Skip to main content
CVE-2026-5862 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 147.0.7727.55 allows unauthenticated attackers to execute arbitrary code within the browser's sandbox through a crafted HTML page exploiting an inappropriate implementation in the V8 JavaScript engine. User interaction is required (visiting a malicious webpage). No public exploit identified at time of analysis, with EPSS exploitation probability at 0.04% (11th percentile), indicating low observed attacker interest despite high CVSS severity.

Google RCE Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5861 HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine (versions prior to 147.0.7727.55) allows unauthenticated remote attackers to execute arbitrary code within the sandbox by exploiting a use-after-free memory corruption vulnerability through a malicious HTML page. User interaction (visiting a crafted website) is required. No public exploit identified at time of analysis, with EPSS probability at 4% (11th percentile), indicating relatively low immediate exploitation risk despite high CVSS severity.

Memory Corruption Denial Of Service Use After Free RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5910 HIGH PATCH This Week

Integer overflow in Google Chrome's media handling (versions prior to 147.0.7727.55) enables remote attackers to trigger heap corruption through specially crafted video files, achieving potential arbitrary code execution with high confidentiality, integrity, and availability impact. Attack requires user interaction to open malicious media content. Exploitation is unauthenticated (network-accessible). No public exploit identified at time of analysis. Classified as low severity by Chromium project despite CVSS 8.8 rating.

Google Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5909 HIGH PATCH This Week

Integer overflow in Google Chrome's Media component enables remote heap corruption through malicious video files. Affects Chrome versions prior to 147.0.7727.55 on all desktop platforms. Unauthenticated attackers can achieve arbitrary code execution, data theft, or denial of service by convincing users to open specially crafted video content. CVSS 8.8 severity reflects network-based attack requiring user interaction. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS <1%).

Google Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5908 HIGH PATCH This Week

Integer overflow in Google Chrome's Media component allows remote attackers to trigger heap corruption via specially crafted video files. Affects Chrome versions prior to 147.0.7727.55. Attack requires user interaction (opening malicious video file) but no authentication. Successful exploitation enables arbitrary code execution with high impact to confidentiality, integrity, and availability. No public exploit identified at time of analysis. Chromium project rates severity as Low despite CVSS 8.8 score.

Google Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5868 HIGH PATCH This Week

Arbitrary code execution in Google Chrome for macOS versions prior to 147.0.7727.55 occurs via heap buffer overflow in the ANGLE graphics layer when processing malicious HTML pages. Remote attackers can achieve full compromise of confidentiality, integrity, and availability within Chrome's sandbox by exploiting this CWE-122 heap overflow with low attack complexity and no authentication. EPSS probability is low (0.03%, 10th percentile) with no public exploit identified at time of analysis, indicating limited observed exploitation activity despite the high CVSS score of 8.8.

RCE Google Buffer Overflow Heap Overflow Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5860 HIGH PATCH This Week

Remote code execution in Google Chrome prior to 147.0.7727.55 allows unauthenticated remote attackers to execute arbitrary code within the browser sandbox via a crafted HTML page exploiting a use-after-free vulnerability in the WebRTC component. The attack requires user interaction (visiting a malicious page). EPSS probability is low (0.03%, 10th percentile), and no public exploit or active exploitation (KEV) has been identified at time of analysis. Vendor-released patch available in Chrome 147.0.7727.55.

Memory Corruption Denial Of Service Use After Free RCE Google +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5912 HIGH PATCH This Week

Integer overflow in Google Chrome's WebRTC component (versions prior to 147.0.7727.55) enables remote attackers to trigger out-of-bounds memory writes through specially crafted HTML pages. Exploitation requires user interaction (visiting malicious page) but no authentication, potentially allowing arbitrary code execution, data corruption, or information disclosure. Vendor-assigned security severity: Low; CVSS 8.8 reflects high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis.

Google Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5859 HIGH PATCH This Week

Integer overflow in Google Chrome's WebML component (versions prior to 147.0.7727.55) enables remote attackers to trigger heap corruption via malicious HTML pages, requiring only user interaction to visit a crafted website. The vendor-assigned severity is Critical, though EPSS indicates only 0.03% probability of exploitation in the wild (9th percentile), and no public exploit identified at time of analysis. Patch available in Chrome 147.0.7727.55 and later.

Google Buffer Overflow Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5858 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 147.0.7727.55 allows unauthenticated attackers to execute arbitrary code by exploiting a heap buffer overflow in the WebML component through specially crafted HTML pages. The vulnerability requires user interaction (visiting a malicious page) but presents critical risk with high impact to confidentiality, integrity, and availability. EPSS score of 0.03% (9th percentile) indicates low probability of imminent exploitation in the wild, with no public exploit identified at time of analysis and no CISA KEV listing confirming active exploitation.

RCE Google Buffer Overflow Heap Overflow Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3499 HIGH This Week

Cross-Site Request Forgery (CSRF) in Product Feed PRO for WooCommerce by AdTribes versions 13.4.6 through 13.5.2.1 allows unauthenticated attackers to manipulate critical feed management functions by tricking authenticated WordPress administrators into executing malicious requests. Exploitation enables attackers to trigger feed migrations, clear custom-attribute caches, modify feed file URLs, alter legacy filter settings, and delete feed posts without proper authorization. EPSS exploitation probability data not available; no confirmed active exploitation (not in CISA KEV) identified at time of analysis. Wordfence reported this vulnerability with patches available via WordPress plugin repository.

WordPress CSRF
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5914 HIGH PATCH This Week

Type confusion vulnerability in Google Chrome CSS engine (versions prior to 147.0.7727.55) enables heap corruption through malicious extensions. Attacker must convince user to install crafted Chrome extension, then exploit triggers memory corruption allowing high-severity impacts: arbitrary code execution, information disclosure, and denial of service. CVSS 8.8 rating reflects unauthenticated network vector requiring only user interaction. No public exploit identified at time of analysis. Chromium project classifies severity as Low despite critical CVSS score, indicating successful exploitation barriers beyond user interaction.

Memory Corruption Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5904 HIGH PATCH This Week

Heap corruption via malicious Chrome extension exploits use-after-free flaw in V8 JavaScript engine, affecting Chrome versions prior to 147.0.7727.55. Attacker must convince user to install a crafted extension to achieve potential remote code execution with high confidentiality, integrity, and availability impact. EPSS score of 0.01% (1st percentile) indicates minimal observed exploitation activity; no CISA KEV listing or public exploit code identified at time of analysis. Despite high CVSS 8.8

Denial Of Service Use After Free Google Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-39621 HIGH This Week

CSRF vulnerability in SpicePress WordPress theme versions ≤2.3.2.5 enables unauthenticated attackers to upload web shells via arbitrary plugin installation, achieving remote code execution. Successful exploitation requires user interaction (victim must click malicious link while authenticated). No public exploit identified at time of analysis. CVSS 8.8 score reflects network-accessible, low-complexity attack with high impact to confidentiality, integrity, and availability.

CSRF Spicepress
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-27140 HIGH PATCH NEWS This Week

Build-time remote code execution in Go toolchain (cmd/go) versions before 1.25.9 and 1.26.0-1.26.1 allows network attackers to execute arbitrary code during compilation by supplying malicious SWIG files with specially crafted filenames containing 'cgo'. User interaction required (developer must build the malicious package). No public exploit identified at time of analysis. EPSS score of 0.01% (1st percentile) indicates very low observed exploitation probability despite high CVSS 8.8 rating.

RCE Authentication Bypass Cmd Go
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-34723 HIGH PATCH This Week

Unauthenticated remote information disclosure in Zammad helpdesk system versions before 7.0.1 and 6.5.4 allows attackers to access sensitive internal entity data through exposed getting started endpoint. The vulnerability bypasses authentication controls, enabling unauthorized access to confidential system information post-setup. Attack vector is network-based with low complexity requiring no user interaction. No public exploit identified at time of analysis. CVSS 8.7 reflects high confidentiality impact.

Authentication Bypass Zammad
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-40036 HIGH PATCH GHSA This Week

Unbounded zlib decompression in dfir-unfurl versions through 20250810 enables unauthenticated remote attackers to exhaust server memory via crafted compressed payloads submitted to the /json/visjs endpoint. Attackers can submit highly compressed data that expands to gigabytes when decompressed, crashing the service through resource exhaustion. The vulnerability affects the parse_compressed.py module and requires no authentication. No public exploit identified at time of analysis.

Denial Of Service Dfir Unfurl
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-4406 MEDIUM POC This Month

Reflected cross-site scripting in Gravity Forms plugin for WordPress versions up to 2.9.30 allows unauthenticated attackers to inject arbitrary web scripts via the form_ids parameter in the gform_get_config AJAX action. The vulnerability exploits improper JSON encoding combined with HTML content-type headers and publicly reusable nonces; attackers can craft malicious links that, when clicked by users, execute injected scripts on vulnerable pages. No active exploitation confirmed; CVSS 4.7 reflects moderate risk constrained by required user interaction and limited scope.

WordPress XSS
NVD VulDB GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2026-34724 HIGH PATCH This Week

Remote code execution in Zammad 7.0.0 allows authenticated administrators with high-level privileges to inject malicious server-side templates through AI Agent configuration parameters, leading to arbitrary code execution on the helpdesk server. Exploitation requires administrative access to control type_enrichment_data settings and user interaction. Vendor-released patch version 7.0.1 is available. EPSS score of 0.04% indicates low exploitation probability in the wild; no public exploit identified at time of analysis.

RCE Code Injection Zammad
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-24913 HIGH This Week

SQL injection in MATCHA INVOICE 2.6.6 and earlier allows authenticated users with low-level privileges to extract or modify database contents via network access. With CVSS 8.8 (High severity), low attack complexity, and no user interaction required, authenticated attackers can achieve full confidentiality, integrity, and availability impact on the application database. No public exploit identified at time of analysis, with EPSS data not available for this recently disclosed vulnerability.

SQLi Matcha Invoice
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-35169 HIGH PATCH This Week

Reflected cross-site scripting and arbitrary markdown file download in LORIS help_editor module affects versions prior to 27.0.3 and 28.0.1. Improper input sanitization allows authenticated attackers with low privileges to execute malicious scripts in victim browsers (requiring user interaction) and exfiltrate markdown files from the server. Attack requires network access and social engineering to trick users into following crafted links. No public exploit identified at time of analysis.

XSS Loris
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-5747 HIGH PATCH This Week

Memory corruption in Amazon Firecracker's virtio PCI transport (versions 1.13.0-1.14.3, 1.15.0) enables guest root users to crash the host VMM process or achieve host code execution through malicious virtio queue register modifications post-device activation. Affects x86_64 and aarch64 architectures. While exploitation requires guest root privileges and high attack complexity (CVSS AC:H, PR:H), successful compromise breaches VM isolation boundaries with high impact to host confidentiality, integrity, and availability (CVSS 8.7). No public exploit identified at time of analysis; vendor-released patches available in versions 1.14.4 and 1.15.1.

Buffer Overflow RCE Firecracker
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-33229 HIGH PATCH GHSA This Week

Privilege escalation in XWiki Platform 17.x allows users with script rights to execute arbitrary Python code via an improperly protected scripting API, bypassing Velocity sandbox protections and gaining full system access. This affects XWiki Platform oldcore and legacy-oldcore components prior to versions 17.4.8 and 17.10.1. While requiring existing script-level privileges, the vulnerability enables complete compromise of confidentiality, integrity, and availability. Vendor-released patch available; no public exploit identified at time of analysis.

Authentication Bypass Python
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-30818 HIGH PATCH This Week

OS command injection in TP-Link Archer AX53 v1.0 dnsmasq module allows authenticated adjacent attackers to execute arbitrary code through maliciously crafted configuration files. Successful exploitation enables device configuration modification, sensitive data access, and complete system compromise. Affects TP-Link Archer AX53 v1.0 firmware versions prior to 1.7.1 Build 20260213. Requires high-privilege adjacent network access (CVSS:4.0 AV:A/PR:H). No public exploit identified at time of analysis.

TP-Link RCE Command Injection
NVD
CVSS 4.0
8.5
EPSS
0.4%
CVE-2026-30815 HIGH PATCH This Week

OS command injection in TP-Link Archer AX53 v1.0 OpenVPN module allows authenticated adjacent attackers to execute arbitrary system commands through maliciously crafted configuration files. Exploitation requires high-privilege adjacency access but enables complete device compromise including configuration modification, credential disclosure, and persistent backdoor installation. Affects AX53 v1.0 firmware prior to 1.7.1 Build 20260213. No public exploit identified at time of analysis.

TP-Link Command Injection
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2026-39416 HIGH PATCH This Week

Stored cross-site scripting in AIL Framework <6.8 allows authenticated high-privilege attackers to inject malicious JavaScript through the modal item preview function. When processing item content exceeding 800 characters, the application returns attacker-controlled content without explicit text/plain content-type headers, enabling browser interpretation as HTML. Successful exploitation executes arbitrary JavaScript in victim browsers viewing crafted items, compromising confidentiality and integrity across system and user contexts. No public exploit identified at time of analysis.

XSS Ail Framework
NVD GitHub
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-39974 HIGH PATCH GHSA This Week

Server-Side Request Forgery in n8n-mcp (npm package) versions ≤2.47.3 allows authenticated attackers with valid AUTH_TOKEN to force the server to issue HTTP requests to arbitrary URLs via manipulated multi-tenant HTTP headers (x-n8n-url, x-n8n-key). Response bodies are reflected through JSON-RPC, enabling unauthorized access to cloud instance metadata endpoints (AWS IMDS, GCP, Azure, Oracle, Alibaba), internal network services, and any host reachable by the server process. Multi-tenant HTTP deployments with shared or multiple AUTH_TOKENs are at highest risk. No public exploit identified at time of analysis.

SSRF Oracle Microsoft
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-40029 HIGH PATCH This Week

OS command injection in parseusbs <1.9 enables arbitrary code execution on forensic examiner systems through maliciously crafted .lnk filenames. The parseUSBs.py module passes LNK file paths unsanitized into os.popen() shell commands, allowing attackers to embed shell metacharacters in filenames that execute during USB artifact parsing. Exploitation requires no authentication (PR:N) but necessitates user interaction (UI:P) when the examiner processes USB artifacts containing weaponized .lnk files. No public exploit identified at time of analysis.

Command Injection Parseusbs
NVD GitHub
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-39495 HIGH This Week

Blind SQL injection in NSquared Simply Schedule Appointments WordPress plugin versions ≤1.6.9.27 allows authenticated attackers with low-privilege access to extract sensitive database contents and potentially trigger denial-of-service conditions. The vulnerability stems from improper neutralization of SQL special elements in user-controlled input. Network-accessible exploitation requires valid credentials but no user interaction. CVSS 8.5 severity reflects high confidentiality impact with scope change, enabling cross-boundary data access. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.02%, 6th percentile).

SQLi Simply Schedule Appointments
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-39486 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through <= 5.1.8.

SQLi Download Monitor
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-5173 HIGH PATCH NEWS This Week

Improper access control in GitLab CE/EE 16.9.6-18.10.2 enables authenticated attackers to invoke unauthorized server-side methods via websocket connections, achieving high-severity information disclosure with changed scope. Affects continuous integration/deployment platforms running vulnerable GitLab instances. Exploitation requires low-privilege authentication but no user interaction, enabling lateral information access across security boundaries.

Information Disclosure Gitlab
NVD VulDB
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-40032 HIGH PATCH This Week

Command injection in Unix-like Artifacts Collector (UAC) pre-3.3.0-rc1 enables arbitrary code execution through unsanitized placeholder substitution in the _run_command() pipeline. Attackers inject shell metacharacters via %line%, %user%, or %user_home% placeholders processed by foreach iterators and system file parsers, exploiting direct eval() execution without input validation. Exploitation requires local access with user interaction but no authentication, executing commands at UAC process privilege level. No public exploit identified at time of analysis.

Command Injection Uac
NVD GitHub
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-40031 HIGH PATCH This Week

DLL and shared-library hijacking in ufrisk MemProcFS versions prior to 5.17 enables local arbitrary code execution through six distinct attack surfaces. Unsafe library-loading patterns-including unqualified LoadLibraryU and dlopen calls for vmmpyc, libMSCompression, and plugin DLLs-allow attackers to plant malicious libraries in the working directory or manipulate LD_LIBRARY_PATH. Exploitation requires user interaction (CVSS UI:P) but no authentication (PR:N), achieving high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis.

RCE Memprocfs
NVD GitHub
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-1342 HIGH This Week

Local code execution in IBM Security Verify Access 10.0-10.0.9.1 and 11.0-11.0.2 (both container and non-container deployments) allows unauthenticated local attackers to execute malicious scripts from outside the application's control sphere. This CWE-829 inclusion of functionality from untrusted control sphere vulnerability achieves container escape (scope change to C in CVSS vector), enabling high confidentiality impact and limited integrity/availability impact. No public exploit or active exploitation confirmed at time of analysis, though the low attack complexity (AC:L) and lack of required privileges (PR:N) make this readily exploitable by local users.

IBM Information Disclosure
NVD VulDB
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-40030 HIGH PATCH This Week

OS command injection in parseusbs (versions prior to 1.9) allows local attackers to execute arbitrary commands through unsanitized volume path arguments passed to the -v flag. The vulnerability stems from passing user-controlled input directly to os.popen() with shell=True during volume enumeration via ls command, enabling shell metacharacter injection. Exploitation requires user interaction to execute parseusbs with a malicious -v argument. No public exploit identified at time of analysis, though proof-of-concept exists in commit history.

Command Injection Parseusbs
NVD GitHub
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-30650 HIGH PATCH This Week

Privilege escalation in Juniper Networks Junos OS allows high-privileged local attackers to gain root access on Linux-based line cards running Junos OS Evolved. Missing authentication in critical command processing functions enables authenticated administrators with elevated privileges to bypass access controls and execute commands as root on affected hardware modules including MPC7-11, LC2101/2103, LC480/4800/9600, MX304 built-in FPC, MX-SPC3, SRX5K-SPC3, EX9200-40XS, and PTX-series line cards. No public exploit identified at time of analysis.

Authentication Bypass Juniper
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-4788 HIGH PATCH This Week

Sensitive information disclosure in IBM Tivoli Netcool Impact versions 7.1.0.0 through 7.1.0.37 allows local attackers with no authentication required to extract credentials and configuration secrets from application log files. With CVSS 8.4 and High impact to confidentiality, integrity, and availability, the CWE-532 flaw enables privilege escalation through exposed secrets. No public exploit identified at time of analysis, with EPSS data unavailable, though the low attack complexity (AC:L) suggests straightforward exploitation once local access is obtained.

IBM Information Disclosure
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-40027 HIGH PATCH This Week

Path traversal in ALEAPP (Android Logs Events And Protobuf Parser) 3.4.0 and earlier enables arbitrary file writes outside the report directory through malicious NQ_Vault.py artifact parser database entries. Attackers embedding traversal sequences (e.g., ../../../target.bin) in file_name_from database values can overwrite system executables or configuration files, achieving local code execution. Exploitation requires user interaction to process a crafted Android database artifact. CVSS:4.0 base score 8.4 (High). No public exploit identified at time of analysis.

Path Traversal Google RCE
NVD GitHub
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-40024 HIGH PATCH This Week

Path traversal in The Sleuth Kit (tsk_recover) through version 4.14.0 allows local attackers to write files outside intended recovery directories via malicious filesystem images. Crafted filenames with ../ sequences in processed disk images can overwrite arbitrary files, enabling potential code execution through shell configuration or cron file manipulation. Exploitation requires user interaction (processing attacker-supplied filesystem image). No public exploit identified at time of analysis.

Path Traversal RCE Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-35478 HIGH PATCH This Week

Authentication bypass in InvenTree open source inventory management system allows any authenticated user to generate API tokens for arbitrary users, including administrators, enabling complete account takeover. Affected versions 0.16.0 through 1.2.6 permit low-privileged users to forge API credentials by manipulating the user field in POST requests to /api/user/tokens/. Resulting tokens provide full API access from any network location without requiring victim interaction. No public exploit identified at time of analysis.

Authentication Bypass Inventree
NVD GitHub
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-34719 HIGH PATCH This Week

Server-side request forgery in Zammad webhook implementation allows authenticated administrators to retrieve confidential cloud provider metadata by exploiting insufficient validation of loopback and link-local addresses. Affects versions before 7.0.1 and 6.5.4. Attackers with privileged access can configure malicious webhook URLs targeting internal infrastructure endpoints, bypassing intended URL scheme restrictions. No public exploit identified at time of analysis. CVSS 8.3 reflects high confidentiality and availability impacts on vulnerable and subsequent systems.

SSRF Zammad
NVD GitHub VulDB
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-39429 HIGH PATCH GHSA This Week

Unauthenticated access to kcp root shard cache server exposes cluster topology, RBAC policies, and API configurations to network-reachable attackers. The cache server at /services/cache/* bypasses authentication and authorization middleware, allowing any attacker with network access to the root shard (CVSS:3.1/AV:N/AC:L/PR:N) to read replicated resources including ClusterRoles, LogicalClusters, Shards, APIExports, and admission control policies. A secondary race condition permits temporary privi

Authentication Bypass Privilege Escalation
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-35525 HIGH PATCH GHSA This Week

Path traversal via symlink in LiquidJS npm package allows authenticated template contributors to read arbitrary filesystem content outside configured template roots. The vulnerability affects applications where untrusted users can influence template directories (uploaded themes, extracted archives, repository-controlled templates). LiquidJS validates template paths using string-based directory containment checks but fails to resolve canonical filesystem paths before file access, enabling symlinks placed within allowed partials/layouts directories to reference external files. Publicly available exploit code exists. No EPSS score available, but impact is limited to information disclosure in specific deployment scenarios requiring attacker filesystem access.

Information Disclosure Canonical
NVD GitHub
CVSS 4.0
8.2
EPSS
0.1%
CVE-2026-5208 HIGH PATCH This Week

Command injection in CoolerControl daemon (coolercontrold) versions prior to 4.0.0 allows high-privileged local attackers to escalate privileges to root by embedding malicious bash commands in alert configuration names. The vulnerability enables authenticated administrators to execute arbitrary system commands with root privileges through the alert management interface. EPSS score of 0.05% (17th percentile) indicates low current exploitation probability, with no active exploitation confirmed and CISA SSVC assessment marking exploitation status as 'none' and automatable as 'no'.

Command Injection RCE Suse
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-33810 HIGH PATCH This Week

Certificate validation bypass in Go's crypto/x509 library (versions 1.26.0-1.26.1) allows remote attackers to circumvent DNS name constraints through case-sensitivity mismatches in wildcard Subject Alternative Names. Attackers with certificates from trusted CAs can bypass intended domain restrictions and impersonate constrained subdomains, achieving unauthorized confidentiality access with limited integrity impact. Vendor-released patch available (Go 1.26.2). EPSS score is 0.01% (percentile 0%), indicating very low observed exploitation probability. No public exploit code or CISA KEV listing identified at time of analysis.

Information Disclosure Crypto X509
NVD VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-33466 HIGH This Week

Remote code execution in Elastic Logstash versions 8.0.0 through 8.19.13 allows unauthenticated network attackers to write arbitrary files and execute code via malicious compressed archives. The vulnerability exploits improper path validation in archive extraction utilities, enabling attackers who compromise or control update endpoints to deliver path traversal payloads. When automatic pipeline reloading is enabled, arbitrary file writes escalate to full RCE with Logstash process privileges. CVSS 8.1 (High) with network vector but high attack complexity. EPSS data and KEV status not provided; no public exploit confirmed at time of analysis, though the technical details disclosed increase weaponization risk for environments with exposed update mechanisms.

Path Traversal RCE Logstash
NVD VulDB
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-5436 HIGH This Week

Arbitrary file manipulation in MW WP Form plugin (WordPress) versions ≤5.1.1 allows unauthenticated attackers to move sensitive server files into web-accessible directories, enabling remote code execution. The vulnerability stems from insufficient validation of upload field keys in generate_user_file_dirpath(), exploiting WordPress's path_join() behavior with absolute paths. Attackers inject malicious keys via mwf_upload_files[] POST parameter to relocate critical files like wp-config.php. Exploitation requires forms with enabled file upload fields and 'Saving inquiry data in database' option. No public exploit identified at time of analysis.

PHP Path Traversal WordPress File Upload RCE
NVD GitHub
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-5915 HIGH PATCH This Week

Out-of-bounds memory write in Google Chrome's WebML component (versions prior to 147.0.7727.55) allows remote attackers to corrupt memory via malicious HTML pages, enabling potential code execution or denial of service. Exploitation requires user interaction to visit a crafted webpage. CVSS 8.1 severity reflects unauthenticated network-based attack with high integrity and availability impact. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.04%).

Google Information Disclosure Chrome
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-5913 HIGH PATCH This Week

Out-of-bounds read in Google Chrome's Blink rendering engine (versions prior to 147.0.7727.55) allows remote attackers to disclose sensitive memory contents and trigger denial-of-service via malicious HTML pages. Despite an 8.1 CVSS score, this is rated Chromium security severity 'Low', requires user interaction (visiting a crafted page), has minimal real-world exploitation probability (EPSS 0.03%, 10th percentile), and is not actively exploited (no KEV listing). Vendor-released patch available in Chrome 147.0.7727.55.

Buffer Overflow Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-5907 HIGH PATCH This Week

Out-of-bounds memory read in Google Chrome's media subsystem (versions prior to 147.0.7727.55) enables remote attackers to disclose sensitive information and trigger denial-of-service conditions via malicious video files. Exploitation requires user interaction (opening/playing crafted video content). Attack vector is network-based with low complexity and no authentication required. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.03%, 10th percentile).

Information Disclosure Buffer Overflow Google Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
Prev Page 2 of 10 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy