Skip to main content
CVE-2026-40499 HIGH POC PATCH This Week

Command injection in radare2's PDB parser (versions <6.1.4) enables arbitrary command execution when analysts process maliciously crafted PE/PDB files containing newline bytes in section header names. Attack requires local file access and user interaction (opening the file with radare2's idp command). Publicly available exploit exists with EPSS score of 0.07% (22nd percentile), indicating low likelihood of mass exploitation but significant risk for targeted attacks against reverse engineers and malware analysts who routinely examine untrusted binaries.

Command Injection Radare2
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.1%
CVE-2026-5387 CRITICAL CISA Emergency

The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privilege escalation with potential for modification of simulation parameters, training configuration, and training records.

Authentication Bypass Privilege Escalation Pipeline Simulation 2025
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-40500 MEDIUM POC This Month

ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests to attacker-controlled internal or external hosts. Attackers can exploit differentiable error messages returned by the server to perform reliable internal network port scanning, host enumeration across RFC-1918 ranges, and potential access to cloud instance metadata endpoints.

SSRF Processwire
NVD GitHub VulDB
CVSS 4.0
6.1
EPSS
0.0%
CVE-2026-20186 CRITICAL NEWS Act Now

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to&nbsp;root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Denial Of Service Cisco Command Injection Cisco Identity Services Engine Software
NVD VulDB
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-20147 CRITICAL NEWS Act Now

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Denial Of Service Cisco Command Injection Cisco Identity Services Engine Software Cisco Ise Passive Identity Connector
NVD VulDB
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-20180 CRITICAL NEWS Act Now

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to&nbsp;root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Denial Of Service Cisco Path Traversal Cisco Identity Services Engine Software
NVD VulDB
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-3461 CRITICAL Act Now

Authentication bypass in Visa Acceptance Solutions WordPress plugin (all versions through 2.1.0) allows unauthenticated remote attackers to gain complete account takeover by providing any user's email address during guest checkout. The vulnerability enables login as any existing user, including administrators, without password verification or email ownership validation. With a CVSS score of 9.8 (critical) and attack complexity of Low, this represents an immediate exploitation risk requiring no user interaction or privileges, though no public exploit or active exploitation (KEV) has been identified at time of analysis.

Authentication Bypass WordPress
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-4880 CRITICAL Act Now

Privilege escalation to WordPress administrator via insecure token-based authentication in Barcode Scanner (+Mobile App) plugin versions ≤1.11.0 allows remote unauthenticated attackers to gain full administrative control. The plugin leaks valid admin authentication tokens through the 'barcodeScannerConfigs' action and accepts Base64-encoded user IDs without validation, enabling attackers to spoof admin credentials, extract legitimate tokens, and modify any user's 'wp_capabilities' meta to grant themselves administrator privileges. CVSS 9.8 (Critical) with network vector, low complexity, and no authentication required. Vendor patch deployed in changeset 3506824.

Privilege Escalation WordPress
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-1555 CRITICAL Act Now

Unrestricted file upload in WebStack WordPress theme allows unauthenticated remote code execution. The io_img_upload() function in all versions through 1.2024 lacks file type validation, enabling unauthenticated attackers to upload malicious files (e.g., PHP shells) directly to the server. No public exploit identified at time of analysis, but EPSS score and attack complexity (CVSS AC:L) indicate straightforward exploitation. Critical severity (CVSS 9.8) warranted due to complete system compromise potential with zero authentication barriers.

WordPress RCE File Upload
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-30993 CRITICAL Act Now

Slah CMS v1.5.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the session() function at config.php. This vulnerability is exploitable via a crafted input.

PHP Code Injection RCE
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-20184 CRITICAL NEWS Act Now

A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.

Authentication Bypass Cisco
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-30625 CRITICAL PATCH GHSA Act Now

Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands (npm, npx) accept argument flags that enable execution of arbitrary OS commands. Maliciously crafted MCP tasks may lead to remote code execution with the privileges of the Upsonic process. In version 0.72.0 Upsonic added a warning about using Stdio servers being able to execute commands directly on the machine.

Command Injection RCE Node.js
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-6296 CRITICAL PATCH Act Now

Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Heap Overflow Buffer Overflow Google Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-40173 CRITICAL PATCH GHSA Act Now

Dgraph distributed GraphQL database versions ≤25.3.1 expose admin authentication tokens through an unauthenticated /debug/pprof/cmdline endpoint, allowing remote attackers to retrieve the token from process command line arguments and gain full administrative access to the database. The vulnerability combines unauthenticated information disclosure (CWE-200) with subsequent authentication bypass, enabling configuration changes and operational control. Fixed in version 25.3.2 per vendor advisory GHSA-95mq-xwj4-r47p. CVSS 9.4 (AV:N/AC:L/PR:N/UI:N) indicates trivial remote exploitation against default configurations with no authentication required.

Authentication Bypass Information Disclosure Dgraph
NVD GitHub
CVSS 3.1
9.4
EPSS
0.1%
CVE-2025-15610 CRITICAL Act Now

Deserialization of untrusted data vulnerability in OpenText, Inc RightFax on Windows, 64 bit, 32 bit allows Object Injection.This issue affects RightFax: through 25.4.

Deserialization Microsoft
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-1314 MEDIUM POC This Month

The 3D FlipBook - PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the send_post_pages_json() function in all versions up to, and including, 1.16.17. This makes it possible for unauthenticated attackers to retrieve flipbook page metadata for draft, private and password-protected flipbooks.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-14813 CRITICAL PATCH GHSA Act Now

GOST CTR block cipher in Bouncy Castle BC-JAVA processes only the first 255 blocks correctly, causing silent data corruption in encryption/decryption operations for longer messages. Affects BC-JAVA versions 1.59 through 1.83, with fix available in version 1.84. Local attack vector (CVSS AV:L) with critical CVSS 9.4 score reflects potential for both confidentiality and integrity compromise when applications process GOST-encrypted data streams exceeding 255 blocks (~4KB). No KEV listing or public

Java Information Disclosure Bc Java
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-5189 CRITICAL PATCH Act Now

CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitation requires the non-default nexus.orient.binaryListenerEnabled=true configuration to be enabled.

Authentication Bypass Nexus Repository
NVD
CVSS 4.0
9.2
EPSS
0.1%
CVE-2026-33808 CRITICAL PATCH GHSA Act Now

Authentication bypass in @fastify/express v4.0.4 and earlier allows remote unauthenticated attackers to access protected routes via URL path manipulation. The vulnerability exploits a URL normalization mismatch: Fastify router normalizes URLs (removing duplicate slashes or handling semicolon delimiters based on configuration), but @fastify/express passes the original un-normalized URL to Express middleware, causing path-scoped authentication checks to fail and be skipped entirely. No public expl

Authentication Bypass Fastify Express
NVD GitHub VulDB
CVSS 4.0
9.1
EPSS
0.1%
CVE-2026-40575 CRITICAL PATCH GHSA Act Now

{ internal; # Ensure external users can't access this path proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Uri $request_uri; proxy_pass http://oauth2-proxy:4180/; } ``` - Restrict direct client access to OAuth2 Proxy so it can only be reached through a trusted reverse proxy - Remove or narrow `--skip-auth-route` / `--skip-auth-regex` rules where possible

Authentication Bypass Nginx
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-33807 CRITICAL PATCH GHSA Act Now

Middleware bypass in Fastify Express plugin (fastify/express) allows complete circumvention of authentication, authorization, and rate limiting controls due to path doubling logic error. When child plugins register with prefixes matching middleware paths, the onRegister function incorrectly doubles the middleware path, preventing any matches against incoming requests. Affects fastify/express versions ≤4.0.4 across all routes within child plugin scopes. Remote attackers require no authentication (CVSS PR:N), no user interaction, and low attack complexity to bypass critical security controls. No public exploit identified at time of analysis, though exploitation requires no special configuration or request crafting.

Authentication Bypass Fastify Express
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-41118 CRITICAL PATCH GHSA Act Now

Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage (COS). If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secret_key configuration value from the Pyroscope API. To exploit this vulnerability, an attacker needs direct access to the Pyroscope API. We highly recommend limiting the public internet exposure of all our databases, such that they are only accessible by trusted users or internal systems. This vulnerability is fixed in versions: 1.15.x: 1.15.2 and above. 1.16.x: 1.16.1 and above. 1.17.x: 1.17.0 and above (i.e. all versions). Thanks to Théo Cusnir for reporting this vulnerability to us via our bug bounty program.

Information Disclosure Pyroscope
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-6388 CRITICAL Act Now

A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates on applications managed by other tenants. This leads to cross-namespace privilege escalation, impacting application integrity through unauthorized application updates.

Privilege Escalation Red Hat Openshift Gitops
NVD
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-40478 CRITICAL PATCH NEWS GHSA Act Now

A security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf up to and including 3.1.3.RELEASE. Although the library provides mechanisms to prevent expression injection, it fails to properly neutralize specific syntax patterns that allow for the execution of unauthorized expressions. If an application developer passes unvalidated user input directly to the template engine, an unauthenticated remote attacker can bypass the library's protections to achieve Server-Side Template Injection (SSTI). This has been fixed in Thymeleaf 3.1.4.RELEASE. No workaround is available beyond ensuring applications do not pass unvalidated user input directly to the template engine. Upgrading to 3.1.4.RELEASE is strongly recommended in any case. Thanks to Dawid Bakaj (VIPentest.com) for responsible disclosure.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.0
EPSS
0.1%
CVE-2026-40477 CRITICAL PATCH GHSA Act Now

A security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf up to and including 3.1.3.RELEASE. Although the library provides mechanisms to prevent expression injection, it fails to properly restrict the scope of accessible objects, allowing specific potentially sensitive objects to be reached from within a template. If an application developer passes unvalidated user input directly to the template engine, an unauthenticated remote attacker can bypass the library's protections to achieve Server-Side Template Injection (SSTI). This has been fixed in Thymeleaf 3.1.4.RELEASE. No workaround is available beyond ensuring applications do not pass unvalidated user input directly to the template engine. Upgrading to 3.1.4.RELEASE is strongly recommended in any case. Thanks to Thomas Reburn (Praetorian) for responsible disclosure.

Information Disclosure
NVD GitHub
CVSS 3.1
9.0
EPSS
0.1%
CVE-2026-33805 CRITICAL PATCH GHSA Act Now

HTTP header smuggling in @fastify/reply-from ≤12.6.1 and @fastify/http-proxy ≤11.4.3 allows remote unauthenticated attackers to strip proxy-added security headers from upstream requests via malicious Connection header values. Attackers can retroactively remove headers intended for routing, access control, or authentication, potentially bypassing proxy-enforced security policies. CVSS 9.0 (Critical) with high integrity impact to both vulnerable and subsequent systems. EPSS 0.04% indicates low mass-exploitation probability despite proof-of-concept availability (SSVC). Vendor patches available: upgrade to @fastify/reply-from ≥12.6.2 or @fastify/http-proxy ≥11.4.4.

Information Disclosure Fastify Reply From Fastify Http Proxy
NVD GitHub VulDB
CVSS 4.0
9.0
EPSS
0.0%
CVE-2026-5598 HIGH PATCH GHSA This Week

Non-constant time comparison operations in the Legion of the Bouncy Castle BC-JAVA cryptographic library (core modules, versions 2.17.3 through 1.83) expose FrodoKEM private keys to timing side-channel attacks, enabling remote unauthenticated attackers to extract cryptographic secrets through statistical analysis of operation timing variations. CVSS 4.0 score of 10.0 reflects maximum confidentiality and integrity impact across system and subsequent contexts. EPSS probability is low (0.04%, 14th percentile) and no active exploitation is confirmed, but SSVC framework rates this as automatable with total technical impact. Vendor patch available in BC-JAVA 1.84.

Java Information Disclosure Bc Java
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.0%
CVE-2026-6318 HIGH PATCH This Week

Arbitrary code execution within Chrome's sandbox affects all versions prior to 147.0.7727.101 via crafted HTML pages exploiting a use-after-free in codec processing. Remote attackers require user interaction (visiting a malicious page) but need no authentication. CVSS 8.8 (High) with network attack vector, low complexity, and high impact across confidentiality, integrity, and availability. Google patched this in the stable channel update released April 15, 2026. No public exploit code or CISA KEV listing identified at time of analysis, though Chromium issue tracker #495996858 indicates vendor-confirmed vulnerability. The sandbox containment limits initial exploitation to Chrome's restricted environment, not direct system compromise.

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6317 HIGH PATCH This Week

Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6316 HIGH PATCH This Week

Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6303 HIGH PATCH This Week

Arbitrary code execution within Google Chrome's sandbox affects all versions prior to 147.0.7727.101 through a use-after-free vulnerability in the codec processing components. Remote attackers can exploit this by tricking users into visiting a malicious webpage, achieving high-severity compromise of confidentiality, integrity, and availability within the sandboxed renderer process. Google has released version 147.0.7727.101 as a stable channel update to address this flaw. No evidence of active exploitation (not in CISA KEV) or public exploit code has been identified at time of analysis, though the simplicity of the attack vector (network-based, low complexity, requiring only user interaction) warrants prioritized patching.

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6306 HIGH PATCH This Week

Heap buffer overflow in Google Chrome's PDFium library (versions prior to 147.0.7727.101) enables remote code execution within the Chrome sandbox when a victim opens a malicious PDF file. Despite CVSS 8.8 severity, exploitation requires user interaction (opening a crafted PDF) and is confined to the sandbox, limiting system-level impact. Vendor patch available in Chrome 147.0.7727.101. No active exploitation confirmed (not in CISA KEV), no public POC identified at time of analysis. EPSS data not provided.

Heap Overflow Buffer Overflow RCE Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6363 HIGH PATCH This Week

Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Memory Corruption Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6315 HIGH PATCH This Week

Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6359 HIGH PATCH This Week

Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Use After Free Microsoft Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6358 HIGH PATCH This Week

Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critical)

Denial Of Service Memory Corruption Use After Free Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-40316 HIGH This Week

OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with full GITHUB_TOKEN write permissions, copies attacker-controlled files from untrusted pull requests into the trusted runner workspace via git show, and then executes python manage.py makemigrations, which imports Django model modules including attacker-controlled website/models.py at runtime. Any module-level Python code in the attacker's models.py is executed during import, enabling arbitrary code execution in the privileged CI environment with access to GITHUB_TOKEN and repository secrets. The attack is triggerable by any external contributor who can open a pull request, provided a maintainer applies the regenerate-migrations label, potentially leading to secret exfiltration, repository compromise, and supply chain attacks. A patch for this issue is expected to be released in version 2.1.1.

Code Injection Python RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-5617 HIGH This Week

Privilege escalation in Login as User WordPress plugin (all versions ≤1.0.3) allows authenticated subscribers to become administrators by manipulating a client-side cookie. Attackers with Subscriber-level access can set the 'oclaup_original_admin' cookie to an admin user ID and trigger the 'Return to Admin' function, granting full admin privileges. CVSS 8.8 (High) with network vector, low complexity, and low privileges required. No public exploit identified at time of analysis, EPSS data not available. Wordfence reported vulnerability with direct source code references to vulnerable functions in class-login-handler.php.

Authentication Bypass Privilege Escalation WordPress
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-34393 HIGH PATCH GHSA This Week

Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been fixed in version 5.17.

Privilege Escalation Weblate
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6307 HIGH PATCH This Week

Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption RCE Google Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6302 HIGH PATCH This Week

Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6301 HIGH PATCH This Week

Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption RCE Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6300 HIGH PATCH This Week

Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6299 HIGH PATCH This Week

Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6360 HIGH PATCH This Week

Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Memory Corruption Use After Free Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6305 HIGH PATCH This Week

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Heap Overflow Buffer Overflow RCE Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3505 HIGH PATCH GHSA This Week

Pre-authentication resource exhaustion in Bouncy Castle BC-JAVA PGP modules (bcpg) allows remote attackers to trigger denial-of-service by exploiting unbounded AEAD chunk sizes, affecting all versions before 1.84. The maximum CVSS 4.0 score of 10.0 reflects complete compromise potential across confidentiality, integrity, and availability with no attack complexity, no authentication requirements, and network-based exploitation. No public exploit identified at time of analysis, though the attack s

Denial Of Service Java Bc Java
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-4682 HIGH This Week

Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices (WSD) scan requests are improperly validated and handled by the MFP. WSD Scan is a Microsoft Windows-based network scanning protocol that allows a PC to discover scanners (and MFPs) on a network and send scan jobs to them without requiring vendor specific drivers or utilities.

HP RCE Buffer Overflow Stack Overflow Microsoft
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-35569 HIGH PATCH GHSA This Week

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in SEO-related fields (SEO Title and Meta Description), where user-controlled input is rendered without proper output encoding into HTML contexts including <title> tags, <meta> attributes, and JSON-LD structured data. An attacker can inject a payload such as "></title><script>alert(1)</script> to break out of the intended HTML context and execute arbitrary JavaScript in the browser of any authenticated user who views the affected page. This can be leveraged to perform authenticated API requests, access sensitive data such as usernames, email addresses, and roles via internal APIs, and exfiltrate it to an attacker-controlled server. This issue has been fixed in version 4.29.0.

XSS Information Disclosure Node.js
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-30624 HIGH This Week

Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the configuration is applied without sufficient validation or restriction. An attacker may supply a malicious MCP configuration to execute arbitrary operating system commands, potentially resulting in remote code execution with the privileges of the Agent Zero process.

Command Injection RCE
NVD
CVSS 3.1
8.6
EPSS
0.2%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy