Skip to main content
CVE-2026-27760 CRITICAL POC PATCH Act Now

Remote code execution in OpenCATS installer allows unauthenticated attackers to inject and execute arbitrary PHP code by manipulating the AJAX endpoint's databaseConnectivity action parameter. The injected code persists in config.php and executes on every page load while the installation wizard remains incomplete. Publicly available exploit code demonstrates breakout from define() string context using quote and statement separator techniques. Patch available via GitHub commit 3002a29, though CVSS AC:H (high complexity) suggests exploitation requires specific timing or environmental conditions during installation phase.

PHP Code Injection RCE Opencats
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.1%
CVE-2026-3893 CRITICAL PATCH CISA Act Now

Carlson Software VASCO-B GNSS receivers allow remote unauthenticated attackers to fully access and modify device configuration and operational functions due to complete absence of authentication controls (CWE-306). The network-accessible interface requires no credentials, enabling attackers to compromise device integrity and availability with low attack complexity. EPSS and KEV status not provided in available data; exploitation requires only network connectivity to the device management interface, typical in surveying and precision agriculture deployments where GNSS receivers may be exposed on operational networks.

Authentication Bypass Vasco B Gnss Receiver
NVD GitHub
CVSS 3.1
9.4
EPSS
0.1%
CVE-2026-32644 CRITICAL CISA Emergency

Milesight AIOT cameras ship with hardcoded SSL private keys enabling remote man-in-the-middle attacks and credential interception. Remote unauthenticated attackers can decrypt TLS traffic, impersonate camera services, and potentially gain administrative access to affected devices. CISA ICS-CERT published advisory ICSA-26-113-03 for this industrial/IoT vulnerability affecting network-connected surveillance infrastructure.

Information Disclosure
NVD GitHub
CVSS 4.0
9.2
EPSS
0.0%
CVE-2026-24178 CRITICAL PATCH GHSA Act Now

Authentication bypass in NVIDIA NVFlare Dashboard allows remote unauthenticated attackers to escalate privileges through user-controlled key manipulation in the authentication system. The vulnerability affects the NVIDIA Flare SDK and enables complete system compromise including arbitrary code execution, data tampering, information disclosure, and denial of service. With a CVSS score of 9.8 (critical severity) and maximum exploitability metrics (AV:N/AC:L/PR:N/UI:N), this represents a severe security flaw requiring immediate remediation, though no active exploitation (KEV) or public exploit code has been identified at time of analysis.

RCE Authentication Bypass Nvidia Information Disclosure Privilege Escalation +1
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-60889 CRITICAL Act Now

Remote code execution in StellarGroup HPX 1.11.0 allows unauthenticated attackers to execute arbitrary code through insecure deserialization of untrusted input. Publicly available exploit code exists (GitHub Gist POC) with CISA SSVC classifying this as automatable with total technical impact, though EPSS indicates only 2% probability of exploitation in the wild. The CWE-502 vulnerability enables complete system compromise when untrusted data is deserialized under specific deployment conditions not detailed in the description.

Deserialization RCE Hpx
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-41873 CRITICAL Monitor

HTTP request smuggling in Apache Pony Mail (Lua implementation) enables remote unauthenticated attackers to achieve complete admin account takeover with critical impact across confidentiality, integrity, and availability. This affects all versions of the retired Lua codebase - Apache has abandoned support with no patch planned, recommending migration to alternative solutions. CVSS 9.8 critical severity reflects trivial network-based exploitation requiring no authentication or user interaction.

Information Disclosure Python Request Smuggling
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-7321 CRITICAL PATCH Act Now

Sandbox escape in Mozilla Firefox's WebRTC networking component allows remote attackers to break out of browser process isolation and execute code outside the sandbox with high integrity and confidentiality impact. Firefox ESR 140.10.1 fixes this critical boundary condition flaw (CWE-120). User interaction is required (visiting a malicious site), but no authentication is needed. EPSS data not provided. Not listed in CISA KEV at time of analysis, indicating no confirmed widespread active exploitation.

Buffer Overflow Mozilla Suse Red Hat
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-7333 CRITICAL PATCH Act Now

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Use After Free Google Denial Of Service Red Hat +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-5779 CRITICAL Act Now

Insecure direct object reference in MphRx Minerva V3.6.0 allows authenticated attackers to modify arbitrary user profiles via the '/minerva/user/updateUserProfile' endpoint, enabling account takeover by changing victim email addresses and triggering password reset flows. Reported by INCIBE-CERT with authentication bypass tags, indicating likely real-world discovery during security assessment. CVSS 9.4 reflects high confidentiality, integrity, and scope impacts (VC:H/VI:H/SC:H/SI:H), though the PR:L requirement (low-privileged authenticated access) limits initial attack surface to users with valid credentials.

Authentication Bypass Minerva
NVD VulDB
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-41446 CRITICAL PATCH Act Now

Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with access to the device label or documentation containing these values can authenticate to the several endpoints and execute arbitrary commands as root on the device.

Authentication Bypass
NVD
CVSS 4.0
9.2
EPSS
0.1%
CVE-2026-40976 CRITICAL PATCH GHSA Act Now

Authentication bypass in Spring Boot 4.0.0-4.0.5 allows remote unauthenticated attackers to access all application endpoints, bypassing default web security filters entirely. Affects servlet-based applications using spring-boot-actuator-autoconfigure without custom Spring Security configuration and without spring-boot-health dependency. Vendor patch released (upgrade to 4.0.6+). No public exploit code identified at time of analysis, but CVSS 9.1 with network attack vector (AV:N/AC:L/PR:N) indicates trivial exploitation once configuration prerequisites are met.

Java Authentication Bypass Spring Boot
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-41386 CRITICAL PATCH GHSA Act Now

Privilege escalation in OpenClaw allows remote unauthenticated attackers to elevate privileges beyond intended device roles during first-use pairing. The vulnerability stems from bootstrap setup codes lacking proper binding to device roles and scopes, enabling attackers to exploit the pairing process with low complexity and no user interaction. VulnCheck reported this issue, and a vendor patch is available as of 2026.3.22. While no active exploitation has been confirmed (not in CISA KEV), the network attack vector (AV:N) and absence of authentication requirements (PR:N) create significant exposure for organizations deploying new OpenClaw instances.

Privilege Escalation Openclaw
NVD GitHub
CVSS 4.0
9.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy