Skip to main content
CVE-2026-35020 HIGH POC This Week

OS command injection in Anthropic Claude Code CLI and Claude Agent SDK for Python allows local attackers to execute arbitrary commands by poisoning the TERMINAL environment variable with shell metacharacters. The vulnerability affects both normal CLI operations and deep-link handlers, enabling privilege escalation to the user context running the CLI. Publicly available exploit code exists. With CVSS 8.6 (High) severity, this presents significant risk in CI/CD pipelines and developer environments where environment variables may be attacker-controlled.

Command Injection Claude Code Claude Agent Sdk For Python
NVD VulDB
CVSS 4.0
8.6
EPSS
0.1%
CVE-2026-34885 HIGH POC This Week

SQL injection in WordPress Media Library Assistant plugin through version 3.34 allows authenticated attackers with low-level privileges to extract sensitive database contents and potentially disrupt availability. The vulnerability has a CVSS score of 8.5 (High) with scope change, indicating authenticated attackers can access data beyond their permission level. EPSS data not available; no public exploit identified at time of analysis. No CISA KEV listing indicates this is not confirmed as actively exploited in the wild.

SQLi
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2024-14032 HIGH POC This Week

Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Authentication Bypass Twitch Studio
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-35021 HIGH POC This Week

OS command injection in Anthropic Claude Code CLI and Claude Agent SDK for Python enables arbitrary command execution via malicious file paths containing shell metacharacters. Local attackers can exploit POSIX shell command substitution within double-quoted strings to execute commands with user privileges. Publicly available exploit code exists. With CVSS 8.4 (High) and local attack vector requiring user interaction, this represents elevated risk in CI/CD pipelines and development environments where untrusted file paths may be processed.

Command Injection Claude Code Claude Agent Sdk For Python
NVD VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-39363 HIGH POC PATCH GHSA This Week

Vite dev server WebSocket allows unauthorized file system access, bypassing server.fs.allow restrictions when developers expose dev servers to networks (via --host). Attackers exploiting this can read arbitrary files (credentials, source code, secrets) from the development machine or CI environment through a WebSocket vite:invoke event calling fetchModule with file:// URLs. Vendor-released patches available in versions 6.4.2, 7.3.2, and 8.0.5. Public exploit code exists with detailed proof-of-concept demonstrating /etc/passwd retrieval via WebSocket without Origin header validation.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.1%
CVE-2026-39364 HIGH POC PATCH GHSA This Week

Vite development server allows unauthorized file disclosure by bypassing server.fs.deny restrictions when specific query parameters (?raw, ?import&raw, ?import&url&inline) are appended to file requests. The npm package 'vite' is affected when the dev server is explicitly exposed to the network and sensitive files exist within allowed directories but are supposedly blocked by deny patterns. A publicly available exploit code exists demonstrating retrieval of .env files and certificates. Fixed in versions 7.3.2 and 8.0.5 according to vendor release tags.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-5685 HIGH POC This Week

Remote code execution in Tenda CX12L firmware version 16.03.53.12 allows authenticated attackers to overflow stack buffers via malicious 'page' parameter values sent to the addressNat endpoint (/goform/addressNat). The fromAddressNat function fails to validate input length, enabling memory corruption with high impact to confidentiality, integrity, and availability. Publicly available exploit code exists (GitHub POC), elevating practical exploitation risk despite requiring low-privilege authentication. EPSS data not available, but CVSS 7.4 reflects network-accessible attack vector with low complexity.

Tenda Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5609 HIGH POC This Week

Stack-based buffer overflow in Tenda i12 router firmware 1.0.0.11(3862) allows authenticated remote attackers to execute arbitrary code via the WiFi SSID configuration interface. The vulnerability is exploitable over the network with low complexity through manipulation of the 'index' or 'wl_radio' parameters in the formwrlSSIDset function. With publicly available exploit code (GitHub POC) and a CVSS score of 8.8, this presents immediate risk to exposed management interfaces. EPSS data not provided, but the combination of network accessibility, authentication bypass potential, and weaponized exploit elevates real-world risk.

Tenda Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5628 HIGH POC This Week

Stack-based buffer overflow in Belkin F9K1015 wireless router firmware 1.00.10 allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in the formSetSystemSettings function within the /goform/formSetSystemSettings endpoint, exploitable via the 'webpage' parameter. Publicly available exploit code exists (GitHub POC), CVSS 8.8 indicating network-exploitable with low complexity requiring only low-privilege authentication. Vendor unresponsive to coordinated disclosure attempts.

Buffer Overflow Stack Overflow F9K1015
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5614 HIGH POC This Week

Stack-based buffer overflow in Belkin F9K1015 v1.00.10 allows authenticated remote attackers to achieve code execution via the formSetPassword function. The vulnerability requires low-privilege credentials but no user interaction, carrying a CVSS score of 8.8 (High). Public exploit code exists on GitHub, significantly lowering the barrier to exploitation, though no active exploitation is confirmed (not in CISA KEV). The vendor did not respond to responsible disclosure attempts.

Stack Overflow Buffer Overflow F9K1015
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5613 HIGH POC This Week

Stack-based buffer overflow in Belkin F9K1015 wireless router firmware 1.00.10 allows authenticated remote attackers to achieve code execution and full system compromise via the formReboot endpoint. The vulnerability has a publicly available exploit (GitHub POC) and requires only low-privileged authentication (EPSS risk assessment recommended but data not provided). Vendor did not respond to disclosure, indicating no patch is available.

Buffer Overflow Stack Overflow F9K1015
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5612 HIGH POC This Week

Stack-based buffer overflow in Belkin F9K1015 wireless router firmware 1.00.10 enables authenticated remote attackers to achieve complete system compromise via crafted 'webpage' parameter to the formWlEncrypt endpoint. Publicly available exploit code exists (GitHub POC). EPSS data not provided, but the low attack complexity (AC:L) and network attack vector (AV:N) combined with confirmed POC availability indicate moderate-to-high exploitation risk. Vendor was notified but did not respond, leaving devices potentially unpatched.

Buffer Overflow Stack Overflow F9K1015
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5611 HIGH POC This Week

Stack-based buffer overflow in Belkin F9K1015 wireless router firmware version 1.00.10 allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in the formCrossBandSwitch function accessible via /goform/formCrossBandSwitch endpoint, where unsanitized input to the 'webpage' parameter triggers memory corruption. Publicly available exploit code exists (GitHub POC), elevating practical exploitat

Stack Overflow Buffer Overflow F9K1015
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5610 HIGH POC This Week

Stack-based buffer overflow in Belkin F9K1015 wireless router firmware 1.00.10 enables authenticated remote attackers to achieve full system compromise (code execution, denial of service, credential theft) via crafted requests to the formWISP5G endpoint. CVSS 8.8 severity with low attack complexity and publicly available exploit code. Vendor has not responded to disclosure, leaving users without an official patch. EPSS data not available, but the combination of network accessibility, low complexity, and public POC elevates real-world risk despite requiring low-privilege authentication.

Buffer Overflow Stack Overflow F9K1015
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5608 HIGH POC This Week

Stack-based buffer overflow in Belkin F9K1122 router firmware 1.00.33 enables authenticated remote attackers to achieve full device compromise via crafted 'webpage' parameter in formWlanSetup function. Publicly available exploit code exists, and EPSS data suggests low-probability targeting despite critical CVSS 8.8 severity. Vendor non-responsive to disclosure; no patch released.

Buffer Overflow Stack Overflow F9k1122
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5684 HIGH POC This Week

Stack-based buffer overflow in Tenda CX12L wireless router firmware 16.03.53.12 allows authenticated adjacent network attackers to execute arbitrary code or crash the device via crafted 'page' parameter to the /goform/webExcptypemanFilter endpoint. Publicly available exploit code exists (GitHub POC published), enabling straightforward exploitation against unpatched routers on the same LAN segment. EPSS score of 0.03% suggests limited mass exploitation to date, though adjacent network requirement naturally constrains attack surface to local/corporate networks rather than internet-wide scanning.

Tenda Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-35164 HIGH PATCH This Week

Remote code execution in Brave CMS versions prior to 2.0.6 allows authenticated users to upload and execute arbitrary PHP scripts through the CKEditor upload functionality. The vulnerability stems from unrestricted file upload in the ckupload method of CkEditorController.php, which fails to validate uploaded file types. No public exploit identified at time of analysis, though the attack requires only low-privilege authentication (PR:L) with low complexity (AC:L). CVSS 8.8 High severity reflects the complete system compromise possible post-authentication.

File Upload PHP RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-33510 HIGH PATCH This Week

DOM-based Cross-Site Scripting in Homarr dashboard versions prior to 1.57.0 allows unauthenticated remote attackers to execute arbitrary JavaScript in victims' browsers via malicious callbackUrl parameters on the /auth/login page. Despite the high CVSS score of 8.8, no public exploit code or active exploitation has been identified at time of analysis. The vulnerability enables credential theft and unauthorized actions when authenticated users click crafted links, with scope change indicating potential cross-domain impact.

XSS Homarr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-35182 HIGH PATCH This Week

Privilege escalation in Brave CMS 2.0.x before 2.0.6 allows authenticated users with low-privilege accounts to promote themselves to Super Admin by directly calling the unprotected role update endpoint. The vulnerability stems from a missing authorization middleware check on the /rights/update-role/{id} route, enabling complete takeover of the CMS by any user with valid credentials. No public exploit identified at time of analysis, but exploitation is trivial given the straightforward API endpoint access. With EPSS data unavailable and no KEV listing, risk primarily affects organizations using affected Brave CMS versions in multi-user environments.

PHP Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-35395 HIGH PATCH This Week

SQL injection in WeGIA 3.6.8 and earlier allows authenticated users to execute arbitrary SQL commands through the id_memorando parameter in DespachoDAO.php. The vulnerability affects WeGIA, a web-based management system for charitable institutions, enabling attackers with valid credentials to potentially exfiltrate sensitive donor/beneficiary data, modify records, or compromise database integrity. No public exploit identified at time of analysis, with EPSS data not available for this recent CVE. Vendor-released patch available in version 3.6.9.

SQLi PHP
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-31409 HIGH PATCH This Week

Session hijacking in Linux kernel ksmbd SMB server allows authenticated network attackers to escalate privileges and access arbitrary sessions via failed multichannel binding requests. When SMB2_SESSION_SETUP with SMB2_SESSION_REQ_FLAG_BINDING fails, ksmbd incorrectly leaves the connection in a binding state, causing all subsequent session lookups to fall back to the global sessions table instead of connection-specific sessions. This enables attackers to access sessions across different connections, potentially leading to unauthorized data access and privilege escalation. Exploitation probability is extremely low (EPSS 0.01%, 1st percentile) with no public exploits or CISA KEV listing. Patches available for kernel versions 6.1.167, 6.6.130, 6.12.78, 6.18.20, 6.19.10, and mainline 7.0-rc5.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-31408 HIGH PATCH This Week

Use-after-free in Linux kernel Bluetooth SCO subsystem allows adjacent network attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability exists in sco_recv_frame() which releases a lock on conn->sk without holding a socket reference, creating a race condition where concurrent close() operations can free the socket before subsequent access. Vendor patches available across multiple stable kernel versions (6.6.131, 6.12.80, 6.18.21, 6.19.11, 7.0-rc6). EPSS score of 0.01% suggests minimal observed exploitation probability despite high CVSS 8.8 rating. No CISA KEV listing or public exploit identified at time of analysis.

Information Disclosure Linux Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-47392 HIGH This Week

Memory corruption in Qualcomm Snapdragon chipsets allows adjacent network attackers to achieve arbitrary code execution without authentication when processing malformed satellite data files containing invalid signature offsets. The vulnerability stems from an integer overflow (CWE-190) that leads to buffer overflow conditions during satellite data decoding. With a CVSS score of 8.8 and adjacent network attack vector, this represents a significant risk for devices with satellite communication capabilities in proximity-based attack scenarios. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.

Integer Overflow Buffer Overflow Snapdragon
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3524 HIGH This Week

Authorization bypass in Mattermost Plugin Legal Hold versions <=1.1.4 allows authenticated attackers to manipulate legal hold data without proper permission validation. After failed authorization checks, the plugin continues processing requests instead of terminating them, enabling low-privileged authenticated users to access, create, download, and delete sensitive legal hold data through direct API calls. This represents a critical failure in access control enforcement for compliance-critical data. EPSS data not available; no confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis.

Authentication Bypass Mattermost
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5707 HIGH PATCH This Week

Remote code execution as root in AWS Research and Engineering Studio (RES) versions 2025.03 through 2025.12.01 allows authenticated remote attackers to execute arbitrary OS commands via unsanitized input in virtual desktop session names. The vulnerability stems from improper neutralization of special elements in OS commands (CWE-78 command injection), enabling privilege escalation to root on virtual desktop hosts. Vendor-released patch available in version 2026.03. CVSS 8.7 (High) with network attack vector, low complexity, and low privileges required. No public exploit identified at time of analysis, though the technical details in GitHub issue #151 may facilitate weaponization.

Command Injection Research And Engineering Studio Res
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-5708 HIGH PATCH This Week

Privilege escalation in AWS Research and Engineering Studio (RES) versions prior to 2026.03 allows authenticated remote attackers to assume virtual desktop host instance profile permissions and interact with AWS resources via crafted API requests. The vulnerability stems from unsanitized user-modifiable attributes in session creation. CVSS 8.7 (High) with network attack vector, low complexity, and requiring low privileges. Vendor-released patch available (version 2026.03). EPSS data not provided; no public exploit identified at time of analysis.

Privilege Escalation Research And Engineering Studio Res
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-35185 HIGH PATCH This Week

Information disclosure in HAX CMS/HAXiam prior to 25.0.0 exposes authentication tokens, user activity logs, client IP addresses, and server configuration through a publicly accessible /server-status endpoint requiring no authentication. Remote unauthenticated attackers can harvest active session tokens and infrastructure details to facilitate credential theft and reconnaissance. EPSS score of 0.06% (19th percentile) suggests limited observed exploitation attempts, with no CISA KEV listing or public exploit identified at time of analysis.

PHP Authentication Bypass
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-35184 HIGH PATCH This Week

SQL injection in EcclesiaCRM v2/templates/query/queryview.php allows authenticated remote attackers to execute arbitrary SQL commands via unsanitized 'custom' and 'value' parameters. All versions prior to 8.0.0 are affected. CVSS 8.7 (High) with network vector, low complexity, and low privileges required. Publicly available exploit code exists (detailed PoC published in referenced Gist). EPSS data not provided, but the combination of public PoC, clear attack path, and critical CWE-89 classification elevates real-world exploitation risk. No confirmed active exploitation (CISA KEV) at time of analysis.

SQLi PHP
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-35389 HIGH PATCH This Week

S/MIME signature verification in Bulwark Webmail prior to 1.4.11 fails to validate certificate trust chains, allowing attackers to forge digitally signed emails using self-signed or untrusted certificates that appear legitimate to recipients. This integrity bypass affects all unauthenticated remote attackers (CVSS:4.0 AV:N/AC:L/PR:N) with high integrity impact. No public exploit identified at time of analysis, though the attack is straightforward given the disabled trust validation (checkChain: false configuration flaw). ENISA EUVD-2026-19478 classifies this as an information disclosure issue, though the primary risk is message authenticity compromise in encrypted email workflows.

Information Disclosure Webmail
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-35391 HIGH PATCH This Week

IP address spoofing in Bulwark Webmail versions prior to 1.4.11 allows unauthenticated remote attackers to bypass IP-based rate limiting and forge audit log entries by manipulating the X-Forwarded-For HTTP header. The vulnerability enables brute-force attacks against admin login interfaces and allows malicious actors to mask their true origin in security logs. CVSS 8.7 reflects high integrity impact (VI:H) with network-accessible attack vector requiring no privileges (AV:N, PR:N). No public exploit identified at time of analysis, though exploitation is straightforward given the trust-boundary violation in HTTP header processing.

Authentication Bypass Webmail
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-34588 HIGH PATCH GHSA This Week

Integer overflow in OpenEXR's PIZ wavelet decompression leads to out-of-bounds memory access when processing malicious EXR image files. Affects OpenEXR 3.1.0 through 3.2.6, 3.3.0-3.3.8, and 3.4.0-3.4.8. Local attackers can trigger memory corruption through crafted EXR files without authentication (CVSS:4.0 AV:L/PR:N), achieving high confidentiality, integrity, and availability impact. EPSS data not available; no public exploit identified at time of analysis. Vendor-released patches available in versions 3.2.7, 3.3.9, and 3.4.9.

Buffer Overflow Information Disclosure Openexr
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-35399 HIGH PATCH This Week

Stored cross-site scripting (XSS) in WeGIA Web manager for charitable institutions allows remote attackers to inject malicious scripts via specially crafted backup filenames, leading to session hijacking or unauthorized actions performed in victim browsers. Affects versions prior to 3.6.9. No public exploit identified at time of analysis, though CVSS 8.5 reflects high impact to confidentiality and integrity with low attack complexity and no authentication requirements.

XSS Wegia
NVD GitHub
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-34975 HIGH PATCH This Week

CRLF injection in Plunk email platform's SESService.ts allows authenticated API users to inject arbitrary MIME headers by embedding carriage return/line feed sequences in user-controlled fields (from.name, subject, custom headers, attachment filenames). Attackers can silently add Bcc headers for email forwarding, manipulate Reply-To addresses, or spoof senders by exploiting the lack of input sanitization before MIME message construction. CVSS 8.5 severity reflects network-accessible exploitation with low complexity requiring only low-privilege authentication. No public exploit identified at time of analysis, with EPSS data unavailable for this 2026 CVE identifier. Vendor-released patch: version 0.8.0 implements schema-level validation rejecting CR/LF characters.

Code Injection Plunk
NVD GitHub VulDB
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-34589 HIGH PATCH GHSA This Week

Integer overflow in OpenEXR's DWA lossy decoder (versions 3.2.0-3.2.6, 3.3.0-3.3.8, 3.4.0-3.4.8) enables local attackers to trigger out-of-bounds memory writes when processing maliciously crafted EXR image files. The vulnerability stems from signed 32-bit arithmetic overflow in block pointer calculations for large image widths, causing decoder operations to write outside allocated memory buffers. User interaction is required (victim must open a malicious EXR file), but no authentication is needed. No public exploit identified at time of analysis, though the technical details in the GitHub security advisory provide sufficient information for proof-of-concept development.

Integer Overflow Buffer Overflow Openexr
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-34982 HIGH PATCH This Week

Arbitrary OS command execution in Vim prior to version 9.2.0276 occurs when users open maliciously crafted files containing modeline directives that bypass sandbox protections. The vulnerability exploits missing security flags on the complete, guitabtooltip, and printheader options, plus an unchecked mapset() function, enabling attackers to escape Vim's modeline sandbox and execute system commands. Publicly available exploit code exists. With EPSS data unavailable and no CISA KEV listing, real-world exploitation risk depends heavily on social engineering success, though the low attack complexity (CVSS AC:L) and no authentication requirement (PR:N) lower the barrier for opportunistic attacks against users who routinely open untrusted files.

Command Injection Vim
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-39307 HIGH PATCH GHSA This Week

Arbitrary file write in PraisonAI's template installation feature allows remote attackers to overwrite system files when users install malicious templates via social engineering. The vulnerability stems from unsafe ZIP extraction in templates.py using Python's zipfile.extractall() without path validation, enabling classic Zip Slip attacks. Public exploit code exists with proof-of-concept demonstrating /tmp file creation via path traversal. EPSS probability is low (0.04%, 13th percentile) indicating limited observed exploitation attempts, though the attack requires only user interaction (CVSS UI:R) to achieve high integrity and availability impact. Vendor patch released in version 4.5.113 per GitHub advisory GHSA-4ph2-f6pf-79wv.

Python RCE
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-26263 HIGH PATCH This Week

Time-based blind SQL injection in GLPI's Search engine allows remote unauthenticated attackers to extract sensitive database contents and potentially achieve code execution. GLPI versions 11.0.0 through 11.0.5 are vulnerable. The CVSS vector (PR:N) confirms no authentication required, though attack complexity is rated high (AC:H). EPSS data not available, no CISA KEV listing indicates no confirmed active exploitation at time of analysis, but the unauthenticated remote attack surface and SQL injection nature present significant risk for this widely-deployed IT asset management platform.

SQLi Glpi
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-35045 HIGH PATCH This Week

Authenticated users can modify and expose private recipes in Tandoor Recipes through broken object-level authorization in the batch update API endpoint. Any authenticated user within a shared Space can modify recipes marked private by other users, force-share private recipes, and tamper with metadata by exploiting the PUT /api/recipe/batch_update/ endpoint which bypasses authorization checks enforced on single-recipe endpoints. Affects all versions prior to 2.6.4. CVSS 8.1 (High) reflects network-accessible attack requiring only low-privilege authentication with no user interaction. No public exploit identified at time of analysis, though exploitation is straightforward for authenticated attackers.

Authentication Bypass Recipes
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-34402 HIGH PATCH This Week

Time-based blind SQL injection in ChurchCRM versions prior to 7.1.0 allows authenticated users with Edit Records or Manage Groups permissions to exfiltrate or modify database content including credentials, PII, and configuration secrets via the PropertyAssign.php endpoint. Attack requires low-privilege authentication (PR:L) but enables high confidentiality and integrity impact through database manipulation. No public exploit identified at time of analysis, though EPSS data was not provided. CVSS 8.1 reflects network-accessible exploitation with low complexity requiring only basic user privileges.

SQLi PHP
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-34444 HIGH PATCH GHSA This Week

Arbitrary code execution in Lupa (Python-Lua integration library) versions ≤2.6 allows unauthenticated remote attackers to bypass attribute filtering controls via Python's getattr/setattr built-ins. The vulnerability enables attackers to circumvent sandbox restrictions designed to limit Lua runtime access to sensitive Python objects, ultimately achieving code execution in the CPython host process. EPSS data unavailable; no CISA KEV listing or public exploit identified at time of analysis, though exploitation complexity is low per CVSS vector (AC:L, PR:N).

RCE Authentication Bypass Lupa
NVD GitHub VulDB
CVSS 4.0
7.9
EPSS
0.1%
CVE-2026-21382 HIGH This Week

Memory corruption in Qualcomm Snapdragon components allows local authenticated users to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability through malformed power management requests. The vulnerability stems from improper validation of input/output buffer sizes in power management handlers. EPSS data not available; no confirmed active exploitation (not listed in CISA KEV) or public exploit code identified at time of analysis. Qualcomm addressed this in their April 2026 security bulletin.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21380 HIGH This Week

Local privilege escalation via use-after-free in Qualcomm Snapdragon video memory management allows authenticated attackers with low privileges to achieve complete system compromise. The vulnerability exists in deprecated DMABUF IOCTL interfaces used for direct memory access buffer operations. No public exploit identified at time of analysis, with EPSS data unavailable for this 2026 CVE. Qualcomm addressed this in their April 2026 security bulletin.

Memory Corruption Buffer Overflow Use After Free Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21378 HIGH This Week

Local privilege escalation in Qualcomm Snapdragon camera sensor drivers allows authenticated users to execute arbitrary code with elevated privileges through memory corruption. The vulnerability stems from unbounded buffer access during IOCTL processing, enabling attackers to corrupt memory and achieve complete system compromise (confidentiality, integrity, and availability impact). EPSS data not available; no public exploit identified at time of analysis. Affects Qualcomm Snapdragon-powered devices across mobile and IoT ecosystems.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21375 HIGH This Week

Memory corruption in Qualcomm Snapdragon chipsets allows authenticated local attackers with low privileges to execute arbitrary code, elevate privileges, or cause system crashes through improper IOCTL buffer validation. The vulnerability achieves complete compromise of confidentiality, integrity, and availability (CVSS 7.8 HIGH). No public exploit code identified at time of analysis, though exploitation requires only low attack complexity once local access is obtained. Qualcomm addressed this in their April 2026 security bulletin.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21373 HIGH This Week

Local privilege escalation in Qualcomm Snapdragon products allows authenticated attackers to gain kernel-level code execution through memory corruption during IOCTL processing. The vulnerability stems from unchecked buffer size validation when writing to output buffers, enabling high-impact compromise of confidentiality, integrity, and availability on affected mobile and embedded devices. With a CVSS score of 7.8 and low attack complexity (AC:L), this represents a significant privilege escalation vector for malicious applications or local users, though no public exploit or active exploitation has been identified at time of analysis.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31406 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() After cancel_delayed_work_sync() is called from xfrm_nat_keepalive_net_fini(), xfrm_state_fini() flushes remaining states via __xfrm_state_delete(), which calls xfrm_nat_keepalive_state_updated() to re-schedule nat_keepalive_work. The following is a simple race scenario: cpu0 cpu1 cleanup_net() [Round 1] ops_undo_list() xfrm_net_exit() xfrm_nat_keepalive_net_fini() cancel_delayed_work_sync(nat_keepalive_work); xfrm_state_fini() xfrm_state_flush() xfrm_state_delete(x) __xfrm_state_delete(x) xfrm_nat_keepalive_state_updated(x) schedule_delayed_work(nat_keepalive_work); rcu_barrier(); net_complete_free(); net_passive_dec(net); llist_add(&net->defer_free_list, &defer_free_list); cleanup_net() [Round 2] rcu_barrier(); net_complete_free() kmem_cache_free(net_cachep, net); nat_keepalive_work() // on freed net To prevent this, cancel_delayed_work_sync() is replaced with disable_delayed_work_sync().

Information Disclosure Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21376 HIGH This Week

Local privilege escalation in Qualcomm Snapdragon camera sensor drivers allows authenticated attackers with low privileges to execute arbitrary code with elevated permissions through unchecked output buffer access during IOCTL operations. This out-of-bounds read vulnerability (CWE-126) achieves complete system compromise (confidentiality, integrity, and availability impact all rated High in CVSS). No public exploit identified at time of analysis, though the local attack vector and low complexity suggest proof-of-concept development is feasible for researchers with device access.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21374 HIGH This Week

Memory corruption in Qualcomm Snapdragon auxiliary sensor I/O control processing allows authenticated local attackers to achieve arbitrary code execution with high integrity and confidentiality impact. The vulnerability stems from insufficient buffer size validation (CWE-126: Buffer Over-read) when handling sensor control commands. With CVSS 7.8 and local attack vector requiring low privileges, this represents a moderate real-world risk for privilege escalation attacks on Android and IoT devices using affected Snapdragon chipsets. No public exploit code or CISA KEV listing identified at time of analysis, though the April 2026 bulletin date suggests recent disclosure.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21372 HIGH This Week

Local privilege escalation in Qualcomm Snapdragon components allows authenticated local attackers to corrupt kernel memory through malformed IOCTL requests. Exploitation requires low-privilege local access but no user interaction (CVSS 7.8, AV:L/PR:L). The vulnerability enables attackers to achieve high impact across confidentiality, integrity, and availability through unsafe memcpy operations that fail to validate buffer sizes. No public exploit identified at time of analysis, though the straightforward attack complexity (AC:L) suggests exploitation development is feasible for adversaries with local access.

Buffer Overflow Heap Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21371 HIGH This Week

Memory corruption in Qualcomm Snapdragon components allows local authenticated attackers to execute arbitrary code with high privileges. A buffer overflow vulnerability (CWE-126) occurs during output buffer retrieval due to insufficient size validation, enabling complete system compromise with high confidentiality, integrity, and availability impact. EPSS risk data not available; no confirmed active exploitation (not in CISA KEV) and no public exploit code identified at time of analysis. The local attack vector (AV:L) and low complexity (AC:L) make this exploitable by malicious apps or local users on affected Snapdragon-powered devices.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy