Skip to main content
CVE-2026-5718 HIGH POC This Week

Remote code execution in Drag and Drop Multiple File Upload for Contact Form 7 plugin (WordPress) versions ≤1.3.9.6 allows unauthenticated attackers to upload PHP webshells via dual file validation weaknesses. The plugin's custom blacklist configuration overwrites default protections instead of merging, and non-ASCII filenames bypass the wpcf7_antiscript_file_name() sanitizer. CVSS 8.1 with High attack complexity (AV:N/AC:H/PR:N/UI:N). Wordfence reported; patch released in changeset 3508522. No KEV listing or confirmed public exploitation, but proof-of-concept feasible given detailed vulnerable code references (lines 62, 883, 970, 987).

PHP File Upload WordPress RCE
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-6483 HIGH POC PATCH This Week

OS command injection in Wavlink WL-WN530H4 router's internet.cgi endpoint allows authenticated attackers with high privileges to execute arbitrary system commands remotely. The vulnerability, affecting firmware version 20220721, resides in unsafe use of strcat/snprintf functions handling user input. Public exploit code exists (EPSS risk elevated by POC availability), though exploitation requires administrative credentials (PR:H), limiting automated mass exploitation. Vendor-released firmware patch 2026.04.16 available.

Command Injection Wl Wn530H4
NVD VulDB GitHub
CVSS 4.0
7.3
EPSS
0.1%
CVE-2026-35682 HIGH CISA Act Now

Command injection in Anviz CX2 Lite firmware allows authenticated attackers with low-privilege network access to execute arbitrary OS commands as root by manipulating a filename parameter, enabling full device compromise including persistent backdoor installation (e.g., telnetd service). This ICS-focused access control device vulnerability was reported by ICS-CERT, indicating deployment in critical infrastructure environments. No EPSS data or CISA KEV listing at time of analysis, but authentication requirement (PR:L) may limit mass exploitation while enabling insider threat scenarios.

Command Injection Anviz Cx2 Lite Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-40066 HIGH CISA Act Now

Remote code execution in Anviz CX2 Lite and CX7 access control devices allows authenticated attackers to upload malicious firmware update packages that execute arbitrary scripts without verification. Reported by ICS-CERT, targeting physical access control systems commonly deployed in enterprise and critical infrastructure environments. CVSS 8.8 indicates high impact across confidentiality, integrity, and availability once low-privilege authentication is obtained. No public exploit confirmed at time of analysis, but the attack vector is straightforward for authenticated users.

RCE Anviz Cx7 Firmware Anviz Cx2 Lite Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-40434 HIGH CISA Act Now

TCP packet injection vulnerability in Anviz CrossChex Standard allows adjacent network attackers to manipulate or disrupt client/server communications without authentication. The application fails to verify the source of TCP packets, enabling attackers on the same network segment to inject malicious traffic and alter application behavior or cause denial of service. CISA ICS-CERT reported this affecting physical access control and time attendance systems. EPSS data not available; no confirmed active exploitation or public exploit code identified at time of analysis.

Code Injection Anviz Crosschex Standard
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-32324 HIGH CISA Act Now

Hardcoded cryptographic credentials in Anviz CX7 physical access control firmware allow local attackers to decrypt intercepted MQTT communications and forge device messages across multiple installations. CISA ICS-CERT reported this vulnerability affecting industrial access control systems. CVSS 7.7 reflects high confidentiality and integrity impact through credential compromise, though exploitation requires local access to extract embedded certificates. No active exploitation confirmed via CISA KEV at time of analysis, but credential reuse across device fleet creates scalable attack surface once initial key extraction occurs.

Information Disclosure Anviz Cx7 Firmware
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-40461 HIGH CISA Act Now

Remote unauthenticated attackers can modify debug settings on Anviz CX2 Lite and CX7 physical access control systems, including enabling SSH access, via unprotected POST requests. This authentication bypass (CWE-306) allows adversaries to alter device security configurations without credentials, creating persistent attack vectors for subsequent compromise. Reported by ICS-CERT, affecting operational technology environments where these access control devices manage facility security. No public exploit code identified at time of analysis, though the attack vector is straightforward (CVSS AV:N/AC:L/PR:N). EPSS data not available, not currently in CISA KEV.

Authentication Bypass Anviz Cx7 Firmware Anviz Cx2 Lite Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-32650 HIGH CISA Act Now

Anviz CrossChex Standard time and attendance software transmits database credentials in plaintext when attackers downgrade TDS7 PreLogin protocol encryption, enabling remote unauthenticated access to backend databases containing employee data and access control records. CVSS 7.5 (High) with network attack vector and no prerequisites. Reported by CISA ICS-CERT, indicating industrial/physical security context. EPSS and KEV status not provided in available data.

Authentication Bypass Anviz Crosschex Standard
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-35512 HIGH PATCH This Week

Heap-based buffer overflow in xrdp 0.10.5 and earlier allows remote code execution after authentication via malicious EGFX graphics channel PDUs. Authenticated attackers can exploit insufficient validation of client-controlled size parameters to write beyond allocated heap buffers. Unauthenticated attackers can only trigger denial-of-service crashes. Vendor-released patch available in version 0.10.6. No active exploitation confirmed (not in CISA KEV), but heap overflows in remote services are high-value targets. Default non-privileged execution since 0.10.2 limits post-compromise impact.

Heap Overflow Buffer Overflow RCE Suse
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.9%
CVE-2026-3464 HIGH This Week

Path traversal in WP Customer Area plugin through version 8.3.4 enables low-privileged authenticated users (Subscriber-level or higher, as configured by administrators) to read sensitive files like wp-config.php or delete critical WordPress files to achieve remote code execution. Wordfence reported this vulnerability affecting the ajax_attach_file function, which fails to properly validate file paths. CVSS 8.8 reflects network-based exploitation with low complexity, though exploitation requires authentication and administrator-granted plugin access. No evidence of active exploitation (not in CISA KEV) or public exploit code at time of analysis.

PHP Path Traversal WordPress RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-29013 HIGH PATCH This Week

Out-of-bounds read in libcoap's OSCORE CBOR parsing can escalate to heap buffer overflow, enabling remote unauthenticated attackers to trigger memory corruption via malformed CoAP packets. Affects libcoap versions prior to v4.3.5b. The vulnerability stems from release builds removing assert() bounds checks in get_byte_inc(), allowing integer wraparound during allocation size computation. No public exploit identified at time of analysis, but proof-of-concept is straightforward given the specific code path and commit fix available.

Information Disclosure Buffer Overflow Libcoap
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-40285 HIGH PATCH This Week

SQL injection in WeGIA charitable institution manager allows authenticated users to impersonate arbitrary identities and execute database queries with elevated privileges. The cpf_usuario parameter in dao/memorando/UsuarioDAO.php bypasses session-based identity controls through PHP's extract($_REQUEST) function, enabling any low-privileged authenticated user to query sensitive data or modify database contents as any other user, including administrators. WeGIA versions before 3.6.10 are affected. No public exploit identified at time of analysis, though exploitation complexity is low (CVSS AC:L) requiring only valid user credentials.

PHP SQLi
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-40352 HIGH PATCH This Week

NoSQL injection in FastGPT versions before 4.14.9.5 allows authenticated attackers to bypass password verification on the password change endpoint using MongoDB query operators. Low-privileged users can change their own password (or potentially others' passwords via ID manipulation) without knowing the current password, enabling full account takeover and persistent access. Fixed in version 4.14.9.5. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis, though the attack technique is well-documented for NoSQL injection vectors.

Authentication Bypass Nosql Injection Fastgpt
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4525 HIGH PATCH GHSA This Week

Token leakage in HashiCorp Vault and Vault Enterprise (0.11.2 up to 2.0.0, 1.21.5, 1.20.10, and 1.19.16) occurs when an auth mount is configured to pass through the 'Authorization' header and that same header is used to authenticate to Vault; in this case Vault forwards the caller's Vault token onward to the auth plugin backend. An authenticated client's token is thereby exposed to a plugin backend that should never see it, enabling potential impersonation and unauthorized secret access. No public exploit identified at time of analysis, and EPSS exploitation probability is negligible (0.01%, 3rd percentile).

Information Disclosure Hashicorp Vault Vault Enterprise
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-32107 HIGH PATCH This Week

Privilege escalation to root in xrdp 0.10.5 and earlier allows authenticated local attackers to execute arbitrary code due to improper error handling during privilege drop in the session execution component. The flaw requires low attack complexity and no user interaction (CVSS 8.8, AV:L/AC:L/PR:L/UI:N). Vendor-released patch available in xrdp v0.10.6. No public exploit or active exploitation confirmed at time of analysis, though CVSS scope change (S:C) indicates potential container/VM escape scenarios.

RCE Suse
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-40002 HIGH This Week

Local privilege escalation in the Red Magic 11 Pro (NX809J) gaming smartphone through firmware V1.0.0B14MR1 allows a non-privileged installed application to invoke a sensitive service interface that fails to validate its callers, letting the app write files to specific device partitions and set writable system properties. Reported by ZTE/Nubia through their own support bulletin, the issue is rated CVSS 8.8 with a scope change (S:C) reflecting the crossing of the app-sandbox privilege boundary into system context. There is no public exploit identified at time of analysis, EPSS is negligible (0.01%), and CISA SSVC records exploitation status as none.

Privilege Escalation Red Magic 11 Pro Nx809J
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-40459 HIGH PATCH This Week

LDAP injection vulnerabilities in PAC4J authentication library allow low-privileged remote attackers to execute arbitrary LDAP queries and directory operations by injecting malicious syntax into ID-based search parameters. Affects PAC4J 4.x before 4.5.10, 5.x before 5.7.10, and 6.x before 6.4.1. CVSS 8.7 (High) with network vector, low complexity, and low privilege requirement. No active exploitation confirmed per CISA KEV; EPSS score 0.22% suggests low near-term exploitation probability. Vendor patches available per pac4j.org advisory. CERT-PL reported vulnerability.

Authentication Bypass LDAP Code Injection
NVD VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-33689 HIGH PATCH This Week

Out-of-bounds read in xrdp 0.10.5 and earlier allows unauthenticated remote attackers to crash the RDP service or disclose memory contents during pre-authentication message parsing. The vulnerability (CWE-125) exploits insufficient buffer length validation in dynamic channel communication handling, affecting default installations exposed to network access. Fixed in version 0.10.6 per vendor advisory GHSA-92mr-6wpp-27jj. CVSS 8.7 reflects high availability impact; no active exploitation confirmed in CISA KEV at time of analysis, though public disclosure increases risk for internet-facing xrdp deployments.

Information Disclosure Buffer Overflow Suse
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-40515 HIGH PATCH This Week

Remote unauthenticated attackers can bypass path restrictions in OpenHarness (pre-commit bd4df81) to read arbitrary sensitive files via crafted grep/glob operations. The incomplete path normalization in permission checking allows exploitation of built-in tools to access sensitive root directories, key material, and configuration files despite configured access controls. CVSS 7.5 (High) with network vector and no authentication required. EPSS data not provided. No CISA KEV listing identified, indicating no confirmed widespread active exploitation at time of analysis. Vendor patch available via GitHub commit bd4df81.

Authentication Bypass Openharness
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-21719 HIGH This Week

Authenticated OS command injection in CubeCart prior to version 6.6.0 allows administrators to execute arbitrary system commands on the hosting server. Reported by JPCERT, this vulnerability requires high-privilege (admin) access but then permits full system compromise. CVSS 8.6 severity reflects low attack complexity from network position once admin credentials obtained. EPSS exploitation probability is low (0.18%, 40th percentile) with no active exploitation confirmed in CISA KEV or SSVC data, though POC status unknown. CubeCart 6.6.0 addresses this CWE-78 command injection flaw per vendor community announcement.

Command Injection Cubecart
NVD VulDB
CVSS 4.0
8.6
EPSS
0.2%
CVE-2026-40527 HIGH PATCH This Week

Command injection in radare2's DWARF parsing (afsv/afsvj commands) allows local attackers to execute arbitrary shell commands by embedding malicious r2 command sequences in specially crafted ELF binaries. When a user opens the malicious binary and runs analysis commands (aaa followed by afsvj), unsanitized DW_TAG_formal_parameter names are interpolated into pfq command strings, triggering code execution. Fixed in commit bc5a890. EPSS data not available, not in CISA KEV. Publicly disclosed with patch and technical details from VulnCheck.

Command Injection Radare2
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-6482 HIGH PATCH This Week

Local privilege escalation in Rapid7 Insight Agent (versions > 4.1.0.2) on Windows allows unprivileged users to execute arbitrary code as SYSTEM via OpenSSL configuration file planting. The agent service loads openssl.cnf from a non-existent directory writable by standard users, enabling full host compromise without authentication. CVSS 8.5 with proof-of-concept exploit code available (E:P). EPSS data not provided; not currently listed in CISA KEV.

Privilege Escalation Microsoft OpenSSL
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-40931 HIGH PATCH GHSA This Week

Symlink-based path traversal in the npm package 'compressing' v2.1.0 enables arbitrary file overwrites outside intended extraction directories via pre-planted symbolic links delivered through Git repositories. Attackers exploit a partial fix bypass of CVE-2026-24884 by poisoning filesystem state before archive extraction-Git clone operations automatically deploy malicious symlinks without user interaction beyond standard developer workflows. This supply chain vector allows overwriting critical system files (e.g., /etc/passwd) or application binaries to achieve privilege escalation or remote code execution. CVSS 8.4 (AV:L) reflects local attack vector, but real-world risk is amplified by Git-based delivery requiring zero privileges and no user interaction beyond cloning a malicious repository. No EPSS or KEV data available at time of analysis.

Privilege Escalation Path Traversal RCE Node.js
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-23853 HIGH PATCH This Week

Local attackers can gain full system access to Dell PowerProtect Data Domain storage systems without authentication due to weak default credentials in DD OS versions 7.7.1.0-8.5, 8.3.1.0-8.3.1.20, and 7.13.1.0-7.13.1.50. The vulnerability allows complete system compromise (CVSS 8.4) with high confidentiality, integrity, and availability impact despite requiring local access. No active exploitation confirmed (EPSS 0.01%, not in CISA KEV), and Dell has released patches across all affected release branches. SSVC framework rates this as total technical impact but non-automatable and not currently exploited.

Authentication Bypass Dell
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-40481 HIGH PATCH GHSA This Week

Uncontrolled memory consumption in monetr 1.12.3 and earlier allows remote unauthenticated attackers to trigger denial of service by sending oversized payloads to the public Stripe webhook endpoint. The vulnerability affects deployments with Stripe webhooks enabled and lacks upstream body-size enforcement. Version 1.12.4 provides a fix. EPSS and KEV data not available; no public exploit confirmed at time of analysis, though the attack method is straightforward (8.2 CVSS reflecting high availability impact with low complexity).

Denial Of Service Monetr
NVD GitHub
CVSS 4.0
8.2
EPSS
0.1%
CVE-2026-28224 HIGH PATCH This Week

Null pointer dereference in Firebird SQL server causes remote denial-of-service when unauthenticated attackers send malformed op_crypt_key_callback packets. Firebird versions prior to 5.0.4, 4.0.7, and 3.0.14 are affected. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms trivial remote exploitation requiring no authentication or user interaction, allowing attackers who know only the server's IP and port to crash database services. The integrity impact rating (I:L) suggests potential for limited data corruption alongside the high availability impact. Vendor-released patches are available in versions 5.0.4, 4.0.7, and 3.0.14. No public exploit code or CISA KEV listing identified at time of analysis, though the low attack complexity makes weaponization straightforward.

Null Pointer Dereference Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-27890 HIGH PATCH This Week

Remote denial-of-service in Firebird database server versions prior to 5.0.4, 4.0.7, and 3.0.14 allows unauthenticated network attackers to crash the server via malformed authentication packets. Exploitable by sending out-of-order CNCT_specific_data segments during connection setup, triggering a negative size calculation and segmentation fault. No authentication, credentials, or special configuration required - only knowledge of server IP and port. CVSS 8.2 (High) with network vector, low complexity, and no privileges required. No public exploit code or active exploitation (CISA KEV) identified at time of analysis, though the attack surface is maximally exposed given the unauthenticated network vector and low complexity (AV:N/AC:L/PR:N).

Buffer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-40196 HIGH PATCH This Week

Broken access control in HomeBox prior to 0.25.0 allows authenticated users with revoked group access to continue performing full CRUD operations via API. After group invitation revocation, the defaultGroup ID persists on the user object, and when API requests omit the X-Tenant header, this unvalidated value enables bypassing access controls to read, modify, and delete group inventory data. Web interface correctly enforces revocation, creating a dangerous inconsistency. No active exploitation confirmed (EPSS data unavailable), but the authentication bypass tag and CVSS 8.1 with network vector indicate significant risk for multi-tenant HomeBox deployments.

Authentication Bypass Homebox
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-3605 HIGH PATCH GHSA This Week

HashiCorp Vault's KVv2 secrets engine allows authenticated users with glob-based policy access to delete secrets outside their authorization scope, causing denial-of-service across versions 0.10.0 through 1.x. The flaw stems from improper access control (CWE-288) in policy glob evaluation during delete operations. Exploitation requires valid Vault credentials with specific policy patterns but does not permit cross-namespace deletion or secret data exfiltration. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0/1.21.5/1.20.10/1.19.16. No active exploitation confirmed (EPSS 0.01%), but CVSS 8.1 reflects high integrity and availability impact for authenticated attackers.

Information Disclosure Hashicorp Vault Vault Enterprise
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-40321 HIGH PATCH GHSA This Week

Stored cross-site scripting (XSS) via malicious SVG file upload in DNN Platform (DotNetNuke) versions before 10.2.2 allows low-privileged authenticated users to execute arbitrary JavaScript in the context of other users' browsers. Attackers can craft SVG files containing embedded scripts that execute when viewed by victims, with elevated impact if targeting administrative users. EPSS data not provided; no CISA KEV listing indicates no confirmed widespread exploitation at time of analysis. CVSS 8.1 (High) reflects the scope change and high confidentiality/integrity impact despite requiring both authentication and user interaction.

Information Disclosure Microsoft
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-65104 HIGH PATCH This Week

Information disclosure in Firebird 3.x client library when connecting to Firebird 4+ servers allows local authenticated users to leak sensitive data through incorrect XSQLDA field length values. The vulnerability requires both the FB3 client library and an FB4+ server in the deployment. No active exploitation confirmed (not in CISA KEV), but CVSS 7.9 with scope change (S:C) indicates potential cross-boundary impact. Remediation requires upgrading the client library to Firebird 4.0.0 or higher.

Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
7.9
EPSS
0.0%
CVE-2026-40516 HIGH PATCH This Week

Server-Side Request Forgery in OpenHarness AI agent framework (pre-commit bd4df81) permits remote unauthenticated attackers to manipulate web_fetch and web_search tool parameters, forcing the agent to make HTTP requests to internal infrastructure including RFC1918 private networks, localhost services, and cloud metadata endpoints (e.g., AWS EC2 169.254.169.254). Changed scope (S:C) in CVSS vector indicates potential for pivoting beyond the vulnerable application's trust boundary. EPSS data unavailable; no public exploit identified at time of analysis, though exploitation technique is well-understood for SSRF class vulnerabilities. Patch available via GitHub commit bd4df81.

SSRF Openharness
NVD GitHub VulDB
CVSS 4.0
7.8
EPSS
0.0%
CVE-2025-36568 HIGH PATCH This Week

Insufficiently protected credential storage in Dell PowerProtect Data Domain BoostFS client allows local attackers with low privileges to extract stored credentials via local file access under specific race conditions (AC:H). Scope change (S:C) indicates compromised credentials grant access beyond the BoostFS client component itself, potentially to connected Data Domain systems. Dell has released patches for all affected branches (Feature Release 7.7.1.0-8.5, LTS2025 8.3.1.0-8.3.1.20, LTS2024 7.13.1.0-7.13.1.50). EPSS score of 0.01% suggests minimal observed exploitation interest, no CISA KEV listing, and no public POC identified at time of analysis.

Information Disclosure Dell
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-32623 HIGH PATCH This Week

Heap-based buffer overflow in xrdp's NeutrinoRDP module (versions ≤0.10.5) enables malicious downstream RDP servers or MitM attackers to achieve remote code execution or denial of service when proxying RDP sessions. Exploitation requires the victim xrdp server to have the non-default NeutrinoRDP module compiled and enabled (--enable-neutrinordp), and a user must initiate an RDP session through the affected proxy to a malicious server. EPSS data unavailable; no CISA KEV listing indicates targeted rather than widespread exploitation. Fixed in version 0.10.6.

Heap Overflow Denial Of Service Buffer Overflow RCE Suse
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.4%
CVE-2026-33516 HIGH PATCH This Week

Out-of-bounds read in xrdp RDP server versions ≤0.10.5 allows remote unauthenticated attackers to crash the service or disclose process memory by sending a malformed Confirm Active PDU during RDP capability negotiation. Attack complexity is low but requires user interaction. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis. Vendor-released patch available in version 0.10.6 per GitHub security advisory GHSA-rvh9-9wm3-28c7.

Denial Of Service Information Disclosure Microsoft Buffer Overflow Suse
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-23775 HIGH PATCH This Week

Dell PowerProtect Data Domain appliances log sensitive credentials when retention lock is enabled, allowing low-privileged remote attackers to harvest authentication data from log files. Affects DD OS 8.0-8.5 and LTS2025 8.3.1.0-8.3.1.10. Exploitation requires existing low-privileged access plus user interaction from a high-privileged administrator to authorize subsequent authentication attempts. EPSS score of 0.01% and SSVC assessment (non-automatable, partial impact) indicate low probability of widespread exploitation. Vendor patch available per Dell DSA-2026-060.

Information Disclosure Dell
NVD VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-5710 HIGH This Week

Path traversal in Drag and Drop Multiple File Upload for Contact Form 7 WordPress plugin (versions ≤1.3.9.6) allows unauthenticated remote attackers to read arbitrary files within wp-content/ directory and exfiltrate them via email attachments. The plugin accepts client-supplied mfile[] POST parameters without server-side validation, directly converting user-controlled filenames to filesystem paths. CVSS 7.5 (High) reflects network attack vector with no authentication required. SSVC marks this as automatable with partial technical impact. No active exploitation confirmed (SSVC: exploitation=none), but the attack complexity is low and requires no user interaction, making this a realistic pre-authentication data exposure risk for sites using this plugin.

File Upload Path Traversal WordPress
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-35215 HIGH PATCH This Week

Firebird database server crashes via crafted slice packet exploiting zero-length SDL descriptor validation flaw. Remote unauthenticated attackers can trigger division-by-zero errors in the sdl_desc() function to cause denial of service against Firebird versions prior to 5.0.4, 4.0.7, and 3.0.14. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicates trivial remote exploitation with no authentication required. EPSS data not available; no public exploit identified at time of analysis, though technical details in GitHub advisory may facilitate reproduction.

Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34232 HIGH PATCH This Week

Remote denial-of-service in Firebird Database Server versions prior to 5.0.4, 4.0.7, and 3.0.14 allows unauthenticated network attackers to crash the server via crafted XDR-encoded op_response packets. The xdr_status_vector() function fails to handle isc_arg_cstring status vector types during packet decoding, triggering immediate server termination. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) and CWE-228 (Improper Handling of Syntactically Invalid Structure), this represents a high-severity availability risk for internet-exposed Firebird instances. No active exploitation confirmed, but exploit development is trivial given the low attack complexity.

Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33337 HIGH PATCH This Week

Buffer overflow in Firebird RDBMS allows remote unauthenticated attackers to crash database servers via malformed slice packets. Affects Firebird versions prior to 5.0.4, 4.0.7, and 3.0.14 across all three maintained major release branches. The xdr_datum() deserialization function fails to validate cstring lengths against slice descriptor bounds during packet processing, enabling heap buffer overflow. CVSS 7.5 (High) with network attack vector and no authentication required. EPSS data not available, no KEV listing identified, but public vendor advisory and tagged releases confirm the issue and provide specific fix versions.

Buffer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-28212 HIGH PATCH This Week

Remote unauthenticated denial of service in Firebird SQL database server versions prior to 6.0.0/5.0.4/4.0.7/3.0.14 allows attackers to crash the database by sending a malformed op_slice network packet that triggers a null pointer dereference in the SDL_info() function. Attack requires only network access to the database port with no authentication (CVSS AV:N/AC:L/PR:N). No public exploit code identified at time of analysis, and EPSS data not available for this recent CVE. Fixed versions released by vendor across all maintained branches.

Null Pointer Dereference Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-40286 HIGH PATCH This Week

Stored Cross-Site Scripting in WeGIA 'Member Registration' function allows remote attackers to inject malicious JavaScript through the 'Member Name' field, achieving persistent code execution in victim browsers without authentication. The payload executes whenever users navigate to affected pages, enabling session hijacking, credential theft, or administrative action execution. Version 3.6.10 provides a vendor-released patch. No public exploit identified at time of analysis, though exploitation is straightforward given the unauthenticated attack vector (CVSS AV:N/PR:N).

XSS Wegia
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-4659 HIGH This Week

Path traversal in Unlimited Elements for Elementor (WordPress plugin ≤2.0.6) enables authenticated attackers with Author-level privileges to read arbitrary files from the web server via crafted URLs in the Repeater JSON/CSV URL parameter. The vulnerability chains multiple sanitization failures in URLtoRelative(), urlToPath(), and cleanPath() functions, allowing traversal sequences like ../../../../etc/passwd to bypass domain-stripping logic and access sensitive files including wp-config.php. CVSS 7.5 indicates high confidentiality impact. EPSS and KEV data not provided; no public exploit confirmed at time of analysis. Wordfence reports the issue with detailed code references to vulnerable functions in versions through 2.0.6.

Path Traversal WordPress Elementor
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-5807 HIGH PATCH GHSA This Week

HashiCorp Vault unauthenticated denial-of-service vulnerability allows remote attackers to block critical administrative operations by monopolizing the single operation slot for root token generation and rekey workflows. Affects all Vault Community and Enterprise versions prior to 2.0.0. No active exploitation confirmed (EPSS 3rd percentile), but attack is trivially automatable per CISA SSVC framework. HashiCorp released patches in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0.

Denial Of Service Hashicorp Vault Vault Enterprise
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-31317 HIGH GHSA This Week

Server-Side Request Forgery (SSRF) in Craftql PHP library versions 1.3.7 and earlier enables remote attackers to force the server to make unintended requests, potentially leading to arbitrary code execution. The vulnerability resides in the GetAssetsFieldSchema.php listener component. No active exploitation is confirmed (not in CISA KEV), but a proof-of-concept repository with detailed exploitation documentation exists on GitHub. Despite the CVSS 7.5 rating, the extremely low EPSS score (0.01%, 0th percentile) indicates minimal real-world exploitation activity observed to date. The description claims RCE capability, but the CVSS vector shows only confidentiality impact (C:H/I:N/A:N), suggesting the SSRF may enable information disclosure that could chain into RCE rather than direct code execution - verification with vendor advisories needed.

PHP SSRF RCE N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-6507 HIGH PATCH This Week

Out-of-bounds write in dnsmasq's DHCP split-relay handler allows remote unauthenticated denial of service via crafted BOOTREPLY packets. Affects Red Hat Enterprise Linux 6-10 and OpenShift Container Platform 4 when dnsmasq runs with the --dhcp-split-relay option enabled. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicates trivial network exploitation, but real-world risk is mitigated by the non-default configuration requirement. No public exploit or active exploitation (CISA KEV) confirmed at time of analysis, though CWE-787 (out-of-bounds write) primitives are well-understood by attackers.

Denial Of Service Memory Corruption Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +6
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-21733 HIGH This Week

Local privilege escalation in Imagination Technologies Graphics DDK allows low-privileged users to modify read-only GPU memory and files through improper system call handling. Affects DDK versions 1.17 through 25.3 RTM across multiple release branches. Attack requires local access and low-level privileges but no user interaction (CVSS: 7.3). EPSS data not available; no active exploitation confirmed (SSVC: none); no public POC identified at time of analysis. Vulnerability stems from insufficient validation of GPU memory reservation protections, enabling authenticated local users to bypass kernel-enforced memory access controls.

Information Disclosure Graphics Ddk
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-5231 HIGH This Week

Stored Cross-Site Scripting in WP Statistics plugin (≤14.16.4) allows unauthenticated attackers to inject malicious JavaScript into admin dashboard analytics pages. The vulnerability stems from unsafe handling of utm_source URL parameters that persist into database-backed charts, executing when administrators view Referrals Overview or Social Media pages. With CVSS 7.2 and network vector requiring no authentication, this represents elevated risk for WordPress sites using this analytics plugin, though no active exploitation confirmed at time of analysis.

XSS WordPress
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-23778 HIGH PATCH This Week

Command injection in Dell PowerProtect Data Domain DD OS versions 7.7.1.0-8.5 (Feature), 8.3.1.0-8.3.1.20 (LTS2025), and 7.13.1.0-7.13.1.50 (LTS2024) enables authenticated administrators with remote access to execute arbitrary commands as root. Dell DSA-2026-060 confirms patches in DD OS 8.6.0.0, 8.3.1.30, and 7.13.1.50. EPSS score of 0.05% (15th percentile) suggests low widespread exploitation risk despite network attack vector; no public exploit identified, CVSS 7.2 reflects high-privilege requirement limiting attack surface to compromised admin accounts or insider threats.

Dell Command Injection
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-23776 HIGH PATCH This Week

Improper certificate validation in Dell PowerProtect Data Domain DD OS 7.7.1.0-8.5, 8.3.1.0-8.3.1.20 (LTS2025), and 7.13.1.0-7.13.1.60 (LTS2024) allows authenticated administrators with remote access to escalate privileges through certificate-based login exploitation. CVSS 7.2 (High) reflects network-based attack with low complexity, though requiring high-privilege credentials (PR:H). EPSS score of 0.02% (6th percentile) indicates very low probability of near-term exploitation. No active exploitation confirmed (not in CISA KEV) and no public exploit identified at time of analysis.

Information Disclosure Dell
NVD VulDB
CVSS 3.1
7.2
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy