Skip to main content
CVE-2026-5718 HIGH POC This Week

Remote code execution in Drag and Drop Multiple File Upload for Contact Form 7 plugin (WordPress) versions ≤1.3.9.6 allows unauthenticated attackers to upload PHP webshells via dual file validation weaknesses. The plugin's custom blacklist configuration overwrites default protections instead of merging, and non-ASCII filenames bypass the wpcf7_antiscript_file_name() sanitizer. CVSS 8.1 with High attack complexity (AV:N/AC:H/PR:N/UI:N). Wordfence reported; patch released in changeset 3508522. No KEV listing or confirmed public exploitation, but proof-of-concept feasible given detailed vulnerable code references (lines 62, 883, 970, 987).

PHP File Upload WordPress RCE
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-35546 CRITICAL CISA Emergency

Unauthenticated remote firmware upload in Anviz CX2 Lite and CX7 access control devices allows complete device takeover with reverse shell access. Attackers can remotely upload malicious firmware archives without authentication (CVSS 9.8, AV:N/AC:L/PR:N/UI:N), enabling arbitrary code execution with full system privileges. Reported by ICS-CERT, affecting industrial/physical access control deployments. No EPSS or KEV data provided, but the authentication bypass (CWE-306) combined with network accessibility makes this a critical exposure for internet-facing or network-accessible devices.

Authentication Bypass Anviz Cx7 Firmware Anviz Cx2 Lite Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
Threat
4.0
CVE-2026-6483 HIGH POC PATCH This Week

OS command injection in Wavlink WL-WN530H4 router's internet.cgi endpoint allows authenticated attackers with high privileges to execute arbitrary system commands remotely. The vulnerability, affecting firmware version 20220721, resides in unsafe use of strcat/snprintf functions handling user input. Public exploit code exists (EPSS risk elevated by POC availability), though exploitation requires administrative credentials (PR:H), limiting automated mass exploitation. Vendor-released firmware patch 2026.04.16 available.

Command Injection Wl Wn530H4
NVD VulDB GitHub
CVSS 4.0
7.3
EPSS
0.1%
CVE-2026-6284 CRITICAL CISA Emergency

Brute force password attacks against Horner Automation XL4/XL7 PLCs and Cscape software allow remote unauthenticated attackers to gain unauthorized administrative access via network connections. Weak password policies (limited complexity requirements) combined with absent rate limiting enable systematic credential enumeration. CVSS 9.1 (Critical) reflects network-accessible attack with no authentication required. CISA ICS-CERT advisory confirms vulnerability in operational technology environments where PLCs control industrial processes.

Authentication Bypass Brute Force
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-35682 HIGH CISA Act Now

Command injection in Anviz CX2 Lite firmware allows authenticated attackers with low-privilege network access to execute arbitrary OS commands as root by manipulating a filename parameter, enabling full device compromise including persistent backdoor installation (e.g., telnetd service). This ICS-focused access control device vulnerability was reported by ICS-CERT, indicating deployment in critical infrastructure environments. No EPSS data or CISA KEV listing at time of analysis, but authentication requirement (PR:L) may limit mass exploitation while enabling insider threat scenarios.

Command Injection Anviz Cx2 Lite Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-40066 HIGH CISA Act Now

Remote code execution in Anviz CX2 Lite and CX7 access control devices allows authenticated attackers to upload malicious firmware update packages that execute arbitrary scripts without verification. Reported by ICS-CERT, targeting physical access control systems commonly deployed in enterprise and critical infrastructure environments. CVSS 8.8 indicates high impact across confidentiality, integrity, and availability once low-privilege authentication is obtained. No public exploit confirmed at time of analysis, but the attack vector is straightforward for authenticated users.

RCE Anviz Cx7 Firmware Anviz Cx2 Lite Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6421 MEDIUM POC PATCH This Month

DLL hijacking in MobaXterm Home Edition ≤26.1 allows local attackers with low privileges to execute arbitrary code by planting a malicious msimg32.dll in an uncontrolled search path location. Exploitation is complex (CVSS AC:H) but a public POC exists. Mobatek released version 26.2 to address the issue. EPSS data not provided, not listed in CISA KEV, suggesting limited active exploitation despite public proof-of-concept availability.

Information Disclosure Mobaxterm Home Edition
NVD VulDB
CVSS 4.0
6.4
EPSS
0.0%
CVE-2026-40434 HIGH CISA Act Now

TCP packet injection vulnerability in Anviz CrossChex Standard allows adjacent network attackers to manipulate or disrupt client/server communications without authentication. The application fails to verify the source of TCP packets, enabling attackers on the same network segment to inject malicious traffic and alter application behavior or cause denial of service. CISA ICS-CERT reported this affecting physical access control and time attendance systems. EPSS data not available; no confirmed active exploitation or public exploit code identified at time of analysis.

Code Injection Anviz Crosschex Standard
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-40342 CRITICAL PATCH Act Now

Remote code execution in Firebird RDBMS versions prior to 5.0.4, 4.0.7, and 3.0.14 allows authenticated users with CREATE FUNCTION privileges to execute arbitrary code as the database server process through path traversal in the external engine plugin loader. The vulnerability stems from insufficient input validation (CWE-22) when concatenating user-supplied engine names into filesystem paths, enabling attackers to load malicious shared libraries from arbitrary locations. With CVSS 10.0 and scope change (S:C), successful exploitation grants full system compromise beyond database boundaries. EPSS data not provided, no CISA KEV listing identified, indicating targeted rather than widespread exploitation at time of analysis. Vendor-released patches available across all affected major versions.

Path Traversal RCE Suse
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-40351 CRITICAL PATCH Act Now

NoSQL injection in FastGPT <4.14.9.5 password authentication allows unauthenticated remote attackers to bypass login controls and access any account, including root administrator, by submitting MongoDB query operators instead of plaintext passwords. The vulnerability stems from missing runtime validation on password fields in the login endpoint. Exploitation requires no special conditions beyond network access to the login endpoint. CVSS 9.8 (Critical) with EPSS data unavailable; no CISA KEV listing or public POC identified at time of analysis, though GitHub security advisory provides technical details that could enable exploit development.

Denial Of Service Nosql Injection Fastgpt
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-6443 CRITICAL Act Now

Malicious backdoor in Accordion and Accordion Slider plugin version 1.4.6 allows remote unauthenticated attackers complete site compromise. The plugin was sold to a threat actor who systematically embedded backdoors across their entire portfolio of acquired WordPress plugins. This represents confirmed active supply chain compromise affecting WordPress sites running version 1.4.6, enabling persistent unauthorized access and spam injection without authentication.

Code Injection WordPress
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-37749 CRITICAL NEWS Act Now

SQL injection in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php. CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) indicates trivial exploitation. CISA SSVC framework confirms proof-of-concept exists, attack is automatable, and technical impact is total (full system compromise). Public POC available on GitHub enables immediate weaponization by attackers with no specialized skills.

PHP SQLi N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-32324 HIGH CISA Act Now

Hardcoded cryptographic credentials in Anviz CX7 physical access control firmware allow local attackers to decrypt intercepted MQTT communications and forge device messages across multiple installations. CISA ICS-CERT reported this vulnerability affecting industrial access control systems. CVSS 7.7 reflects high confidentiality and integrity impact through credential compromise, though exploitation requires local access to extract embedded certificates. No active exploitation confirmed via CISA KEV at time of analysis, but credential reuse across device fleet creates scalable attack surface once initial key extraction occurs.

Information Disclosure Anviz Cx7 Firmware
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-15625 CRITICAL Act Now

SQL injection in Sparx Pro Cloud Server 6.0.163 allows remote attackers without authentication to execute arbitrary SQL commands against the backend database, leading to complete system compromise. Despite critical CVSS 9.5 scoring with network attack vector and no authentication required, exploitation complexity is rated HIGH and EPSS indicates only 0.06% probability (19th percentile). SSVC framework classifies technical impact as total but exploitation as none and not automatable, suggesting this requires specialized knowledge or non-default configurations to exploit. No active exploitation confirmed, no public exploit code identified at time of analysis.

SQLi Sparx Pro Cloud Server
NVD VulDB
CVSS 4.0
9.5
EPSS
0.1%
CVE-2026-6492 MEDIUM POC This Month

The Hotel Booking Management System by arnobt78 (up to commit f8922d0e0f6ac1cc761974c7616f44c2bbc04bea) exposes sensitive information through an unauthenticated network request to the /api/health/detailed endpoint, allowing remote attackers to disclose system details without authentication or user interaction. Publicly available exploit code exists, and the vendor has not responded to disclosure attempts.

Information Disclosure Hotel Booking Management System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-6490 MEDIUM POC This Month

SQL injection in QueryMine SMS admin/deletecourse.php allows remote unauthenticated attackers to read, modify, or delete database records via the ID parameter in GET requests. Affects all versions up to commit 7ab5a9ea196209611134525ffc18de25c57d9593. Public exploit code exists (GitHub POC available). EPSS data not available. Not listed in CISA KEV. Vendor non-responsive to disclosure. CVSS 7.3 with network attack vector and no authentication required indicates moderate-high severity, but real-world risk depends on deployment exposure of admin interface.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-40461 HIGH CISA Act Now

Remote unauthenticated attackers can modify debug settings on Anviz CX2 Lite and CX7 physical access control systems, including enabling SSH access, via unprotected POST requests. This authentication bypass (CWE-306) allows adversaries to alter device security configurations without credentials, creating persistent attack vectors for subsequent compromise. Reported by ICS-CERT, affecting operational technology environments where these access control devices manage facility security. No public exploit code identified at time of analysis, though the attack vector is straightforward (CVSS AV:N/AC:L/PR:N). EPSS data not available, not currently in CISA KEV.

Authentication Bypass Anviz Cx7 Firmware Anviz Cx2 Lite Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-32650 HIGH CISA Act Now

Anviz CrossChex Standard time and attendance software transmits database credentials in plaintext when attackers downgrade TDS7 PreLogin protocol encryption, enabling remote unauthenticated access to backend databases containing employee data and access control records. CVSS 7.5 (High) with network attack vector and no prerequisites. Reported by CISA ICS-CERT, indicating industrial/physical security context. EPSS and KEV status not provided in available data.

Authentication Bypass Anviz Crosschex Standard
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-23500 CRITICAL PATCH GHSA Act Now

Command injection in Dolibarr ERP/CRM versions before 23.0.0 allows authenticated administrators to execute arbitrary operating system commands during ODT-to-PDF template conversion. The vulnerability stems from unsanitized concatenation of the MAIN_ODT_AS_PDF configuration constant into shell commands in odf.php. Exploitation requires administrative privileges (PR:H) but can be executed remotely (AV:N) with low complexity (AC:L), resulting in full system compromise as the web server user. Fixed in version 23.0.0. EPSS data not available; no public exploit identified at time of analysis.

PHP Command Injection RCE
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.4%
CVE-2025-15623 CRITICAL Act Now

Sparx Systems Pro Cloud Server 6.0.163 exposes database credentials in plaintext to unauthenticated remote attackers through an unprotected information disclosure endpoint. The vulnerability enables attackers to retrieve sensitive system configuration including database passwords without authentication (CVSS:4.0 9.3 Critical, AV:N/PR:N). CISA SSVC classifies this as automatable with total technical impact, though no active exploitation is currently documented (EPSS 0.05%, no KEV listing). Patch available in version 6.1+ per vendor security advisory.

Information Disclosure Sparx Pro Cloud Server
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-15624 CRITICAL Act Now

Sparx Pro Cloud Server 6.0.163 stores user passwords in plaintext when OpenID authentication is configured, allowing remote unauthenticated attackers to extract credentials with network access to the backend database or file system. CVSS 9.3 (Critical) reflects network-accessible plaintext credential exposure. EPSS score of 0.05% (15th percentile) indicates low probability of widespread exploitation despite severity. No active exploitation confirmed (not in CISA KEV), but SSVC classifies as automatable with total technical impact. Vendor has released version 6.1 with fix per change history.

Information Disclosure Sparx Pro Cloud Server
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-32105 CRITICAL PATCH Act Now

Missing MAC signature verification in xrdp 0.10.5 and earlier allows man-in-the-middle attackers to modify encrypted RDP traffic without detection when Classic RDP Security layer is used. Unauthenticated network attackers with MITM position can alter packet contents in transit, achieving high integrity and confidentiality impact on both vulnerable and subsequent systems (CVSS 9.3, CVSS:4.0 with scope change). TLS security layer deployments are not affected. Vendor patch released in version 0.10.6. No active exploitation or public POC identified at time of analysis, but EPSS data unavailable for risk assessment.

Information Disclosure Suse
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-40525 CRITICAL PATCH GHSA Act Now

OpenViking VikingBot OpenAPI routes permit unauthenticated remote attackers to execute privileged bot-control operations when the api_key configuration is unset or empty. Attackers can submit arbitrary prompts, manipulate bot sessions, and access downstream integrations, secrets, and data without providing valid X-API-Key authentication. Affects OpenViking versions ≤0.3.8; patched in commit c7bb167 (v0.3.9 release). No active exploitation confirmed (not in CISA KEV), but EPSS score of 0.11% suggests low observed exploitation probability. VulnCheck advisory and GitHub patch available.

Authentication Bypass Openviking
NVD GitHub VulDB
CVSS 4.0
9.1
EPSS
0.1%
CVE-2026-35512 HIGH PATCH This Week

Heap-based buffer overflow in xrdp 0.10.5 and earlier allows remote code execution after authentication via malicious EGFX graphics channel PDUs. Authenticated attackers can exploit insufficient validation of client-controlled size parameters to write beyond allocated heap buffers. Unauthenticated attackers can only trigger denial-of-service crashes. Vendor-released patch available in version 0.10.6. No active exploitation confirmed (not in CISA KEV), but heap overflows in remote services are high-value targets. Default non-privileged execution since 0.10.2 limits post-compromise impact.

Heap Overflow Buffer Overflow RCE Suse
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.9%
CVE-2026-3464 HIGH This Week

Path traversal in WP Customer Area plugin through version 8.3.4 enables low-privileged authenticated users (Subscriber-level or higher, as configured by administrators) to read sensitive files like wp-config.php or delete critical WordPress files to achieve remote code execution. Wordfence reported this vulnerability affecting the ajax_attach_file function, which fails to properly validate file paths. CVSS 8.8 reflects network-based exploitation with low complexity, though exploitation requires authentication and administrator-granted plugin access. No evidence of active exploitation (not in CISA KEV) or public exploit code at time of analysis.

PHP Path Traversal WordPress RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-29013 HIGH PATCH This Week

Out-of-bounds read in libcoap's OSCORE CBOR parsing can escalate to heap buffer overflow, enabling remote unauthenticated attackers to trigger memory corruption via malformed CoAP packets. Affects libcoap versions prior to v4.3.5b. The vulnerability stems from release builds removing assert() bounds checks in get_byte_inc(), allowing integer wraparound during allocation size computation. No public exploit identified at time of analysis, but proof-of-concept is straightforward given the specific code path and commit fix available.

Information Disclosure Buffer Overflow Libcoap
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-40285 HIGH PATCH This Week

SQL injection in WeGIA charitable institution manager allows authenticated users to impersonate arbitrary identities and execute database queries with elevated privileges. The cpf_usuario parameter in dao/memorando/UsuarioDAO.php bypasses session-based identity controls through PHP's extract($_REQUEST) function, enabling any low-privileged authenticated user to query sensitive data or modify database contents as any other user, including administrators. WeGIA versions before 3.6.10 are affected. No public exploit identified at time of analysis, though exploitation complexity is low (CVSS AC:L) requiring only valid user credentials.

PHP SQLi
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-40352 HIGH PATCH This Week

NoSQL injection in FastGPT versions before 4.14.9.5 allows authenticated attackers to bypass password verification on the password change endpoint using MongoDB query operators. Low-privileged users can change their own password (or potentially others' passwords via ID manipulation) without knowing the current password, enabling full account takeover and persistent access. Fixed in version 4.14.9.5. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis, though the attack technique is well-documented for NoSQL injection vectors.

Authentication Bypass Nosql Injection Fastgpt
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4525 HIGH PATCH GHSA This Week

Token leakage in HashiCorp Vault and Vault Enterprise (0.11.2 up to 2.0.0, 1.21.5, 1.20.10, and 1.19.16) occurs when an auth mount is configured to pass through the 'Authorization' header and that same header is used to authenticate to Vault; in this case Vault forwards the caller's Vault token onward to the auth plugin backend. An authenticated client's token is thereby exposed to a plugin backend that should never see it, enabling potential impersonation and unauthorized secret access. No public exploit identified at time of analysis, and EPSS exploitation probability is negligible (0.01%, 3rd percentile).

Information Disclosure Hashicorp Vault Vault Enterprise
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-32107 HIGH PATCH This Week

Privilege escalation to root in xrdp 0.10.5 and earlier allows authenticated local attackers to execute arbitrary code due to improper error handling during privilege drop in the session execution component. The flaw requires low attack complexity and no user interaction (CVSS 8.8, AV:L/AC:L/PR:L/UI:N). Vendor-released patch available in xrdp v0.10.6. No public exploit or active exploitation confirmed at time of analysis, though CVSS scope change (S:C) indicates potential container/VM escape scenarios.

RCE Suse
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-40002 HIGH This Week

Local privilege escalation in the Red Magic 11 Pro (NX809J) gaming smartphone through firmware V1.0.0B14MR1 allows a non-privileged installed application to invoke a sensitive service interface that fails to validate its callers, letting the app write files to specific device partitions and set writable system properties. Reported by ZTE/Nubia through their own support bulletin, the issue is rated CVSS 8.8 with a scope change (S:C) reflecting the crossing of the app-sandbox privilege boundary into system context. There is no public exploit identified at time of analysis, EPSS is negligible (0.01%), and CISA SSVC records exploitation status as none.

Privilege Escalation Red Magic 11 Pro Nx809J
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-40459 HIGH PATCH This Week

LDAP injection vulnerabilities in PAC4J authentication library allow low-privileged remote attackers to execute arbitrary LDAP queries and directory operations by injecting malicious syntax into ID-based search parameters. Affects PAC4J 4.x before 4.5.10, 5.x before 5.7.10, and 6.x before 6.4.1. CVSS 8.7 (High) with network vector, low complexity, and low privilege requirement. No active exploitation confirmed per CISA KEV; EPSS score 0.22% suggests low near-term exploitation probability. Vendor patches available per pac4j.org advisory. CERT-PL reported vulnerability.

Authentication Bypass LDAP Code Injection
NVD VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-33689 HIGH PATCH This Week

Out-of-bounds read in xrdp 0.10.5 and earlier allows unauthenticated remote attackers to crash the RDP service or disclose memory contents during pre-authentication message parsing. The vulnerability (CWE-125) exploits insufficient buffer length validation in dynamic channel communication handling, affecting default installations exposed to network access. Fixed in version 0.10.6 per vendor advisory GHSA-92mr-6wpp-27jj. CVSS 8.7 reflects high availability impact; no active exploitation confirmed in CISA KEV at time of analysis, though public disclosure increases risk for internet-facing xrdp deployments.

Information Disclosure Buffer Overflow Suse
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-40515 HIGH PATCH This Week

Remote unauthenticated attackers can bypass path restrictions in OpenHarness (pre-commit bd4df81) to read arbitrary sensitive files via crafted grep/glob operations. The incomplete path normalization in permission checking allows exploitation of built-in tools to access sensitive root directories, key material, and configuration files despite configured access controls. CVSS 7.5 (High) with network vector and no authentication required. EPSS data not provided. No CISA KEV listing identified, indicating no confirmed widespread active exploitation at time of analysis. Vendor patch available via GitHub commit bd4df81.

Authentication Bypass Openharness
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-21719 HIGH This Week

Authenticated OS command injection in CubeCart prior to version 6.6.0 allows administrators to execute arbitrary system commands on the hosting server. Reported by JPCERT, this vulnerability requires high-privilege (admin) access but then permits full system compromise. CVSS 8.6 severity reflects low attack complexity from network position once admin credentials obtained. EPSS exploitation probability is low (0.18%, 40th percentile) with no active exploitation confirmed in CISA KEV or SSVC data, though POC status unknown. CubeCart 6.6.0 addresses this CWE-78 command injection flaw per vendor community announcement.

Command Injection Cubecart
NVD VulDB
CVSS 4.0
8.6
EPSS
0.2%
CVE-2026-40527 HIGH PATCH This Week

Command injection in radare2's DWARF parsing (afsv/afsvj commands) allows local attackers to execute arbitrary shell commands by embedding malicious r2 command sequences in specially crafted ELF binaries. When a user opens the malicious binary and runs analysis commands (aaa followed by afsvj), unsanitized DW_TAG_formal_parameter names are interpolated into pfq command strings, triggering code execution. Fixed in commit bc5a890. EPSS data not available, not in CISA KEV. Publicly disclosed with patch and technical details from VulnCheck.

Command Injection Radare2
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-33569 MEDIUM CISA This Month

Anviz CX2 Lite and CX7 devices transmit administrative sessions over unencrypted HTTP, allowing on-path attackers to intercept and steal credentials and session tokens without authentication or user interaction beyond the legitimate admin connecting to the device. This breaks confidentiality of administrative access, enabling complete device compromise. CVSS 6.5 reflects the high confidentiality impact but lack of authentication barrier; exploitation is straightforward given network access to the device.

Information Disclosure Anviz Cx7 Firmware Anviz Cx2 Lite Firmware
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-6482 HIGH PATCH This Week

Local privilege escalation in Rapid7 Insight Agent (versions > 4.1.0.2) on Windows allows unprivileged users to execute arbitrary code as SYSTEM via OpenSSL configuration file planting. The agent service loads openssl.cnf from a non-existent directory writable by standard users, enabling full host compromise without authentication. CVSS 8.5 with proof-of-concept exploit code available (E:P). EPSS data not provided; not currently listed in CISA KEV.

Privilege Escalation Microsoft OpenSSL
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-40931 HIGH PATCH GHSA This Week

Symlink-based path traversal in the npm package 'compressing' v2.1.0 enables arbitrary file overwrites outside intended extraction directories via pre-planted symbolic links delivered through Git repositories. Attackers exploit a partial fix bypass of CVE-2026-24884 by poisoning filesystem state before archive extraction-Git clone operations automatically deploy malicious symlinks without user interaction beyond standard developer workflows. This supply chain vector allows overwriting critical system files (e.g., /etc/passwd) or application binaries to achieve privilege escalation or remote code execution. CVSS 8.4 (AV:L) reflects local attack vector, but real-world risk is amplified by Git-based delivery requiring zero privileges and no user interaction beyond cloning a malicious repository. No EPSS or KEV data available at time of analysis.

Privilege Escalation Path Traversal RCE Node.js
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-23853 HIGH PATCH This Week

Local attackers can gain full system access to Dell PowerProtect Data Domain storage systems without authentication due to weak default credentials in DD OS versions 7.7.1.0-8.5, 8.3.1.0-8.3.1.20, and 7.13.1.0-7.13.1.50. The vulnerability allows complete system compromise (CVSS 8.4) with high confidentiality, integrity, and availability impact despite requiring local access. No active exploitation confirmed (EPSS 0.01%, not in CISA KEV), and Dell has released patches across all affected release branches. SSVC framework rates this as total technical impact but non-automatable and not currently exploited.

Authentication Bypass Dell
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-40481 HIGH PATCH GHSA This Week

Uncontrolled memory consumption in monetr 1.12.3 and earlier allows remote unauthenticated attackers to trigger denial of service by sending oversized payloads to the public Stripe webhook endpoint. The vulnerability affects deployments with Stripe webhooks enabled and lacks upstream body-size enforcement. Version 1.12.4 provides a fix. EPSS and KEV data not available; no public exploit confirmed at time of analysis, though the attack method is straightforward (8.2 CVSS reflecting high availability impact with low complexity).

Denial Of Service Monetr
NVD GitHub
CVSS 4.0
8.2
EPSS
0.1%
CVE-2026-28224 HIGH PATCH This Week

Null pointer dereference in Firebird SQL server causes remote denial-of-service when unauthenticated attackers send malformed op_crypt_key_callback packets. Firebird versions prior to 5.0.4, 4.0.7, and 3.0.14 are affected. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms trivial remote exploitation requiring no authentication or user interaction, allowing attackers who know only the server's IP and port to crash database services. The integrity impact rating (I:L) suggests potential for limited data corruption alongside the high availability impact. Vendor-released patches are available in versions 5.0.4, 4.0.7, and 3.0.14. No public exploit code or CISA KEV listing identified at time of analysis, though the low attack complexity makes weaponization straightforward.

Null Pointer Dereference Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-27890 HIGH PATCH This Week

Remote denial-of-service in Firebird database server versions prior to 5.0.4, 4.0.7, and 3.0.14 allows unauthenticated network attackers to crash the server via malformed authentication packets. Exploitable by sending out-of-order CNCT_specific_data segments during connection setup, triggering a negative size calculation and segmentation fault. No authentication, credentials, or special configuration required - only knowledge of server IP and port. CVSS 8.2 (High) with network vector, low complexity, and no privileges required. No public exploit code or active exploitation (CISA KEV) identified at time of analysis, though the attack surface is maximally exposed given the unauthenticated network vector and low complexity (AV:N/AC:L/PR:N).

Buffer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-40196 HIGH PATCH This Week

Broken access control in HomeBox prior to 0.25.0 allows authenticated users with revoked group access to continue performing full CRUD operations via API. After group invitation revocation, the defaultGroup ID persists on the user object, and when API requests omit the X-Tenant header, this unvalidated value enables bypassing access controls to read, modify, and delete group inventory data. Web interface correctly enforces revocation, creating a dangerous inconsistency. No active exploitation confirmed (EPSS data unavailable), but the authentication bypass tag and CVSS 8.1 with network vector indicate significant risk for multi-tenant HomeBox deployments.

Authentication Bypass Homebox
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-3605 HIGH PATCH GHSA This Week

HashiCorp Vault's KVv2 secrets engine allows authenticated users with glob-based policy access to delete secrets outside their authorization scope, causing denial-of-service across versions 0.10.0 through 1.x. The flaw stems from improper access control (CWE-288) in policy glob evaluation during delete operations. Exploitation requires valid Vault credentials with specific policy patterns but does not permit cross-namespace deletion or secret data exfiltration. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0/1.21.5/1.20.10/1.19.16. No active exploitation confirmed (EPSS 0.01%), but CVSS 8.1 reflects high integrity and availability impact for authenticated attackers.

Information Disclosure Hashicorp Vault Vault Enterprise
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-40321 HIGH PATCH GHSA This Week

Stored cross-site scripting (XSS) via malicious SVG file upload in DNN Platform (DotNetNuke) versions before 10.2.2 allows low-privileged authenticated users to execute arbitrary JavaScript in the context of other users' browsers. Attackers can craft SVG files containing embedded scripts that execute when viewed by victims, with elevated impact if targeting administrative users. EPSS data not provided; no CISA KEV listing indicates no confirmed widespread exploitation at time of analysis. CVSS 8.1 (High) reflects the scope change and high confidentiality/integrity impact despite requiring both authentication and user interaction.

Information Disclosure Microsoft
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-65104 HIGH PATCH This Week

Information disclosure in Firebird 3.x client library when connecting to Firebird 4+ servers allows local authenticated users to leak sensitive data through incorrect XSQLDA field length values. The vulnerability requires both the FB3 client library and an FB4+ server in the deployment. No active exploitation confirmed (not in CISA KEV), but CVSS 7.9 with scope change (S:C) indicates potential cross-boundary impact. Remediation requires upgrading the client library to Firebird 4.0.0 or higher.

Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
7.9
EPSS
0.0%
CVE-2026-40516 HIGH PATCH This Week

Server-Side Request Forgery in OpenHarness AI agent framework (pre-commit bd4df81) permits remote unauthenticated attackers to manipulate web_fetch and web_search tool parameters, forcing the agent to make HTTP requests to internal infrastructure including RFC1918 private networks, localhost services, and cloud metadata endpoints (e.g., AWS EC2 169.254.169.254). Changed scope (S:C) in CVSS vector indicates potential for pivoting beyond the vulnerable application's trust boundary. EPSS data unavailable; no public exploit identified at time of analysis, though exploitation technique is well-understood for SSRF class vulnerabilities. Patch available via GitHub commit bd4df81.

SSRF Openharness
NVD GitHub VulDB
CVSS 4.0
7.8
EPSS
0.0%
CVE-2025-36568 HIGH PATCH This Week

Insufficiently protected credential storage in Dell PowerProtect Data Domain BoostFS client allows local attackers with low privileges to extract stored credentials via local file access under specific race conditions (AC:H). Scope change (S:C) indicates compromised credentials grant access beyond the BoostFS client component itself, potentially to connected Data Domain systems. Dell has released patches for all affected branches (Feature Release 7.7.1.0-8.5, LTS2025 8.3.1.0-8.3.1.20, LTS2024 7.13.1.0-7.13.1.50). EPSS score of 0.01% suggests minimal observed exploitation interest, no CISA KEV listing, and no public POC identified at time of analysis.

Information Disclosure Dell
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-32623 HIGH PATCH This Week

Heap-based buffer overflow in xrdp's NeutrinoRDP module (versions ≤0.10.5) enables malicious downstream RDP servers or MitM attackers to achieve remote code execution or denial of service when proxying RDP sessions. Exploitation requires the victim xrdp server to have the non-default NeutrinoRDP module compiled and enabled (--enable-neutrinordp), and a user must initiate an RDP session through the affected proxy to a malicious server. EPSS data unavailable; no CISA KEV listing indicates targeted rather than widespread exploitation. Fixed in version 0.10.6.

Heap Overflow Denial Of Service Buffer Overflow RCE Suse
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy