Skip to main content
CVE-2026-34177 CRITICAL PATCH GHSA Act Now

Privilege escalation in Canonical LXD 4.12-6.7 allows authenticated remote attackers with VM instance editing rights to bypass project restrictions via incomplete denylist validation. Attackers inject AppArmor rules and QEMU chardev configurations through unblocked raw.apparmor and raw.qemu.conf keys, bridging the LXD Unix socket into guest VMs. Successful exploitation enables escalation to LXD cluster administrator and subsequently to host root access. No public exploit identified at time of analysis. Authenticated remote exploitation (PR:H) with cross-scope impact on confidentiality, integrity, and availability.

Canonical Privilege Escalation
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-34179 CRITICAL PATCH GHSA Act Now

Privilege escalation in Canonical LXD 4.12 through 6.7 enables remote authenticated restricted TLS certificate users to gain cluster admin privileges. Exploitation requires high-privilege authentication (PR:H) but no user interaction. The vulnerability stems from missing Type field validation in doCertificateUpdate function when processing PUT/PATCH requests to the certificates API endpoint. Attack scope is changed (S:C), allowing attackers to break containment and achieve full cluster compromise with high impact to confidentiality, integrity, and availability. No public exploit identified at time of analysis.

Canonical Privilege Escalation
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2023-54358 MEDIUM POC This Month

WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the isMobile parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS WordPress
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2026-39980 CRITICAL PATCH NEWS Act Now

Server-Side Template Injection in OpenCTI notifier templates allows privileged administrators with 'Manage customization' capability to execute arbitrary JavaScript in the platform process context. Affecting all versions prior to 6.9.5, this vulnerability permits authenticated high-privilege users to achieve complete system compromise through unsafe EJS template rendering in safeEjs.ts. No public exploit code identified and EPSS score of 0.07% indicates low observed exploitation probability, but CVSS 9.1 Critical rating reflects the total technical impact once privileged access is obtained. Vendor patch released in version 6.9.5.

Ssti Information Disclosure
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2023-54364 MEDIUM POC This Month

Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2023-54363 MEDIUM POC This Month

Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2026-34178 CRITICAL PATCH GHSA Act Now

Backup import in Canonical LXD before 6.8 bypasses project security restrictions, enabling privilege escalation to full host compromise. An authenticated remote attacker with instance-creation permission in a restricted project crafts malicious backup archives containing conflicting configuration files: backup/index.yaml passes validation, while backup/container/backup.yaml (never validated) carries forbidden directives like security.privileged=true or raw.lxc commands. Exploiting this dual-file validation gap allows unrestricted container creation that breaks isolation boundaries. No public exploit identified at time of analysis.

Canonical Authentication Bypass
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-33771 CRITICAL Act Now

Juniper Networks CTP OS 9.2R1 and 9.2R2 fail to persist password complexity settings, enabling unauthenticated attackers to exploit predictable weak passwords on local accounts. The password management function allows administrators to configure complexity requirements but does not save these configurations, verifiable through 'Show password requirements' menu. This defect permits trivial passwords that attackers can brute-force remotely to gain full device control. No public exploit identified at time of analysis.

Authentication Bypass Juniper Brute Force Ctop Os
NVD VulDB
CVSS 4.0
9.1
EPSS
0.0%
CVE-2026-29145 CRITICAL PATCH GHSA Act Now

Authentication bypass in Apache Tomcat 9.x through 11.x and Tomcat Native 1.1.23-2.0.13 allows unauthenticated remote attackers to bypass CLIENT_CERT authentication when soft-fail is disabled, achieving unauthorized access to confidentiality- and integrity-sensitive resources. Exploitation requires no user interaction or privileges (CVSS:3.1 PR:N/UI:N). The flaw affects CLIENT_CERT authentication logic, permitting access under conditions where authentication should fail. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.04%).

Apache Tomcat Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2023-54361 MEDIUM POC This Month

Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filter_keyword parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2023-54362 MEDIUM POC This Month

Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2023-54360 MEDIUM POC This Month

Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the review_id URL parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-30479 CRITICAL Act Now

Remote code execution in OSGeo MapServer versions prior to 8.0 enables unauthenticated attackers to execute arbitrary code through dynamic-link library (DLL) injection via a specially crafted executable. The vulnerability requires no user interaction and has low attack complexity (CVSS 9.1 Critical), though real-world exploitation probability remains low (EPSS 2%, 5th percentile). Publicly available exploit code exists in a researcher's GitHub repository, but no confirmed active exploitation (CISA KEV) has been documented at time of analysis.

Code Injection RCE N A
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-5445 CRITICAL Act Now

Out-of-bounds heap read in Orthanc DICOM Server ≤1.12.10 allows unauthenticated remote attackers to extract heap memory contents and potentially crash the server via malformed PALETTE COLOR images. The vulnerability resides in the DecodeLookupTable function, which fails to validate pixel indices against palette size boundaries. With a 9.1 CVSS score but only 0.02% EPSS (4th percentile), the theoretical severity is high but observed real-world exploitation probability remains very low. No active exploitation confirmed (not in CISA KEV), no public exploit code identified at time of analysis.

Buffer Overflow Information Disclosure Dicom Server
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-50228 CRITICAL Act Now

Server-Side Request Forgery in Jizhicms v2.5.4 allows unauthenticated remote attackers to abuse User Evaluation, Message, and Comment modules to make arbitrary HTTP requests from the server. With critical CVSS 9.1 (AV:N/AC:L/PR:N/UI:N), attackers can achieve high confidentiality and integrity impact without authentication. EPSS score of 0.02% (4th percentile) indicates low observed exploitation probability. No public exploit identified at time of analysis, and no vendor-released patch confirmed

SSRF
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-57735 CRITICAL PATCH GHSA Act Now

Apache Airflow 3.0.0 through 3.1.x fails to invalidate JWT tokens at logout, allowing intercepted tokens to remain valid for unauthorized API access. This session management weakness enables replay attacks against the workflow orchestration platform's REST API. No active exploitation confirmed (EPSS 3rd percentile), but SSVC rates as automatable with partial technical impact. Vendor-released patch: Apache Airflow 3.2.0.

Information Disclosure Airflow
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-34987 CRITICAL PATCH GHSA Act Now

Memory sandbox escape in Wasmtime's Winch compiler (versions 25.0.0 to before 36.0.7, 42.0.2, 43.0.1) enables authenticated WebAssembly guests to access arbitrary host process memory outside linear-memory boundaries. Exploitation requires non-default Winch backend activation via -Ccompiler=winch flag. Attackers can read up to 32KiB before memory start or ~4GiB after, with theoretical potential for unlimited in-process memory access due to improper 32-bit offset handling in 64-bit registers. Consequences include host process crashes (DoS), sensitive data exfiltration, or remote code execution through memory writes. Affects aarch64 (confirmed PoC) and x86-64 (theoretical). Publicly available exploit code exists.

Information Disclosure Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
9.0
EPSS
0.0%
CVE-2026-34971 CRITICAL PATCH GHSA Act Now

Arbitrary memory read/write vulnerability in Bytecode Alliance Wasmtime versions 32.0.0 through 36.0.6, 42.0.0-42.0.1, and 43.0.0 allows authenticated remote attackers to escape WebAssembly sandbox restrictions. The Cranelift compilation backend on aarch64 architecture miscompiles specific heap access patterns, creating divergent address computations where bounds checks validate one address while loads access another, enabling sandbox escape through unrestricted host memory access. Exploitation requires 64-bit WebAssembly linear memories with Spectre mitigations and signals-based-traps disabled. No public exploit identified at time of analysis.

Information Disclosure Buffer Overflow Wasmtime
NVD GitHub VulDB
CVSS 4.0
9.0
EPSS
0.0%
CVE-2026-39962 HIGH PATCH This Week

LDAP injection in MISP (Malware Information Sharing Platform) versions prior to 2.5.36 enables unauthenticated attackers to bypass authentication and execute unauthorized LDAP queries. The vulnerability exists in ApacheAuthenticate.php when administrators configure apacheEnv to use user-controlled server variables instead of REMOTE_USER in proxy deployments. Attackers manipulate unsanitized username values to inject special characters into LDAP search filters, potentially gaining unauthorized access to the threat intelligence platform. No public exploit identified at time of analysis.

Authentication Bypass LDAP Code Injection PHP Misp
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-4326 HIGH This Week

Missing authorization bypass in Vertex Addons for Elementor (WordPress plugin, all versions ≤1.6.4) allows authenticated attackers with Subscriber-level privileges to install and activate arbitrary WordPress plugins. The activate_required_plugins() function checks current_user_can('install_plugins') capability but fails to halt execution on denial, permitting installation/activation to proceed before error response is sent. CVSS 8.8 (High) reflects authenticated (PR:L) network attack enabling high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis.

WordPress Authentication Bypass Elementor
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-34184 HIGH PATCH This Week

Unauthorized access to directories in Hydrosystem Control System versions prior to 9.8.5 allows unauthenticated remote attackers to read arbitrary files and execute PHP scripts directly against the connected database. Missing authorization enforcement on specific directories enables direct file access and code execution without authentication, creating critical exposure for database manipulation and data exfiltration. No public exploit identified at time of analysis.

PHP Authentication Bypass
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2025-70810 HIGH This Week

CSRF vulnerability in phpBB 3.3.15 allows remote attackers to execute arbitrary code by exploiting the login function and authentication mechanism. Despite a CVSS score of 8.8, the EPSS probability is very low (0.04%, 12th percentile), indicating minimal observed exploitation activity. No active exploitation confirmed (not in CISA KEV). A proof-of-concept is publicly available via GitHub Gist. The CVE description contains conflicting data: it states 'local attacker' while CVSS vector shows AV:N (network attack vector) and requires user interaction (UI:R), suggesting social engineering rather than local access.

RCE CSRF
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-70364 HIGH This Week

Arbitrary PHP code execution in Kiamo customer engagement platform (pre-8.4) allows authenticated administrative users to run commands on the underlying server. The vulnerability exploits a code injection weakness (CWE-94) via network-accessible interfaces with low complexity. No public exploit identified at time of analysis, with EPSS indicating 2% (5th percentile) exploitation probability. Detailed technical write-up published by security researcher at Hackvens confirms exploitability through administrative access.

PHP Code Injection RCE N A
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-30478 HIGH This Week

DLL injection in GatewayGeo MapServer for Windows version 5 enables authenticated local attackers to escalate privileges to SYSTEM level through crafted executable placement. The vulnerability exploits insecure library loading paths, allowing low-privileged users to inject malicious DLLs that execute with elevated permissions. Publicly available exploit code exists. Affects Windows deployments only; CVSS 8.8 reflects local attack vector requiring low privileges but achieving full system compromise across security boundaries.

Privilege Escalation Microsoft
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-35639 HIGH PATCH GHSA This Week

Privilege escalation in OpenClaw before 2026.3.22 enables authenticated attackers with operator.pairing approver role to escalate privileges to operator.admin through insufficient scope validation in the device.pair.approve method. Exploitation allows approval of device requests with broader operator scopes than the approver legitimately holds, ultimately enabling remote code execution on Node infrastructure. Affects OpenClaw deployments where role-based access control enforces operator privilege hierarchies. No public exploit identified at time of analysis.

RCE Privilege Escalation Openclaw
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-39911 HIGH This Week

Authenticated Standard Registry users can execute arbitrary Node.js code in Hashgraph Guardian ≤3.5.0 through unsandboxed JavaScript evaluation in the Custom Logic policy block worker, enabling credential theft and privilege escalation. The vulnerability allows importing native Node.js modules to read container filesystem contents, extract RSA private keys and JWT signing secrets from environment variables, and forge administrator authentication tokens. Despite low EPSS (0.12%) indicating minimal widespread exploitation probability, the authenticated RCE path to total system compromise warrants immediate patching for deployments using Custom Logic policy features.

Information Disclosure RCE Node.js Guardian
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-33778 HIGH PATCH This Week

Remote denial-of-service in Juniper Networks Junos OS (SRX/MX Series) allows unauthenticated attackers to crash IPsec daemons via malformed ISAKMP packets. Exploiting the improper input validation (CWE-1286) in kmd/iked IPsec library causes process restart, preventing new VPN security association establishment. Repeated attacks create sustained inability to establish VPN connections, severely degrading network connectivity for affected enterprise firewalls and routing platforms. No public exploit identified at time of analysis.

Juniper Denial Of Service
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-40107 HIGH PATCH GHSA This Week

NTLM credential theft in SiYuan personal knowledge management system (prior to 3.6.4) allows remote attackers to capture Windows user password hashes without authentication or user interaction. Misconfigured Mermaid.js rendering with securityLevel:loose permits unsanitized <img> tags within SVG foreignObject blocks. Protocol-relative URLs in malicious Mermaid diagrams trigger automatic SMB authentication on Windows, transmitting NTLMv2 hashes to attacker-controlled servers when victims open compromised notes. Electron client processes the SVG via innerHTML without secondary sanitization, enabling SSRF to UNC paths.

SSRF Microsoft
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-35638 HIGH PATCH This Week

Privilege escalation in OpenClaw Control UI enables unauthenticated attackers to claim arbitrary privileged scopes without device identity verification. By exploiting the trusted-proxy mechanism's device-less allow path, attackers bypass authentication requirements and maintain elevated permissions across sessions. Affects OpenClaw versions prior to 2026.3.22. Attackers with low-privilege access can escalate to high-impact confidentiality and integrity compromise. No public exploit identified at time of analysis.

Privilege Escalation Openclaw
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-33790 HIGH PATCH This Week

Denial of service in Juniper Networks Junos OS on SRX Series allows unauthenticated remote attackers to crash srxpfe process via malformed ICMPv6 packets during NAT64 translation. Repeated exploitation sustains DoS by forcing continuous process restarts. Affects wide range of Junos OS versions from 21.2 through 25.2 on SRX hardware. Vulnerability limited to ICMPv6 traffic; IPv4 and standard IPv6 cannot trigger. No public exploit identified at time of analysis.

Juniper Denial Of Service
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-35063 HIGH This Week

Authorization bypass in OpenPLC_V3 REST API allows authenticated low-privilege users to delete administrator accounts or create new admin-level accounts. The API validates JWT token presence but fails to enforce role-based access control, enabling any user with basic authentication to escalate privileges to full administrator access or remove existing administrators by manipulating user ID parameters. This affects all versions of OpenPLC_V3. No public exploit identified at time of analysis.

Authentication Bypass Openplc V3
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-33782 HIGH PATCH This Week

Memory leak in Juniper Networks Junos OS jdhcpd daemon enables adjacent unauthenticated attackers to crash DHCP services on MX Series routers. Each DHCPv6 subscriber logout in PPPoE or VLAN configurations with active/bulk lease query leaks memory, eventually exhausting resources and triggering jdhcpd crash. Service remains unavailable until process restart completes. Affects all Junos OS versions before 22.4R3-S1, 23.2 versions before 23.2R2, and 23.4 versions before 23.4R2. No public exploit identified at time of analysis.

Juniper Denial Of Service
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-34185 HIGH PATCH This Week

SQL injection in Hydrosystem Control System versions before 9.8.5 allows authenticated attackers to execute arbitrary SQL commands via unprotected input parameters across multiple scripts. Exploitation requires low-privilege authentication but no user interaction, enabling attackers to compromise database confidentiality and integrity with potential for full database control. No public exploit identified at time of analysis.

SQLi Control System
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-5329 HIGH PATCH This Week

Remote code execution in Rapid7 Velociraptor server (primarily Linux) allows authenticated clients to write malicious messages to privileged internal queues via improper queue name validation. Affected versions prior to 0.76.2 (including 0.75.6, 0.74.6, and 0.76.1) are vulnerable to queue injection attacks from rogue authenticated clients. EPSS score of 0.20% (42nd percentile) suggests low broad exploitation probability, though SSVC framework indicates total technical impact despite no confirmed active exploitation. Vendor patch released as version 0.76.2.

RCE Velociraptor
NVD VulDB
CVSS 3.1
8.5
EPSS
0.2%
CVE-2026-35625 HIGH PATCH This Week

Privilege escalation in OpenClaw (versions prior to 2026.3.25) enables authenticated local attackers to silently elevate permissions from operator.read to operator.admin during shared-auth reconnection events, achieving remote code execution on affected nodes. The vulnerability exploits auto-approval of scope-upgrade requests in local reconnection flows, requiring low-privilege local access (PR:L) with no user interaction. No public exploit identified at time of analysis. Vendor-released patch available via commit 81ebc7e0344fd19c85778e883bad45e2da972229.

RCE Privilege Escalation Openclaw
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-39942 HIGH PATCH GHSA This Week

{id} requests. Attackers can overwrite other users' file content and forge metadata fields (e.g., uploaded_by) to hide evidence of tampering. Requires authenticated access (PR:L). Scope change (S:C) indicates potential cross-tenant impact. No public exploit identified at time of analysis.

Authentication Bypass Directus
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-33788 HIGH PATCH This Week

Local privilege escalation in Juniper Networks Junos OS Evolved on PTX Series routers allows authenticated users with low privileges to gain high-privileged direct access to Flexible PIC Concentrators (FPCs), enabling potential full compromise of affected line cards. Impacts PTX10004, PTX10008, PTX10016 with JNP10K-LC1201 or JNP10K-LC1202 line cards across multiple firmware branches. Missing authentication on critical FPC management functions permits unauthorized privilege elevation. No public exploit identified at time of analysis.

Authentication Bypass Juniper Junos Os Evolved
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-33793 HIGH PATCH This Week

Local privilege escalation in Juniper Networks Junos OS and Junos OS Evolved allows low-privileged authenticated users to execute arbitrary code with root privileges. When unsigned Python operation scripts are enabled in device configuration, attackers can inject and execute malicious op scripts under root-equivalent context, achieving complete system compromise. Affects all Junos OS versions before 22.4R3-S7 and multiple branches through 24.4, plus corresponding Junos OS Evolved releases. No public exploit identified at time of analysis. CVSS 8.5 (High) with local attack vector requiring low privileges and no user interaction.

Privilege Escalation Juniper Python
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-33791 HIGH PATCH This Week

Command injection in Juniper Networks Junos OS and Junos OS Evolved CLI processing allows high-privileged local attackers to execute arbitrary shell commands as root through crafted 'set system' arguments, enabling complete system compromise. Affects all versions before multiple fixed releases across both operating systems. Authentication required (high-privileged local access). No public exploit identified at time of analysis.

Juniper Command Injection
NVD VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-21915 HIGH PATCH This Week

Command injection in Juniper Networks Support Insights Virtual Lightweight Collector (JSI vLWC) CLI enables local high-privileged attackers to escalate privileges to root. Inadequate input validation in the CLI menu permits shell command injection, with injected commands executing at root level. All JSI vLWC versions before 3.0.94 affected. CVSS 8.4 (High severity, local vector). Requires high-level existing privileges (PR:H). No public exploit identified at time of analysis.

Juniper Command Injection Jsi Lwc
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-40113 HIGH PATCH GHSA This Week

Environment variable injection in PraisonAI deploy.py (versions prior to 4.5.128) allows authenticated local attackers to inject arbitrary environment variables into Google Cloud Run services during deployment. The vulnerability stems from improper validation of comma-separated gcloud CLI arguments, enabling attackers to manipulate openai_model, openai_key, or openai_base parameters with embedded commas, causing gcloud to parse injected content as additional KEY=VALUE pairs. This grants high-level access to confidential service configuration and permits unauthorized modifications. No public exploit identified at time of analysis.

Code Injection Praisonai
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-35205 HIGH PATCH GHSA This Week

Helm 4.0.0 through 4.1.3 silently installs Kubernetes plugins without cryptographic provenance verification even when signature verification is explicitly required, allowing local attackers to deliver malicious plugins that execute with Helm's privileges during installation. The flaw (CWE-636: Not Failing Securely) enables supply chain attacks where unsigned or tampered plugins bypass security controls intended to validate plugin integrity. Fixed in Helm 4.1.4. EPSS score is 2nd percentile (0.01% exploitation probability), no active exploitation confirmed, SSVC assessment indicates total technical impact but non-automatable exploitation requiring user interaction.

Information Disclosure Kubernetes Helm
NVD GitHub VulDB HeroDevs
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-35204 HIGH PATCH GHSA This Week

Path traversal in Helm 4.0.0-4.1.3 allows local attackers to write arbitrary files during plugin installation or update by embedding '/../' sequences in the plugin.yaml version field, achieving high integrity impact across system and vulnerable component scopes. EPSS score is 2nd percentile (0.01%) with no active exploitation or public POC identified, suggesting low immediate risk despite 8.4 CVSS score. Vendor patch released in version 4.1.4.

Path Traversal Kubernetes Helm
NVD GitHub VulDB HeroDevs
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-5264 HIGH PATCH This Week

Heap buffer overflow in wolfSSL DTLS 1.3 ACK message handler allows unauthenticated remote attackers to achieve integrity and availability impacts via crafted network packets. The vulnerability triggers memory corruption during ACK message processing in DTLS 1.3 sessions, enabling potential arbitrary code execution or denial of service. No public exploit identified at time of analysis, though low observed exploitation activity noted.

Heap Overflow Buffer Overflow Wolfssl
NVD GitHub VulDB
CVSS 4.0
8.3
EPSS
0.2%
CVE-2026-35618 HIGH PATCH GHSA This Week

OpenClaw's Plivo V2 signature verification implementation allows remote attackers to bypass replay protection and forge authenticated requests by manipulating URL query parameters. The flaw affects OpenClaw versions before 2026.3.23 and stems from deriving replay protection keys from the full URL including query strings rather than the canonical base URL, enabling attackers to create new valid request signatures by modifying only query parameters on previously signed requests. With 8% EPSS percentile and high attack complexity (AC:H), this represents moderate real-world risk despite the 8.3 CVSS score. Public proof-of-concept commits demonstrate the vulnerability, though no active exploitation is confirmed.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-33779 HIGH PATCH This Week

Certificate chain validation bypass in Juniper Junos OS J-Web on SRX Series enables person-in-the-middle attackers to intercept Security Director cloud communications, exposing credentials and sensitive data. All SRX devices connecting to SD cloud fail to properly verify server certificates, allowing interception of authentication material and configuration data. Affects Junos OS versions across all branches prior to 22.4R3-S9, 23.2R2-S6, 23.4R2-S7, 24.2R2-S3, 24.4R2-S2, and 25.2R1-S2/25.2R2. No public exploit identified at time of analysis. Network-positioned attacker with high complexity required (CVSS AC:H).

Information Disclosure Juniper
NVD VulDB
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-34578 HIGH PATCH This Week

LDAP filter injection in OPNsense firewall allows unauthenticated attackers to enumerate valid LDAP usernames and bypass group membership restrictions via the WebGUI login page. Affects OPNsense versions prior to 26.1.6. The vulnerability stems from failure to escape user-supplied input before insertion into LDAP search filters, enabling metacharacter injection. Attackers can authenticate as any LDAP user with known credentials, circumventing Extended Query group membership controls. No public exploit identified at time of analysis.

LDAP Authentication Bypass Code Injection
NVD GitHub
CVSS 3.1
8.2
EPSS
0.2%
CVE-2026-40093 HIGH GHSA This Week

Timestamp manipulation in Nimiq Core Rust implementation (nimiq-blockchain 1.3.0 and earlier) allows authenticated block-producing validators to set arbitrarily future block timestamps, bypassing validation constraints and directly inflating the blockchain's monetary supply beyond the intended emission schedule through compromised Policy::supply_at() and batch_delay() reward calculations. The vulnerability exploits absent upper-bound wall-clock validation in non-skip and skip block timestamp verification logic, enabling integrity compromise of the blockchain's economic model. No public exploit identified at time of analysis.

Information Disclosure Core Rs Albatross
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-40070 HIGH PATCH GHSA This Week

Signature verification bypass in BSV Ruby SDK versions 0.3.1 through 0.8.1 allows authenticated attackers to forge blockchain identity certificates. The WalletClient#acquire_certificate method persists certificates without validating certifier signatures in both 'direct' acquisition (where attackers supply all fields including forged signatures) and 'issuance' protocols (where malicious certifier endpoints inject invalid signatures). Forged certificates appear authentic to list_certificates and prove_certificate operations, enabling impersonation attacks. CVSS 8.1 (AV:N/AC:L/PR:L/UI:N) reflects network-accessible exploitation requiring low-privilege authentication. No public exploit identified at time of analysis.

Information Disclosure Jwt Attack
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-40149 HIGH PATCH GHSA This Week

Unauthenticated modification of the tool approval allowlist in PraisonAI multi-agent system (versions prior to 4.5.128) enables attackers to bypass human-in-the-loop safety controls by injecting dangerous tool names (shell_exec, file_write) into the allowlist via the /api/approval/allow-list gateway endpoint. The ExecApprovalManager then auto-approves agent invocations of these tools, circumventing the approval mechanism's core security function. Attack requires local access; no public exploit identified at time of analysis. CVSS 7.9 reflects high integrity impact with scope change due to compromised safety boundaries in agent workflows.

Authentication Bypass Praisonai
NVD GitHub
CVSS 3.1
7.9
EPSS
0.0%
Prev Page 2 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy