Skip to main content
CVE-2026-40499 HIGH POC PATCH This Week

Command injection in radare2's PDB parser (versions <6.1.4) enables arbitrary command execution when analysts process maliciously crafted PE/PDB files containing newline bytes in section header names. Attack requires local file access and user interaction (opening the file with radare2's idp command). Publicly available exploit exists with EPSS score of 0.07% (22nd percentile), indicating low likelihood of mass exploitation but significant risk for targeted attacks against reverse engineers and malware analysts who routinely examine untrusted binaries.

Command Injection Radare2
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.1%
CVE-2026-5598 HIGH PATCH GHSA This Week

Non-constant time comparison operations in the Legion of the Bouncy Castle BC-JAVA cryptographic library (core modules, versions 2.17.3 through 1.83) expose FrodoKEM private keys to timing side-channel attacks, enabling remote unauthenticated attackers to extract cryptographic secrets through statistical analysis of operation timing variations. CVSS 4.0 score of 10.0 reflects maximum confidentiality and integrity impact across system and subsequent contexts. EPSS probability is low (0.04%, 14th percentile) and no active exploitation is confirmed, but SSVC framework rates this as automatable with total technical impact. Vendor patch available in BC-JAVA 1.84.

Java Information Disclosure Bc Java
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.0%
CVE-2026-6318 HIGH PATCH This Week

Arbitrary code execution within Chrome's sandbox affects all versions prior to 147.0.7727.101 via crafted HTML pages exploiting a use-after-free in codec processing. Remote attackers require user interaction (visiting a malicious page) but need no authentication. CVSS 8.8 (High) with network attack vector, low complexity, and high impact across confidentiality, integrity, and availability. Google patched this in the stable channel update released April 15, 2026. No public exploit code or CISA KEV listing identified at time of analysis, though Chromium issue tracker #495996858 indicates vendor-confirmed vulnerability. The sandbox containment limits initial exploitation to Chrome's restricted environment, not direct system compromise.

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6317 HIGH PATCH This Week

Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6316 HIGH PATCH This Week

Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6303 HIGH PATCH This Week

Arbitrary code execution within Google Chrome's sandbox affects all versions prior to 147.0.7727.101 through a use-after-free vulnerability in the codec processing components. Remote attackers can exploit this by tricking users into visiting a malicious webpage, achieving high-severity compromise of confidentiality, integrity, and availability within the sandboxed renderer process. Google has released version 147.0.7727.101 as a stable channel update to address this flaw. No evidence of active exploitation (not in CISA KEV) or public exploit code has been identified at time of analysis, though the simplicity of the attack vector (network-based, low complexity, requiring only user interaction) warrants prioritized patching.

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6306 HIGH PATCH This Week

Heap buffer overflow in Google Chrome's PDFium library (versions prior to 147.0.7727.101) enables remote code execution within the Chrome sandbox when a victim opens a malicious PDF file. Despite CVSS 8.8 severity, exploitation requires user interaction (opening a crafted PDF) and is confined to the sandbox, limiting system-level impact. Vendor patch available in Chrome 147.0.7727.101. No active exploitation confirmed (not in CISA KEV), no public POC identified at time of analysis. EPSS data not provided.

Heap Overflow Buffer Overflow RCE Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6363 HIGH PATCH This Week

Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Memory Corruption Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6315 HIGH PATCH This Week

Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6359 HIGH PATCH This Week

Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Use After Free Microsoft Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6358 HIGH PATCH This Week

Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critical)

Denial Of Service Memory Corruption Use After Free Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-40316 HIGH This Week

OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with full GITHUB_TOKEN write permissions, copies attacker-controlled files from untrusted pull requests into the trusted runner workspace via git show, and then executes python manage.py makemigrations, which imports Django model modules including attacker-controlled website/models.py at runtime. Any module-level Python code in the attacker's models.py is executed during import, enabling arbitrary code execution in the privileged CI environment with access to GITHUB_TOKEN and repository secrets. The attack is triggerable by any external contributor who can open a pull request, provided a maintainer applies the regenerate-migrations label, potentially leading to secret exfiltration, repository compromise, and supply chain attacks. A patch for this issue is expected to be released in version 2.1.1.

Code Injection Python RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-5617 HIGH This Week

Privilege escalation in Login as User WordPress plugin (all versions ≤1.0.3) allows authenticated subscribers to become administrators by manipulating a client-side cookie. Attackers with Subscriber-level access can set the 'oclaup_original_admin' cookie to an admin user ID and trigger the 'Return to Admin' function, granting full admin privileges. CVSS 8.8 (High) with network vector, low complexity, and low privileges required. No public exploit identified at time of analysis, EPSS data not available. Wordfence reported vulnerability with direct source code references to vulnerable functions in class-login-handler.php.

Authentication Bypass Privilege Escalation WordPress
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-34393 HIGH PATCH GHSA This Week

Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been fixed in version 5.17.

Privilege Escalation Weblate
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6307 HIGH PATCH This Week

Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption RCE Google Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6302 HIGH PATCH This Week

Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6301 HIGH PATCH This Week

Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption RCE Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6300 HIGH PATCH This Week

Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6299 HIGH PATCH This Week

Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6360 HIGH PATCH This Week

Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Memory Corruption Use After Free Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6305 HIGH PATCH This Week

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Heap Overflow Buffer Overflow RCE Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3505 HIGH PATCH GHSA This Week

Pre-authentication resource exhaustion in Bouncy Castle BC-JAVA PGP modules (bcpg) allows remote attackers to trigger denial-of-service by exploiting unbounded AEAD chunk sizes, affecting all versions before 1.84. The maximum CVSS 4.0 score of 10.0 reflects complete compromise potential across confidentiality, integrity, and availability with no attack complexity, no authentication requirements, and network-based exploitation. No public exploit identified at time of analysis, though the attack s

Denial Of Service Java Bc Java
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-4682 HIGH This Week

Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices (WSD) scan requests are improperly validated and handled by the MFP. WSD Scan is a Microsoft Windows-based network scanning protocol that allows a PC to discover scanners (and MFPs) on a network and send scan jobs to them without requiring vendor specific drivers or utilities.

HP RCE Buffer Overflow Stack Overflow Microsoft
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-35569 HIGH PATCH GHSA This Week

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in SEO-related fields (SEO Title and Meta Description), where user-controlled input is rendered without proper output encoding into HTML contexts including <title> tags, <meta> attributes, and JSON-LD structured data. An attacker can inject a payload such as "></title><script>alert(1)</script> to break out of the intended HTML context and execute arbitrary JavaScript in the browser of any authenticated user who views the affected page. This can be leveraged to perform authenticated API requests, access sensitive data such as usernames, email addresses, and roles via internal APIs, and exfiltrate it to an attacker-controlled server. This issue has been fixed in version 4.29.0.

XSS Information Disclosure Node.js
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-30624 HIGH This Week

Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the configuration is applied without sufficient validation or restriction. An attacker may supply a malicious MCP configuration to execute arbitrary operating system commands, potentially resulting in remote code execution with the privileges of the Agent Zero process.

Command Injection RCE
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2026-30617 HIGH This Week

LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When the MCP server is started and MCP is enabled for agent execution, subsequent agent activity triggers execution of arbitrary commands on the server. Successful exploitation allows arbitrary command execution within the context of the LangChain-ChatChat service.

Command Injection RCE
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-30995 HIGH This Week

Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereador_ver.php endpoint.

SQLi PHP
NVD VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-40744 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through <= 2.10.1.2.

SQLi Beaver Builder
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-22676 HIGH PATCH This Week

Local privilege escalation in Barracuda RMM (all versions prior to 2025.2.2) enables authenticated Windows users to execute arbitrary code as NT AUTHORITY\SYSTEM by writing malicious files to the insecurely-permissioned C:\Windows\Automation directory. Vendor-released patch version 2025.2.2 addresses the filesystem ACL misconfiguration. EPSS data unavailable; no confirmed active exploitation (not in CISA KEV), though VulnCheck public advisory increases likelihood of POC development. CVSS 8.5 reflects high local impact requiring only low-privileged authentication.

Privilege Escalation Microsoft
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-4145 HIGH PATCH This Week

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated privileges.

Lenovo RCE
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2024-53412 HIGH GHSA This Week

Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-4857 HIGH PATCH This Week

IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capability or any custom capability with the ViewAccessDebugPage SPRight to incorrectly create new IdentityIQ objects.  Until a remediating security fix or patches containing this security fix are installed, the Debug Pages Read Only capability and any custom capabilities that contain the ViewAccessDebugPage SPRight should be unassigned from all identities and workgroups.

Authentication Bypass Identityiq
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-6328 HIGH This Week

XQUIC library through version 1.8.3 on Linux permits signature verification bypass and protocol manipulation via crafted QUIC STREAM frames, allowing network attackers to inject forged data into encrypted QUIC connections. Exploitation requires high complexity network interception but needs no authentication (CVSS:4.0 AV:N/AC:H/PR:N). No active exploitation confirmed (not in CISA KEV), but upstream fix available via GitHub commit 4764604a0e487eeb49338b4498aecda2194eae84. Affects applications usi

Information Disclosure Xquic
NVD GitHub VulDB
CVSS 4.0
8.3
EPSS
0.1%
CVE-2026-30461 HIGH This Week

Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule.

PHP Command Injection RCE N A
NVD GitHub VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-6311 HIGH PATCH This Week

Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Information Disclosure Microsoft Google Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-6314 HIGH PATCH This Week

Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Buffer Overflow Google Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-6310 HIGH PATCH This Week

Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Memory Corruption Use After Free Google Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-6309 HIGH PATCH This Week

Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Memory Corruption Use After Free Google Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-6304 HIGH PATCH This Week

Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Memory Corruption Use After Free Google Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-6361 HIGH PATCH This Week

Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Microsoft Google Heap Overflow Buffer Overflow RCE +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-6297 HIGH PATCH This Week

Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Denial Of Service Memory Corruption Use After Free Google Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2025-54550 HIGH PATCH GHSA This Week

The example example_xcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly trusted, this is a Low severity vulnerability. It does not affect Airflow release - example_dags are not supposed to be enabled in production environment, however users following the example could replicate the bad pattern. Documentation of Airflow 3.2.0 contains version of the example with improved resiliance for that case. Users who followed that pattern are advised to adjust their implementations accordingly.

Code Injection RCE Apache Airflow
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-40784 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a through <= 1.91.2.

Authentication Bypass Fluentboards
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-40764 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through <= 1.10.0.2.

CSRF Contact Form By Wpforms
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-33435 HIGH PATCH GHSA This Week

Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can limit the scope of the vulnerability by restricting access to the project backup, as it is only accessible to users who can create projects.

RCE Weblate
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-30615 HIGH This Week

A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic registration of a malicious MCP STDIO server, resulting in execution of arbitrary commands without further user interaction. Successful exploitation may allow attackers to execute commands on behalf of the user, persist malicious MCP configuration changes, and access sensitive information exposed through the application.

Command Injection
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-6290 HIGH PATCH GHSA This Week

Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query() plugin, in a notebook cell, to run VQL queries on other orgs which they may not have access to. The user's permissions in the other org are the same as the permissions they have in the org containing the notebook.

Authentication Bypass Velociraptor
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-6384 HIGH PATCH This Week

A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution.

Denial Of Service Buffer Overflow RCE Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-5397 HIGH This Week

DLL hijacking in OMRON PowerAttendant Standard Edition UPS management software allows local attackers with low privileges to escalate to SYSTEM by planting malicious libraries in the installation directory, which are loaded during service startup. The attack requires high complexity (vulnerable directory permissions must exist) but achieves scope change with full system compromise. No public exploit identified at time of analysis, though the DLL hijacking technique (CWE-427) is well-documented a

Information Disclosure Powerattendant Standard Edition
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34632 HIGH This Week

Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search path used by the application to locate critical resources, potentially causing unauthorized code execution. Exploitation of this issue required user interaction in that a user had to be running the installer.

RCE Adobe Adobe Photoshop Installer
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy