THREAT ALERT

ACT NOW CVE-2026-34621 8.6 Prototype pollution in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execution in user context via malicious PDF files. Attack requires user interaction to open a crafted document. CVSS 9.6 (Critical) reflects network-deliverable code execution with scope change, though EPSS 0.24% (46th percentile) suggests moderate real-world exploitation probability. No public exploit identified at time of analysis. | ACT NOW CVE-2026-39987 9.3 Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/terminal/ws` WebSocket endpoint. The terminal handler skips authentication validation entirely, accepting connections without credential checks and spawning PTY shells directly. Attackers obtain full interactive shell access as root in default Docker deployments through a single WebSocket connection, bypassing Marimo's authentication middleware. No public exploit identified at time of analysis. | ACT NOW CVE-2026-34197 8.8 Remote code execution in Apache ActiveMQ Classic versions before 5.19.5 and 6.0.0-6.2.2 allows authenticated attackers to execute arbitrary code on the broker's JVM via Jolokia MBean operations. Attackers with low-privilege web console access can invoke BrokerService.addNetworkConnector() with a malicious discovery URI containing a VM transport brokerConfig parameter that loads remote Spring XML contexts, triggering bean instantiation and code execution through factory methods like Runtime.exec( | EMERGENCY CVE-2026-35616 9.8 Remote code execution in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6 allows unauthenticated attackers to execute arbitrary code via crafted network requests. The vulnerability stems from improper access control (CWE-284) and requires no user interaction or privileges (CVSS PR:N). With a CVSS score of 9.1 (Critical) and low attack complexity, this represents a severe exposure for organizations using affected FortiClientEMS versions. The CVSS temporal metrics indicate functional exploit code exists (E:F) with an official fix available (RL:O), making this a high-priority patching target despite no confirmed active exploitation (not present in CISA KEV). | ACT NOW CVE-2026-5281 8.8 Remote code execution in Google Chrome prior to version 146.0.7680.178 via a use-after-free vulnerability in the Dawn graphics component allows attackers who have already compromised the renderer process to execute arbitrary code through a crafted HTML page. The vulnerability requires prior renderer compromise but results in full code execution with high severity per Chromium's security classification. | ACT NOW CVE-2026-3502 7.8 Arbitrary code execution in TrueConf Client allows authenticated attackers on adjacent networks to deliver malicious updates due to missing integrity verification. The auto-update mechanism accepts unsigned or unverified payloads, enabling man-in-the-middle attackers with high privileges to substitute trojanized updates that execute with the application's permissions. EPSS data not available; no confirmed active exploitation (not in CISA KEV); publicly available exploit code not identified at time of analysis. CVSS 7.8 reflects the adjacent network attack vector and user interaction requirement, reducing immediate internet-scale risk. | EMERGENCY CVE-2026-33634 9.4 Trivy security scanner v0.69.4 was compromised in a supply chain attack where a threat actor used stolen credentials to publish malicious releases and force-push credential-stealing malware to GitHub Actions repositories. | EMERGENCY CVE-2026-3055 9.3 An insufficient input validation vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway when configured as a SAML Identity Provider, allowing attackers to trigger a memory overread condition. The vulnerability affects both the NetScaler ADC and NetScaler Gateway products across multiple versions, and successful exploitation could lead to information disclosure by reading adjacent memory contents. While no CVSS score or EPSS data is currently published, the CWE-125 classification (Out-of-bounds Read) combined with the SAML IDP configuration context suggests moderate to high real-world risk for organizations relying on these devices for identity management. | EMERGENCY CVE-2026-33017 9.3 Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-33017, CVSS 9.3) in the public flow build API that allows attackers to execute arbitrary Python code by supplying malicious flow data. KEV-listed with public PoC, this vulnerability enables anyone with network access to a Langflow instance to achieve server compromise through the API that builds public flows without authentication. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Get CVEs that hit your stack — not 200/day

Pick your technologies, get a weekly digest by email. Free, no spam.

React Python Postgres +200 more

React Next.js Python Postgres AWS +200 more

Trending Now See all

Critical Watch See all

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Incoming 20

Pre-NVD – not yet scored

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — April 13, 2026

227 CVEs tracked today. 14 Critical, 73 High, 98 Medium, 42 Low.

CVE-2026-40044 CRITICAL CVSS 9.3
Remote code execution in Pachno 1.0.6 allows unauthenticated attackers to achieve arbitrary code execution by exploiting unsafe deserialization of PHP objects. Attackers write malicious serialized payloads to world-writable cache files with predictable names, which are automatically unserialized during framework bootstrap before authentication occurs. EPSS indicates 0.14% probability of exploitation (33rd percentile), no active exploitation confirmed per CISA KEV, and SSVC classifies this as automatable with total technical impact.

PHP RCE Deserialization
CVE-2026-40042 CRITICAL CVSS 9.3
XML External Entity (XXE) injection in Pachno 1.0.6's TextParser helper allows remote unauthenticated attackers to read arbitrary files from the server. The vulnerability is triggered through malicious XML entities embedded in wiki table syntax and inline tags within issue descriptions, comments, or wiki articles, exploiting unsafe simplexml_load_string() calls without LIBXML_NONET protections. With CVSS 9.3 and EPSS 0.04% (14th percentile), this represents a high-severity but low-probability threat. No active exploitation (CISA KEV) or public exploit code has been identified at time of analysis.

XXE
CVE-2026-34865 CRITICAL CVSS 10.0
Out-of-bounds heap write in Huawei HarmonyOS WEB module allows unauthenticated remote attackers to execute arbitrary code and exfiltrate sensitive data with no user interaction required. CVSS v4.0 score of 10.0 (Critical) reflects network-based exploitation with low complexity requiring no privileges or user interaction. No public exploit identified at time of analysis. The vulnerability achieves complete compromise of confidentiality, integrity, and availability across both vulnerable and subsequent system scopes.

Buffer Overflow Heap Overflow
CVE-2026-31414 CRITICAL CVSS 9.8
Use-after-free or race condition in Linux kernel netfilter connection tracking can lead to remote code execution, privilege escalation, or memory corruption. The vulnerability affects the nf_conntrack_expect module where unsafe access to helper names occurs without holding a reference to the master conntrack structure. Despite a critical CVSS score of 9.8 (network-accessible, no authentication required), EPSS exploitation probability is very low (0.02%, 7th percentile), and no active exploitation or public POC has been identified. Vendor patches are available for kernel versions 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, and 7.0.

Information Disclosure Linux
CVE-2026-31283 CRITICAL CVSS 9.8
Totara LMS versions up to 19.1.5 allow unauthenticated remote attackers to conduct email bombing attacks by abusing the forgot password API endpoint, which lacks rate limiting on target email addresses. With a CVSS score of 9.8, the vulnerability enables complete compromise of confidentiality, integrity, and availability. Despite the critical score, EPSS estimates only 0.02% exploitation probability (5th percentile), and no active exploitation is confirmed (not in CISA KEV). A public proof-of-concept exists on GitHub, demonstrating the abuse technique.

Denial Of Service
CVE-2026-31282 CRITICAL CVSS 9.8
Brute-force authentication bypass in Totara LMS versions 19.1.5 and earlier allows unauthenticated remote attackers to compromise user accounts via credential stuffing. The vulnerability chains login page manipulation with missing rate-limiting controls, enabling automated password guessing attacks. With CVSS 9.8 (critical) severity but only 0.02% EPSS probability (5th percentile), this represents a high-severity design flaw with currently low observed exploitation activity. A proof-of-concept exploit exists on GitHub (saykino/CVE-2026-31282), lowering the barrier for attack automation, though no confirmed active exploitation (CISA KEV) has been reported.

Authentication Bypass
CVE-2026-31048 CRITICAL CVSS 9.8
An issue in the <code>pickle</code> protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled string message.

RCE Code Injection
CVE-2026-23891 CRITICAL CVSS 9.3
Stored code execution in Decidim's user name field allows authenticated attackers with low privileges to inject malicious code that executes in victims' browsers when they view comment pages, enabling account takeover and data theft across trust boundaries. The vulnerability affects the decidim-core RubyGem component. Patches are available in versions 0.30.5 and 0.31.1. No public exploit identified at time of analysis, though the attack vector is relatively straightforward for authenticated users.

XSS RCE
CVE-2026-22564 CRITICAL CVSS 9.8
Remote unauthenticated attackers can enable SSH and gain complete system control on Ubiquiti UniFi Play PowerAmp (≤1.0.35) and UniFi Play Audio Port (≤1.0.24) devices via improper access control. The vulnerability bypasses authentication mechanisms, allowing network-accessible adversaries to modify system configurations with critical impact across confidentiality, integrity, and availability (CVSS 9.8). No public exploit identified at time of analysis, with low EPSS probability (0.01%, 3rd percentile) suggesting limited observed exploitation attempts despite the critical severity rating.

Authentication Bypass Ubiquiti
CVE-2026-22563 CRITICAL CVSS 9.8
Critical command injection in Ubiquiti UniFi Play PowerAmp and Audio Port allows remote unauthenticated attackers to execute arbitrary commands with network access to the device management interface. Affects PowerAmp versions ≤1.0.35 and Audio Port versions ≤1.0.24. CVSS 9.8 critical severity reflects network-accessible attack with no authentication barriers. EPSS score of 0.08% (24th percentile) suggests low immediate exploitation probability despite critical scoring. Vendor-released patches av

Command Injection Ubiquiti
CVE-2026-22562 CRITICAL CVSS 9.8
Path traversal in UniFi Play PowerAmp (≤1.0.35) and Audio Port (≤1.0.24) firmware allows unauthenticated remote attackers to write arbitrary files for remote code execution. CVSS 9.8 critical severity reflects network-accessible attack requiring no authentication or user interaction. EPSS score of 0.11% (30th percentile) suggests low immediate exploitation probability despite critical rating. No public exploit identified at time of analysis. Reported via HackerOne bug bounty, vendor patches avai

RCE Path Traversal Ubiquiti
CVE-2026-6100 CRITICAL CVSS 9.1
CPython decompression modules (lzma, bz2, gzip) allow memory corruption via use-after-free when decompressor instances are reused after MemoryError exceptions under memory pressure. Affects all CPython versions before 3.15.0. Exploitation requires network-accessible Python service that decompresses attacker-controlled data, operates under memory constraints, and reuses decompressor objects across multiple operations-a narrow but realistic scenario in containerized environments or resource-limited systems. No active exploitation confirmed (EPSS 0.05%, not in CISA KEV). Patch available via CPython 3.15.0.

Information Disclosure Use After Free Memory Corruption Red Hat Suse
CVE-2026-5085 CRITICAL CVSS 9.1
Weak session ID generation in Solstice::Session for Perl (all versions through 1440) enables session prediction and hijacking attacks by unauthenticated remote attackers. The vulnerability stems from cryptographically weak entropy sources (MD5 with predictable epoch time, stringified hash references, 16-bit rand() seeding, and limited process IDs), allowing attackers to forge valid session tokens and impersonate legitimate users. EPSS score of 0.02% (4th percentile) indicates low observed exploi

Information Disclosure
CVE-2025-3756 HIGH CVSS 7.1
Denial-of-service in ABB industrial control system products (AC800M, Symphony Plus SD/MR, S+ Operations) allows attackers on adjacent IEC 61850 networks to crash communication modules via malformed protocol packets. The vulnerability affects critical infrastructure PLCs and SCADA systems widely deployed in power substations and industrial automation. CVSS 7.1 (High) but low EPSS (0.02%) indicates limited attacker interest to date. No public exploit identified at time of analysis, and CISA SSVC a

Information Disclosure
CVE-2026-4810 CRITICAL CVSS 9.3
Remote code execution in Google Agent Development Kit (ADK) versions 1.7.0-1.28.0 and 2.0.0a1 allows unauthenticated remote attackers to execute arbitrary code on ADK server instances via combined code injection and missing authentication flaws. Affects Python OSS deployments, Cloud Run, and GKE environments. CVSS 9.3 critical severity with proof-of-concept code available (CVSS:4.0 E:P). No CISA KEV listing indicates no confirmed widespread exploitation at time of analysis, though the authentication bypass combined with RCE presents extreme risk for exposed instances.

Authentication Bypass RCE Python Google
CVE-2026-40436 HIGH CVSS 7.1
Password reset vulnerability in ZTE ZXEDM iEMS cloud management portal allows authenticated attackers with low privileges to enumerate all user accounts and reset arbitrary user passwords. This authentication bypass enables unauthorized administrative operations across the entire EMS system. Attack requires user interaction and moderate complexity (CVSS AC:H), but no public exploit identified at time of analysis. CVSS 7.1 reflects high confidentiality, integrity, and availability impact within the vulnerable component's scope.

Authentication Bypass Zte
CVE-2026-40262 HIGH CVSS 8.7
Stored cross-site scripting in Note Mark note-taking application allows authenticated users to execute arbitrary JavaScript in victims' browsers by uploading HTML/SVG files as note assets. The vulnerability affects the Go backend's asset delivery mechanism (github.com/enchant97/note-mark), which serves uploaded files inline without setting Content-Type headers or X-Content-Type-Options: nosniff, enabling browser MIME-sniffing attacks. Attackers with low-privilege accounts can create malicious asset URLs that, when opened by victims, execute scripts with full access to authenticated API endpoints, private notes, and user data. CVSS 8.7 (High) reflects the changed scope impact where one user's malicious upload affects other users' security context. Vendor-released patch available in v0.19.2.

XSS
CVE-2026-40193 HIGH CVSS 8.2
LDAP injection in maddy mail server versions before 0.9.3 allows remote unauthenticated attackers to extract sensitive directory attributes and spoof user identities. The auth.ldap module fails to escape user-supplied usernames before interpolating them into LDAP search filters and DN strings, despite having the ldap.EscapeFilter() function available. Attackers can exploit this via SMTP AUTH PLAIN or IMAP LOGIN interfaces to perform boolean-based blind injection attacks that extract password hashes, email addresses, group memberships, and other LDAP attributes character-by-character. While CVSS rates this 8.2 (High) for network-accessible unauthenticated exploitation with high confidentiality impact, no active exploitation (KEV) or weaponized POC has been identified at time of analysis. EPSS data not available for this recent CVE.

Path Traversal OpenSSL LDAP Code Injection Oracle
CVE-2026-40192 HIGH CVSS 8.7
Unbounded GZIP decompression in Pillow's FITS image parser enables remote denial-of-service via crafted image files. Pillow versions 10.3.0 through 12.1.x process FITS images without limiting decompression output, allowing attackers to trigger out-of-memory crashes or severe performance degradation through maliciously compressed images. Vendor-released patch available in Pillow 12.2.0. No active exploitation confirmed (not in CISA KEV), but the attack vector is trivial for any application accept

Denial Of Service
CVE-2026-40043 HIGH CVSS 7.1
Privilege escalation in Pachno 1.0.6 allows low-privilege authenticated users to hijack administrator sessions by manipulating the original_username cookie in the runSwitchUser() action, enabling unauthorized access to user ID 1 (admin) session tokens and password hashes. SSVC confirms proof-of-concept exists with partial technical impact, though EPSS indicates low exploitation probability (0.07%, 22nd percentile) and no active exploitation confirmed via CISA KEV.

Authentication Bypass
CVE-2026-40040 HIGH CVSS 8.7
Remote code execution in Pachno 1.0.6 allows authenticated users to upload and execute PHP5 scripts via the /uploadfile endpoint due to ineffective extension filtering. The vulnerability bypasses file type restrictions, enabling attackers to place executable code in web-accessible directories. With a low attack complexity (AC:L) and requiring only low-level authentication (PR:L), this is exploitable by any user with basic credentials. EPSS probability is relatively low (0.10%, 27th percentile), and no active exploitation is confirmed via CISA KEV status, though the attack technique is well-understood and documented in public advisories.

RCE File Upload
CVE-2026-40039 HIGH CVSS 7.1
Open redirection in Pachno 1.0.6's return_to parameter enables phishing campaigns that harvest user credentials by redirecting victims to attacker-controlled domains after login. With CVSS 7.1 (High) and EPSS 0.03% (9th percentile), exploitation requires user interaction but no authentication, making it effective for social engineering attacks. No active exploitation (CISA KEV) or public exploit code confirmed at time of analysis, though detailed advisories exist from ZeroScience and VulnCheck.

Information Disclosure
CVE-2026-36948 HIGH CVSS 7.3
SQL injection in Sourcecodester Online Thesis Archiving System v1.0's /otas/view_archive.php endpoint allows remote unauthenticated attackers to manipulate database queries, potentially extracting sensitive thesis data, authentication credentials, or modifying database contents. No public exploit identified at time of analysis, with minimal observed exploitation probability (EPSS 0.01%, 2nd percentile). The vulnerability affects a PHP-based academic archiving platform with limited deployment footprint.

PHP SQLi
CVE-2026-35582 HIGH CVSS 8.8
Shell command injection in NSA Emissary's Executrix.getCommand() allows authenticated users with place configuration authorship to achieve arbitrary OS command execution when any payload is processed. The framework constructs /bin/sh -c commands by directly substituting IN_FILE_ENDING and OUT_FILE_ENDING configuration values into temporary file paths without escaping or validation, despite implementing input sanitization for similar parameters (placeName). Vendor-released patch available (commit 1faf33f). CVSS 8.8 (high) reflects local attack vector requiring low privileges, but scope change to C indicates container/JVM breakout potential. No CISA KEV listing or public exploit identified at time of analysis, though detailed proof-of-concept exists in advisory including Docker-based reproduction and unit test.

Denial Of Service Java Docker Command Injection Microsoft
CVE-2026-35553 HIGH CVSS 8.4
Stack-based buffer overflow in Dynabook Bluetooth ACPI drivers (tosrfec.sys, drfec.sys) allows local administrators to execute arbitrary code by manipulating specific registry values. This CVSS 8.4 vulnerability requires high privileges (administrative access) but enables complete system compromise with low attack complexity. No public exploit identified at time of analysis, though the attack surface is limited to users who already possess elevated credentials.

RCE Buffer Overflow Stack Overflow
CVE-2026-35337 HIGH CVSS 8.8
Remote code execution in Apache Storm before 2.8.6 allows authenticated users with topology submission rights to execute arbitrary code on Nimbus and Worker JVMs via crafted serialized objects in Kerberos TGT credentials. The vulnerability exploits unsafe deserialization in the Nimbus Thrift API (CWE-502) with CVSS 8.8. No active exploitation confirmed (EPSS 0.30%, SSVC exploitation status: none), but the low attack complexity and network attack vector make this a critical patch priority for Storm deployments with authenticated users.

RCE Apache Deserialization
CVE-2026-34984 HIGH CVSS 7.1
DNS exfiltration in External Secrets Operator (ESO) allows authenticated Kubernetes users with ExternalSecret write permissions to leak secret material through controller-side DNS queries. The v2 template engine exposes Sprig's getHostByName function to user-controlled templates, enabling attackers to encode fetched secrets into DNS lookups performed by the ESO controller process. Patch available in v2.3.0 (commit 6800989b). No public exploit code identified at time of analysis, though the attack primitive is straightforward for actors with the requisite Kubernetes RBAC permissions.

Information Disclosure
CVE-2026-34856 HIGH CVSS 7.3
Use-after-free in Huawei HarmonyOS communication module allows local attackers to cause denial of service and potentially disclose information without authentication. The vulnerability stems from a race condition (CWE-362) enabling memory corruption with high availability impact. EPSS data not available; no public exploit identified at time of analysis. Vendor has released security bulletin with remediation guidance.

Information Disclosure Race Condition
CVE-2026-34853 HIGH CVSS 7.7
Permission bypass in Huawei HarmonyOS and EMUI LBS (Location-Based Services) module enables highly-privileged local attackers with user interaction to achieve full compromise across security contexts (confidentiality, integrity, availability impact). CVSS 7.7 HIGH severity. No public exploit identified at time of analysis. Attack requires local access, high privileges (administrator/root), user interaction, but succeeds with low complexity once prerequisites met. Scope change (S:C) indicates container escape or privilege boundary violation beyond the vulnerable component.

Authentication Bypass
CVE-2026-34476 HIGH CVSS 7.1
Server-Side Request Forgery in Apache SkyWalking MCP 0.1.0 allows authenticated remote attackers to access internal network resources and exfiltrate sensitive data via a malicious SW-URL header. CVSS 7.1 (High severity) with network attack vector and low complexity. No public exploit identified at time of analysis, SSVC framework indicates no active exploitation and non-automatable attack requiring manual interaction with internal architecture knowledge.

Apache SSRF
CVE-2026-34188 HIGH CVSS 7.5
OS command injection in Pandora FMS versions 777 through 800 enables high-privileged remote attackers to execute arbitrary operating system commands through the Event Response execution functionality. While requiring administrative credentials (PR:H), successful exploitation grants extensive system access with high confidentiality and integrity impact. No public exploit identified at time of analysis, though the specific attack vector through Event Response features provides a clear exploitation pathway for authenticated administrators or compromised admin accounts.

Command Injection
CVE-2026-34186 HIGH CVSS 8.7
SQL injection in Pandora FMS versions 777 through 800 enables authenticated remote attackers to execute arbitrary SQL commands via specially crafted custom field inputs, potentially exposing sensitive monitoring data, modifying database contents, or compromising the underlying infrastructure management system. The vulnerability requires low-privilege authentication (PR:L) but has high confidentiality and integrity impact across the monitoring platform. No public exploit code or active exploitation confirmed at time of analysis, though the straightforward attack complexity (AC:L) and network accessibility (AV:N) elevate real-world risk for internet-exposed Pandora FMS instances.

SQLi
CVE-2026-33908 HIGH CVSS 7.5
Stack exhaustion in ImageMagick's XML tree parser allows remote unauthenticated attackers to trigger denial-of-service conditions by submitting specially crafted XML files with deeply nested structures. Affects all versions below 6.9.13-44 and 7.1.2-19 across multiple platforms including the Magick.NET wrapper. EPSS score of 0.04% (12th percentile) indicates low observed exploitation probability, though the network-accessible attack vector (AV:N) and lack of authentication requirements (PR:N) present theoretical risk for internet-facing deployments processing untrusted XML input.

Denial Of Service Red Hat Suse
CVE-2026-33901 HIGH CVSS 7.5
Heap buffer overflow in ImageMagick's MVG decoder enables network-based denial of service through crafted image files. Affects all ImageMagick versions prior to 6.9.13-44 and 7.1.2-19. CVSS 7.5 (HIGH) with remote unauthenticated exploitation (AV:N/PR:N), but EPSS score of 0.04% (11th percentile) indicates minimal observed exploitation probability. No active exploitation confirmed (not in CISA KEV), no public POC identified. Vendor-released patches available in versions 6.9.13-44 and 7.1.2-19, with upstream fix committed at 4c72003e9e54.

Buffer Overflow Heap Overflow Red Hat Suse
CVE-2026-33858 HIGH CVSS 8.8
Remote code execution in Apache Airflow 3.1.x allows authenticated DAG Authors to execute arbitrary code in the webserver context through crafted XCom payloads exploiting insecure deserialization (CWE-502). Affects Apache Airflow versions 3.1.8 through <3.2.0. Despite CVSS 8.8, vendor rates severity as Low due to DAG Authors being highly trusted roles. No public exploit identified at time of analysis, with EPSS exploitation probability at 0.07% (21st percentile), indicating minimal real-world risk. Vendor-released patch: Apache Airflow 3.2.0.

RCE Apache Deserialization
CVE-2026-32605 HIGH CVSS 7.5
Nimiq core-rs-albatross validators prior to version 1.3.0 can be remotely crashed via malformed Tendermint proposals. An unauthenticated network attacker exploits an off-by-one bounds check error (using > instead of >=) to trigger an out-of-bounds index panic before signature verification occurs. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) and EPSS 0.04%, this represents a straightforward denial-of-service vector against Proof-of-Stake validators in the Nimiq blockchain network, though no public exploit

Buffer Overflow Information Disclosure
CVE-2026-32316 HIGH CVSS 8.2
Heap buffer overflow in jq command-line JSON processor (all versions through 1.8.1) allows remote unauthenticated attackers to crash processes or potentially achieve code execution via crafted queries producing strings exceeding 2^31 bytes. Integer overflow in jvp_string_append() and jvp_string_copy_replace_bad() functions causes undersized buffer allocation followed by heap corruption. Publicly available exploit code exists (SSVC: POC). EPSS score of 0.04% (12th percentile) suggests low observe

Buffer Overflow Heap Overflow
CVE-2026-32272 HIGH CVSS 8.7
SQL injection in Craft Commerce 5.0.0-5.5.4 allows authenticated control panel users to extract arbitrary database contents via ProductQuery::hasVariant and VariantQuery::hasProduct parameters that bypass prior sanitization fixes. Attackers can retrieve security keys to forge admin sessions and escalate privileges. Fixed in version 5.6.0. EPSS 0.03% (8th percentile) indicates low observed exploitation probability; no public exploit identified at time of analysis.

Privilege Escalation SQLi
CVE-2026-32271 HIGH CVSS 7.7
Remote code execution via SQL injection in Craft Commerce 4.x (4.0.0-4.10.2) and 5.x (5.0.0-5.5.4) allows authenticated control panel users to write PHP webshells through a four-step exploitation chain. Attack exploits unsanitized TotalRevenue widget settings interpolated into SQL, PDO multi-statement support, and unsafe PHP deserialization in yii2-queue to instantiate a GuzzleHttp FileCookieJar gadget chain. Complete exploitation requires only three HTTP requests and low-privileged authenticati

PHP RCE SQLi Deserialization
CVE-2026-31426 HIGH CVSS 7.0
Use-after-free in Linux kernel ACPI EC driver allows local authenticated attackers with low privileges to achieve high integrity, confidentiality, and availability impact on reduced-hardware platforms when GPIO IRQ provider defers probing. Vendor patches are available across stable branches (6.1.168, 6.6.131, 6.12.80, 6.18.21, 6.19.11, 7.0). EPSS score of 0.02% (7th percentile) indicates very low observed exploitation probability, and no active exploitation is confirmed (not in CISA KEV). The vulnerability triggers when EC handler cleanup fails during probe deferral, leaving a dangling pointer that is later dereferenced during AML evaluation of EC OpRegion accesses (battery, thermal, backlight operations).

Information Disclosure Linux Use After Free Memory Corruption
CVE-2026-31419 HIGH CVSS 7.8
Use-after-free in Linux kernel bonding driver allows local authenticated attackers with low privileges to trigger memory corruption via race condition during concurrent slave device operations. The vulnerability (CVSS 7.8, EPSS 0.02%) affects the bond_xmit_broadcast() function where concurrent slave enslave/release operations can mutate the slave list during RCU-protected iteration, causing the original skb to be double-consumed and double-freed. Vendor patches are available for kernel versions 6.18.22, 6.19.12, and 7.0. No public exploit or active exploitation confirmed at time of analysis.

Denial Of Service Linux Use After Free Memory Corruption
CVE-2026-31417 HIGH CVSS 7.5
Integer overflow in Linux kernel X.25 protocol stack allows remote unauthenticated attackers to trigger denial of service via fragmented packet accumulation. The fraglen field in x25_sock structure can overflow when processing fragmented X.25 packets, causing kernel crashes or resource exhaustion. Vendor-released patches confirm the vulnerability exists since initial Git history (2005) through kernel 6.19.x. EPSS score of 0.02% suggests low observed exploitation activity, though the network-accessible attack vector (AV:N) and lack of authentication requirements (PR:N) make this exploitable against any exposed X.25 network interface. No active exploitation confirmed (not in CISA KEV), but public patches reveal implementation details that could facilitate exploit development.

Buffer Overflow Linux Integer Overflow
CVE-2026-31281 HIGH CVSS 8.0
HTML Injection in Totara LMS through version 19.1.5 allows authenticated users with low privileges to inject malicious HTML/JavaScript into messages sent to all application users, enabling session hijacking and arbitrary command execution in victims' browsers. A publicly available exploit exists (GitHub POC referenced), though no confirmed active exploitation (not in CISA KEV). EPSS score of 0.02% indicates very low observed exploitation probability despite the CVSS 8.0 rating, suggesting limited attacker interest or opportunity in real-world environments.

XSS
CVE-2026-30999 HIGH CVSS 7.5
Heap buffer overflow in FFmpeg 8.0.1's av_bprint_finalize() function enables remote denial-of-service attacks through maliciously crafted media files. Exploitation requires no authentication (CVSS AV:N/AC:L/PR:N/UI:N), making this accessible to any network-based attacker who can deliver manipulated input to vulnerable FFmpeg instances. EPSS score of 0.04% (12th percentile) indicates low observed exploitation probability, and no public exploit code or active exploitation has been identified at time of analysis. While CVSS rates this 7.5 HIGH due to availability impact, real-world risk is primarily limited to public-facing media processing services.

Buffer Overflow Denial Of Service Heap Overflow
CVE-2026-30998 HIGH CVSS 7.5
Resource deallocation flaw in FFmpeg 8.0.1's zmqsend.c utility enables remote denial of service through crafted input files. Attackers can trigger improper cleanup of allocated resources without authentication (CVSS AV:N/AC:L/PR:N/UI:N), exhausting system resources. EPSS score of 0.04% (11th percentile) indicates low real-world exploitation probability, and no active exploitation confirmed (not in CISA KEV). The vulnerability affects a non-core utility component used for ZeroMQ message sending, limiting practical attack surface compared to main FFmpeg libraries.

Denial Of Service
CVE-2026-30997 HIGH CVSS 7.5
Out-of-bounds read in FFmpeg 8.0.1's AV1 decoder allows remote denial-of-service via malicious video files. Attackers craft inputs targeting read_global_param() in libavcodec/av1dec.c to trigger memory access violations, crashing the decoder. Affects applications processing untrusted AV1 video content (media servers, transcoders, browsers with FFmpeg). CVSS 7.5 (High) reflects network-exploitable DoS; EPSS 0.04% indicates low observed exploitation probability. No active exploitation confirmed (n

Buffer Overflow Denial Of Service Information Disclosure
CVE-2026-30813 HIGH CVSS 8.7
SQL injection in Pandora FMS module search functionality allows authenticated attackers to extract, modify, or delete database contents across versions 777 through 800. Attackers with low-level privileges can execute arbitrary SQL commands through improperly sanitized search parameters, leading to high confidentiality and integrity impact. No confirmed active exploitation (CISA KEV) at time of analysis, though the straightforward attack vector (network-accessible, low complexity, authenticated) and limited scope suggest moderate real-world risk for exposed instances.

SQLi
CVE-2026-30811 HIGH CVSS 8.4
Unauthorized access to configuration endpoints in Pandora FMS versions 777 through 800 exposes sensitive system information to low-privileged authenticated users. The missing authorization control (CWE-276) allows privilege escalation where authenticated users can access configuration data they should not have permissions to view, potentially revealing credentials, internal architecture details, and security settings. With CVSS 8.4 (High) and low attack complexity, this vulnerability poses significant risk in multi-tenant or role-separated Pandora FMS deployments. No public exploit identified at time of analysis, though the straightforward attack vector (network-accessible, low complexity, requires only basic authentication) makes exploitation highly feasible.

Privilege Escalation
CVE-2026-30809 HIGH CVSS 8.7
OS command injection in Pandora FMS versions 777 through 800 allows authenticated remote attackers to execute arbitrary system commands via the WebServerModuleDebug component. With low attack complexity and no user interaction required, attackers with low-level privileges can achieve high confidentiality and integrity impact on the vulnerable system, plus limited impact on connected systems (CVSS 8.7). No public exploit identified at time of analysis, though the vulnerability has medium remediation effort according to CVSS 4.0 metadata.

Command Injection
CVE-2026-30806 HIGH CVSS 8.7
OS command injection in Pandora FMS versions 777 through 800 allows authenticated remote attackers to execute arbitrary system commands via the Network Report functionality. The vulnerability stems from improper input sanitization of special elements used in OS commands. With CVSS 8.7 (HIGH) severity and network-accessible attack vector requiring only low privileges, this poses significant risk to monitoring infrastructure despite no confirmed active exploitation (not in CISA KEV) or public exploit code at time of analysis.

Command Injection
CVE-2026-30804 HIGH CVSS 8.6
Remote code execution in Pandora FMS versions 777 through 800 enables authenticated administrators to upload malicious files and execute arbitrary code on the server. The vulnerability stems from inadequate file type validation during upload operations, allowing attackers with high-privilege credentials to bypass security controls. With a CVSS 4.0 score of 8.6 and attack complexity rated as low, this represents a significant risk for organizations using affected versions, though exploitation requires prior administrative access to the monitoring platform.

RCE File Upload
CVE-2026-29955 HIGH CVSS 8.8
The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()` with `shell=True` parameter to execute shell commands, and the user-supplied `chartName` parameter is directly concatenated into the command s...

RCE Command Injection Code Injection
CVE-2026-28291 HIGH CVSS 8.1
Command injection in simple-git npm package versions ≤3.28.0 enables arbitrary code execution via crafted Git options. Attackers who control Git command options can bypass the allowUnsafePack safety restriction using malformed variations of the -u flag (e.g., -vu, -4u, --u) to execute shell commands on Linux systems. This vulnerability stems from an incomplete fix for CVE-2022-25860, with proof-of-concept code publicly available demonstrating file creation via touch command. EPSS data not provid

Docker Command Injection Microsoft
CVE-2026-25208 HIGH CVSS 8.1
Integer overflow in Samsung Escargot JavaScript engine allows remote attackers to trigger buffer overflows without authentication via network-delivered crafted JavaScript code. Affects commit 97e8115ab and prior versions. No public exploit identified at time of analysis, though upstream fix available (PR/commit); released patched version not independently confirmed. With CVSS 8.1 (High) and network attack vector requiring high complexity, this represents significant risk for devices and applications embedding the Escargot engine, particularly Samsung smart TV and appliance platforms.

Buffer Overflow Integer Overflow Samsung
CVE-2026-25207 HIGH CVSS 7.4
Out-of-bounds write in Samsung Open Source Escargot JavaScript engine allows local attackers to execute arbitrary code or corrupt memory through buffer overflow conditions. This vulnerability affects Escargot commit 97e8115ab1110bc502b4b5e4a0c689a71520d335 and prior versions. With a 7.4 CVSS score (high confidentiality, integrity, and availability impact) but high attack complexity and local attack vector, exploitation requires specialized conditions. No public exploit identified at time of analysis, and EPSS data not available for this CVE.

Buffer Overflow Memory Corruption Samsung
CVE-2026-25205 HIGH CVSS 7.4
Heap-based buffer overflow in Samsung Open Source Escargot JavaScript engine enables out-of-bounds memory writes with high integrity and availability impact through local attack vectors. Affects Escargot commit 97e8115ab1110bc502b4b5e4a0c689a71520d335. CVSS 8.1 severity driven by scope change and low attack complexity despite local access requirement. Upstream fix available (PR/commit); released patched version not independently confirmed. No public exploit identified at time of analysis, and exploitation requires high attack complexity (AC:H), limiting immediate risk despite elevated CVSS score.

Buffer Overflow Heap Overflow Samsung
CVE-2026-22566 HIGH CVSS 7.5
Improper access control in Ubiquiti UniFi Play PowerAmp (≤1.0.35) and Audio Port (≤1.0.24) exposes WiFi credentials to network-adjacent attackers without authentication. The CVSS:3.1 vector (AV:N/AC:L/PR:N/UI:N) indicates remote exploitation with no authentication required, though the vulnerability description specifies 'access to the UniFi Play network' as a prerequisite. Reported via HackerOne bug bounty. EPSS score of 0.01% (1st percentile) suggests minimal observed exploitation activity, and no public exploit code or CISA KEV listing identified at time of analysis.

Authentication Bypass Ubiquiti
CVE-2026-22565 HIGH CVSS 7.5
Denial of service in Ubiquiti UniFi Play PowerAmp (≤1.0.35) and Audio Port (≤1.0.24) allows unauthenticated remote attackers to crash devices via improper input validation. CVSS 7.5 (High) with network-based attack requiring no privileges or user interaction. EPSS score of 0.01% (1st percentile) indicates minimal real-world exploitation likelihood. No public exploit identified at time of analysis. Vendor-released patches available: PowerAmp 1.0.38+ and Audio Port 1.1.9+.

Information Disclosure Ubiquiti
CVE-2026-6204 HIGH CVSS 8.5
Remote code execution in LibreNMS network monitoring platform (versions prior to 26.3.0) allows authenticated administrators to execute arbitrary commands on the underlying web server by manipulating Binary Locations configuration settings combined with the Netcommand feature. This authenticated attack requires administrative privileges but has publicly available exploit code, enabling straightforward weaponization. CVSS 8.5 severity reflects high confidentiality and integrity impact with network-based attack vector and low complexity.

RCE Command Injection
CVE-2026-6200 HIGH CVSS 7.4
Stack-based buffer overflow in Tenda F456 1.0.0.5 router's formwebtypelibrary function allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in /goform/webtypelibrary endpoint via manipulation of the 'menufacturer' or 'Go' parameters. Public exploit code exists on GitHub (EPSS 0.05%, 14th percentile), indicating low likelihood of mass exploitation but confirmed weaponization capability. No vendor patch identified at time of analysis.

Buffer Overflow Stack Overflow Tenda
CVE-2026-6199 HIGH CVSS 7.4
Stack-based buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to achieve complete device compromise via crafted input to the 'page' parameter in the fromqossetting QoS configuration handler. Publicly available exploit code exists (GitHub POC), CVSS 7.4 (High), EPSS 0.05% (low exploitation probability). Not actively exploited per CISA KEV. This is a classic IoT router vulnerability affecting the web management interface at /goform/qossetting, requiring valid authentication credentials but enabling full device takeover once authenticated.

Buffer Overflow Stack Overflow Tenda
CVE-2026-6198 HIGH CVSS 7.4
Stack-based buffer overflow in Tenda F456 router firmware v1.0.0.5 allows authenticated remote attackers to achieve code execution with high integrity and availability impact via crafted 'page' parameter to the /goform/NatStaticSetting endpoint's fromNatStaticSetting function. Public exploit code exists (EPSS 0.05%, 14th percentile), indicating low observed exploitation probability despite proof-of-concept availability. No active exploitation confirmed via CISA KEV at time of analysis.

Buffer Overflow Stack Overflow Tenda
CVE-2026-6197 HIGH CVSS 7.4
Stack-based buffer overflow in Tenda F456 router firmware version 1.0.0.5 allows authenticated remote attackers to achieve complete system compromise via crafted input to the wireless security settings handler. Public exploit code is available, but EPSS exploitation probability remains very low (0.05%, 14th percentile), and no active exploitation has been reported. The vulnerability requires authenticated access to the router's administrative interface, limiting opportunistic exploitation.

Buffer Overflow Stack Overflow Tenda
CVE-2026-6196 HIGH CVSS 7.4
Stack-based buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to execute arbitrary code via the /goform/exeCommand endpoint. The vulnerability has a publicly available proof-of-concept exploit and affects the fromexeCommand function through manipulation of the cmdinput parameter. EPSS probability is low (0.05%, 14th percentile), indicating minimal observed exploitation activity despite POC availability. Not listed in CISA KEV, confirming no widespread active exploitation detected.

Buffer Overflow Stack Overflow Tenda
CVE-2026-6195 HIGH CVSS 8.9
Command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary operating system commands via the admpass parameter in the setPasswordCfg function of /cgi-bin/cstecgi.cgi. Public exploit code exists (CVSS 8.9, EPSS 0.89% / 76th percentile, SSVC: POC/automatable/total impact). Not listed in CISA KEV; real-world exploitation status unconfirmed beyond POC publication.

Command Injection
CVE-2026-6194 HIGH CVSS 7.4
Stack-based buffer overflow in Totolink A3002MU router firmware B20211125.1046 allows authenticated remote attackers to execute arbitrary code via crafted 'wan-url' parameter in /boafrm/formWlanSetup endpoint. Publicly available exploit code exists (PoC on GitHub). EPSS score of 0.08% (23rd percentile) indicates low observed exploitation probability despite public exploit, likely due to authentication requirement (PR:L) and narrow attack surface of legacy consumer router product.

Buffer Overflow Stack Overflow
CVE-2026-6186 HIGH CVSS 7.4
Buffer overflow in UTT HiPER 1200GW router versions up to 2.5.3-170306 enables remote authenticated attackers to execute arbitrary code with high privileges via malformed NatBind parameters to the /goform/formNatStaticMap endpoint. Publicly available exploit code exists (GitHub POC published), significantly lowering exploitation barrier. EPSS data not available, but combination of network attack vector, low complexity (CVSS AC:L), and public POC indicates elevated real-world exploitation risk for internet-facing devices with weak credential protection.

Buffer Overflow
CVE-2026-6168 HIGH CVSS 7.4
Stack-based buffer overflow in TOTOLINK A7000R router (firmware ≤9.1.0u.6115) allows authenticated remote attackers to achieve complete system compromise via the setWiFiEasyGuestCfg CGI function. The vulnerability exists in /cgi-bin/cstecgi.cgi where unsanitized input to the ssid5g parameter triggers memory corruption, enabling arbitrary code execution with device privileges. Publicly available exploit code exists, significantly lowering the barrier to exploitation for authenticated attackers on the network.

Buffer Overflow Stack Overflow
CVE-2026-6157 HIGH CVSS 7.4
Buffer overflow in Totolink A800R router firmware 4.1.2cu.5137_B20200730 allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in the setAppEasyWizardConfig function within /lib/cste_modules/app.so, triggered by malicious input to the apcliSsid parameter. Public exploit code is available on GitHub (CVSS 7.4, CVSS:4.0). Authentication is required (PR:L), but attack complexity is low (AC:L)

Buffer Overflow
CVE-2026-6156 HIGH CVSS 8.9
OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the Comment parameter in the setIpQosRules function exposed through /cgi-bin/cstecgi.cgi. CVSS 8.9 (Critical) with network attack vector, low complexity, and no privileges required. Publicly available exploit code exists (GitHub POC published), significantly lowering the exploitation barrier for opportunistic attackers targeting vulnerable devices.

Command Injection
CVE-2026-6155 HIGH CVSS 8.9
OS command injection in Totolink A7100RU router firmware 7.4cu.2313 allows unauthenticated remote attackers to execute arbitrary system commands via the pppoeServiceName parameter in the setWanCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (GitHub POC), enabling trivial remote compromise with high impact on confidentiality, integrity, and availability. CVSS 8.9 (Critical) with network attack vector, low complexity, and no authentication required. SOHO router vulnerabilities like this are commonly targeted for botnet recruitment and lateral network movement.

Command Injection
CVE-2026-6154 HIGH CVSS 8.9
OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands with router privileges via crafted wizard parameters to the setWizardCfg CGI function. Publicly available exploit code exists (GitHub POC), significantly lowering the barrier to exploitation. The CVSS 4.0 score of 8.9 reflects network-accessible attack vector with no authentication or user interaction required, enabling full compromise of router confidentiality, integrity, and availability.

Command Injection
CVE-2026-6140 HIGH CVSS 8.9
OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via crafted FileName parameter to the UploadFirmwareFile function in /cgi-bin/cstecgi.cgi. CVSS 9.8 (Critical) with network attack vector, no privileges required, and complete system compromise possible. Publicly available exploit code exists (GitHub POC). No vendor-released patch identified at time of analysis. EPSS data not provided, but combination of critical CVSS, unauthenticated remote vector, and public exploit indicates high real-world exploitation risk.

Command Injection
CVE-2026-6139 HIGH CVSS 8.9
OS command injection in Totolink A7100RU firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the FileName parameter in UploadOpenVpnCert function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (POC on GitHub), enabling trivial exploitation with no authentication required. CVSS 9.8 (Critical) reflects network-based attack vector with low complexity and no privileges needed. No vendor-released patch identified at time of analysis.

Command Injection
CVE-2026-6138 HIGH CVSS 8.9
OS command injection in Totolink A7100RU router firmware version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands with router privileges via a crafted MAC address parameter to the setAccessDeviceCfg function in /cgi-bin/cstecgi.cgi. CVSS 9.8 (Critical) with publicly available exploit code on GitHub. No authentication, low complexity, network-exploitable. EPSS and KEV data not available, but public POC significantly lowers exploitation barrier for opportunistic attacks against internet-exposed router management interfaces.

Command Injection
CVE-2026-6137 HIGH CVSS 7.4
Stack-based buffer overflow in Tenda F451 router firmware 1.0.0.7_cn_svn7958 allows authenticated remote attackers to achieve complete system compromise (confidentiality, integrity, availability breach) via malformed ADSL/WAN configuration parameters. The vulnerability resides in the fromAdvSetWan function handling wanmode and PPPOEPassword arguments. Publicly available exploit code exists, significantly lowering the barrier to exploitation. CVSS 7.4 (High) with low attack complexity and network-reachable attack vector indicates substantial risk for exposed management interfaces.

Buffer Overflow Tenda
CVE-2026-5936 HIGH CVSS 8.5
Server-Side Request Forgery (SSRF) in Foxit PDF Services API allows low-privileged remote attackers to force the server to make HTTP requests to arbitrary destinations, including internal network services and cloud metadata endpoints. With a CVSS score of 8.5 and changed scope (S:C), authenticated attackers can leverage this to probe internal infrastructure, access restricted resources like AWS/Azure metadata services (169.254.169.254), and exfiltrate sensitive information including credentials and configuration data. No public exploit identified at time of analysis, though SSRF exploitation techniques are well-documented and the low attack complexity (AC:L) makes this readily exploitable once an attacker obtains valid credentials.

Information Disclosure SSRF
CVE-2026-5086 HIGH CVSS 7.5
Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.

Information Disclosure
CVE-2026-4786 HIGH CVSS 7.0
Command injection in CPython's webbrowser.open() API bypasses previous CVE-2026-4519 mitigation via specially crafted URLs containing '%action' patterns. All CPython versions prior to 3.15.0 are affected, allowing local attackers with user interaction to execute arbitrary commands through underlying shell injection. EPSS probability is low (0.02%, 5th percentile), no active exploitation confirmed (not in CISA KEV), but publicly available patches exist via multiple GitHub commits. The incomplete mitigation highlights the challenge of securing browser-handling code across diverse browser implementations.

Command Injection
CVE-2026-3830 HIGH CVSS 8.6
SQL injection in Product Filter for WooCommerce by WBW plugin versions below 3.1.3 allows unauthenticated remote attackers to extract sensitive database contents including user credentials, customer data, and order information. The vulnerability requires no authentication (CVSS PR:N) and has low attack complexity with publicly available exploit code. EPSS data not available, but the combination of unauthenticated access, public POC, and WordPress's large attack surface creates substantial real-world risk for unpatched WooCommerce installations.

WordPress SQLi
CVE-2026-1462 HIGH CVSS 8.8
Remote code execution in Keras 3.13.0 allows unauthenticated attackers to execute arbitrary code by crafting malicious .keras model files that load attacker-controlled TensorFlow SavedModels during deserialization, bypassing safe_mode protections. Exploitation requires user interaction (victim must load the malicious model), but no authentication is required to deliver the payload. EPSS data not available; no public exploit code or active exploitation confirmed at time of analysis, but the technical barrier is low given the detailed vulnerability disclosure.

RCE Deserialization Red Hat
CVE-2026-0234 HIGH CVSS 7.2
Cryptographic signature bypass in Palo Alto Networks Cortex XSOAR and XSIAM Microsoft Teams integrations (versions 1.5.0 through 1.5.51) allows unauthenticated remote attackers to access and modify protected resources. The vulnerability stems from improper JWT verification (CWE-347), enabling attackers to forge authentication tokens. With CVSS 7.2 (High complexity, network-accessible, no privileges required) and tags indicating JWT attack vectors and information disclosure potential, this represents a critical integration security flaw requiring immediate patching to version 1.5.52 or later.

Information Disclosure Microsoft Jwt Attack
CVE-2025-69627 HIGH CVSS 8.4
Heap use-after-free in Nitro PDF Pro 14.41.1.4 for Windows allows local code execution via malicious PDF containing crafted JavaScript calling this.mailDoc(). The vulnerability stems from premature deallocation of an XID object whose freed pointer is passed to wcscmp() and other functions, where attacker-controlled strings in the freed heap region can manipulate program flow. CVSS 8.4 (AV:L/PR:N) indicates local attack vector requiring no privileges or user interaction. EPSS 0.01% suggests low immediate exploitation probability; no public exploit identified at time of analysis.

Denial Of Service Use After Free Memory Corruption Microsoft
CVE-2025-69624 HIGH CVSS 7.5
Nitro PDF Pro 14.41.1.4 for Windows crashes when processing maliciously crafted PDFs that invoke app.alert() with null arguments, causing denial of service through NULL pointer dereference in the JavaScript engine. Remote attackers can deliver weaponized PDF files requiring no authentication or user interaction beyond opening the document (AV:N/AC:L/PR:N/UI:N). No public exploit identified at time of analysis, with EPSS exploitation probability at 0.01% (2nd percentile), indicating low real-world targeting despite theoretical automation potential.

Denial Of Service Null Pointer Dereference Microsoft
CVE-2025-66769 HIGH CVSS 7.5
Nitro PDF Pro for Windows version 14.41.1.4 crashes when processing maliciously crafted XFA (XML Forms Architecture) packets due to a NULL pointer dereference, enabling remote denial-of-service attacks without authentication. An attacker can deliver a weaponized PDF containing the crafted XFA packet, causing the application to terminate when opened. EPSS exploitation probability is very low (0.01%, 2nd percentile), no active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis. Despite CVSS 7.5 (High), real-world risk is limited to availability impact only - no code execution, data theft, or privilege escalation possible.

Denial Of Service Null Pointer Dereference Microsoft
CVE-2025-66236 HIGH CVSS 7.5
Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though Airfl...

Apache Information Disclosure
CVE-2025-51414 HIGH CVSS 8.8
In Phpgurukul Online Course Registration v3.1, an arbitrary file upload vulnerability was discovered within the profile picture upload functionality on the /my-profile.php page.

PHP RCE Code Injection File Upload
CVE-2026-40447 MEDIUM CVSS 5.1
Integer overflow in Samsung Open Source Escargot causes undefined behavior and potential denial of service on local systems. The vulnerability affects the Escargot JavaScript engine (commit 97e8115ab1110bc502b4b5e4a0c689a71520d335 and related versions) and requires local access with low complexity to trigger. With CVSS 5.1 and EPSS not specified, the risk is moderate; no public exploit code or active exploitation has been confirmed at time of analysis.

Buffer Overflow Integer Overflow Samsung Red Hat
CVE-2026-40446 MEDIUM CVSS 6.9
Type confusion vulnerability in Samsung Open Source Escargot JavaScript engine allows local attackers with user interaction to manipulate pointers and achieve memory corruption, enabling information disclosure and privilege escalation through heap spray and type-confusion exploitation techniques. CVSS score is 6.5; no public exploit code or CISA KEV status confirmed at time of analysis.

Information Disclosure Memory Corruption Samsung
CVE-2026-40312 MEDIUM CVSS 6.2
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malicous MSL file is read. This issue has been fixed in version 7.1.2-19.

Denial Of Service Red Hat Suse
CVE-2026-40311 MEDIUM CVSS 5.5
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash when reading and printing values from an invalid XMP profile. This issue has been fixed in versions ...

Denial Of Service Use After Free Memory Corruption Red Hat Suse
CVE-2026-40310 MEDIUM CVSS 5.5
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index. This issue has been fixed in versions 6.9.13-44 and 7...

Buffer Overflow Heap Overflow Red Hat Suse
CVE-2026-40265 MEDIUM CVSS 5.9
### Summary A broken access control vulnerability allows unauthenticated users to retrieve note assets directly from the asset download endpoint when they know both the note UUID and asset UUID. This exposes the full contents of private note assets without authentication, even when the associated bo...

Authentication Bypass Information Disclosure
CVE-2026-40183 MEDIUM CVSS 5.5
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the image should be encoded as 16 bit floats. This issue has been fixed in version 7.1.2-19.

Buffer Overflow Heap Overflow Red Hat Suse
CVE-2026-40179 MEDIUM CVSS 5.3
Stored cross-site scripting (XSS) in Prometheus web UI allows remote code execution in user browsers when viewing metrics with injected HTML/JavaScript in metric names or label values. Attackers who can inject metrics via compromised scrape targets, remote write, or OTLP receivers can execute arbitrary JavaScript to exfiltrate configuration, delete time-series data, or shut down Prometheus if admin APIs are enabled. Prometheus 3.5.2 LTS and 3.11.2 patch this by escaping all user-controlled value

XSS
CVE-2026-40169 MEDIUM CVSS 6.2
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, resulting in a crash. This issue has been fixed in version 7.1.2-19.

Buffer Overflow Heap Overflow Red Hat Suse
CVE-2026-40041 MEDIUM CVSS 5.3
Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload, mil...

CSRF File Upload
CVE-2026-40038 MEDIUM CVSS 5.1
Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, comment_body, article_content, description, and message parameters a...

XSS
CVE-2026-39979 MEDIUM CVSS 6.9
jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jv_string_fmt(), which reads until a NUL ter...

Buffer Overflow Information Disclosure
CVE-2026-39956 MEDIUM CVSS 6.1
jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the _strindices builtin in jq's src/builtin.c passes its arguments directly to jv_string_indexes() without verifying they are strings, and jv_string_indexes() in src/jv.c relies solely on assert() checks ...

Buffer Overflow Information Disclosure
CVE-2026-39940 MEDIUM CVSS 5.3
Open redirect vulnerability in ChurchCRM prior to 7.0.0 allows authenticated users to be redirected to arbitrary URLs via malicious 'linkBack' parameters across multiple application pages, including DonatedItemEditor.php. An attacker can craft a link embedding an attacker-controlled URL that executes when a victim clicks the 'Cancel' button, enabling phishing and credential harvesting attacks. EPSS scoring (0.04%, percentile 11%) indicates low real-world exploitation probability despite authenticated access requirement.

PHP Open Redirect
CVE-2026-35565 MEDIUM CVSS 5.4
Stored cross-site scripting in Apache Storm UI before 2.8.6 allows authenticated users with topology submission rights to inject malicious HTML/JavaScript via unsanitized component identifiers, stream names, and grouping values in the visualization component. The payload persists in Nimbus and executes in the browser of any administrator viewing the topology visualization, enabling privilege escalation in multi-tenant deployments. EPSS score of 0.04% and SSVC assessment of partial technical impact with no automated exploitation indicate relatively low real-world risk despite the concerning privilege-escalation scenario.

XSS Privilege Escalation Apache
CVE-2026-34867 MEDIUM CVSS 5.6
Double free vulnerability in Huawei HarmonyOS multi-mode input system allows local authenticated users with user interaction to cause information disclosure and denial of service. The vulnerability affects availability through memory corruption, with a CVSS score of 5.6 indicating moderate risk. No public exploit code or active exploitation has been confirmed at time of analysis.

Information Disclosure
CVE-2026-34866 MEDIUM CVSS 5.1
Out-of-bounds write in Huawei HarmonyOS WEB module allows local attackers without privileges to cause integrity and availability impact through a classic buffer overflow condition. CVSS 5.1 (moderate) reflects local-only attack vector and limited scope, though the vulnerability affects a core web rendering component. No active exploitation or public proof-of-concept confirmed at time of analysis.

Buffer Overflow
CVE-2026-34864 MEDIUM CVSS 6.8
Local privilege escalation in HarmonyOS application read module allows unauthenticated local attackers to cause memory corruption through a boundary-unlimited buffer overflow, potentially achieving code execution or system crash with high availability impact. CVSS 6.8 reflects local attack vector with integrity and availability consequences. Huawei has released security bulletins addressing this CWE-119 vulnerability affecting HarmonyOS devices.

Buffer Overflow
CVE-2026-34863 MEDIUM CVSS 6.7
Out-of-bounds write in HarmonyOS file system allows local privileged attackers to corrupt memory with high impact on confidentiality, integrity, and availability. The vulnerability affects HarmonyOS across versions and requires high-level local system privileges to exploit, making it a critical concern for multi-user systems and containerized deployments where privilege escalation vectors exist.

Buffer Overflow Memory Corruption
CVE-2026-34862 MEDIUM CVSS 6.3
Race condition in Huawei HarmonyOS power consumption statistics module allows local privileged users to disclose information and modify system integrity, potentially affecting service availability. The vulnerability requires high privilege level and local access but enables information disclosure combined with integrity and availability impact. CVSS 6.3 reflects moderate real-world risk given the privilege requirement; Huawei has issued security advisories indicating patch availability.

Information Disclosure Race Condition
CVE-2026-34861 MEDIUM CVSS 6.3
Race condition in Huawei HarmonyOS thermal management module allows local authenticated users to disclose information and modify system integrity through concurrent access exploitation. An attacker with high privileges can trigger a timing-dependent race condition to achieve information disclosure, integrity compromise, and potential availability impact. CVSS 6.3 reflects the attack's requirement for high privilege escalation and local access, though the integrity impact (I:H) signals significant potential for system manipulation despite the officially stated availability focus.

Information Disclosure Race Condition
CVE-2026-34860 MEDIUM CVSS 4.1
Improper access control in Huawei HarmonyOS memo module allows local, unauthenticated users to bypass authentication and read sensitive memo data, affecting confidentiality and system availability. The vulnerability requires user interaction (UI interaction flag set) and involves high attack complexity, resulting in a CVSS score of 4.1. No public exploit code or active exploitation has been confirmed at time of analysis.

Authentication Bypass
CVE-2026-34859 MEDIUM CVSS 5.9
Use-after-free vulnerability in Huawei HarmonyOS and EMUI kernel module allows local attackers without privileges to read sensitive memory, modify data, and crash the system (confidentiality, integrity, and availability impact). The vulnerability affects an unspecified range of HarmonyOS and EMUI versions; no public exploit code or active exploitation has been identified at the time of analysis. CVSS score of 5.9 reflects moderate local attack risk with low complexity.

Information Disclosure Use After Free Memory Corruption
CVE-2026-34858 MEDIUM CVSS 4.1
Use-after-free vulnerability in Huawei HarmonyOS communication module allows authenticated local attackers with high privileges to cause denial of service through a race condition. CVSS score of 4.1 reflects low attack complexity and local-only vector, though availability impact is significant. No public exploit code or active exploitation confirmed at time of analysis.

Information Disclosure Race Condition
CVE-2026-34857 MEDIUM CVSS 4.7
Use-after-free vulnerability in Huawei HarmonyOS communication module allows authenticated local attackers with high privileges to trigger denial of service and disclose limited information via a race condition. CVSS score 4.7 reflects the high privilege requirement and local attack vector, though the vulnerability impacts both availability and confidentiality. No public exploit code or active exploitation has been confirmed at this time.

Information Disclosure Race Condition
CVE-2026-34855 MEDIUM CVSS 5.7
Out-of-bounds write vulnerability in Huawei HarmonyOS and EMUI kernel modules allows local privileged attackers to achieve arbitrary memory corruption, potentially compromising system confidentiality and availability. The vulnerability requires high privilege context and nontrivial user interaction to trigger, limiting real-world exploitation scope despite moderate CVSS scoring.

Buffer Overflow
CVE-2026-34854 MEDIUM CVSS 5.7
Use-after-free vulnerability in HarmonyOS and EMUI kernel modules enables local attackers with high privileges to disclose sensitive information and cause denial of service through improper memory management. CVSS 5.7 reflects limited attack scope (local only, requires elevated privileges, high attack complexity), though the vulnerability impacts both confidentiality and availability. No public exploit code or active exploitation has been confirmed at time of analysis.

Information Disclosure Use After Free Memory Corruption
CVE-2026-34852 MEDIUM CVSS 6.1
Stack overflow in HarmonyOS media platform allows authenticated local attackers to cause denial of service and potentially achieve limited information disclosure or integrity compromise through malicious user interaction. CVSS 6.1 reflects moderate severity with local attack vector, low complexity, and requirement for user interaction; EPSS and KEV status not provided. No public exploit code or active exploitation confirmed at time of analysis.

Denial Of Service
CVE-2026-34238 MEDIUM CVSS 5.1
An integer overflow in the despeckle operation causes a heap buffer overflow on 32-bit builds that will result in an out of bounds write. ``` ==1551685==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xea2fb818 at pc 0x56cbc42a bp 0xffc4ce48 sp 0xffc4ce38 WRITE of size 8 at 0xea2fb818 thr...

Buffer Overflow Integer Overflow Red Hat Suse
CVE-2026-34069 MEDIUM CVSS 5.3
Denial of service in Nimiq Core consensus peer handler allows unauthenticated remote attackers to crash the RequestMacroChain message handler by sending a crafted message where the first locator hash on the victim's main chain is a micro block instead of a macro block, triggering an unhandled panic via unwrap() on BlockIsNotMacro error. Vendor-released patch: v1.3.0. EPSS score of 0.04% (12th percentile) indicates low real-world exploitation probability despite network-accessible attack vector.

Information Disclosure
CVE-2026-33947 MEDIUM CVSS 6.2
jq is a command-line JSON processor. In versions 1.8.1 and below, functions jv_setpath(), jv_getpath(), and delpaths_sorted() in jq's src/jv_aux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a J...

Denial Of Service
CVE-2026-33905 MEDIUM CVSS 5.5
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an specific offset is set through the `sample:offset` define that could lead to an out of bounds read. Th...

Buffer Overflow Information Disclosure Red Hat Suse
CVE-2026-33902 MEDIUM CVSS 5.5
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This iss...

Denial Of Service Red Hat Suse
CVE-2026-33900 MEDIUM CVSS 5.9
In viff encoder contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write that can result in a crash.

Denial Of Service Integer Overflow Red Hat Suse
CVE-2026-33899 MEDIUM CVSS 5.3
When `Magick` parses an XML file it is possible that a single zero byte is written out of the bounds.

Buffer Overflow Heap Overflow Red Hat Suse
CVE-2026-33740 MEDIUM CVSS 5.4
EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference (IDOR) vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from ...

Authentication Bypass
CVE-2026-33657 MEDIUM CVSS 4.6
EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard (non-administrative) privileges to inject arbitrary HTML into system-generated email notifications by crafting ...

XSS
CVE-2026-33555 MEDIUM CVSS 4.0
HAProxy versions 2.6 through 3.3.5 fail to validate that received HTTP/3 message body lengths match the announced Content-Length header when streams close via empty-payload frames, enabling request smuggling and backend desynchronization attacks. An unauthenticated remote attacker can exploit this via network-level HTTP/3 traffic to cause integrity violations (integrity impact rated low by CVSS), though practical exploitation requires high attack complexity. No public exploit code or active CISA KEV designation has been confirmed; the moderate CVSS 4.0 and high attack complexity suggest this is a specialized HTTP/3 protocol abuse requiring precise crafting.

Information Disclosure
CVE-2026-33534 MEDIUM CVSS 4.3
EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery (SSRF) vulnerability that allows bypassing the internal-host validation logic by using alternative IPv4 representations such as octal notation (e.g., 017...

SSRF
CVE-2026-31428 MEDIUM CVSS 5.5
Uninitialized heap memory leaks to userspace via the Linux kernel's netfilter logging subsystem (nfnetlink_log), exposing 1-3 bytes of stale kernel heap content per logged packet through the NFULA_PAYLOAD netlink attribute. Affected systems are those running Linux kernel versions dating back to commit df6fb868d611 (circa 2.6.24) where NFLOG-based packet logging is configured. A low-privileged local attacker with access to an NFLOG netlink socket can passively harvest kernel memory fragments, potentially useful for defeating KASLR or reconstructing sensitive in-memory data. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.02%, 7th percentile), but the vulnerability class is well-understood by kernel exploit developers.

Information Disclosure Linux Red Hat Suse
CVE-2026-31427 MEDIUM CVSS 5.5
Stack corruption in the Linux kernel's netfilter SIP connection tracking helper (`nf_conntrack_sip`) allows a local low-privileged attacker to disrupt SIP call establishment by triggering use of an uninitialized `rtp_addr` stack variable in `process_sdp()`. When SDP bodies contain no valid media sections, the uninitialized address is passed to `nf_nat_sdp_session()`, which rewrites SDP `o=` and `c=` lines with either zeroes (when `CONFIG_INIT_STACK_ALL_ZERO` is active) or arbitrary stack contents, corrupting session negotiation. No public exploit identified at time of analysis; EPSS is 0.02% (7th percentile), and this vulnerability is not listed in CISA KEV.

Information Disclosure Linux Red Hat Suse
CVE-2026-31425 MEDIUM CVSS 5.5
Null pointer dereference in the Linux kernel's RDS-over-InfiniBand (RDS/IB) subsystem allows a local low-privileged user to crash the kernel by sending an RDS_CMSG_RDMA_MAP control message before an IB connection is fully established. The impact is a complete denial of service (kernel panic) with no confidentiality or integrity exposure, scoring CVSS 5.5. No public exploit code has been identified at time of analysis, and EPSS exploitation probability is extremely low at 0.02%, consistent with the specialized InfiniBand hardware prerequisite.

Denial Of Service Linux Null Pointer Dereference Red Hat Suse
CVE-2026-31424 MEDIUM CVSS 5.5
NULL pointer dereference in the Linux kernel's netfilter x_tables subsystem allows a local attacker with CAP_NET_ADMIN privileges to crash the system by loading an NFPROTO_UNSPEC-registered xt_match or xt_target (e.g., xt_devgroup) into an ARP nftables chain via nft_compat, triggering a kernel panic and complete availability loss. CVSS 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) accurately reflects the local-only, availability-only impact, and EPSS at 0.02% (7th percentile) indicates very low real-world exploitation probability. No active exploitation confirmed (not in CISA KEV); vendor-released patches are available across multiple stable kernel branches.

Denial Of Service Linux Null Pointer Dereference Red Hat Canonical
CVE-2026-31423 MEDIUM CVSS 5.5
Divide-by-zero in the Linux kernel's HFSC traffic scheduler (net/sched/sch_hfsc.c) allows a local authenticated user to crash the kernel via a denial-of-service oops. The flaw is triggered by enqueueing packets through an HFSC qdisc configured with slope values that cause a u64-to-u32 arithmetic truncation to yield a zero divisor in rtsc_min(). With EPSS at 0.02% (7th percentile), no CISA KEV listing, and no public exploit code identified at time of analysis, real-world exploitation risk is currently low, though the crash path is deterministic and reproducible by anyone with HFSC configuration access.

Information Disclosure Linux Red Hat Suse
CVE-2026-31422 MEDIUM CVSS 5.5
NULL pointer dereference in the Linux kernel's net/sched cls_flow traffic classifier allows a local low-privileged attacker to crash the kernel (denial of service) by creating a flow filter on a shared traffic control block without a fully qualified baseclass. The crash occurs in flow_change() at net/sched/cls_flow.c:508, confirmed by a KASAN trace showing null-ptr-deref when block->q is dereferenced on a shared block where it is intentionally NULL. No active exploitation confirmed - not listed in CISA KEV - and EPSS stands at 0.02% (7th percentile), indicating negligible real-world exploitation probability at time of analysis.

Denial Of Service Linux Null Pointer Dereference Red Hat Suse
CVE-2026-31421 MEDIUM CVSS 5.5
NULL pointer dereference in the Linux kernel's cls_fw traffic classifier (net/sched/cls_fw.c) crashes the kernel when authenticated local users configure an old-method cls_fw filter on a shared tc block and traffic with a nonzero major skb mark is processed. The flaw exists because the old classification path in fw_classify() calls tcf_block_q() and dereferences q->handle, but shared blocks hold a NULL block->q pointer. The impact is limited to local denial of service (kernel panic); no confidentiality or integrity compromise is possible. EPSS is 0.02% (7th percentile), this vulnerability is not in CISA KEV, and no public exploit has been identified at time of analysis.

Denial Of Service Linux Null Pointer Dereference Red Hat Suse
CVE-2026-31420 MEDIUM CVSS 5.5
Uncontrolled resource exhaustion in the Linux kernel bridge MRP subsystem allows a locally authenticated attacker to trigger a kernel OOM panic by supplying a zero-value test interval via netlink. The br_mrp_start_test() and br_mrp_start_in_test() functions lack input validation for the interval parameter; when set to zero, usecs_to_jiffies(0) yields 0, causing delayed work items on system_percpu_wq to reschedule themselves at maximum rate while continuously allocating and transmitting MRP test frames until all system memory is exhausted. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% (6th percentile) reflects low current exploitation probability, though the denial-of-service impact is severe - a full kernel panic.

Information Disclosure Linux Red Hat Suse
CVE-2026-31418 MEDIUM CVSS 5.5
Local denial-of-service via kernel memory leak in the Linux kernel's netfilter ipset subsystem affects multiple stable branches from Linux 5.6 through the fixed releases 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, and 7.0. The mtype_del() function contains a logic flaw that prevents proper bucket release when all live entries are deleted but the positional counter (n->pos) still references past-deleted slots, causing accumulated unreleased kernel memory across repeated ipset add/delete operations. No public exploit code exists and this CVE is not listed in the CISA KEV catalog; EPSS at 0.02% (7th percentile) reflects very low real-world exploitation probability.

Information Disclosure Linux Red Hat Suse
CVE-2026-31416 MEDIUM CVSS 5.5
Local denial-of-service in the Linux kernel's netfilter nfnetlink_log subsystem allows a low-privileged local user to trigger a kernel WARN splat and cause netlink message drops. The root cause is an accounting error in NLMSG_DONE that omits the netlink header size, counting only the attribute size. With a CVSS score of 5.5 (AV:L/AC:L/PR:L) and EPSS at 0.02% (7th percentile), this has no public exploit code identified at time of analysis and is not listed in the CISA KEV catalog - impact is limited to netlink logging availability, with no code execution or data exposure.

Information Disclosure Linux Red Hat Suse
CVE-2026-31415 MEDIUM CVSS 5.5
Integer overflow in the Linux kernel's IPv6 sendmsg ancillary-data path allows a local user with CAP_NET_RAW (or namespaced CAP_NET_RAW via unprivileged user namespaces) to crash the kernel via skb_under_panic(), constituting a local denial of service. The 16-bit opt_flen accumulator in ip6_datagram_send_ctl() wraps around when flooded with large IPV6_DSTOPTS cmsgs, causing the transmit path to underallocate sk_buff headroom while dst1opt still references a large destination-options header - the mismatch triggers BUG() on subsequent packet transmission. A proof-of-concept (poc.c) was submitted with the bug report; no public exploit identified at time of analysis as actively exploited (no CISA KEV listing), and EPSS is very low at 0.03%.

Denial Of Service Linux Red Hat Suse
CVE-2026-31280 MEDIUM CVSS 6.5
Denial of service in Parani M10 Motorcycle Intercom v2.1.3 via crafted Bluetooth RFCOMM frames allows unauthenticated attackers within wireless range to crash the device. The vulnerability exploits a buffer overflow in the RFCOMM service handler, causing high availability impact. A proof-of-concept exists but active exploitation has not been confirmed; EPSS score of 0.02% suggests limited real-world exploitation pressure despite the accessible attack vector.

Buffer Overflow Denial Of Service N A
CVE-2026-29628 MEDIUM CVSS 6.2
Stack overflow in tinyobjloader's experimental MTL file parser (tinyobj_loader_opt.h) allows local attackers to trigger denial of service by supplying a malformed .mtl file. The vulnerability affects the library's material file parsing logic and crashes the application via stack memory corruption, though with EPSS score of 0.01% and no confirmed active exploitation, real-world risk is minimal despite the moderate CVSS 6.2 rating.

Buffer Overflow Denial Of Service Stack Overflow
CVE-2026-28553 MEDIUM CVSS 6.9
HarmonyOS and EMUI theme setting modules fail to enforce proper permission controls, allowing local attackers with user interaction to read sensitive system information across security boundaries. The vulnerability requires physical or local access and user interaction but can compromise confidentiality of protected data; CVSS 6.9 reflects moderate-to-high real-world risk due to local attack surface and CVSS vector showing high confidentiality impact (C:H) despite lower integrity and availability consequences.

Information Disclosure
CVE-2026-26460 MEDIUM CVSS 6.1
A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The application fails to properly neutralize user-supplied input in the tabid parameter of the DashBoardTab view (getTabContents action), allowing an attacker to inject arbitrary HTML content into the dashboard interf...

XSS
CVE-2026-25209 MEDIUM CVSS 6.5
Out-of-bounds read in Samsung Open Source Escargot JavaScript engine exposes sensitive memory content to remote attackers through user interaction. The vulnerability affects Escargot commit 97e8115ab1110bc502b4b5e4a0c689a71520d335 and allows information disclosure with partial availability impact. CVSS 5.9 (medium) reflects the requirement for user interaction and high complexity attack prerequisites, though the memory exposure potential warrants monitoring for patches.

Buffer Overflow Information Disclosure Samsung
CVE-2026-25206 MEDIUM CVSS 6.7
Out-of-bounds read in Samsung Open Source Escargot JavaScript engine allows local attackers to leak sensitive memory contents and cause denial of service. Affects Escargot commit 97e8115ab1110bc502b4b5e4a0c689a71520d335 and potentially other versions; the vulnerability requires local access and specific conditions to trigger but can expose confidential data and crash the application without authentication. No public exploit identified at time of analysis.

Buffer Overflow Information Disclosure Samsung
CVE-2026-25204 MEDIUM CVSS 6.2
Deserialization of untrusted data in Samsung Open Source Escargot JavaScript engine prior to commit 97e8115ab1110bc502b4b5e4a0c689a71520d335 allows local attackers without privileges to trigger a denial of service condition via process abort. The vulnerability exploits unsafe deserialization of Java objects, resulting in application termination rather than code execution. No public exploit code or active exploitation has been identified at the time of analysis.

Denial Of Service Java Deserialization Samsung
CVE-2026-21014 MEDIUM CVSS 5.1
Samsung Camera prior to version 16.5.00.28 allows local attackers with limited privileges to access device location data through improper access control, requiring user interaction to trigger. This information disclosure vulnerability affects Samsung's mobile camera application and represents a localized privacy exposure on affected devices.

Information Disclosure Samsung
CVE-2026-21013 MEDIUM CVSS 6.9
Galaxy Wearable prior to version 2.2.68.26 allows local attackers to access sensitive information through incorrect default file or directory permissions, exposing high-value data on affected wearable devices. The vulnerability requires local access but no authentication or user interaction, making it exploitable by any user on the device.

Privilege Escalation
CVE-2026-21012 MEDIUM CVSS 6.8
External control of file name in Samsung AODManager prior to April 2026 SMR Release 1 allows privileged local attackers to create files with system privileges, potentially leading to privilege escalation or system compromise. The vulnerability requires high-level local privileges and affects Samsung Mobile devices through a path traversal or file name manipulation flaw in the AODManager component. No public exploit code has been identified at the time of analysis.

Information Disclosure
CVE-2026-21011 MEDIUM CVSS 5.4
Bluetooth maintenance mode in Samsung Mobile devices prior to April 2026 SMR Release 1 permits physical attackers to bypass Extend Unlock authentication due to incorrect privilege assignment, enabling unauthorized device access without requiring prior authentication. The vulnerability requires physical proximity and user interaction but grants full confidentiality and integrity compromise of the device. No public exploit code has been identified at the time of analysis.

Authentication Bypass
CVE-2026-21010 MEDIUM CVSS 6.6
Improper input validation in Samsung Mobile Retail Mode prior to SMR April 2026 Release 1 allows local attackers with limited privileges to trigger privileged functions, potentially leading to information disclosure and unauthorized modification of device state. The vulnerability requires physical or local access and low-privilege credentials, limiting immediate remote exploitation risk but posing significant concern for retail environments where devices are physically accessible to untrusted parties.

Information Disclosure
CVE-2026-21009 MEDIUM CVSS 4.1
Samsung Mobile's Recents application prior to SMR Apr-2026 Release 1 fails to properly validate exceptional conditions, allowing a physical attacker to bypass App Pinning security controls. The vulnerability requires physical device access and has a CVSS score of 4.1 reflecting the physical attack vector and confidentiality impact; no public exploit code or confirmed active exploitation has been identified.

Authentication Bypass
CVE-2026-21008 MEDIUM CVSS 5.1
Samsung Mobile S Share application prior to the April 2026 SMR Release 1 exposes sensitive information to adjacent network attackers without requiring authentication, achieved through a low-complexity attack requiring only user interaction. The vulnerability has a CVSS 5.1 score reflecting limited confidentiality impact over an adjacent network, and is addressed in the April 2026 security patch release.

Information Disclosure
CVE-2026-21007 MEDIUM CVSS 4.4
Device Care in Samsung Mobile devices prior to the April 2026 SMR Release 1 contains an improper exception handling vulnerability that permits physical attackers to bypass Knox Guard authentication enforcement. With a CVSS score of 4.4 and attack vector requiring physical access, this vulnerability poses a localized but serious integrity and confidentiality risk to device security architecture, particularly for devices left unattended or in corporate environments where physical access controls may be compromised.

Authentication Bypass
CVE-2026-21006 MEDIUM CVSS 4.7
Samsung DeX prior to the April 2026 Release 1 update contains improper access control that allows physical attackers to access hidden notification contents on affected Samsung mobile devices. The vulnerability requires direct physical access to the device but carries high scope and information integrity impact due to potential exposure of sensitive notification data. No public exploit code has been identified at the time of analysis.

Information Disclosure Samsung
CVE-2026-21003 MEDIUM CVSS 5.2
Improper input validation in Samsung Mobile devices prior to SMR April 2026 Release 1 allows physical attackers to bypass network restrictions without authentication. The vulnerability affects data handling related to network restriction policies, enabling unauthorized modification of network access controls. CVSS score of 5.2 reflects the physical attack requirement, though integrity and availability impacts are rated high for affected functions.

Authentication Bypass
CVE-2026-6231 MEDIUM CVSS 5.3
MongoDB C Driver bson_validate function returns early on specific inputs and incorrectly reports successful validation, allowing malformed or invalid UTF-8 sequences in BSON data to bypass validation checks. This affects MongoDB C Driver versions prior to 1.30.5, 2.0.0, and 2.0.1, and impacts applications that depend on this validation function to process untrusted BSON data. Authenticated remote attackers can exploit this to inject invalid BSON data, potentially causing integrity issues in downstream processing; EPSS 0.48 indicates this is a moderate-priority issue that warrants patching but is not among the highest-risk vulnerabilities.

Authentication Bypass
CVE-2026-6224 MEDIUM CVSS 5.5
A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a manipulation results in sandbox issue. The attack can be initiat...

Information Disclosure
CVE-2026-6218 MEDIUM CVSS 5.3
A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of the component Error Details Panel. The manipulation results in cross site scripting. The attack may be performed from remote. The vendor was contacted early about this disclosu...

XSS
CVE-2026-6203 MEDIUM CVSS 6.1
The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient validation of user-supplied URLs passed via the 'redirect_to_on_logout' GET parameter before redirecting users. The `redirect_to_on_logout` GET pa...

WordPress Open Redirect
CVE-2026-6193 MEDIUM CVSS 5.5
A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be...

PHP SQLi
CVE-2026-6189 MEDIUM CVSS 5.5
SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows unauthenticated remote attackers to extract, modify, or delete database contents via the Username parameter in /ajax.php?action=login. The vulnerability enables low-complexity attacks requiring no user interaction, with publicly available exploit code (EPSS probability data not provided, not listed in CISA KEV). Attackers can compromise confidentiality, integrity, and availability of the pharmacy inventory database without authentication.

PHP SQLi
CVE-2026-6188 MEDIUM CVSS 5.5
SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows unauthenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /ajax.php?action=delete_sales, with publicly available exploit code and evidence of active proof-of-concept publication.

PHP SQLi
CVE-2026-6187 MEDIUM CVSS 5.5
SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows unauthenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /ajax.php?action=chk_prod_availability, enabling unauthorized data access and modification. The vulnerability has a publicly available exploit and carries a CVSS score of 6.9 with confirmed proof-of-concept code available on GitHub.

PHP SQLi
CVE-2026-6183 MEDIUM CVSS 5.5
SQL injection in code-projects Simple Content Management System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /web/index.php and execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. Publicly available exploit code exists and the vulnerability carries a CVSS 6.9 score reflecting moderate confidentiality, integrity, and availability impact across the network-accessible endpoint.

PHP SQLi
CVE-2026-6182 MEDIUM CVSS 5.5
SQL injection in code-projects Simple Content Management System 1.0 allows unauthenticated remote attackers to manipulate the User parameter in /web/admin/login.php, enabling database query manipulation with low confidentiality, integrity, and availability impact. Publicly available exploit code exists, increasing real-world attack likelihood despite the moderate CVSS score of 6.9.

PHP SQLi
CVE-2026-6179 MEDIUM CVSS 6.3
Stored cross-site scripting (XSS) in NightWolf Penetration Testing Platform 2.1.5 allows authenticated users to inject malicious scripts that execute in other users' browsers, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of victims. The vulnerability requires user interaction is absent from the CVSS vector (UI:N), meaning the injected payload executes automatically when a victim views affected content. No public exploit code or active exploitation has been confirmed at the time of analysis.

XSS
CVE-2026-6167 MEDIUM CVSS 5.5
SQL injection in code-projects Faculty Management System 1.0 via the ID parameter in /subject-print.php allows unauthenticated remote attackers to execute arbitrary SQL queries and exfiltrate or modify database contents with low confidentiality and integrity impact. Publicly available exploit code exists, creating immediate operational risk for organizations running this system.

PHP SQLi
CVE-2026-6166 MEDIUM CVSS 5.5
SQL injection in code-projects Vehicle Showroom Management System 1.0 allows unauthenticated remote attackers to execute arbitrary SQL queries via the VEHICLE_ID parameter in /util/UpdateVehicleFunction.php, achieving confidentiality and integrity compromise. Publicly available exploit code exists and the vulnerability carries a CVSS 6.9 score with confirmed exploitability (E:P rating).

PHP SQLi
CVE-2026-6165 MEDIUM CVSS 5.5
SQL injection in code-projects Vehicle Showroom Management System 1.0 allows remote unauthenticated attackers to manipulate the ID parameter in /util/Login_check.php, leading to unauthorized data access or modification. The vulnerability has been publicly disclosed with exploit code available, increasing real-world exploitation risk despite its low-to-moderate CVSS score of 6.9.

PHP SQLi
CVE-2026-6164 MEDIUM CVSS 5.5
SQL injection in Lost and Found Thing Management 1.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the cata parameter in /addcat.php. The vulnerability has CVSS 6.9 (network-accessible, low complexity) and publicly available exploit code exists, making it a practical attack vector for data exfiltration and manipulation in this PHP-based application.

PHP SQLi
CVE-2026-6163 MEDIUM CVSS 5.5
SQL injection in code-projects Lost and Found Thing Management 1.0 allows remote unauthenticated attackers to execute arbitrary SQL queries via the cat parameter in /catageory.php, enabling data exfiltration and potential database manipulation. The vulnerability has a publicly available exploit and carries a CVSS score of 6.9 with confirmed low impact to confidentiality, integrity, and availability. Active exploitation status has not been confirmed at time of analysis, but the accessible nature of the vulnerability and public exploit availability elevate operational risk.

PHP SQLi
CVE-2026-6161 MEDIUM CVSS 5.5
SQL injection in code-projects Simple ChatBox up to version 1.0 allows remote unauthenticated attackers to execute arbitrary SQL queries via manipulation of the msg parameter in the /chatbox/insert.php endpoint, leading to confidentiality and integrity compromise. The vulnerability has a CVSS score of 6.9 and publicly available exploit code exists, increasing real-world risk despite the moderate base score.

PHP SQLi
CVE-2026-6160 MEDIUM CVSS 5.5
Remote file and directory information exposure in code-projects Simple ChatBox 1.0 allows unauthenticated attackers to disclose sensitive file paths and directory structures via manipulation of the SimpleChatbox_PHP endpoint. The vulnerability affects the chatbox.sql component and has publicly available exploit code; attackers can enumerate filesystem information without authentication or user interaction, creating risk for reconnaissance and secondary attack planning.

Information Disclosure
CVE-2026-6158 MEDIUM CVSS 5.5
Remote code execution in Totolink N300RH firmware 6.1c.1353_B20190305 allows unauthenticated network attackers to execute arbitrary OS commands via command injection in the FileName parameter of the setUpgradeUboot function in upgrade.so. Publicly available exploit code exists for this vulnerability, which carries a CVSS 6.9 score reflecting network-accessible attack vector with low complexity and no authentication requirements.

Command Injection
CVE-2026-6153 MEDIUM CVSS 5.5
SQL injection in code-projects Vehicle Showroom Management System 1.0 allows unauthenticated remote attackers to execute arbitrary SQL queries via the STAFF_ID parameter in /util/StaffDetailsFunction.php, enabling unauthorized database access with limited confidentiality and integrity impact. Public exploit code is available, and the vulnerability has a CVSS score of 6.9 with confirmed exploitability.

PHP SQLi
CVE-2026-6152 MEDIUM CVSS 5.5
SQL injection in code-projects Vehicle Showroom Management System 1.0 allows unauthenticated remote attackers to read, modify, or delete database contents via the STAFF_ID parameter in /util/StaffAddingFunction.php. CVSS score of 7.3 (High) reflects network-accessible attack requiring no privileges or user interaction. Publicly available exploit code exists (GitHub POC), significantly lowering exploitation barrier, though no active exploitation confirmed via CISA KEV at time of analysis.

PHP SQLi
CVE-2026-6151 MEDIUM CVSS 5.5
SQL injection in code-projects Vehicle Showroom Management System 1.0 allows unauthenticated remote attackers to extract, modify, or delete database records via the CUSTOMER_ID parameter in /util/PaymentStatusFunction.php. CVSS 7.3 (High) with low attack complexity and no authentication required. Publicly available exploit code exists (GitHub POC published), significantly lowering the barrier to exploitation. No vendor-released patch identified at time of analysis, creating an urgent risk for exposed deployments.

PHP SQLi
CVE-2026-6149 MEDIUM CVSS 5.5
SQL injection in code-projects Vehicle Showroom Management System 1.0 allows unauthenticated remote attackers to extract, modify, or delete database contents via the BRANCH_ID parameter in /util/BookVehicleFunction.php. The vulnerability has publicly available exploit code (GitHub POC), enabling trivial exploitation with low attack complexity. CVSS 7.3 reflects medium-severity impacts across confidentiality, integrity, and availability. No vendor patch has been identified at time of analysis.

PHP SQLi
CVE-2026-6148 MEDIUM CVSS 5.5
SQL injection in code-projects Vehicle Showroom Management System 1.0 allows unauthenticated remote attackers to extract, modify, or delete database contents via the BRANCH_ID parameter in MonthTotalReportUpdateFunction.php. Publicly available exploit code exists (GitHub POC published), enabling trivial exploitation with no user interaction required. CVSS 7.3 reflects network-accessible attack with low complexity and no authentication barrier, creating immediate risk for internet-exposed instances.

PHP SQLi
CVE-2026-6142 MEDIUM CVSS 5.5
SQL injection in tushar-2223 Hotel Management System /admin/roomdelete.php allows unauthenticated remote attackers to manipulate database queries via the ID parameter, potentially compromising confidentiality, integrity, and availability of hotel management data. Publicly available exploit code exists (CVSS 7.3, EPSS not provided). The vulnerability affects all versions up to commit bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15 in this rolling-release project, and the maintainer has not responded to responsible disclosure attempts.

PHP SQLi
CVE-2026-2728 MEDIUM CVSS 4.6
Cross-site Scripting (XSS) in LibreNMS versions before 26.3.0 allows authenticated administrators to inject malicious scripts on the showconfig page, enabling attacks against other authorized users. The vulnerability requires high administrative privileges and user interaction (clicking a malicious link) to execute, resulting in integrity impact to other users' sessions. Publicly available exploit code exists, though CISA KEV status is not confirmed.

XSS
CVE-2026-0232 MEDIUM CVSS 4.0
Cortex XDR agent on Windows versions 7.9-CE through 9.0 allows authenticated local administrators to disable the agent through a protection mechanism bypass, enabling malware to operate undetected. The vulnerability requires high privileges and local access, but creates a critical detection evasion vector when exploited by administratively compromised systems or insider threats. No public exploit code or active exploitation has been reported at time of analysis.

Information Disclosure Microsoft Paloalto
CVE-2025-70936 MEDIUM CVSS 5.4
Reflected cross-site scripting (XSS) in Vtiger CRM 8.4.0 MailManager module allows authenticated attackers to execute arbitrary JavaScript in a user's browser session via a specially crafted double URL-encoded payload in the _folder parameter. The vulnerability requires user interaction (UI:R) and affects confidentiality and integrity within the scope of the authenticated session. With an EPSS score of 0.02% (5th percentile), real-world exploitation risk is minimal despite public disclosure.

XSS
CVE-2025-63743 MEDIUM CVSS 5.4
Stored cross-site scripting in Snipe-IT asset management system v8.3.0-8.3.1 allows authenticated users with basic login privileges to inject malicious JavaScript via Name and Surname fields, which executes when other users view Activity Reports or modified profiles. This vulnerability requires the victim's Display Name to be unset and affects all users with sufficient permissions to access those views. Patch available in v8.3.2; EPSS score is minimal (0.01%), indicating low empirical exploitation likelihood despite network-accessible attack vector.

XSS
CVE-2025-31991 MEDIUM CVSS 6.8
Brute-force attacks against HCL DevOps Velocity user login are possible due to inadequate rate limiting enforcement on failed authentication attempts, allowing attackers with high privileges to bypass the unsuccessful login attempt limit and potentially compromise user accounts. CVSS 6.8 reflects the integrity impact (account compromise) across multiple systems; the vulnerability requires high privileges, limiting opportunistic exploitation. Vendor-released patch: version 5.1.7.

Information Disclosure
CVE-2025-15441 MEDIUM CVSS 6.8
SQL injection in Form Maker by 10Web WordPress plugin before version 1.15.38 allows unauthenticated remote attackers to read sensitive data via improper SQL query preparation when the MySQL Mapping feature is enabled. The attack requires high complexity to exploit but has high confidentiality impact, affecting all WordPress sites running the vulnerable plugin with this feature active. Public exploit code is available, though EPSS scoring (0.02%) suggests real-world exploitation remains limited despite the presence of proof-of-concept.

WordPress SQLi
CVE-2026-40263 LOW CVSS 3.7
### Summary A timing side-channel in the login endpoint allows unauthenticated attackers to determine whether a username exists by measuring response time differences. Requests for valid usernames take noticeably longer because the server performs bcrypt password verification, while requests for non...

Information Disclosure
CVE-2026-36952 LOW CVSS 2.7
SQL injection in Sourcecodester Online Thesis Archiving System v1.0 at /otas/admin/curriculum/manage_curriculum.php allows authenticated high-privileged administrators to extract sensitive database information through unsanitized query parameters. With a CVSS score of 2.7 and EPSS of 0.01% (2nd percentile), this vulnerability presents minimal real-world risk despite valid SQL injection mechanics, as exploitation requires admin-level credentials and yields only confidentiality impact. No public exploit code or active exploitation has been confirmed.

PHP SQLi
CVE-2026-36950 LOW CVSS 2.7
SQL injection in Sourcecodester Online Thesis Archiving System v1.0 allows high-privilege authenticated attackers to extract sensitive information via the /otas/projects_per_department.php endpoint. The vulnerability requires admin-level credentials (PR:H per CVSS) and has minimal confidentiality impact with an EPSS score of 0.01%, indicating very low real-world exploitation probability despite public disclosure on GitHub.

PHP SQLi
CVE-2026-36947 LOW CVSS 2.7
SQL injection in Sourcecodester Computer and Mobile Repair Shop Management System v1.0 at /rsms/admin/services/view_service.php allows authenticated administrators to extract sensitive database information with low complexity. The vulnerability requires high-privilege (admin) access and does not enable data modification or denial of service, limiting real-world impact despite the unauthenticated attack vector network availability. No active exploitation or public proof-of-concept tools have been confirmed; EPSS score of 0.02% and SSVC framework rating 'none' exploitation status indicate minimal practical risk despite CVSS 2.7 rating.

PHP SQLi N A
CVE-2026-36946 LOW CVSS 2.7
SQL injection in Sourcecodester Computer and Mobile Repair Shop Management System v1.0 at /rsms/admin/inquiries/view_details.php allows high-privileged authenticated administrators to extract limited data via crafted SQL queries. The vulnerability requires admin-level access and produces only confidentiality impact with minimal real-world exploitation likelihood (EPSS 0.02%, CVSS 2.7, SSVC framework indicates no practical exploitation path).

PHP SQLi
CVE-2026-36945 LOW CVSS 2.7
SQL injection in Sourcecodester Computer and Mobile Repair Shop Management System v1.0 allows authenticated administrators to execute arbitrary SQL queries via the /rsms/admin/clients/manage_client.php endpoint, potentially exposing sensitive data with low confidentiality impact. The vulnerability requires high-privilege administrator authentication and carries minimal real-world risk (EPSS 0.02%, SSVC indicates no exploitation activity), but represents a common code quality issue in open-source PHP applications that warrants remediation during security updates.

PHP SQLi
CVE-2026-36944 LOW CVSS 2.7
SQL injection in Sourcecodester Computer and Mobile Repair Shop Management System v1.0 allows authenticated high-privilege users to read sensitive database content via crafted input in the repairs details viewer. The vulnerability requires admin-level authentication and carries minimal real-world risk given the CVSS 2.7 score, EPSS 0.02% exploitation probability, and CISA SSVC assessment indicating no known exploitation, non-automatable attack, and only partial technical impact (confidentiality). No active exploitation has been confirmed.

PHP SQLi
CVE-2026-36943 LOW CVSS 2.7
SQL injection in Sourcecodester Computer and Mobile Repair Shop Management System v1.0 at /rsms/admin/repairs/manage_repair.php allows authenticated administrators to extract or modify limited database information. The attack requires high-level administrative privileges and produces only confidentiality impact; EPSS probability is minimal (0.02%), and CISA SSVC assessment indicates no evidence of real-world exploitation.

PHP SQLi
CVE-2026-36942 LOW CVSS 2.7
SQL injection in Sourcecodester Online Resort Management System v1.0 allows high-privilege authenticated attackers to read sensitive application data via crafted input to the /orms/admin/activities/manage_activity.php endpoint. The vulnerability requires administrator-level credentials and produces only confidentiality impact with negligible real-world exploitation risk, as indicated by 0.02% EPSS score and CISA SSVC partial technical impact assessment.

PHP SQLi
CVE-2026-36941 LOW CVSS 2.7
SQL Injection in Sourcecodester Online Resort Management System v1.0 allows authenticated administrators to extract or modify database contents via the /orms/admin/rooms/manage_room.php endpoint. The vulnerability requires high-privilege administrative access and has minimal real-world impact given the CVSS score of 2.7, EPSS exploitation probability of 0.02%, and CISA SSVC determination of non-exploitable status with only partial technical impact. No active exploitation has been confirmed.

PHP SQLi
CVE-2026-36938 LOW CVSS 2.7
SQL injection in Sourcecodester Online Resort Management System v1.0 allows high-privileged authenticated attackers to query the database with limited confidentiality impact via the /orms/admin/rooms/view_room.php endpoint. The CVSS score of 2.7 and EPSS percentile of 6% reflect low real-world exploitation probability; SSVC assessment confirms no known automated exploit path and only partial technical impact (information disclosure). No public exploit code or active exploitation has been identified.

PHP SQLi
CVE-2026-36937 LOW CVSS 2.7
SQL injection in Sourcecodester Online Resort Management System v1.0 allows authenticated high-privilege users to execute arbitrary SQL queries via the /orms/admin/reservations/view_details.php endpoint, resulting in limited information disclosure. The vulnerability requires administrative access and carries minimal real-world risk due to CVSS 2.7, EPSS 0.02% (6th percentile), and SSVC framework assessment indicating no active exploitation and non-automatable attack requirements.

PHP SQLi
CVE-2026-36923 LOW CVSS 2.7
SQL Injection in Sourcecodester Cab Management System 1.0 allows high-privilege administrators to extract limited database information via the /cms/admin/bookings/view_booking.php endpoint. The vulnerability requires authenticated admin access and carries minimal real-world risk given its low EPSS score (0.02%) and CISA SSVC assessment indicating no exploitation status, non-automatable exploitation, and only partial technical impact.

PHP SQLi N A
CVE-2026-36922 LOW CVSS 2.7
SQL injection in Sourcecodester Cab Management System v1.0 allows high-privilege authenticated attackers to extract sensitive data via the /cms/admin/categories/view_category.php endpoint. The vulnerability requires administrative credentials and has minimal real-world impact (CVSS 2.7, EPSS 0.02%), with no evidence of active exploitation or public exploit code.

PHP SQLi N A
CVE-2026-36920 LOW CVSS 2.7
SQL injection in Sourcecodester Online Reviewer System v1.0 allows high-privileged authenticated users to extract limited data via a crafted SQL query in the questions-view.php endpoint. The vulnerability requires administrator-level credentials and lacks evidence of active exploitation or public exploit tooling, resulting in a minimal real-world risk profile despite confirmed SQL injection capability.

PHP SQLi N A
CVE-2026-36919 LOW CVSS 2.7
SQL injection in Sourcecodester Online Reviewer System v1.0 allows high-privileged authenticated attackers to conduct limited information disclosure through the exam update functionality at /system/system/admins/assessments/examproper/exam-update.php. The vulnerability carries minimal real-world risk due to required administrative privileges (PR:H), low EPSS exploitation probability (0.02%), and CISA SSVC assessment indicating no exploitation trend, non-automatable attack, and only partial technical impact.

PHP SQLi N A
CVE-2026-36874 LOW CVSS 2.7
SQL injection in Sourcecodester Basic Library System v1.0 at /librarysystem/load_student.php allows high-privilege authenticated attackers to read sensitive database information. The vulnerability requires administrative-level privileges and manual user interaction is absent, but real-world risk is minimal due to extremely low EPSS score (0.02%), CVSS severity of 2.7, and CISA SSVC assessment indicating no exploitation activity, non-automatable conditions, and only partial technical impact.

PHP SQLi
CVE-2026-36873 LOW CVSS 2.7
SQL injection in Sourcecodester Basic Library System v1.0 allows high-privilege authenticated attackers to extract sensitive data via the /librarysystem/load_admin.php endpoint. The vulnerability requires administrative authentication, limiting exposure to compromised or malicious admin accounts. EPSS exploitation probability is minimal at 0.02% (6th percentile), and no public exploit code has been identified, making this a low-priority issue despite the SQL injection vector.

PHP SQLi N A
CVE-2026-36872 LOW CVSS 2.7
SQL injection in Sourcecodester Basic Library System v1.0 allows high-privilege authenticated attackers to extract limited information from the database via crafted input to /librarysystem/load_book.php. The vulnerability requires administrative credentials and has very low real-world risk (EPSS 0.02%, CVSS 2.7) with no public exploit code identified; CISA does not list it as actively exploited.

PHP SQLi N A
CVE-2026-34851 LOW CVSS 2.2
Race condition in Huawei HarmonyOS event notification module allows local authenticated users with user interaction to cause denial of service through availability impact. The vulnerability requires local access, high attack complexity, and user interaction; with a CVSS score of 2.2, it represents minimal real-world risk. No public exploit code or active exploitation has been confirmed at this time.

Information Disclosure Race Condition
CVE-2026-34850 LOW CVSS 1.9
Race condition in Huawei HarmonyOS notification service allows local high-privilege attackers to cause limited availability impact through timing-dependent exploitation. CVSS 1.9 reflects minimal real-world risk due to high attack complexity, elevated privileges, and no confidentiality or integrity effects. No public exploit code or active exploitation confirmed.

Information Disclosure Race Condition
CVE-2026-34849 LOW CVSS 2.5
Use-after-free vulnerability in HarmonyOS screen management module allows local, unauthenticated attackers with user interaction to cause denial of service through a race condition. CVSS score of 2.5 reflects low severity with availability impact only; no confidentiality or integrity compromise. No public exploit code or active exploitation confirmed at time of analysis.

Information Disclosure Race Condition
CVE-2026-33659 LOW CVSS 3.5
EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery (SSRF) via a DNS rebinding (TOCTOU) condition. Host validation uses dns_get_record() but the actual HTTP...

RCE SSRF
CVE-2026-32270 LOW CVSS 1.7
Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, the PaymentsController::actionPay discloses some order data to unauthenticated users when an order number is provided and the email check fails during an anonymous payment. The JSON error...

Information Disclosure
CVE-2026-30812 LOW CVSS 2.1
Stored Cross-Site Scripting (XSS) in Pandora FMS versions 777 through 800 allows authenticated users with low privileges to inject malicious scripts via event comments, which execute in the browsers of other users viewing those comments. The vulnerability has a CVSS score of 2.1 with low confidentiality and integrity impact, requiring user interaction and attack preparation time to exploit. No public exploit code or active exploitation has been identified.

XSS
CVE-2026-6220 LOW CVSS 2.0
A vulnerability was identified in HummerRisk up to 1.5.0. This vulnerability affects the function ServerService.addServer of the file ServerService.java of the component Video File Download URL Handler. Such manipulation of the argument streamIp leads to server-side request forgery. It is possible t...

Java SSRF
CVE-2026-6219 LOW CVSS 1.9
A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of the file src/compressor.js of the component Compressor Feature. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly d...

Command Injection
CVE-2026-6216 LOW CVSS 2.0
A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launched ...

XSS
CVE-2026-6215 LOW CVSS 2.1
A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made...

SSRF
CVE-2026-6202 LOW CVSS 2.1
A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used f...

PHP SQLi
CVE-2026-6201 LOW CVSS 2.1
A vulnerability was identified in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /jobs/job-delete.php of the component Delete Job Posting Handler. Such manipulation of the argument ID leads to improper access controls. The attack can be launched remotely. Th...

PHP Authentication Bypass
CVE-2026-6192 LOW CVSS 1.9
Integer overflow in OpenJPEG's opj_pi_initialise_encode function (versions 2.5.0-2.5.4) allows authenticated local attackers to trigger availability impact via crafted input to the pi.c library module. The vulnerability has a publicly available proof-of-concept and carries an EPSS score of 0.01% (2nd percentile), reflecting minimal real-world exploitation likelihood despite the presence of exploit code. Patch commit 839936aa33eb8899bbbd80fda02796bb65068951 is available from the vendor.

Buffer Overflow Integer Overflow
CVE-2026-6191 LOW CVSS 2.1
SQL injection in itsourcecode Construction Management System 1.0 allows authenticated remote attackers to manipulate the Name parameter in /equipments.php, leading to unauthorized data access or modification. The CVSS score of 5.3 reflects low confidentiality and integrity impact, and the extremely low EPSS score (0.03%, 8th percentile) indicates minimal real-world exploitation likelihood despite publicly available exploit code.

PHP SQLi
CVE-2026-6190 LOW CVSS 2.1
SQL injection in itsourcecode Construction Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the Name parameter in /employees.php, resulting in confidentiality, integrity, and authenticity breaches. The vulnerability requires low-privilege authentication and has publicly available exploit code, elevating practical risk despite the moderate CVSS score of 6.3.

PHP SQLi
CVE-2026-6184 LOW CVSS 1.9
Stored cross-site scripting (XSS) in code-projects Simple Content Management System 1.0 allows authenticated high-privilege attackers to inject malicious scripts via the News Title parameter in /web/admin/welcome.php, affecting all versions of the product. The vulnerability requires user interaction (UI:R) to execute but has publicly available exploit code and a low CVSS score (2.4) due to high privilege requirements and limited impact scope.

PHP XSS
CVE-2026-6162 LOW CVSS 2.0
Reflected cross-site scripting (XSS) in PHPGurukul Company Visitor Management System 2.0 allows authenticated remote attackers to inject malicious scripts via the fromdate parameter in /bwdates-reports-details.php. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), but publicly available exploit code exists, elevating practical risk despite the moderate CVSS score of 5.1.

PHP XSS
CVE-2026-6159 LOW CVSS 2.1
Cross-site scripting (XSS) in Simple ChatBox up to version 1.0 allows remote attackers to inject malicious scripts via the msg parameter in the /chatbox/insert.php endpoint, with user interaction required. The vulnerability has publicly available exploit code and affects the PHP-based chat application component. Impact is limited to integrity of user sessions, but the attack vector is remote and requires no authentication.

PHP XSS
CVE-2026-6150 LOW CVSS 2.1
Cross-site scripting (XSS) in code-projects Simple Laundry System 1.0 allows remote attackers to inject arbitrary scripts via the serviceId parameter in /checkupdatestatus.php. The vulnerability requires user interaction (UI:R) and results in low integrity impact, but is publicly available with exploit code and has been disclosed. CVSS base score is 4.3 with relatively low real-world risk due to UI requirement and limited impact scope, though the presence of public POC increases adoption likelihood among less-skilled attackers.

PHP XSS
CVE-2026-6143 LOW CVSS 2.1
Permissive cross-domain policy in farion1231 cc-switch up to version 3.12.3 allows authenticated remote attackers to access sensitive information and modify data across untrusted domains via misconfigured CORS headers in the ProxyServer component. Publicly available exploit code exists, and vendor patches are available; this represents a moderate but actively exploitable configuration flaw affecting networked deployments.

Information Disclosure Cors Misconfiguration
CVE-2026-6141 LOW CVSS 2.1
OS command injection in danielmiessler Personal_AI_Infrastructure up to version 2.3.0 allows authenticated remote attackers to execute arbitrary system commands via a malicious URL parameter in the parse_url.ts parser tool. The vulnerability requires low-privilege authentication and has publicly available exploit code; the vendor released a patched version promptly after disclosure.

Command Injection
CVE-2026-0233 LOW CVSS 2.0
Remote code execution in Palo Alto Networks Autonomous Digital Experience Manager on Windows via certificate validation bypass allows unauthenticated attackers with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges. CVSS score is 2.0 but reflects a physical adjacency attack vector (AV:P); real-world risk depends on network topology and whether the manager is exposed on trusted adjacent networks. No public exploit code or active exploitation has been confirmed at time of analysis.

RCE Microsoft Paloalto
CVE-2025-15632 LOW CVSS 2.0
Cross-site scripting (XSS) in 1Panel-dev MaxKB up to version 2.4.2 allows authenticated remote attackers to inject malicious scripts via the MdPreview component in ui/src/chat.ts, requiring user interaction to execute. Publicly available exploit code exists for this vulnerability. The vendor released patched version 2.5.0 addressing the flaw with commit 7230daa5ec3e6574b6ede83dd48a4fbc0e70b8d8.

XSS

Track CVEs for your stack Sign up free →

Today's Vulnerabilities Vulnerabilities