Skip to main content
CVE-2026-6029 HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the User parameter in setVpnAccountCfg function at /cgi-bin/cstecgi.cgi endpoint. CVSS 9.8 critical severity with publicly available exploit code documented on GitHub. No authentication, low complexity, network-accessible attack vector enables full system compromise with high confidentiality, integrity, and availability impact.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-6028 HIGH POC This Week

Remote unauthenticated OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 enables complete system compromise. Attackers exploit the setPptpServerCfg function in /cgi-bin/cstecgi.cgi CGI handler by injecting malicious commands through the 'enable' parameter. CVSS 9.8 critical severity reflects network-accessible attack requiring no privileges or user interaction. Publicly available exploit code exists, significantly lowering exploitation barrier for remote attackers seeking router takeover, data exfiltration, or network pivoting.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-6027 HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 enables unauthenticated remote attackers to execute arbitrary system commands via the 'enable' parameter in the setUrlFilterRules function of /cgi-bin/cstecgi.cgi. Exploitation requires no user interaction, granting complete device compromise with potential for lateral network movement. Publicly available exploit code exists (GitHub POC). CVSS 9.8 severity reflects network-accessible attack vector with no privilege requirements.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-6026 HIGH POC This Week

Remote OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated attackers to execute arbitrary system commands. The vulnerability resides in the setPortalConfWeChat function within /cgi-bin/cstecgi.cgi, exploitable by manipulating the 'enable' parameter. CVSS 9.8 severity reflects network-accessible attack vector requiring no authentication or user interaction, with full system compromise potential. Publicly available exploit code exists, significantly lowering exploitation barrier for remote attackers targeting vulnerable router deployments.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-6025 HIGH POC This Week

Remote unauthenticated OS command injection in Totolink A7100RU router version 7.4cu.2313_b20191024 allows arbitrary command execution via the setSyslogCfg function in /cgi-bin/cstecgi.cgi. Attackers exploit the 'enable' parameter without authentication to achieve full system compromise. CVSS 9.8 critical severity reflects network accessibility, no complexity barriers, and complete confidentiality/integrity/availability impact. Publicly available exploit code exists, significantly lowering attack barrier for opportunistic scanning campaigns targeting consumer routers.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-5997 HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the admpass parameter in setLoginPasswordCfg function of /cgi-bin/cstecgi.cgi. Network-accessible with no user interaction required. Publicly available exploit code exists. CVSS 9.8 critical severity reflects complete system compromise potential.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-5996 HIGH POC This Week

OS command injection in Totolink A7100RU firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the tty_server parameter in the setAdvancedInfoShow function of /cgi-bin/cstecgi.cgi. CVSS 9.8 critical severity reflects network-accessible exploitation requiring no authentication or user interaction. Publicly available exploit code exists. Attackers can achieve full system compromise including data exfiltration, configuration tampering, and denial of service against affected routers.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-5995 HIGH POC This Week

OS command injection in Totolink A7100RU 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via malicious lan_info parameter to setMiniuiHomeInfoShow function in /cgi-bin/cstecgi.cgi. CVSS 9.8 critical severity with network attack vector requiring no privileges or user interaction. Publicly available exploit code exists. Complete compromise of confidentiality, integrity, and availability achievable through CGI handler manipulation.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-5994 HIGH POC This Week

Remote OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 via unauthenticated manipulation of telnet_enabled parameter in setTelnetCfg function. Critical CVSS 9.8 score reflects network-accessible attack requiring no authentication or user interaction, enabling full system compromise. Publicly available exploit code exists. Impacts router confidentiality, integrity, and availability with potential for complete device takeover and lateral network movement.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-5993 HIGH POC This Week

Unauthenticated OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows remote attackers to execute arbitrary system commands via the wifiOff parameter in the setWiFiGuestCfg function of /cgi-bin/cstecgi.cgi. CVSS 9.8 critical severity with network-accessible attack vector requiring no authentication or user interaction. Publicly available exploit code exists. Successful exploitation enables complete device compromise with high impact to confidentiality, integrity, and availability.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-40217 HIGH POC PATCH GHSA This Week

Remote code execution in BerriAI LiteLLM (all versions through 2026-04-08) enables authenticated attackers to execute arbitrary code by exploiting bytecode rewriting functionality at the /guardrails/test_custom_code endpoint. The vulnerability requires low-privilege authentication (PR:L) but permits complete system compromise with high impact to confidentiality, integrity, and availability. No public exploit identified at time of analysis.

RCE Litellm
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-29002 HIGH POC This Week

Privilege escalation in CouchCMS allows authenticated Admin-level users to create SuperAdmin accounts by manipulating the f_k_levels_list parameter during user creation requests. Attackers modify the parameter value from 4 to 10 in HTTP POST bodies to bypass authorization controls and gain unrestricted application access. This authenticated attack (PR:H) enables lateral privilege movement from Admin to SuperAdmin, circumventing intended role hierarchy enforcement. Publicly available exploit code exists, lowering exploitation barrier for actors with existing Admin credentials.

Privilege Escalation Authentication Bypass Couchcms
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-6016 HIGH POC This Week

Stack-based buffer overflow in Tenda AC9 router firmware 15.03.02.13 enables authenticated remote attackers to execute arbitrary code or crash the device. The vulnerability resides in the decodePwd function within /goform/WizardHandle POST request handler, triggered by manipulating the WANS parameter. Attack requires low-privilege authentication but no user interaction. CVSS 8.8 (High) reflects potential for complete system compromise. Publicly available exploit code exists; no confirmed active exploitation (CISA KEV).

Buffer Overflow Tenda Stack Overflow
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-6015 HIGH POC This Week

Stack-based buffer overflow in Tenda AC9 router firmware 15.03.02.13 allows authenticated remote attackers to execute arbitrary code via crafted PPPOEPassword parameter to formQuickIndex endpoint. Attack requires low-privilege credentials but no user interaction, enabling complete device compromise. Publicly available exploit code exists. CVSS 8.8 reflects network-accessible attack path with high impact to confidentiality, integrity, and availability.

Buffer Overflow Tenda Stack Overflow
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-6014 HIGH POC Monitor

Buffer overflow in D-Link DIR-513 firmware 1.10 formAdvanceSetup function enables authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in POST request handling at /goform/formAdvanceSetup endpoint, where insufficient input validation of the 'webpage' parameter triggers memory corruption. Publicly available exploit code exists. This router model is end-of-life with no vendor support.

D-Link Buffer Overflow
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-6013 HIGH POC Monitor

Buffer overflow in D-Link DIR-513 1.10 POST request handler allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The formSetRoute function improperly validates the curTime parameter, enabling memory corruption attacks. Publicly available exploit code exists. This vulnerability affects end-of-life hardware no longer supported by D-Link, leaving no vendor remediation pathway.

D-Link Buffer Overflow
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-6012 HIGH POC Monitor

Buffer overflow in D-Link DIR-513 1.10 formSetPassword function allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. Exploitation occurs through POST request manipulation of the curTime parameter in /goform/formSetPassword endpoint. This end-of-life product receives no vendor support, and publicly available exploit code exists. Attack requires low-privilege authentication (CVSS PR:L) but no user interaction, enabling straightforward remote exploitation once credentials are obtained.

D-Link Buffer Overflow
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-40242 HIGH POC PATCH GHSA This Week

Server-side request forgery in Arcane Docker management interface versions prior to 1.17.3 allows unauthenticated remote attackers to conduct SSRF attacks via the /api/templates/fetch endpoint. Attackers can supply arbitrary URLs through the url parameter, causing the server to perform HTTP GET requests without URL scheme or host validation, with responses returned directly to the caller. This enables reconnaissance of internal network resources, access to cloud metadata endpoints, and potential interaction with internal services from the server's network context. No public exploit identified at time of analysis.

SSRF Docker
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-33618 HIGH PATCH This Week

Remote code execution in Chamilo LMS versions prior to 2.0.0-RC.3 allows authenticated attackers with administrative privileges to inject and execute arbitrary PHP code via platform configuration settings. The PlatformConfigurationController::decodeSettingArray() method unsafely uses eval() to parse database-stored settings, executing injected code when any user-including unauthenticated visitors-accesses the /platform-config/list endpoint. Exploitation requires low-privilege authentication (PR:L) but delivers full system compromise with high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis.

RCE PHP Code Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-23780 HIGH This Week

SQL injection in BMC Control-M/MFT 9.0.20-9.0.22 debug API enables authenticated attackers to execute arbitrary SQL queries, leading to file system access and potential remote code execution. CVSS 8.8 reflects network-accessible, low-complexity exploitation requiring low-privilege authentication. EPSS score of 0.04% (13th percentile) indicates minimal current exploitation probability, and no public exploit identified at time of analysis. Patch PAAFP-9-0-22-025 addresses the vulnerability.

RCE SQLi
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5500 HIGH This Week

Man-in-the-middle attackers can truncate AES-GCM authentication tags in wolfSSL's PKCS7 AuthEnvelopedData processing from 16 bytes to 1 byte, degrading cryptographic integrity verification from 2⁻¹²⁸ to 2⁻⁸ probability. Affects wolfSSL versions through 5.9.0 due to missing lower bounds validation in wc_PKCS7_DecodeAuthEnvelopedData(). Unauthenticated network-based attack enables high-severity integrity bypass without user interaction. No public exploit identified at time of analysis.

Information Disclosure Wolfssl
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-35669 HIGH PATCH GHSA This Week

Privilege escalation in OpenClaw gateway-authenticated plugin HTTP routes allows authenticated attackers to bypass scope restrictions and gain operator.admin privileges. The vulnerability affects OpenClaw versions prior to 2026.3.25, enabling low-privileged authenticated users to perform unauthorized administrative actions through improperly minted runtime scopes. Exploitation requires network access and low-level authentication but no user interaction. No public exploit identified at time of analysis.

Privilege Escalation Openclaw
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-35663 HIGH PATCH GHSA This Week

Privilege escalation in OpenClaw versions prior to 2026.3.25 allows authenticated low-privilege operators to bypass pairing requirements during backend reconnection, self-requesting elevated scopes to gain operator.admin privileges. Attackers with existing operator credentials exploit improper scope validation (CWE-648) to escalate from limited operator access to full administrative control over the OpenClaw system. Exploitation requires network access and low-privilege authentication (CVSS:3.1 PR:L), enabling high-impact compromise of confidentiality, integrity, and availability. No public exploit identified at time of analysis.

Privilege Escalation Openclaw
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-5777 HIGH This Week

Unauthenticated root access in Egate Atom 3x Projector enables complete device compromise via exposed Android Debug Bridge service on local network. Attacker on same network segment can execute arbitrary commands with full system privileges without credentials due to missing authentication controls and network exposure of ADB service. No public exploit identified at time of analysis. Critical impact includes data exfiltration, malware installation, and persistent backdoor deployment.

Google Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-35643 HIGH PATCH GHSA This Week

Remote code execution in OpenClaw Android application (versions before 2026.3.22) allows unauthenticated attackers to execute arbitrary code through an unvalidated WebView JavascriptInterface. Attackers craft malicious web pages that invoke the exposed canvas bridge, executing instructions within the application's Android context when users interact with untrusted content. The vulnerability requires user interaction but no authentication, enabling high-severity compromise of confidentiality, integrity, and availability. No public exploit identified at time of analysis.

RCE Google
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-40158 HIGH PATCH GHSA This Week

Arbitrary code execution in PraisonAI multi-agent system (<4.5.128) via Python sandbox escape. Incomplete AST attribute filtering allows type.__getattribute__ trampoline to bypass restrictions on __subclasses__, __globals__, and __bases__, enabling untrusted agent code to break containment. Attack requires local access and user interaction to execute malicious code. No public exploit identified at time of analysis.

RCE Python Code Injection
NVD GitHub
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-5501 HIGH POC This Week

Certificate chain validation bypass in wolfSSL's OpenSSL compatibility layer allows authenticated network attackers to forge arbitrary certificates. Attackers possessing any legitimate leaf certificate from a trusted CA can craft fraudulent certificates for any subject name with arbitrary keys, bypassing signature verification when an untrusted CA:FALSE intermediate is inserted. Affects nginx and haproxy integrations using wolfSSL's OpenSSL compatibility API; native wolfSSL TLS handshake (ProcessPeerCerts) not vulnerable. No public exploit identified at time of analysis.

Information Disclosure Nginx OpenSSL
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-28704 HIGH Monitor

DLL hijacking in JPCERT's Emocheck malware detection tool allows local code execution when malicious DLL placed in application directory. Unauthenticated attacker with local access can achieve arbitrary code execution at user privilege level by exploiting insecure library loading (CWE-427). User must invoke Emocheck executable with crafted DLL present. No public exploit identified at time of analysis. CVSS 7.8 indicates high severity requiring user interaction and local access.

RCE Emocheck
NVD GitHub
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-35641 HIGH PATCH GHSA This Week

Arbitrary code execution in OpenClaw versions prior to 2026.3.24 enables local attackers to execute malicious code during npm package installation by crafting a malicious .npmrc file that overrides the git executable. When npm install runs in the staged package directory with git dependencies, the attacker-controlled .npmrc configuration triggers execution of arbitrary programs specified by the attacker. Exploitation requires user interaction to install the malicious plugin or hook locally. No public exploit identified at time of analysis.

RCE Node.js
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-31939 HIGH PATCH This Week

Path traversal in Chamilo LMS main/exercise/savescores.php enables authenticated attackers to delete arbitrary files on the server. Vulnerable versions prior to 1.11.38 fail to sanitize the 'test' parameter from $_REQUEST, allowing directory traversal sequences to escape intended paths and target critical system or application files. Attackers with low-level authenticated access can exploit this remotely without user interaction, resulting in high integrity and availability impact through targeted file deletion.

PHP Path Traversal
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-35595 HIGH PATCH GHSA This Week

Privilege escalation in Vikunja API (v2.2.2 and prior) allows authenticated users with Write permission on a shared project to escalate to Admin by reparenting the project under their own hierarchy. The vulnerability exploits insufficient authorization checks in project reparenting (CanWrite instead of IsAdmin), causing the recursive permission CTE to grant Admin rights. Attackers can then delete projects, remove user access, and manage sharing settings. Publicly available exploit code exists.

Python Privilege Escalation
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-40163 HIGH PATCH GHSA This Week

Path traversal in Saltcorn's mobile sync endpoints enables remote unauthenticated attackers to write arbitrary JSON files and create directories anywhere on the server filesystem, plus read directory listings and JSON file contents. Affects all versions before 1.4.5, 1.5.0-beta.0 through 1.5.4, and 1.6.0-alpha.0 through 1.6.0-beta.3. Publicly available exploit code exists (SSVC: POC status), with EPSS probability of 0.08% (23rd percentile) indicating low widespread exploitation likelihood despite the critical impact. The vulnerability enables direct filesystem manipulation without authentication, though confidentiality impact is rated low (CVSS C:L) as only JSON files and directory listings are readable.

Path Traversal Saltcorn
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-5477 HIGH This Week

Integer overflow in wolfSSL CMAC implementation (versions ≤5.9.0) enables zero-effort cryptographic forgery. The wc_CmacUpdate function uses a 32-bit counter (totalSz) that wraps to zero after processing 4 GiB of data, erroneously discarding live CBC-MAC chain state. Attackers can forge CMAC authentication tags by crafting messages with identical suffixes beyond the 4 GiB boundary, undermining message authentication integrity in unauthenticated network contexts. No public exploit identified at time of analysis.

Buffer Overflow Integer Overflow Wolfssl
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-40168 HIGH PATCH This Week

Server-side request forgery in Postiz (gitroomhq postiz-app) versions prior to 2.21.5 allows unauthenticated remote attackers to access internal network resources and exfiltrate sensitive data via the /api/public/stream endpoint. The vulnerability exploits inadequate redirect validation: attackers supply public HTTPS URLs that pass initial validation but redirect server requests to private internal hosts, bypassing security controls. High confidentiality impact with potential service disruption. No public exploit identified at time of analysis.

SSRF Postiz App
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-40073 HIGH PATCH GHSA This Week

Request body size limit bypass in SvelteKit adapter-node allows unauthenticated attackers to submit oversized payloads, causing denial of service through resource exhaustion. Affects SvelteKit versions prior to 2.57.1 running adapter-node. Exploitation requires specific timing conditions (CVSS AT:P). Platform-level and WAF body size limits remain effective. No public exploit identified at time of analysis. Vulnerability exploits CWE-770 resource allocation flaw where BODY_SIZE_LIMIT enforcement fails under race conditions or specific request patterns.

Denial Of Service Kit
NVD GitHub
CVSS 4.0
8.2
EPSS
0.0%
CVE-2025-58913 HIGH This Week

Local file inclusion in CactusThemes VideoPro WordPress theme through version 2.3.8.1 allows unauthenticated remote attackers to read arbitrary files on the server via improper filename control in PHP include/require statements. Exploitation requires high attack complexity but no user interaction. EPSS score indicates low observed exploitation activity; no public exploit identified at time of analysis.

PHP Information Disclosure LFI
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-40259 HIGH PATCH GHSA This Week

Unauthorized deletion of attribute view definitions in SiYuan note-taking application allows authenticated publish-service readers to permanently destroy arbitrary workspace data. Attackers with low-privilege publish credentials can extract attribute view IDs from published content markup (exposed as data-av-id attributes) and invoke the /api/av/removeUnusedAttributeView endpoint to delete corresponding JSON definition files. The endpoint lacks proper authorization controls, accepting RoleReader tokens despite performing destructive write operations. Successful exploitation corrupts database views, breaks local workspace rendering, and causes operational disruption requiring manual restoration.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-4351 HIGH This Week

Authenticated arbitrary file overwrite in Perfmatters WordPress plugin ≤2.5.9 allows low-privileged attackers (Subscriber-level and above) to corrupt critical server files via path traversal. The PMCS::action_handler() method processes bulk activate/deactivate actions without authorization checks or nonce verification, passing unsanitized $_GET['snippets'][] values through Snippet::activate()/deactivate() to file_put_contents(). Attackers can overwrite files like .htaccess or index.php with fixed PHP docblock content, causing denial of service. Exploitation requires authenticated access with minimal privileges. No public exploit identified at time of analysis.

WordPress PHP Path Traversal Denial Of Service
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2021-47961 HIGH PATCH This Week

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Synology Authentication Bypass
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-40200 HIGH This Week

Stack-based buffer overflow in musl libc 0.7.10 through 1.2.6 allows local attackers with high complexity requirements to corrupt memory during qsort operations on exceptionally large arrays (exceeding ~7 million elements on 32-bit systems, corresponding to the 32nd Leonardo number). Exploitation requires sorting arrays approaching billion-element scale on 64-bit platforms. Vulnerability stems from incorrect double-word primitive implementation in smoothsort algorithm. Successful exploitation enables arbitrary code execution with scope change, impacting confidentiality, integrity, and availability. No public exploit identified at time of analysis.

Buffer Overflow Musl
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-30232 HIGH PATCH This Week

Server-Side Request Forgery in Chartbrew versions prior to 4.8.5 allows authenticated users to create API data connections with arbitrary URLs, enabling attacks against internal networks and cloud metadata endpoints. The vulnerability stems from unvalidated URL fetching via request-promise library, permitting attackers to probe internal infrastructure, access cloud instance metadata (AWS, Azure, GCP), and potentially retrieve sensitive credentials or configuration data. No public exploit identified at time of analysis. CVSS 7.8 with network attack vector and no authentication requirement in subsequent chain exploitation.

SSRF Chartbrew
NVD GitHub
CVSS 4.0
7.8
EPSS
0.0%
CVE-2026-40156 HIGH PATCH GHSA This Week

Arbitrary code execution occurs in PraisonAI (all versions prior to 4.5.128) when a malicious tools.py file exists in the working directory. The framework automatically imports and executes this file during startup without validation or user consent, enabling unauthenticated local attackers to execute arbitrary Python code by placing a weaponized tools.py in directories accessed by users or CI/CD pipelines. User interaction is required (running praisonai command). No public exploit identified at time of analysis.

RCE Code Injection Praisonai
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33092 HIGH PATCH This Week

Local privilege escalation in Acronis True Image for macOS enables authenticated low-privileged users to gain elevated system privileges through improper environment variable handling. Affects Acronis True Image OEM (macOS) versions prior to build 42571 and Acronis True Image (macOS) prior to build 42902. Attackers with existing local access can achieve complete system compromise (high confidentiality, integrity, and availability impact). No public exploit identified at time of analysis. Exploitation requires low attack complexity with no user interaction.

Apple Privilege Escalation
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-25203 HIGH This Week

Local privilege escalation in Samsung MagicINFO 9 Server versions prior to 21.1091.1 enables authenticated low-privileged users to escalate to high privileges through incorrect default file/directory permissions. Attackers with local access can obtain complete system control, compromising confidentiality, integrity, and availability. Attack requires local access and low-level authentication but no user interaction. No public exploit identified at time of analysis.

Samsung Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-35650 HIGH PATCH GHSA This Week

Remote code execution in OpenClaw versions prior to 2026.3.22 allows authenticated attackers to bypass shared host environment policy via inconsistent environment variable sanitization. Attackers exploit validation inconsistencies by supplying malformed or blocked override keys that evade filtering mechanisms, enabling arbitrary code execution with unauthorized environment variable configurations. Vulnerability requires low-privilege authentication and high attack complexity. No public exploit identified at time of analysis.

RCE Openclaw
NVD GitHub
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-40180 HIGH POC PATCH This Week

Path traversal vulnerability in Quarkus OpenAPI Generator (Quarkiverse) versions prior to 2.16.0 and 2.15.0-lts allows unauthenticated remote attackers to write arbitrary files outside intended directories via malicious ZIP archives. The ApicurioCodegenWrapper.java unzip() method fails to validate file paths during extraction, enabling path traversal sequences (../../) to bypass output directory restrictions and achieve arbitrary file write with high integrity impact. No public exploit identified at time of analysis. Affects Java-based Quarkus extensions for REST client and server stub generation.

Java Path Traversal
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-35666 HIGH PATCH GHSA This Week

Allowlist bypass in OpenClaw before 2026.3.22 permits authenticated attackers to execute arbitrary commands by wrapping disallowed executables with /usr/bin/time. The vulnerability exploits incomplete validation in system.run approvals, which fail to detect time wrapper prefixes, allowing reuse of approval state for inner prohibited commands. Remote exploitation requires low-privilege authentication (PR:L) with network access, enabling full system compromise through command injection. No public exploit identified at time of analysis.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-31941 HIGH PATCH This Week

Server-Side Request Forgery in Chamilo LMS Social Wall feature enables authenticated attackers to force the server to make arbitrary HTTP requests to internal resources. The read_url_with_open_graph endpoint accepts user-controlled URLs via social_wall_new_msg_main POST parameter without validating internal versus external targets, allowing internal port scanning, access to cloud instance metadata (AWS/GCP/Azure), and reconnaissance of private network services. Affects Chamilo LMS versions before 1.11.38 and 2.0.0-RC.3. Attack requires low-privilege authenticated access; no public exploit identified at time of analysis.

SSRF Chamilo Lms
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-40188 HIGH PATCH GHSA This Week

Path traversal in patrickhener goshs SFTP rename operation enables authenticated attackers to write files outside the configured root directory. Versions 1.0.7 through 2.0.0-beta.3 fail to sanitize destination paths in SFTP rename commands, allowing low-privileged users to overwrite arbitrary filesystem locations with network access. High integrity impact with scope change indicates potential host compromise. No public exploit identified at time of analysis.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-32252 HIGH PATCH This Week

Cross-tenant authorization bypass in Chartbrew versions prior to 4.9.0 allows authenticated attackers to exfiltrate sensitive project data from other tenants. The vulnerability exists in the template generation endpoint (GET /team/:team_id/template/generate/:project_id), where unawaited promise execution and missing tenant validation enable attackers with valid template-generation permissions in their own team to access chart configurations, database connection details, and query structures from victim teams' projects. No public exploit identified at time of analysis. CVSS 7.7 reflects high confidentiality impact with scope change due to cross-tenant boundary violation.

Authentication Bypass Chartbrew
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy