though the attack requires only user interaction (CVSS UI:R) to achieve high integrity and availability impact. Vendor patch released in version 4.5.113 per GitHub advisory GHSA-4ph2-f6pf-79wv.

Python RCE
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-26263 HIGH PATCH This Week

Time-based blind SQL injection in GLPI's Search engine allows remote unauthenticated attackers to extract sensitive database contents and potentially achieve code execution. GLPI versions 11.0.0 through 11.0.5 are vulnerable. The CVSS vector (PR:N) confirms no authentication required, though attack complexity is rated high (AC:H). EPSS data not available, no CISA KEV listing indicates no confirmed active exploitation at time of analysis, but the unauthenticated remote attack surface and SQL injection nature present significant risk for this widely-deployed IT asset management platform.

SQLi Glpi
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-35045 HIGH PATCH This Week

Authenticated users can modify and expose private recipes in Tandoor Recipes through broken object-level authorization in the batch update API endpoint. Any authenticated user within a shared Space can modify recipes marked private by other users, force-share private recipes, and tamper with metadata by exploiting the PUT /api/recipe/batch_update/ endpoint which bypasses authorization checks enforced on single-recipe endpoints. Affects all versions prior to 2.6.4. CVSS 8.1 (High) reflects network-accessible attack requiring only low-privilege authentication with no user interaction. No public exploit identified at time of analysis, though exploitation is straightforward for authenticated attackers.

Authentication Bypass Recipes
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-34402 HIGH PATCH This Week

Time-based blind SQL injection in ChurchCRM versions prior to 7.1.0 allows authenticated users with Edit Records or Manage Groups permissions to exfiltrate or modify database content including credentials, PII, and configuration secrets via the PropertyAssign.php endpoint. Attack requires low-privilege authentication (PR:L) but enables high confidentiality and integrity impact through database manipulation. No public exploit identified at time of analysis, though EPSS data was not provided. CVSS 8.1 reflects network-accessible exploitation with low complexity requiring only basic user privileges.

SQLi PHP
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-34444 HIGH PATCH GHSA This Week

Arbitrary code execution in Lupa (Python-Lua integration library) versions ≤2.6 allows unauthenticated remote attackers to bypass attribute filtering controls via Python's getattr/setattr built-ins. The vulnerability enables attackers to circumvent sandbox restrictions designed to limit Lua runtime access to sensitive Python objects, ultimately achieving code execution in the CPython host process. EPSS data unavailable; no CISA KEV listing or public exploit identified at time of analysis, though exploitation complexity is low per CVSS vector (AC:L, PR:N).

RCE Authentication Bypass Lupa
NVD GitHub VulDB
CVSS 4.0
7.9
EPSS
0.1%
CVE-2026-21382 HIGH This Week

Memory corruption in Qualcomm Snapdragon components allows local authenticated users to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability through malformed power management requests. The vulnerability stems from improper validation of input/output buffer sizes in power management handlers. EPSS data not available; no confirmed active exploitation (not listed in CISA KEV) or public exploit code identified at time of analysis. Qualcomm addressed this in their April 2026 security bulletin.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21380 HIGH This Week

Local privilege escalation via use-after-free in Qualcomm Snapdragon video memory management allows authenticated attackers with low privileges to achieve complete system compromise. The vulnerability exists in deprecated DMABUF IOCTL interfaces used for direct memory access buffer operations. No public exploit identified at time of analysis, with EPSS data unavailable for this 2026 CVE. Qualcomm addressed this in their April 2026 security bulletin.

Memory Corruption Buffer Overflow Use After Free Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21378 HIGH This Week

Local privilege escalation in Qualcomm Snapdragon camera sensor drivers allows authenticated users to execute arbitrary code with elevated privileges through memory corruption. The vulnerability stems from unbounded buffer access during IOCTL processing, enabling attackers to corrupt memory and achieve complete system compromise (confidentiality, integrity, and availability impact). EPSS data not available; no public exploit identified at time of analysis. Affects Qualcomm Snapdragon-powered devices across mobile and IoT ecosystems.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21375 HIGH This Week

Memory corruption in Qualcomm Snapdragon chipsets allows authenticated local attackers with low privileges to execute arbitrary code, elevate privileges, or cause system crashes through improper IOCTL buffer validation. The vulnerability achieves complete compromise of confidentiality, integrity, and availability (CVSS 7.8 HIGH). No public exploit code identified at time of analysis, though exploitation requires only low attack complexity once local access is obtained. Qualcomm addressed this in their April 2026 security bulletin.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21373 HIGH This Week

Local privilege escalation in Qualcomm Snapdragon products allows authenticated attackers to gain kernel-level code execution through memory corruption during IOCTL processing. The vulnerability stems from unchecked buffer size validation when writing to output buffers, enabling high-impact compromise of confidentiality, integrity, and availability on affected mobile and embedded devices. With a CVSS score of 7.8 and low attack complexity (AC:L), this represents a significant privilege escalation vector for malicious applications or local users, though no public exploit or active exploitation has been identified at time of analysis.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31406 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() After cancel_delayed_work_sync() is called from xfrm_nat_keepalive_net_fini(), xfrm_state_fini() flushes remaining states via __xfrm_state_delete(), which calls xfrm_nat_keepalive_state_updated() to re-schedule nat_keepalive_work. The following is a simple race scenario: cpu0 cpu1 cleanup_net() [Round 1] ops_undo_list() xfrm_net_exit() xfrm_nat_keepalive_net_fini() cancel_delayed_work_sync(nat_keepalive_work); xfrm_state_fini() xfrm_state_flush() xfrm_state_delete(x) __xfrm_state_delete(x) xfrm_nat_keepalive_state_updated(x) schedule_delayed_work(nat_keepalive_work); rcu_barrier(); net_complete_free(); net_passive_dec(net); llist_add(&net->defer_free_list, &defer_free_list); cleanup_net() [Round 2] rcu_barrier(); net_complete_free() kmem_cache_free(net_cachep, net); nat_keepalive_work() // on freed net To prevent this, cancel_delayed_work_sync() is replaced with disable_delayed_work_sync().

Information Disclosure Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21376 HIGH This Week

Local privilege escalation in Qualcomm Snapdragon camera sensor drivers allows authenticated attackers with low privileges to execute arbitrary code with elevated permissions through unchecked output buffer access during IOCTL operations. This out-of-bounds read vulnerability (CWE-126) achieves complete system compromise (confidentiality, integrity, and availability impact all rated High in CVSS). No public exploit identified at time of analysis, though the local attack vector and low complexity suggest proof-of-concept development is feasible for researchers with device access.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21374 HIGH This Week

Memory corruption in Qualcomm Snapdragon auxiliary sensor I/O control processing allows authenticated local attackers to achieve arbitrary code execution with high integrity and confidentiality impact. The vulnerability stems from insufficient buffer size validation (CWE-126: Buffer Over-read) when handling sensor control commands. With CVSS 7.8 and local attack vector requiring low privileges, this represents a moderate real-world risk for privilege escalation attacks on Android and IoT devices using affected Snapdragon chipsets. No public exploit code or CISA KEV listing identified at time of analysis, though the April 2026 bulletin date suggests recent disclosure.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21372 HIGH This Week

Local privilege escalation in Qualcomm Snapdragon components allows authenticated local attackers to corrupt kernel memory through malformed IOCTL requests. Exploitation requires low-privilege local access but no user interaction (CVSS 7.8, AV:L/PR:L). The vulnerability enables attackers to achieve high impact across confidentiality, integrity, and availability through unsafe memcpy operations that fail to validate buffer sizes. No public exploit identified at time of analysis, though the straightforward attack complexity (AC:L) suggests exploitation development is feasible for adversaries with local access.

Buffer Overflow Heap Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21371 HIGH This Week

Memory corruption in Qualcomm Snapdragon components allows local authenticated attackers to execute arbitrary code with high privileges. A buffer overflow vulnerability (CWE-126) occurs during output buffer retrieval due to insufficient size validation, enabling complete system compromise with high confidentiality, integrity, and availability impact. EPSS risk data not available; no confirmed active exploitation (not in CISA KEV) and no public exploit code identified at time of analysis. The local attack vector (AV:L) and low complexity (AC:L) make this exploitable by malicious apps or local users on affected Snapdragon-powered devices.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47391 HIGH This Week

Local privilege escalation in Qualcomm Snapdragon allows authenticated users to execute arbitrary code through memory corruption when processing frame requests. This CWE-121 stack-based buffer overflow enables complete system compromise (high confidentiality, integrity, and availability impact). No public exploit identified at time of analysis, with CVSS 7.8 indicating high severity requiring low attack complexity and low privileges. Qualcomm's April 2026 security bulletin addresses this vulnerability.

Buffer Overflow Stack Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47390 HIGH This Week

Local privilege escalation via memory corruption in Qualcomm Snapdragon JPEG driver allows authenticated local users to achieve full system compromise (high confidentiality, integrity, and availability impact). The buffer overflow vulnerability (CWE-126) occurs during IOCTL request preprocessing, a common attack surface in kernel-mode device drivers. CVSS 7.8 indicates high severity with low attack complexity. No public exploit identified at time of analysis, and EPSS data not available in provided intelligence. Qualcomm's April 2026 security bulletin addresses this issue, indicating coordinated disclosure timeframe.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47389 HIGH This Week

Local privilege escalation in Qualcomm Snapdragon components enables authenticated users to achieve arbitrary code execution with elevated privileges through memory corruption triggered by integer overflow during attestation report generation. The vulnerability requires low attack complexity and low-level authentication (CVSS:3.1/AV:L/AC:L/PR:L), allowing complete compromise of confidentiality, integrity, and availability on affected devices. With CVSS 7.8 (High severity) and local attack vector, this represents a significant risk on multi-user Android devices where malicious apps could exploit the flaw to break out of sandboxing. No public exploit identified at time of analysis, though the buffer overflow class (CWE-120) is well-understood by exploit developers.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-5709 HIGH PATCH This Week

Remote command injection in AWS Research and Engineering Studio (RES) 2024.10 through 2025.12.01 allows authenticated users to execute arbitrary commands on cluster-manager EC2 instances through unsanitized input in the FileBrowser API. Vendor-released patch available (version 2026.03). No public exploit identified at time of analysis, though CVSS 7.7 reflects high impact if exploited by low-privileged authenticated users with network access.

Command Injection Research And Engineering Studio Res
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-21381 HIGH This Week

Buffer over-read (CWE-126) in Qualcomm Snapdragon devices causes denial-of-service when processing malformed Neighborhood Awareness Networking (NAN) service data frames with excessive length values. Attack requires network proximity, high attacker privileges, user interaction, and high complexity (CVSS 7.6), yielding CVSS scope change with potential high confidentiality/integrity impact beyond availability disruption. Qualcomm April 2026 bulletin addresses this transient DOS condition. No public exploit identified at time of analysis, though the specific protocol implementation flaw in NAN device discovery presents measurable risk in adjacent network scenarios where attackers have elevated Wi-Fi protocol access.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-21367 HIGH This Week

Out-of-bounds read in Qualcomm Snapdragon WiFi firmware triggers denial-of-service when processing malformed FILS Discovery frames during network scans. Remote attackers on the same wireless network can crash affected devices by broadcasting specially crafted 802.11ai Fast Initial Link Setup frames with invalid action field sizes. CVSS 7.6 (High) reflects the high attack complexity and required high privileges, though the confidentiality/integrity impacts appear overstated for a transient DOS condition. EPSS data not available; no public exploit identified at time of analysis.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-35523 HIGH PATCH GHSA This Week

Authentication bypass in Strawberry GraphQL WebSocket subscriptions (versions <0.312.3) allows unauthenticated remote attackers to access protected GraphQL subscription endpoints by exploiting the legacy graphql-ws subprotocol handler. Attackers can skip the on_ws_connect authentication hook by connecting with graphql-ws and sending subscription start messages without completing the connection_init handshake. No public exploit identified at time of analysis, though exploitation is straightforward given the protocol-level nature of the bypass. CVSS 7.5 reflects network-accessible unauthenticated attack with high confidentiality impact.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-30078 HIGH This Week

AMF daemon in OpenAirInterface V2.2.0 crashes upon receipt of malformed NGAP control-plane messages containing mismatched procedure codes or PDU type violations (e.g., successfulOutcome where InitiatingMessage is required). Remote attackers can trigger denial of service without authentication (CVSS AV:N/PR:N), exploiting improper input validation (CWE-20) in 5G core network signaling. Publicly available exploit code exists, SSVC framework classifies as automatable with partial technical impact, and EPSS data not provided but attack simplicity (AC:L) indicates low barrier to exploitation.

Denial Of Service
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-26027 HIGH PATCH This Week

Stored XSS in GLPI 11.0.0-11.0.5 allows remote attackers to inject malicious scripts via the inventory endpoint without authentication, leading to potential session hijacking and unauthorized actions when victims interact with poisoned inventory data. CVSS 7.5 (High) with Network attack vector and no privileges required (PR:N). No public exploit identified at time of analysis, though the unauthenticated nature and stored XSS persistence elevate practical risk for environments with publicly accessible GLPI installations.

XSS Glpi
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-35526 HIGH PATCH GHSA This Week

Unauthenticated denial-of-service in Strawberry GraphQL WebSocket handlers allows remote attackers to crash Python servers via subscription flooding. The vulnerability affects both graphql-transport-ws and legacy graphql-ws protocol implementations, which fail to enforce per-connection subscription limits. An attacker can exhaust server memory and saturate the asyncio event loop by sending unlimited subscribe messages over a single WebSocket connection, leading to service degradation or out-of-memory crashes. EPSS data not available for this recent CVE; no public exploit identified at time of analysis, though exploitation is trivial given the low attack complexity (CVSS AC:L) and lack of authentication requirement (PR:N).

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-57834 HIGH This Week

Denial of Service in Samsung Exynos processors and modems (including 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 1680, 9110, W920, W930, W1000, and Modems 5123, 5300, 5400, 5410) allows unauthenticated remote attackers to cause complete service disruption via network-based attacks requiring low complexity and no user interaction. The vulnerability stems from improper input validation (CWE-20) affecting mobile, wearable, and baseband modem chipsets used across Samsung's semiconductor product line. No public exploit identified at time of analysis, though the CVSS vector indicates trivial exploitation conditions (AV:N/AC:L/PR:N/UI:N) that could enable network-accessible denial of service attacks against devices containing these chipsets.

Denial Of Service Samsung
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-35203 HIGH PATCH This Week

Heap buffer overflow in ZLMediaKit's VP9 RTP payload parser allows remote unauthenticated attackers to trigger denial of service by sending a single malformed RTP packet. The vulnerability stems from insufficient buffer length validation in ext-codec/VP9Rtp.cpp, where flag bits in a 1-byte payload (0xFF) cause out-of-bounds reads. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) and EPSS 0.04%, this represents a low-probability but remotely exploitable attack surface against any ZLMediaKit server processing VP9 streams. Fixed in commit 435dcbcbbf700fd63b2ca9eac6cef3b5ea75169d. No active exploitation (CISA KEV) or public POC identified at time of analysis.

Buffer Overflow Information Disclosure Zlmediakit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34148 HIGH PATCH GHSA This Week

Unbounded HTTP redirect following in Fedify's ActivityPub document loaders enables resource exhaustion attacks. Remote unauthenticated attackers can trigger denial of service by controlling ActivityPub key or actor URLs that redirect indefinitely, forcing affected servers (Fedify versions before 1.9.6, 1.10.5, 2.0.8, and 2.1.1) to make repeated outbound requests from a single inbound request. No public exploit identified at time of analysis, though the attack vector is straightforward given the low complexity (CVSS AC:L). CVSS base score 7.5 (High) reflects network-reachable, unauthenticated access with high availability impact.

Denial Of Service Fedify Vocab Runtime
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-35172 HIGH PATCH GHSA This Week

Distribution container registry versions ≤3.0.x and ≤2.8.x restore read access to explicitly deleted blobs when Redis blob descriptor caching and storage deletion are both enabled. After an administrator deletes a blob from repository A, the deletion briefly succeeds, but when repository B later accesses the same digest, it repopulates the shared Redis descriptor cache. Repository A then regains unauthorized read access to the deleted blob because stale repository-scoped membership metadata was never invalidated from Redis. This authorization bypass defeats repository-local content revocation with concrete confidentiality impact. CVSS 7.5 (HIGH) with network attack vector, low complexity, and no authentication required. EPSS exploitation probability is very low (0.03%, 9th percentile), suggesting limited real-world targeting despite public POC availability. Vendor-released patch confirms the issue and provides a fix in version 3.1.0.

Redis Canonical Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33540 HIGH PATCH GHSA This Week

Server-Side Request Forgery (SSRF) in distribution container toolkit versions before 3.1.0 enables credential theft via malicious upstream registry responses. When operating in pull-through cache mode, distribution parses WWW-Authenticate bearer challenges from upstream registries without validating the realm URL against the configured upstream host. Attackers controlling the upstream registry or positioned for man-in-the-middle attacks can specify arbitrary realm URLs, causing distribution to transmit configured upstream credentials via basic authentication to attacker-controlled endpoints (CVSS 7.5, High confidentiality impact). EPSS data and KEV status not available; no public exploit identified at time of analysis, though exploitation requires only network access with low complexity (AV:N/AC:L) and no authentication (PR:N).

SSRF Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-59440 HIGH This Week

Denial of service in Samsung Exynos USIM firmware across mobile, wearable, and modem processors allows unauthenticated remote attackers to crash affected devices via maliciously crafted SIM card proactive commands. The vulnerability affects over 20 Exynos chipset families (980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, 5300, 5400) due to improper handling of USIM proactive commands, classified as CWE-400 (Uncontrolled Resource Consumption). EPSS exploitation probability is low (0.02%, 5th percentile), no public exploit identified at time of analysis, and not currently listed in CISA KEV. Despite the high CVSS base score of 7.5, the practical exploitation requires attacker control over cellular network infrastructure or compromised SIM cards, significantly limiting real-world attack surface.

Samsung Denial Of Service Exynos 990 Firmware Exynos 980 Firmware Exynos 850 Firmware +17
NVD
CVSS 3.1
7.5
EPSS
0.0%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy