Skip to main content
CVE-2026-23780 HIGH This Week

SQL injection in BMC Control-M/MFT 9.0.20-9.0.22 debug API enables authenticated attackers to execute arbitrary SQL queries, leading to file system access and potential remote code execution. CVSS 8.8 reflects network-accessible, low-complexity exploitation requiring low-privilege authentication. EPSS score of 0.04% (13th percentile) indicates minimal current exploitation probability, and no public exploit identified at time of analysis. Patch PAAFP-9-0-22-025 addresses the vulnerability.

RCE SQLi
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5500 HIGH This Week

Man-in-the-middle attackers can truncate AES-GCM authentication tags in wolfSSL's PKCS7 AuthEnvelopedData processing from 16 bytes to 1 byte, degrading cryptographic integrity verification from 2⁻¹²⁸ to 2⁻⁸ probability. Affects wolfSSL versions through 5.9.0 due to missing lower bounds validation in wc_PKCS7_DecodeAuthEnvelopedData(). Unauthenticated network-based attack enables high-severity integrity bypass without user interaction. No public exploit identified at time of analysis.

Information Disclosure Wolfssl
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-35669 HIGH PATCH GHSA This Week

Privilege escalation in OpenClaw gateway-authenticated plugin HTTP routes allows authenticated attackers to bypass scope restrictions and gain operator.admin privileges. The vulnerability affects OpenClaw versions prior to 2026.3.25, enabling low-privileged authenticated users to perform unauthorized administrative actions through improperly minted runtime scopes. Exploitation requires network access and low-level authentication but no user interaction. No public exploit identified at time of analysis.

Privilege Escalation Openclaw
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-35663 HIGH PATCH GHSA This Week

Privilege escalation in OpenClaw versions prior to 2026.3.25 allows authenticated low-privilege operators to bypass pairing requirements during backend reconnection, self-requesting elevated scopes to gain operator.admin privileges. Attackers with existing operator credentials exploit improper scope validation (CWE-648) to escalate from limited operator access to full administrative control over the OpenClaw system. Exploitation requires network access and low-privilege authentication (CVSS:3.1 PR:L), enabling high-impact compromise of confidentiality, integrity, and availability. No public exploit identified at time of analysis.

Privilege Escalation Openclaw
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-5777 HIGH This Week

Unauthenticated root access in Egate Atom 3x Projector enables complete device compromise via exposed Android Debug Bridge service on local network. Attacker on same network segment can execute arbitrary commands with full system privileges without credentials due to missing authentication controls and network exposure of ADB service. No public exploit identified at time of analysis. Critical impact includes data exfiltration, malware installation, and persistent backdoor deployment.

Google Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-35643 HIGH PATCH GHSA This Week

Remote code execution in OpenClaw Android application (versions before 2026.3.22) allows unauthenticated attackers to execute arbitrary code through an unvalidated WebView JavascriptInterface. Attackers craft malicious web pages that invoke the exposed canvas bridge, executing instructions within the application's Android context when users interact with untrusted content. The vulnerability requires user interaction but no authentication, enabling high-severity compromise of confidentiality, integrity, and availability. No public exploit identified at time of analysis.

RCE Google
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-40158 HIGH PATCH GHSA This Week

Arbitrary code execution in PraisonAI multi-agent system (<4.5.128) via Python sandbox escape. Incomplete AST attribute filtering allows type.__getattribute__ trampoline to bypass restrictions on __subclasses__, __globals__, and __bases__, enabling untrusted agent code to break containment. Attack requires local access and user interaction to execute malicious code. No public exploit identified at time of analysis.

RCE Python Code Injection
NVD GitHub
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-5501 HIGH POC This Week

Certificate chain validation bypass in wolfSSL's OpenSSL compatibility layer allows authenticated network attackers to forge arbitrary certificates. Attackers possessing any legitimate leaf certificate from a trusted CA can craft fraudulent certificates for any subject name with arbitrary keys, bypassing signature verification when an untrusted CA:FALSE intermediate is inserted. Affects nginx and haproxy integrations using wolfSSL's OpenSSL compatibility API; native wolfSSL TLS handshake (ProcessPeerCerts) not vulnerable. No public exploit identified at time of analysis.

Information Disclosure Nginx OpenSSL
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-28704 HIGH Monitor

DLL hijacking in JPCERT's Emocheck malware detection tool allows local code execution when malicious DLL placed in application directory. Unauthenticated attacker with local access can achieve arbitrary code execution at user privilege level by exploiting insecure library loading (CWE-427). User must invoke Emocheck executable with crafted DLL present. No public exploit identified at time of analysis. CVSS 7.8 indicates high severity requiring user interaction and local access.

RCE Emocheck
NVD GitHub
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-35641 HIGH PATCH GHSA This Week

Arbitrary code execution in OpenClaw versions prior to 2026.3.24 enables local attackers to execute malicious code during npm package installation by crafting a malicious .npmrc file that overrides the git executable. When npm install runs in the staged package directory with git dependencies, the attacker-controlled .npmrc configuration triggers execution of arbitrary programs specified by the attacker. Exploitation requires user interaction to install the malicious plugin or hook locally. No public exploit identified at time of analysis.

RCE Node.js
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-31939 HIGH PATCH This Week

Path traversal in Chamilo LMS main/exercise/savescores.php enables authenticated attackers to delete arbitrary files on the server. Vulnerable versions prior to 1.11.38 fail to sanitize the 'test' parameter from $_REQUEST, allowing directory traversal sequences to escape intended paths and target critical system or application files. Attackers with low-level authenticated access can exploit this remotely without user interaction, resulting in high integrity and availability impact through targeted file deletion.

PHP Path Traversal
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-35595 HIGH PATCH GHSA This Week

Privilege escalation in Vikunja API (v2.2.2 and prior) allows authenticated users with Write permission on a shared project to escalate to Admin by reparenting the project under their own hierarchy. The vulnerability exploits insufficient authorization checks in project reparenting (CanWrite instead of IsAdmin), causing the recursive permission CTE to grant Admin rights. Attackers can then delete projects, remove user access, and manage sharing settings. Publicly available exploit code exists.

Python Privilege Escalation
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-40163 HIGH PATCH GHSA This Week

Path traversal in Saltcorn's mobile sync endpoints enables remote unauthenticated attackers to write arbitrary JSON files and create directories anywhere on the server filesystem, plus read directory listings and JSON file contents. Affects all versions before 1.4.5, 1.5.0-beta.0 through 1.5.4, and 1.6.0-alpha.0 through 1.6.0-beta.3. Publicly available exploit code exists (SSVC: POC status), with EPSS probability of 0.08% (23rd percentile) indicating low widespread exploitation likelihood despite the critical impact. The vulnerability enables direct filesystem manipulation without authentication, though confidentiality impact is rated low (CVSS C:L) as only JSON files and directory listings are readable.

Path Traversal Saltcorn
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-5477 HIGH This Week

Integer overflow in wolfSSL CMAC implementation (versions ≤5.9.0) enables zero-effort cryptographic forgery. The wc_CmacUpdate function uses a 32-bit counter (totalSz) that wraps to zero after processing 4 GiB of data, erroneously discarding live CBC-MAC chain state. Attackers can forge CMAC authentication tags by crafting messages with identical suffixes beyond the 4 GiB boundary, undermining message authentication integrity in unauthenticated network contexts. No public exploit identified at time of analysis.

Buffer Overflow Integer Overflow Wolfssl
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-40168 HIGH PATCH This Week

Server-side request forgery in Postiz (gitroomhq postiz-app) versions prior to 2.21.5 allows unauthenticated remote attackers to access internal network resources and exfiltrate sensitive data via the /api/public/stream endpoint. The vulnerability exploits inadequate redirect validation: attackers supply public HTTPS URLs that pass initial validation but redirect server requests to private internal hosts, bypassing security controls. High confidentiality impact with potential service disruption. No public exploit identified at time of analysis.

SSRF Postiz App
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-40073 HIGH PATCH GHSA This Week

Request body size limit bypass in SvelteKit adapter-node allows unauthenticated attackers to submit oversized payloads, causing denial of service through resource exhaustion. Affects SvelteKit versions prior to 2.57.1 running adapter-node. Exploitation requires specific timing conditions (CVSS AT:P). Platform-level and WAF body size limits remain effective. No public exploit identified at time of analysis. Vulnerability exploits CWE-770 resource allocation flaw where BODY_SIZE_LIMIT enforcement fails under race conditions or specific request patterns.

Denial Of Service Kit
NVD GitHub
CVSS 4.0
8.2
EPSS
0.0%
CVE-2025-58913 HIGH This Week

Local file inclusion in CactusThemes VideoPro WordPress theme through version 2.3.8.1 allows unauthenticated remote attackers to read arbitrary files on the server via improper filename control in PHP include/require statements. Exploitation requires high attack complexity but no user interaction. EPSS score indicates low observed exploitation activity; no public exploit identified at time of analysis.

PHP Information Disclosure LFI
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-40259 HIGH PATCH GHSA This Week

Unauthorized deletion of attribute view definitions in SiYuan note-taking application allows authenticated publish-service readers to permanently destroy arbitrary workspace data. Attackers with low-privilege publish credentials can extract attribute view IDs from published content markup (exposed as data-av-id attributes) and invoke the /api/av/removeUnusedAttributeView endpoint to delete corresponding JSON definition files. The endpoint lacks proper authorization controls, accepting RoleReader tokens despite performing destructive write operations. Successful exploitation corrupts database views, breaks local workspace rendering, and causes operational disruption requiring manual restoration.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-4351 HIGH This Week

Authenticated arbitrary file overwrite in Perfmatters WordPress plugin ≤2.5.9 allows low-privileged attackers (Subscriber-level and above) to corrupt critical server files via path traversal. The PMCS::action_handler() method processes bulk activate/deactivate actions without authorization checks or nonce verification, passing unsanitized $_GET['snippets'][] values through Snippet::activate()/deactivate() to file_put_contents(). Attackers can overwrite files like .htaccess or index.php with fixed PHP docblock content, causing denial of service. Exploitation requires authenticated access with minimal privileges. No public exploit identified at time of analysis.

WordPress PHP Path Traversal Denial Of Service
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2021-47961 HIGH PATCH This Week

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Synology Authentication Bypass
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-40200 HIGH This Week

Stack-based buffer overflow in musl libc 0.7.10 through 1.2.6 allows local attackers with high complexity requirements to corrupt memory during qsort operations on exceptionally large arrays (exceeding ~7 million elements on 32-bit systems, corresponding to the 32nd Leonardo number). Exploitation requires sorting arrays approaching billion-element scale on 64-bit platforms. Vulnerability stems from incorrect double-word primitive implementation in smoothsort algorithm. Successful exploitation enables arbitrary code execution with scope change, impacting confidentiality, integrity, and availability. No public exploit identified at time of analysis.

Buffer Overflow Musl
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-30232 HIGH PATCH This Week

Server-Side Request Forgery in Chartbrew versions prior to 4.8.5 allows authenticated users to create API data connections with arbitrary URLs, enabling attacks against internal networks and cloud metadata endpoints. The vulnerability stems from unvalidated URL fetching via request-promise library, permitting attackers to probe internal infrastructure, access cloud instance metadata (AWS, Azure, GCP), and potentially retrieve sensitive credentials or configuration data. No public exploit identified at time of analysis. CVSS 7.8 with network attack vector and no authentication requirement in subsequent chain exploitation.

SSRF Chartbrew
NVD GitHub
CVSS 4.0
7.8
EPSS
0.0%
CVE-2026-40156 HIGH PATCH GHSA This Week

Arbitrary code execution occurs in PraisonAI (all versions prior to 4.5.128) when a malicious tools.py file exists in the working directory. The framework automatically imports and executes this file during startup without validation or user consent, enabling unauthenticated local attackers to execute arbitrary Python code by placing a weaponized tools.py in directories accessed by users or CI/CD pipelines. User interaction is required (running praisonai command). No public exploit identified at time of analysis.

RCE Code Injection Praisonai
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33092 HIGH PATCH This Week

Local privilege escalation in Acronis True Image for macOS enables authenticated low-privileged users to gain elevated system privileges through improper environment variable handling. Affects Acronis True Image OEM (macOS) versions prior to build 42571 and Acronis True Image (macOS) prior to build 42902. Attackers with existing local access can achieve complete system compromise (high confidentiality, integrity, and availability impact). No public exploit identified at time of analysis. Exploitation requires low attack complexity with no user interaction.

Apple Privilege Escalation
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-25203 HIGH This Week

Local privilege escalation in Samsung MagicINFO 9 Server versions prior to 21.1091.1 enables authenticated low-privileged users to escalate to high privileges through incorrect default file/directory permissions. Attackers with local access can obtain complete system control, compromising confidentiality, integrity, and availability. Attack requires local access and low-level authentication but no user interaction. No public exploit identified at time of analysis.

Samsung Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-35650 HIGH PATCH GHSA This Week

Remote code execution in OpenClaw versions prior to 2026.3.22 allows authenticated attackers to bypass shared host environment policy via inconsistent environment variable sanitization. Attackers exploit validation inconsistencies by supplying malformed or blocked override keys that evade filtering mechanisms, enabling arbitrary code execution with unauthorized environment variable configurations. Vulnerability requires low-privilege authentication and high attack complexity. No public exploit identified at time of analysis.

RCE Openclaw
NVD GitHub
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-40180 HIGH POC PATCH This Week

Path traversal vulnerability in Quarkus OpenAPI Generator (Quarkiverse) versions prior to 2.16.0 and 2.15.0-lts allows unauthenticated remote attackers to write arbitrary files outside intended directories via malicious ZIP archives. The ApicurioCodegenWrapper.java unzip() method fails to validate file paths during extraction, enabling path traversal sequences (../../) to bypass output directory restrictions and achieve arbitrary file write with high integrity impact. No public exploit identified at time of analysis. Affects Java-based Quarkus extensions for REST client and server stub generation.

Java Path Traversal
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-35666 HIGH PATCH GHSA This Week

Allowlist bypass in OpenClaw before 2026.3.22 permits authenticated attackers to execute arbitrary commands by wrapping disallowed executables with /usr/bin/time. The vulnerability exploits incomplete validation in system.run approvals, which fail to detect time wrapper prefixes, allowing reuse of approval state for inner prohibited commands. Remote exploitation requires low-privilege authentication (PR:L) with network access, enabling full system compromise through command injection. No public exploit identified at time of analysis.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-31941 HIGH PATCH This Week

Server-Side Request Forgery in Chamilo LMS Social Wall feature enables authenticated attackers to force the server to make arbitrary HTTP requests to internal resources. The read_url_with_open_graph endpoint accepts user-controlled URLs via social_wall_new_msg_main POST parameter without validating internal versus external targets, allowing internal port scanning, access to cloud instance metadata (AWS/GCP/Azure), and reconnaissance of private network services. Affects Chamilo LMS versions before 1.11.38 and 2.0.0-RC.3. Attack requires low-privilege authenticated access; no public exploit identified at time of analysis.

SSRF Chamilo Lms
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-40188 HIGH PATCH GHSA This Week

Path traversal in patrickhener goshs SFTP rename operation enables authenticated attackers to write files outside the configured root directory. Versions 1.0.7 through 2.0.0-beta.3 fail to sanitize destination paths in SFTP rename commands, allowing low-privileged users to overwrite arbitrary filesystem locations with network access. High integrity impact with scope change indicates potential host compromise. No public exploit identified at time of analysis.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-32252 HIGH PATCH This Week

Cross-tenant authorization bypass in Chartbrew versions prior to 4.9.0 allows authenticated attackers to exfiltrate sensitive project data from other tenants. The vulnerability exists in the template generation endpoint (GET /team/:team_id/template/generate/:project_id), where unawaited promise execution and missing tenant validation enable attackers with valid template-generation permissions in their own team to access chart configurations, database connection details, and query structures from victim teams' projects. No public exploit identified at time of analysis. CVSS 7.7 reflects high confidentiality impact with scope change due to cross-tenant boundary violation.

Authentication Bypass Chartbrew
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-5466 HIGH PATCH This Week

Signature verification bypass in wolfSSL's ECCSI implementation allows adjacent network attackers to forge cryptographic signatures for any message and identity without authentication. The wc_VerifyEccsiHash function fails to validate that signature scalars r and s fall within the required mathematical range [1, q-1], enabling attackers with knowledge of public constants to craft universally-valid forged signatures. This defeats the cryptographic integrity guarantees of ECCSI-signed data, particularly affecting JWT authentication systems and identity-based cryptographic protocols. No public exploit identified at time of analysis.

Information Disclosure Jwt Attack
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.0%
CVE-2026-5479 HIGH PATCH This Week

ChaCha20-Poly1305 AEAD decryption in wolfSSL's EVP layer bypasses authentication tag verification, allowing unauthenticated adjacent attackers to inject arbitrary ciphertext that is decrypted and returned as plaintext without cryptographic validation. Affects wolfSSL versions prior to 5.9.1. Applications using EVP API for ChaCha20-Poly1305 decryption receive potentially malicious plaintext, enabling man-in-the-middle attacks that compromise confidentiality and integrity of encrypted communications. No public exploit identified at time of analysis, low observed exploitation activity (EPSS <1%).

Information Disclosure Wolfssl
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.0%
CVE-2026-32931 HIGH PATCH This Week

Remote code execution in Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 allows authenticated teachers to upload PHP webshells through the exercise sound upload function by spoofing Content-Type headers to audio/mpeg. Uploaded malicious files retain their .php extensions and execute in web-accessible directories with web server privileges (www-data). Attack requires low-privilege teacher account but no user interaction. No public exploit identified at time of analysis.

RCE PHP File Upload
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-3360 HIGH This Week

Unauthenticated attackers can overwrite billing profile data (name, email, phone, address) for any WordPress user with an incomplete manual order in Tutor LMS plugin versions ≤3.9.7. The pay_incomplete_order() function accepts attacker-controlled order_id parameters without identity verification, writing billing fields directly to the order owner's profile. Exploitation is simplified by predictable Tutor nonce exposure on public pages, enabling targeted profile manipulation via crafted POST requests with enumerated order IDs. No public exploit or active exploitation confirmed at time of analysis.

WordPress Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-5804 HIGH PATCH This Week

Local file inclusion in Case Themes Case Theme User WordPress plugin (versions prior to 1.0.4) enables unauthenticated remote attackers to include arbitrary local files via PHP require/include statements. Successful exploitation requires high attack complexity and user interaction, but grants full compromise of confidentiality, integrity, and availability. Attackers may read sensitive configuration files, execute malicious code if file upload exists, or escalate to remote code execution through log poisoning techniques. No public exploit identified at time of analysis.

PHP Information Disclosure LFI
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-6069 HIGH PATCH This Week

Stack-based buffer overflow in NASM's disasm() function enables unauthenticated denial-of-service when processing malicious assembly input. Attacker-controlled disassembly formatting triggers out-of-bounds write when string length exceeds buffer capacity, causing application crash. Affects NASM assembler version 3.02rc5. Publicly available exploit code exists. CVSS 7.5 (High) reflects network-accessible attack vector requiring no privileges or user interaction, with availability impact only.

Buffer Overflow Memory Corruption Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-31940 HIGH PATCH This Week

Session fixation in Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 enables unauthenticated remote attackers to hijack user sessions via main/lp/aicc_hacp.php. User-controlled request parameters directly manipulate PHP session IDs before application bootstrap, allowing attackers to force victims into attacker-controlled sessions. Successful exploitation grants high-severity access to confidential data and platform integrity. No public exploit identified at time of analysis.

PHP Information Disclosure Session Fixation
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22750 HIGH PATCH GHSA This Week

SSL bundle configuration bypass in VMware Spring Cloud Gateway 4.2.0 allows unaneticated remote attackers to compromise integrity through forced fallback to default SSL settings. When administrators configure custom SSL bundles via spring.ssl.bundle property, the framework silently ignores this configuration and applies insecure defaults instead, enabling man-in-the-middle attacks against intended encrypted communications. Affects Spring Cloud Gateway 4.2.0 with no public exploit identified at time of analysis.

Information Disclosure Java
NVD HeroDevs
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-40198 HIGH PATCH This Week

IPv6 address validation bypass in Net::CIDR::Lite for Perl (versions <0.23) allows remote attackers to circumvent IP access control lists without authentication. The _pack_ipv6() function fails to validate that uncompressed IPv6 addresses contain exactly 8 hexadecimal groups, accepting malformed inputs like 'abcd' or '1:2:3' and producing incorrect packed representations. This causes find() and bin_find() methods to incorrectly match addresses against CIDR ranges, enabling ACL bypass. Exploitati

Authentication Bypass Net
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33710 HIGH PATCH This Week

Predictable API key generation in Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 allows unauthenticated remote attackers to brute-force valid REST API keys. The md5-based generation algorithm uses a flawed random seed (rand(10000,10000) always returns 10000), reducing the keyspace to md5(timestamp + user_id*5 - 10000). Attackers with knowledge of target usernames and approximate key creation timestamps can enumerate valid API keys through offline computation, enabling unauthorized access to REST API endpoints and confidential data exposure. No public exploit identified at time of analysis.

Information Disclosure Chamilo Lms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-23782 HIGH This Week

BMC Control-M/MFT 9.0.20-9.0.22 exposes API identifiers and secret values to unauthenticated remote attackers via an API management endpoint, enabling unauthorized invocation of privileged API operations. The CVSS vector (AV:N/AC:L/PR:N) confirms network-accessible, low-complexity exploitation requiring no authentication. Despite a 7.5 CVSS score, EPSS probability is minimal (0.03%, 8th percentile), and no public exploit or active exploitation (non-KEV) is identified at time of analysis.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-39304 HIGH PATCH GHSA This Week

Out-of-memory denial of service in Apache ActiveMQ allows unauthenticated remote attackers to exhaust broker memory via rapid TLSv1.3 KeyUpdate requests. Affects ActiveMQ Client, Broker, and All distributions versions <5.19.4 and 6.0.0-6.2.3 when NIO SSL transports are used. Vulnerability arises from improper handling of TLSv1.3 handshake KeyUpdate messages, enabling clients to trigger unbounded memory allocation in the SSL engine. No public exploit identified at time of analysis. CVSS 7.5 (AV:N/AC:L/PR:N) indicates network-accessible, low-complexity attack requiring no authentication.

Apache Denial Of Service Apache Activemq Client Apache Activemq Broker Apache Activemq All +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-5992 HIGH This Week

Stack-based buffer overflow in Tenda F451 router (version 1.0.0.7) enables authenticated remote attackers to execute arbitrary code via malformed 'page' parameter in fromP2pListFilter function at /goform/P2pListFilter endpoint. Publicly available exploit code exists. Attack requires low-privilege authentication (PR:L) but no user interaction, yielding high confidentiality, integrity, and availability impact on vulnerable device.

Tenda Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5991 HIGH This Week

Stack-based buffer overflow in Tenda F451 wireless router firmware 1.0.0.7 allows authenticated remote attackers to execute arbitrary code or crash the device via crafted GO parameter to the formWrlExtraSet function in /goform/WrlExtraSet endpoint. The vulnerability permits complete compromise of device confidentiality and integrity. Publicly available exploit code exists. Attack requires low-privilege authenticated access to the web management interface.

Tenda Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5990 HIGH This Week

Stack-based buffer overflow in Tenda F451 router firmware version 1.0.0.7 allows authenticated remote attackers to execute arbitrary code or cause denial of service via crafted 'page' parameter in the fromSafeEmailFilter function at /goform/SafeEmailFilter endpoint. Publicly available exploit code exists. Attack requires low-privilege authentication but no user interaction, enabling complete compromise of device confidentiality, integrity, and availability.

Tenda Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-34727 HIGH PATCH GHSA This Week

Authentication bypass in Vikunja task management platform allows unauthenticated attackers to circumvent two-factor authentication when OIDC email-based user matching is enabled. The OIDC callback handler issues complete JWT tokens without validating TOTP enrollment status, enabling full account access to users with configured TOTP protection when matched through OIDC email fallback. Affects versions prior to 2.3.0. No public exploit identified at time of analysis.

Authentication Bypass Vikunja
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-35660 HIGH PATCH GHSA This Week

Insufficient access control in OpenClaw Gateway agent allows authenticated attackers with operator.write permission to reset admin sessions without operator.admin authorization. By invoking /reset or /new endpoints with explicit sessionKey parameters, attackers bypass privilege requirements and terminate arbitrary administrative sessions, achieving high-impact session hijacking. Affects OpenClaw versions prior to 2026.3.23. No public exploit identified at time of analysis.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
7.2
EPSS
0.0%
CVE-2026-35653 HIGH PATCH GHSA This Week

Incorrect authorization in OpenClaw pre-2026.3.24 allows authenticated users with operator.write access to browser.request capability to invoke POST /reset-profile endpoint, bypassing privilege restrictions to terminate running browsers, sever Playwright connections, and relocate profile directories to system Trash. Exploitation requires low-privilege authentication (CVSS PR:L) but achieves high integrity and availability impact through unauthorized state mutation and service disruption across intended security boundaries. No public exploit identified at time of analysis.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
7.2
EPSS
0.0%
CVE-2026-33704 HIGH PATCH This Week

Remote code execution in Chamilo LMS versions prior to 1.11.38 allows authenticated users (including low-privilege students) to upload and execute arbitrary PHP code through the BigUpload endpoint. Attackers exploit insufficient file extension filtering by uploading .pht files containing malicious code, which Apache servers with default .pht handlers execute as PHP. The vulnerability enables authenticated attackers to achieve full server compromise through unrestricted arbitrary file write capabilities. No public exploit identified at time of analysis.

Apache PHP File Upload RCE
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy