Skip to main content
CVE-2026-30997 HIGH PATCH This Week

Out-of-bounds read in FFmpeg 8.0.1's AV1 decoder allows remote denial-of-service via malicious video files. Attackers craft inputs targeting read_global_param() in libavcodec/av1dec.c to trigger memory access violations, crashing the decoder. Affects applications processing untrusted AV1 video content (media servers, transcoders, browsers with FFmpeg). CVSS 7.5 (High) reflects network-exploitable DoS; EPSS 0.04% indicates low observed exploitation probability. No active exploitation confirmed (n

Denial Of Service Buffer Overflow Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33901 HIGH PATCH GHSA This Week

Heap buffer overflow in ImageMagick's MVG decoder enables network-based denial of service through crafted image files. Affects all ImageMagick versions prior to 6.9.13-44 and 7.1.2-19. CVSS 7.5 (HIGH) with remote unauthenticated exploitation (AV:N/PR:N), but EPSS score of 0.04% (11th percentile) indicates minimal observed exploitation probability. No active exploitation confirmed (not in CISA KEV), no public POC identified. Vendor-released patches available in versions 6.9.13-44 and 7.1.2-19, with upstream fix committed at 4c72003e9e54.

Heap Overflow Buffer Overflow Imagemagick
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-30998 HIGH PATCH This Week

Resource deallocation flaw in FFmpeg 8.0.1's zmqsend.c utility enables remote denial of service through crafted input files. Attackers can trigger improper cleanup of allocated resources without authentication (CVSS AV:N/AC:L/PR:N/UI:N), exhausting system resources. EPSS score of 0.04% (11th percentile) indicates low real-world exploitation probability, and no active exploitation confirmed (not in CISA KEV). The vulnerability affects a non-core utility component used for ZeroMQ message sending, limiting practical attack surface compared to main FFmpeg libraries.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-31417 HIGH PATCH This Week

Integer overflow in Linux kernel X.25 protocol stack allows remote unauthenticated attackers to trigger denial of service via fragmented packet accumulation. The fraglen field in x25_sock structure can overflow when processing fragmented X.25 packets, causing kernel crashes or resource exhaustion. Vendor-released patches confirm the vulnerability exists since initial Git history (2005) through kernel 6.19.x. EPSS score of 0.02% suggests low observed exploitation activity, though the network-accessible attack vector (AV:N) and lack of authentication requirements (PR:N) make this exploitable against any exposed X.25 network interface. No active exploitation confirmed (not in CISA KEV), but public patches reveal implementation details that could facilitate exploit development.

Buffer Overflow Linux Integer Overflow
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-5086 HIGH PATCH This Week

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.

Information Disclosure Crypt
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-66769 HIGH This Week

Nitro PDF Pro for Windows version 14.41.1.4 crashes when processing maliciously crafted XFA (XML Forms Architecture) packets due to a NULL pointer dereference, enabling remote denial-of-service attacks without authentication. An attacker can deliver a weaponized PDF containing the crafted XFA packet, causing the application to terminate when opened. EPSS exploitation probability is very low (0.01%, 2nd percentile), no active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis. Despite CVSS 7.5 (High), real-world risk is limited to availability impact only - no code execution, data theft, or privilege escalation possible.

Denial Of Service Null Pointer Dereference Microsoft
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-69624 HIGH This Week

Nitro PDF Pro 14.41.1.4 for Windows crashes when processing maliciously crafted PDFs that invoke app.alert() with null arguments, causing denial of service through NULL pointer dereference in the JavaScript engine. Remote attackers can deliver weaponized PDF files requiring no authentication or user interaction beyond opening the document (AV:N/AC:L/PR:N/UI:N). No public exploit identified at time of analysis, with EPSS exploitation probability at 0.01% (2nd percentile), indicating low real-world targeting despite theoretical automation potential.

Denial Of Service Null Pointer Dereference Microsoft N A
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22566 HIGH PATCH This Week

Improper access control in Ubiquiti UniFi Play PowerAmp (≤1.0.35) and Audio Port (≤1.0.24) exposes WiFi credentials to network-adjacent attackers without authentication. The CVSS:3.1 vector (AV:N/AC:L/PR:N/UI:N) indicates remote exploitation with no authentication required, though the vulnerability description specifies 'access to the UniFi Play network' as a prerequisite. Reported via HackerOne bug bounty. EPSS score of 0.01% (1st percentile) suggests minimal observed exploitation activity, and no public exploit code or CISA KEV listing identified at time of analysis.

Authentication Bypass Ubiquiti
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22565 HIGH PATCH This Week

Denial of service in Ubiquiti UniFi Play PowerAmp (≤1.0.35) and Audio Port (≤1.0.24) allows unauthenticated remote attackers to crash devices via improper input validation. CVSS 7.5 (High) with network-based attack requiring no privileges or user interaction. EPSS score of 0.01% (1st percentile) indicates minimal real-world exploitation likelihood. No public exploit identified at time of analysis. Vendor-released patches available: PowerAmp 1.0.38+ and Audio Port 1.1.9+.

Information Disclosure Ubiquiti
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-6137 HIGH This Week

Stack-based buffer overflow in Tenda F451 router firmware 1.0.0.7_cn_svn7958 allows authenticated remote attackers to achieve complete system compromise (confidentiality, integrity, availability breach) via malformed ADSL/WAN configuration parameters. The vulnerability resides in the fromAdvSetWan function handling wanmode and PPPOEPassword arguments. Publicly available exploit code exists, significantly lowering the barrier to exploitation. CVSS 7.4 (High) with low attack complexity and network-reachable attack vector indicates substantial risk for exposed management interfaces.

Tenda Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-25207 HIGH This Week

Out-of-bounds write in Samsung Open Source Escargot JavaScript engine allows local attackers to execute arbitrary code or corrupt memory through buffer overflow conditions. This vulnerability affects Escargot commit 97e8115ab1110bc502b4b5e4a0c689a71520d335 and prior versions. With a 7.4 CVSS score (high confidentiality, integrity, and availability impact) but high attack complexity and local attack vector, exploitation requires specialized conditions. No public exploit identified at time of analysis, and EPSS data not available for this CVE.

Samsung Buffer Overflow Memory Corruption
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-25205 HIGH This Week

Heap-based buffer overflow in Samsung Open Source Escargot JavaScript engine enables out-of-bounds memory writes with high integrity and availability impact through local attack vectors. Affects Escargot commit 97e8115ab1110bc502b4b5e4a0c689a71520d335. CVSS 8.1 severity driven by scope change and low attack complexity despite local access requirement. Upstream fix available (PR/commit); released patched version not independently confirmed. No public exploit identified at time of analysis, and exploitation requires high attack complexity (AC:H), limiting immediate risk despite elevated CVSS score.

Samsung Heap Overflow Buffer Overflow
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-36948 HIGH This Week

SQL injection in Sourcecodester Online Thesis Archiving System v1.0's /otas/view_archive.php endpoint allows remote unauthenticated attackers to manipulate database queries, potentially extracting sensitive thesis data, authentication credentials, or modifying database contents. No public exploit identified at time of analysis, with minimal observed exploitation probability (EPSS 0.01%, 2nd percentile). The vulnerability affects a PHP-based academic archiving platform with limited deployment footprint.

PHP SQLi
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-34856 HIGH This Week

Use-after-free in Huawei HarmonyOS communication module allows local attackers to cause denial of service and potentially disclose information without authentication. The vulnerability stems from a race condition (CWE-362) enabling memory corruption with high availability impact. EPSS data not available; no public exploit identified at time of analysis. Vendor has released security bulletin with remediation guidance.

Race Condition Information Disclosure
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-0234 HIGH PATCH This Week

Cryptographic signature bypass in Palo Alto Networks Cortex XSOAR and XSIAM Microsoft Teams integrations (versions 1.5.0 through 1.5.51) allows unauthenticated remote attackers to access and modify protected resources. The vulnerability stems from improper JWT verification (CWE-347), enabling attackers to forge authentication tokens. With CVSS 7.2 (High complexity, network-accessible, no privileges required) and tags indicating JWT attack vectors and information disclosure potential, this represents a critical integration security flaw requiring immediate patching to version 1.5.52 or later.

Information Disclosure Microsoft Jwt Attack Cortex Xsoar Microsoft Teams Marketplace Cortex Xsiam Microsoft Teams Marketplace
NVD VulDB
CVSS 4.0
7.2
EPSS
0.0%
CVE-2026-40043 HIGH This Week

Privilege escalation in Pachno 1.0.6 allows low-privilege authenticated users to hijack administrator sessions by manipulating the original_username cookie in the runSwitchUser() action, enabling unauthorized access to user ID 1 (admin) session tokens and password hashes. SSVC confirms proof-of-concept exists with partial technical impact, though EPSS indicates low exploitation probability (0.07%, 22nd percentile) and no active exploitation confirmed via CISA KEV.

Authentication Bypass Pachno
NVD VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-34984 HIGH PATCH GHSA This Week

DNS exfiltration in External Secrets Operator (ESO) allows authenticated Kubernetes users with ExternalSecret write permissions to leak secret material through controller-side DNS queries. The v2 template engine exposes Sprig's getHostByName function to user-controlled templates, enabling attackers to encode fetched secrets into DNS lookups performed by the ESO controller process. Patch available in v2.3.0 (commit 6800989b). No public exploit code identified at time of analysis, though the attack primitive is straightforward for actors with the requisite Kubernetes RBAC permissions.

Information Disclosure
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-40436 HIGH This Week

Password reset vulnerability in ZTE ZXEDM iEMS cloud management portal allows authenticated attackers with low privileges to enumerate all user accounts and reset arbitrary user passwords. This authentication bypass enables unauthorized administrative operations across the entire EMS system. Attack requires user interaction and moderate complexity (CVSS AC:H), but no public exploit identified at time of analysis. CVSS 7.1 reflects high confidentiality, integrity, and availability impact within the vulnerable component's scope.

Authentication Bypass Zte
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-40039 HIGH This Week

Open redirection in Pachno 1.0.6's return_to parameter enables phishing campaigns that harvest user credentials by redirecting victims to attacker-controlled domains after login. With CVSS 7.1 (High) and EPSS 0.03% (9th percentile), exploitation requires user interaction but no authentication, making it effective for social engineering attacks. No active exploitation (CISA KEV) or public exploit code confirmed at time of analysis, though detailed advisories exist from ZeroScience and VulnCheck.

Information Disclosure Pachno
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-34476 HIGH PATCH GHSA This Week

Server-Side Request Forgery in Apache SkyWalking MCP 0.1.0 allows authenticated remote attackers to access internal network resources and exfiltrate sensitive data via a malicious SW-URL header. CVSS 7.1 (High severity) with network attack vector and low complexity. No public exploit identified at time of analysis, SSVC framework indicates no active exploitation and non-automatable attack requiring manual interaction with internal architecture knowledge.

Apache SSRF
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-31426 HIGH PATCH This Week

Use-after-free in Linux kernel ACPI EC driver allows local authenticated attackers with low privileges to achieve high integrity, confidentiality, and availability impact on reduced-hardware platforms when GPIO IRQ provider defers probing. Vendor patches are available across stable branches (6.1.168, 6.6.131, 6.12.80, 6.18.21, 6.19.11, 7.0). EPSS score of 0.02% (7th percentile) indicates very low observed exploitation probability, and no active exploitation is confirmed (not in CISA KEV). The vulnerability triggers when EC handler cleanup fails during probe deferral, leaving a dangling pointer that is later dereferenced during AML evaluation of EC OpRegion accesses (battery, thermal, backlight operations).

Information Disclosure Linux Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-4786 HIGH PATCH This Week

Command injection in CPython's webbrowser.open() API bypasses previous CVE-2026-4519 mitigation via specially crafted URLs containing '%action' patterns. All CPython versions prior to 3.15.0 are affected, allowing local attackers with user interaction to execute arbitrary commands through underlying shell injection. EPSS probability is low (0.02%, 5th percentile), no active exploitation confirmed (not in CISA KEV), but publicly available patches exist via multiple GitHub commits. The incomplete mitigation highlights the challenge of securing browser-handling code across diverse browser implementations.

Command Injection Cpython
NVD GitHub VulDB
CVSS 4.0
7.0
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy