156 CVEs tracked today. 13 Critical, 56 High, 71 Medium, 16 Low.
-
CVE-2026-42523
CRITICAL
CVSS 9.0
Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting (XSS) vulnerability exploitable by non-anonymous attackers with Overall/...
XSS
Jenkins
-
CVE-2026-42232
CRITICAL
CVSS 9.4
Prototype pollution in n8n's XML node allows authenticated workflow editors to achieve remote code execution through global prototype manipulation. The vulnerability affects n8n workflow automation platform versions prior to 1.123.32, 2.17.4, and 2.18.1, enabling attackers with workflow creation privileges to inject malicious properties into JavaScript object prototypes that can be exploited by other nodes to execute arbitrary code. Vendor-released patches are available for all affected version branches. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, though the CVSS 10.0 score reflects the critical scope change and complete system compromise potential.
Information Disclosure
Prototype Pollution
-
CVE-2026-42231
CRITICAL
CVSS 9.4
Prototype pollution in n8n's XML webhook parser (xml2js library) enables remote code execution when chained with Git node SSH operations. Authenticated users with workflow editing permissions can inject malicious XML payloads to pollute JavaScript object prototypes, then leverage the polluted prototype in Git node operations to execute arbitrary code on the n8n host server. GitHub advisory GHSA-q5f4-99jv-pgg5 confirms patches available in versions 1.123.32, 2.17.4, and 2.18.1. No CISA KEV listing or public POC identified at time of analysis, but the CVSS 10.0 score appears inconsistent with the authenticated (PR:L expected) nature described in the advisory.
RCE
Prototype Pollution
-
CVE-2026-41940
CRITICAL
CVSS 9.3
Authentication bypass in cPanel & WHM allows unauthenticated remote attackers to gain unauthorized access to the control panel by exploiting a flaw in the login flow. The vulnerability is confirmed actively exploited (CISA KEV) with publicly available exploit code, an EPSS score of 16.52% (95th percentile), and affects multiple long-term support branches of cPanel & WHM as well as WP Squared. Given that cPanel administers shared hosting environments, successful exploitation typically grants attackers control over many downstream customer sites.
Authentication Bypass
-
CVE-2026-41586
CRITICAL
CVSS 9.3
Remote code execution in Hyperledger fabric-sdk-java (all versions 1.0.0 through 2.2.26) allows unauthenticated attackers to execute arbitrary commands via malicious serialized Java objects. The deprecated SDK's Channel.java class deserializes untrusted byte arrays without input filtering in readObject() and deSerializeChannel() methods, enabling classic Java gadget chain exploitation. Publicly available exploit code exists (ysoserial toolkit), and exploitation requires only that an application accept Channel serialization data from attacker-controlled sources such as compromised files, external APIs, or injected parameters. EPSS data unavailable; not listed in CISA KEV. Vendor has published GHSA advisory but provides no patch-remediation requires migration to the replacement fabric-gateway SDK.
Java
Deserialization
-
CVE-2026-38992
CRITICAL
CVSS 9.8
Remote code execution in Cockpit CMS versions 2.13.5 and earlier allows unauthenticated attackers to execute arbitrary system commands on the server by injecting malicious payloads through the filter parameter across multiple endpoints. The vulnerability exploits the MongoLite database layer's $func operator, which processes user-controlled input as executable code. Public proof-of-concept exists and the attack is fully automatable with total system compromise potential, though EPSS scoring suggests limited observed exploitation attempts (2nd percentile) at time of analysis.
RCE
Code Injection
N A
-
CVE-2026-36841
CRITICAL
CVSS 9.8
Remote unauthenticated command injection in TOTOLINK N200RE V5 router allows complete device compromise via formMapDelDevice function. Attackers can execute arbitrary OS commands by injecting malicious payloads into the macstr or bandstr parameters with no authentication required (CVSS 9.8, AV:N/AC:L/PR:N/UI:N). Public proof-of-concept code exists per SSVC framework (exploitation: poc), making this immediately weaponizable against internet-facing devices. EPSS data unavailable, but CVSS vector and POC availability indicate critical real-world risk for consumer routers with default configurations exposed to the internet.
Command Injection
-
CVE-2026-34084
CRITICAL
CVSS 9.2
The usage of `is_file`, used to verify if the `$filename` is indeed an actual file, by all(?) `Reader` implementations (inside the helper function `File::assertFile`) is php-wrapper aware, for any [php wrappers](https://www.php.net/manual/en/wrappers.php) implementing `stat()`.
The 3 wrappers `ftp:/...
PHP
Deserialization
SSRF
Microsoft
-
CVE-2026-30893
CRITICAL
CVSS 9.0
Wazuh Manager (4.4.0 through 4.14.3) contains a path traversal vulnerability in the cluster synchronization routine that allows an authenticated cluster peer to write arbitrary files outside the intended extraction directory on other cluster nodes. Writing to sensitive locations such as cron directories or Python module paths leads to remote code execution. CVSS 9.0 Critical (network-accessible, high privilege required, scope changed). Patch available in v4.14.4; no active exploitation identified.
RCE
Python
Path Traversal
Wazuh
-
CVE-2026-26015
CRITICAL
CVSS 10.0
DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution (RCE)....
RCE
Command Injection
-
CVE-2026-7381
CRITICAL
CVSS 9.1
Plack::Middleware::XSendfile through version 1.0053 allows remote unauthenticated attackers to read arbitrary files from nginx-proxied servers by injecting malicious X-Sendfile-Type and X-Accel-Mapping headers. When the middleware's sendfile type is not explicitly configured, clients can force nginx's X-Accel-Redirect mode and manipulate path mappings to access sensitive files outside intended directories. The middleware has been deprecated as of version 1.0053 and will be removed in future Plack releases. EPSS score of 0.01% suggests low current exploitation activity despite the high CVSS 9.1 rating. No public exploit code identified at time of analysis, though the attack technique mirrors the documented CVE-2025-61780 vulnerability in Rack::Sendfile.
Information Disclosure
Nginx
-
CVE-2026-5166
CRITICAL
CVSS 9.6
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal.
This issue affects Pardus Software Center: before 1.0.3.
Path Traversal
-
CVE-2026-3325
CRITICAL
CVSS 10.0
SQL injection (SQLi) in MegaCMS v12.0.0, specifically in the “id_territorio” parameter of the “/web_comunications/cms/get_provincias” endpoint. The vulnerability arises from inadequate validation and sanitisation of user input. Specifically, via a POST request, the “id_territorio” parameter, used im...
SQLi
-
CVE-2026-42652
HIGH
CVSS 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through <= 5.1.5.
XSS
-
CVE-2026-42646
HIGH
CVSS 7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Burge TaxoPress simple-tags allows Blind SQL Injection.This issue affects TaxoPress: from n/a through <= 3.44.0.
SQLi
-
CVE-2026-42615
HIGH
CVSS 7.2
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /#recipe=Show_Base64_offsets('%3Cscript substring.
XSS
-
CVE-2026-42524
HIGH
CVSS 8.0
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
XSS
Jenkins
-
CVE-2026-42520
HIGH
CVSS 7.5
Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if Jenkins i...
RCE
Path Traversal
Jenkins
-
CVE-2026-42518
HIGH
CVSS 8.7
This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded AES encryption keys in client-side JavaScript. An unauthenticated remote attacker could exploit this vulnerability by accessing the client-side code to extract sensitive information and cryptographic keys...
Information Disclosure
-
CVE-2026-42517
HIGH
CVSS 7.1
This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive information...
Authentication Bypass
Information Disclosure
-
CVE-2026-42516
HIGH
CVSS 7.1
This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in the request URL to gain unauthorized access to patient accounts on the targeted system.
Authentication Bypass
-
CVE-2026-42515
HIGH
CVSS 7.1
This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API request URL to gain unauthorized access to sensitive information of patients on the targeted system.
Authentication Bypass
-
CVE-2026-42514
HIGH
CVSS 8.8
This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit this vulnerability by intercepting API responses containing valid OTPs.
Successful exploitation of this vulnerability could allow an attacker to impersonate the target u...
Authentication Bypass
-
CVE-2026-42513
HIGH
CVSS 8.8
This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response.
Successful exploitation of this vuln...
Authentication Bypass
-
CVE-2026-42377
HIGH
CVSS 7.3
Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects SureForms Pro: from n/a through 2.8.0.
Authentication Bypass
-
CVE-2026-42353
HIGH
CVSS 8.2
### Summary
Versions of `i18next-http-middleware` prior to 3.9.3 pass the user-controlled `lng` and `ns` values from `getResourcesHandler` directly into `i18next.services.backendConnector.load(languages, namespaces, …)` without any sanitisation. Depending on which backend is configured, the unvalid...
XSS
Docker
Path Traversal
SSRF
-
CVE-2026-42352
HIGH
CVSS 8.6
### Impact
OGC API - Process execution requests can use the `subscriber` object to requests to internal HTTP services.
### Patches
The issue has been patched in master branch and made available as part of the 0.23.3 release. The patch disables any HTTP requests made to internal resources by defaul...
SSRF
-
CVE-2026-42351
HIGH
CVSS 7.5
### Impact
A raw string path concatenation vulnerability in pygeoapi's STAC FileSystemProvider plugin can allow for requests to STAC collection based collections to expose directories without authentication. The issue manifests when pygeoapi is deployed without a proxy or web front end that would n...
Path Traversal
-
CVE-2026-42249
HIGH
CVSS 7.7
Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the application constructs local file paths using values derived from HTTP headers without validation. These valu...
RCE
Path Traversal
Microsoft
-
CVE-2026-42248
HIGH
CVSS 7.7
Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before staging o...
Information Disclosure
Microsoft
-
CVE-2026-42236
HIGH
CVSS 8.7
Unauthenticated remote attackers can crash n8n workflow automation instances by flooding the MCP OAuth client registration endpoint with large payloads, exhausting server memory and causing denial of service. The vulnerability affects all n8n instances regardless of whether MCP (Model Context Protocol) access is enabled, as the endpoint lacks authentication and resource controls. Vendor-released patches (1.123.32, 2.17.4, 2.18.1) impose registration limits and disable the endpoint when MCP is turned off. No public exploit identified at time of analysis, though the attack is trivial to execute given the unauthenticated nature of the endpoint.
Denial Of Service
-
CVE-2026-42235
HIGH
CVSS 8.8
Cross-site scripting (XSS) in n8n's MCP OAuth client registration allows remote attackers to execute arbitrary JavaScript in authenticated user sessions. Unauthenticated attackers can inject malicious scripts via the client_name parameter during OAuth client registration, which executes when a second user revokes the OAuth consent, triggering a vulnerable toast notification. Successful exploitation enables session token theft, workflow manipulation, and privilege escalation. CVSS 8.2 (High) reflects the changed scope and complex attack chain requiring victim interaction across multiple user sessions. No public exploit or CISA KEV listing identified at time of analysis, but exploit development is straightforward given the clear attack vector.
Privilege Escalation
-
CVE-2026-42234
HIGH
CVSS 7.1
Sandbox escape in n8n's Python Task Runner enables authenticated workflow editors to execute arbitrary code on the task runner container. This vulnerability (CWE-94: Improper Control of Generation of Code) affects n8n instances with the Python Code Node feature enabled, allowing attackers with workflow creation/modification permissions to break out of the Python sandbox. Vendor-released patches are available in versions 1.123.32, 2.17.4, and 2.18.1. No public exploit identified at time of analysis, though the technical details in the GitHub advisory provide sufficient information for exploitation by authenticated users.
RCE
Python
Code Injection
-
CVE-2026-42226
HIGH
CVSS 7.1
Authenticated users with shared workflow access in n8n can exfiltrate other users' API credentials by injecting foreign credential IDs into dynamic-node-parameters endpoint requests. The vulnerability forces the n8n backend to decrypt and replay stolen credentials against attacker-controlled URLs, enabling credential theft across workflow collaborators. Affects npm package n8n versions <1.123.33 and 2.17.0-2.17.4, with vendor-confirmed patches available in 1.123.33 and 2.17.5. No public exploit identified at time of analysis, though CVSS 8.5 with scope change (S:C) reflects the multi-tenant credential boundary violation.
Authentication Bypass
-
CVE-2026-42224
HIGH
CVSS 7.6
Reflected cross-site scripting (XSS) in Icinga Web's ipl-web library (composer package ipl/web) allows remote attackers to execute arbitrary JavaScript in victim browsers via malformed search requests. Affects all versions ≤0.13.0. Fixed in ipl/web 0.13.1 (bundled in icinga-php-library 0.19.2). Requires high-privilege authenticated attacker and victim user interaction via social engineering. No active exploitation confirmed by CISA KEV. CVSS 7.7 reflects scope change (cross-user impact) despite complex attack prerequisites.
XSS
-
CVE-2026-42198
HIGH
CVSS 7.5
pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. W...
Denial Of Service
PostgreSQL
Red Hat
Suse
-
CVE-2026-42031
HIGH
CVSS 8.3
### Impact
A vulnerability in `datastore_search_sql` allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information.
### Patches
The issue has been patched in CKAN 2.10.10 and CKAN 2.11.5
### Workarounds
Disable the DataStore SQL search (`ckan.datas...
SQLi
PostgreSQL
-
CVE-2026-41952
HIGH
CVSS 7.8
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183.
Privilege Escalation
Microsoft
-
CVE-2026-41670
HIGH
CVSS 8.2
SAML response redirection in Admidio 5.0.8 and earlier allows attackers to steal signed authentication assertions containing user credentials and profile data by exploiting missing validation of the AssertionConsumerServiceURL in SAML AuthnRequests. The Identity Provider (IdP) accepts attacker-controlled destination URLs from SAML requests without verifying them against registered Service Provider endpoints, enabling assertion theft and account impersonation across federated applications. No public exploit code identified at time of analysis, though proof-of-concept demonstration is included in the GitHub security advisory GHSA-p9w9-87c8-m235. EPSS data not available for this CVE.
PHP
Information Disclosure
-
CVE-2026-41669
HIGH
CVSS 8.2
SAML signature validation in Admidio's Identity Provider implementation can be completely bypassed due to discarded return values in authentication flows. The validateSignature() method returns error strings on failure but both call sites (SSO and Single Logout handlers) discard the return value, allowing unsigned or invalidly-signed SAML requests to proceed. Attackers can forge AuthnRequests to exfiltrate logged-in users' personal data (username, email, real name, role memberships) to attacker-controlled endpoints, or forge LogoutRequests to terminate victim sessions and cascade logout across federated Service Providers. The smc_require_auth_signed configuration setting provides no protection. Public exploit code exists (PoC in GitHub advisory). CVSS 8.2 reflects network-accessible attack with no authentication required, though practical exploitation of the SSO path requires victim to have an active session. No active exploitation confirmed at time of analysis.
PHP
Denial Of Service
CSRF
Jwt Attack
-
CVE-2026-41660
HIGH
CVSS 7.1
Inverted authorization logic in Admidio's two-factor authentication reset module allows non-admin users with profile edit permissions to strip TOTP protection from administrator accounts while paradoxically blocking users from resetting their own 2FA. A group leader holding 'hasRightEditProfile()' rights on an admin account can send a single POST request to /adm_program/modules/profile/two_factor_authentication.php with the admin's UUID, disabling the admin's 2FA and reducing account security to password-only. This vulnerability affects Admidio versions ≤5.0.8; patched version 5.0.9 corrects the inverted comparison operator. Public exploit code exists via the GitHub advisory's proof-of-concept. No confirmed active exploitation (not in CISA KEV).
PHP
Authentication Bypass
-
CVE-2026-41643
HIGH
CVSS 7.5
Remote unauthenticated denial of service crashes GoBGP routing daemon via malformed BGP UPDATE message exploiting index-out-of-bounds panic. Attackers send crafted BGP UPDATE with AS4_PATH attribute preceding AS_PATH, causing slice index mismanagement in UpdatePathAttrs4ByteAs function (internal/pkg/table/message.go). Publicly available exploit code exists with hex-level proof-of-concept payload demonstrating immediate process termination. Affects GoBGP v4.2.0 and earlier; vendor-released patch v4.3.0 available per GitHub advisory GHSA-8rxh-r2p6-7f2q. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) reflects network-accessible, low-complexity attack requiring no privileges, resulting in complete routing service disruption.
Denial Of Service
Google
Suse
-
CVE-2026-41642
HIGH
CVSS 7.5
Remote denial of service via nil pointer dereference crashes GoBGP 4.3.0 when processing malformed BGP UPDATE messages containing unrecognized well-known path attributes. A single crafted UPDATE packet with an invalid Type Code (e.g., 0xEE or 0xFF) marked as well-known (Optional bit = 0) triggers a panic that terminates the entire BGP daemon process, not just the affected session. Publicly available exploit code exists with detailed proof-of-concept payloads confirmed by GitHub advisory GHSA-7235-89m6-f4px. Network-facing BGP deployments are at immediate operational risk despite CVSS 7.5, as BGP peering relationships make this trivially exploitable by any established peer.
Denial Of Service
Null Pointer Dereference
Microsoft
Suse
-
CVE-2026-41587
HIGH
CVSS 8.6
Authenticated users with theme upload permission in CI4MS (CodeIgniter 4 CMS/ERP) versions 0.26.0.0 through 0.31.6.0 can achieve remote code execution by uploading a malicious ZIP archive containing PHP files. The theme installation routine writes arbitrary files-including executable PHP-directly into the web-accessible public/templates/ directory without extension filtering or content validation, enabling direct HTTP access to webshells. A proof-of-concept exploit is publicly available via the GitHub security advisory (GHSA-fw49-9xq4-gmx6), and the vendor has released a patched version 0.31.7.0 implementing strict file extension allowlists for the public directory.
PHP
RCE
File Upload
-
CVE-2026-41220
HIGH
CVSS 7.8
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183.
Privilege Escalation
Buffer Overflow
Memory Corruption
Microsoft
-
CVE-2026-40902
HIGH
CVSS 7.5
## Summary
The XLSX reader's `ColumnAndRowAttributes::readRowAttributes()` method reads row numbers from XML attributes without validating them against the spreadsheet maximum row limit (`AddressRange::MAX_ROW = 1,048,576`). An attacker can craft a minimal XLSX file (~1.6KB) containing a `<row r="9...
PHP
Denial Of Service
Python
-
CVE-2026-40863
HIGH
CVSS 7.5
## Summary
The SpreadsheetML XML reader (`Reader\Xml`) does not validate the `ss:Index` row attribute against the maximum allowed row count (`AddressRange::MAX_ROW = 1,048,576`). An attacker can craft a SpreadsheetML XML file with `ss:Index="999999999"` on a `<Row>` element, which inflates the inte...
PHP
Denial Of Service
Microsoft
-
CVE-2026-40560
HIGH
CVSS 7.5
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence.
Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence.
An ...
Information Disclosure
Request Smuggling
-
CVE-2026-38991
HIGH
CVSS 8.8
Remote code execution in Cockpit CMS 2.13.5 and earlier allows authenticated users with low privileges to execute arbitrary PHP code on the server. Attackers exploit a filter bypass in the Bucket component's _isFileTypeAllowed function by crafting filenames that evade extension validation, then renaming files to .php for execution. Public proof-of-concept exists (SSVC: poc). EPSS data unavailable, but CVSS 8.8 with network vector and low attack complexity indicates high exploitability once authenticated.
PHP
RCE
File Upload
-
CVE-2026-37555
HIGH
CVSS 7.5
An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was fixed with (sf_count_t) cast, but the WAV code path (line 235) and close path (line 167) were not. When samplesperblock (int) * blocks (int) exceeds INT_MAX, the 32-bit multiplication overflows before bein...
Buffer Overflow
Denial Of Service
Integer Overflow
Red Hat
Suse
-
CVE-2026-36837
HIGH
CVSS 7.5
TOTOLINK A3002RU V3 <= V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function.
Buffer Overflow
Stack Overflow
-
CVE-2026-35155
HIGH
CVSS 7.1
Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access.
Information Disclosure
Dell
-
CVE-2026-34965
HIGH
CVSS 8.7
Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP c...
PHP
RCE
Code Injection
-
CVE-2026-30769
HIGH
CVSS 7.8
Local privilege escalation in EnTech Taiwan TVicPort v4.0 (driver v5.2.1.0) allows authenticated low-privileged users to gain SYSTEM privileges via crafted IOCTL 0x80002008 requests to the TVicPort64.sys kernel driver. The vulnerability stems from improper input validation (CWE-20) in IOCTL handling. Publicly available exploit code exists (GitHub gist), enabling straightforward elevation of privileges on systems with the driver installed. SSVC assessment indicates total technical impact with no active exploitation reported, though the low attack complexity and available POC present significant risk to environments using this I/O port access driver.
Privilege Escalation
-
CVE-2026-7466
HIGH
CVSS 7.7
AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers can induce requests to the local AgentFlow API to lo...
RCE
Python
Code Injection
-
CVE-2026-7424
HIGH
CVSS 7.2
Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (permanent IP task freeze requiring hardware reset) b...
Denial Of Service
Integer Overflow
-
CVE-2026-7422
HIGH
CVSS 7.1
Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the device's own registered endpoints, because the loopback detection mechanism...
Authentication Bypass
-
CVE-2026-7420
HIGH
CVSS 7.4
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the pu...
Buffer Overflow
-
CVE-2026-7419
HIGH
CVSS 7.4
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly ava...
Buffer Overflow
-
CVE-2026-7418
HIGH
CVSS 7.4
A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly ...
Buffer Overflow
-
CVE-2026-7111
HIGH
CVSS 8.4
Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption.
The Parse, print, getline, and getline_all methods invoke registered callbacks (for example after_parse, before_print, or ...
Buffer Overflow
-
CVE-2026-6914
HIGH
CVSS 7.1
Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server.
This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior to...
Information Disclosure
Integer Overflow
-
CVE-2026-6849
HIGH
CVSS 8.8
Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection.
This issue affects Pardus OS My Computer: from <=0.7.5 before 0.8.0.
Command Injection
-
CVE-2026-5712
HIGH
CVSS 8.0
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.
Authentication Bypass
-
CVE-2026-5161
HIGH
CVSS 8.8
Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack.
This issue affects Pardus About: before v1.2.1.
Information Disclosure
-
CVE-2026-5141
HIGH
CVSS 8.8
Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process.
This issue affects Pardus Software Center: before 1.0.3.
Privilege Escalation
-
CVE-2026-5140
HIGH
CVSS 8.8
Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus allows Authentication Bypass.
This issue affects Pardus: from <=0.6.4 before 0.8.0.
Authentication Bypass
-
CVE-2026-0204
HIGH
CVSS 8.0
A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.
Information Disclosure
-
CVE-2025-50328
HIGH
CVSS 7.3
B1 Free Archiver v1.5.86 strips Mark of the Web (MotW) protections from files extracted from internet-downloaded archives, allowing untrusted executables to run without Windows Defender SmartScreen warnings. Attackers can deliver malware via email attachments or malicious downloads that, when extracted using this archiver, bypass Windows security prompts entirely. EPSS exploitation probability is minimal (0.01%) with no active exploitation or public POC identified, suggesting limited real-world targeting despite the 7.3 CVSS score and theoretical RCE capability.
Authentication Bypass
RCE
Microsoft
-
CVE-2026-42648
MEDIUM
CVSS 4.3
Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through <= 2.19.22.
Authentication Bypass
-
CVE-2026-42645
MEDIUM
CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Cross Site Request Forgery.This issue affects Barcode Scanner with Inventory & Order Manager: fr...
CSRF
-
CVE-2026-42644
MEDIUM
CVSS 5.3
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through <= 4.3.10.
Information Disclosure
-
CVE-2026-42643
MEDIUM
CVSS 5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP Image Widget image-widget allows Stored XSS.This issue affects Image Widget: from n/a through <= 4.4.11.
XSS
-
CVE-2026-42642
MEDIUM
CVSS 5.3
Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through <= 4.14.5.
Authentication Bypass
-
CVE-2026-42641
MEDIUM
CVSS 5.4
Server-Side Request Forgery (SSRF) vulnerability in ILLID Share This Image share-this-image allows Server Side Request Forgery.This issue affects Share This Image: from n/a through <= 2.14.
SSRF
-
CVE-2026-42525
MEDIUM
CVSS 4.3
Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.
Open Redirect
Microsoft
Jenkins
-
CVE-2026-42522
MEDIUM
CVSS 4.3
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea_d580c1a_b_a_ and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials.
Authentication Bypass
Jenkins
-
CVE-2026-42521
MEDIUM
CVSS 6.5
Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated, allowing attackers with Item/Configure ...
Information Disclosure
Deserialization
Jenkins
-
CVE-2026-42519
MEDIUM
CVSS 4.3
A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths.
Authentication Bypass
Jenkins
-
CVE-2026-42412
MEDIUM
CVSS 6.5
Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects WP User Frontend: from n/a through 4.3.1.
Authentication Bypass
-
CVE-2026-42237
MEDIUM
CVSS 5.3
SQL injection in n8n Snowflake and legacy MySQL v1 nodes allows authenticated users with workflow creation permissions to execute arbitrary SQL against connected databases by injecting malicious table names, column names, or update keys via expression inputs. This vulnerability affects n8n versions before 1.123.32, 2.17.4, and 2.18.1; successful exploitation enables data exfiltration, modification, or deletion. The flaw represents an incomplete fix to a prior SQL injection vulnerability (GHSA-f3f2-mcxc-pwjx) that already patched MySQL, PostgreSQL, and SQL Server nodes but overlooked the Snowflake node and legacy MySQL v1 implementation.
SQLi
-
CVE-2026-42233
MEDIUM
CVSS 5.3
SQL injection in n8n's Oracle Database node allows attackers to inject arbitrary SQL commands through the Limit field when user-controlled input is passed via expressions, enabling data exfiltration from connected Oracle databases. Exploitation requires a specific workflow configuration where external input (e.g., from webhooks) reaches the Limit field; authentication depends on the webhook's access controls. The vulnerability affects n8n versions prior to 1.123.32, 2.17.4, and 2.18.1, and vendor-released patches are available.
Code Injection
Oracle
-
CVE-2026-42230
MEDIUM
CVSS 5.1
Open redirect vulnerability in n8n's MCP OAuth consent flow allows unauthenticated attackers to register arbitrary redirect URIs and silently redirect users to attacker-controlled URLs when they deny OAuth consent. The `/mcp-oauth/register` endpoint lacks authentication and the `handleDeny` handler does not validate redirect destinations, enabling phishing attacks via crafted links. CVSS 4.7 (network-accessible, requires user interaction). Patches available: versions 1.123.32, 2.17.4, and 2.18.1 or later.
Open Redirect
-
CVE-2026-42229
MEDIUM
CVSS 5.3
SQL injection in n8n's SeaTable node allows remote unauthenticated attackers to bypass row-level access controls and retrieve unintended data from SeaTable databases when workflows accept user-controlled input via expressions in search or row retrieval parameters. The vulnerability affects n8n versions before 1.123.32, 2.17.4, and 2.18.1, and requires specific workflow configuration combining the SeaTable node with external user input passed through expressions. No public exploit code or active exploitation has been confirmed at time of analysis.
SQLi
-
CVE-2026-42228
MEDIUM
CVSS 6.3
n8n Chat Trigger's Hosted Chat feature fails to verify WebSocket connection authorization on the /chat endpoint, allowing unauthenticated remote attackers to hijack workflow executions in waiting state by obtaining the execution ID, intercept intended user prompts, and submit arbitrary input to influence downstream workflow behavior. This affects instances configured with authentication set to None. Vendor-released patches: versions 1.123.32, 2.17.4, and 2.18.1. No public exploit code identified at time of analysis.
Authentication Bypass
-
CVE-2026-42227
MEDIUM
CVSS 6.0
Insecure Direct Object Reference (IDOR) in n8n's public API variables endpoint allows authenticated users with variable:list API key scope to read project variables from any project regardless of membership by manipulating the projectId query parameter. The API handler bypassed project membership authorization checks present in the enterprise service layer, enabling cross-project secret disclosure. This affects only licensed enterprise or team deployments with multiple projects and variables feature enabled. Vendor-released patches: versions 1.123.32, 2.17.4, and 2.18.1.
Authentication Bypass
-
CVE-2026-42206
MEDIUM
CVSS 5.7
Roadiz OpenID Connect authentication fails to store and validate the nonce parameter, allowing attackers to replay valid ID tokens or inject tokens from compromised identity providers to impersonate users. The package generates a nonce during authorization request initiation but never validates the returned nonce claim in the ID token, violating OIDC Core 1.0 specification requirements. Publicly available proof-of-concept demonstrates token replay within the token's validity window, affecting all Roadiz applications using the roadiz/openid package versions before 2.7.18, 2.6.31, 2.5.45, or 2.3.43.
PHP
CSRF
-
CVE-2026-42052
MEDIUM
CVSS 6.0
During code logic analyis, an area that may lead to unintended behavior under specific conditions was discovered.
## Overview
- Verified Version: `80cd21554124da07d17a4f962c7d770a4f70d0f2`
- Vulnerability Type: Stored XSS
- Affected Location: `beetsplug/web/templates/index.html:42`
- Trigger Scena...
XSS
-
CVE-2026-41686
MEDIUM
CVSS 4.8
The `BetaLocalFilesystemMemoryTool` in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes (`0o666` for files, `0o777` for directories), leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive uma...
Information Disclosure
Docker
Node.js
-
CVE-2026-41671
MEDIUM
CVSS 6.8
## Summary
The OIDC token introspection endpoint (`/modules/sso/index.php/oidc/introspect`) always returns `{"active": true}` for every request, regardless of whether a valid token is provided, whether the token is expired, revoked, or completely fabricated. The endpoint performs no authentication ...
PHP
Authentication Bypass
-
CVE-2026-41662
MEDIUM
CVSS 5.2
Admidio 5.0.8 and earlier allows authenticated administrators to remove all other administrators from the system via Role::stopMembership(), which lacks a minimum-administrator-count validation check. Two colluding or compromised admin accounts can sequentially remove each other, leaving zero administrators and locking administrative access. The vulnerability requires high privileges (PR:H) and user interaction (UI:R) but results in complete denial of administrative access once exploited.
PHP
Authentication Bypass
Python
-
CVE-2026-41661
MEDIUM
CVSS 6.1
Reflected cross-site scripting (XSS) in Admidio's msg_window.php endpoint allows unauthenticated attackers to execute arbitrary JavaScript in any user's browser by exploiting incomplete output encoding. The vulnerability chains htmlspecialchars() (which does not encode square brackets) with a subsequent Language::prepareTextPlaceholders() call that converts brackets to angle brackets, producing executable HTML markup. Publicly available proof-of-concept demonstrates the attack requires only victim click (no authentication), and Admidio sets no Content-Security-Policy headers to block inline script execution.
PHP
XSS
-
CVE-2026-41658
MEDIUM
CVSS 6.5
Admidio inventory module allows any authenticated user to permanently delete inventory items and modify associated data by bypassing authorization checks present only in the UI layer. The backend handlers for item_delete, item_retire, item_reinstate, and picture operations validate CSRF tokens but never verify the requesting user is an inventory administrator, enabling destructive operations on any item visible to the user. This affects Admidio versions through 5.0.8, and no active exploitation has been reported at the time of analysis.
PHP
Authentication Bypass
CSRF
-
CVE-2026-41657
MEDIUM
CVSS 4.9
Admidio 5.0.8 and earlier allows user managers with rol_edit_user permission to bypass multi-tenant organization isolation and retrieve complete member directories across all organizations by directly calling the contacts_data.php endpoint with mem_show_filter=3, exploiting a permission check mismatch between the frontend UI (which correctly requires isAdministrator() and contacts_show_all setting) and the backend API endpoint (which only requires the weaker isAdministratorUsers() check). Affected data includes full names, email addresses, login names, UUIDs, and all configured profile fields from unauthorized organizations. This is confirmed actively exploited vulnerability with patch available in version 5.0.9.
PHP
Authentication Bypass
-
CVE-2026-41656
MEDIUM
CVSS 4.5
Path traversal in Admidio's document add mode allows authenticated attackers to register arbitrary server files into document folders via unvalidated `name` parameter, enabling arbitrary file read when combined with CSRF. A low-privileged user can trick a documents administrator into clicking a malicious link to register sensitive files like `install/config.php` (containing database credentials) into a publicly accessible documents folder, then download those files using the attacker's own session. The vulnerability chains insufficient input validation (accepts `../` sequences), missing CSRF protection on the `add` action, and `SameSite=Lax` cookies that permit cross-site GET requests from administrators.
PHP
Path Traversal
CSRF
-
CVE-2026-41655
MEDIUM
CVSS 6.5
Path traversal in Admidio ecard_preview.php allows authenticated users to read arbitrary server files including database credentials by bypassing filename validation on the ecard_template POST parameter. An authenticated attacker can supply path traversal payloads such as ../config.php to read adm_my_files/config.php containing unencrypted database host, username, and password, or traverse further to access system files. Exploitation requires only a regular member account with no special privileges, making this a high-impact vulnerability accessible to any registered user.
PHP
Path Traversal
-
CVE-2026-41499
MEDIUM
CVSS 6.5
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parse_uname_string() (remoted_op.c). This function processes OS identification data from agents ...
Buffer Overflow
Wazuh
-
CVE-2026-41484
MEDIUM
CVSS 5.3
### Summary
When exporting telemetry to a back-end/collector over HTTP using the OpenTelemetry.Exporter.OneCollector exporter, if the request results in a unsuccessful request (i.e. HTTP 4xx or 5xx), the response is read into memory with no upper-bound on the number of bytes consumed.
This could c...
Denial Of Service
-
CVE-2026-41483
MEDIUM
CVSS 5.9
### Summary
`OpenTelemetry.Resources.Azure` reads unbounded HTTP response bodies from the Azure VM remote instance metadata service endpoint into memory.
This would allow an attacker-controlled endpoint or one acting as a Man-in-the-Middle (MitM) to cause excessive memory allocation and possible p...
Denial Of Service
Microsoft
-
CVE-2026-41255
MEDIUM
CVSS 6.1
CKAN versions 2.10.0 through 2.10.9 and 2.11.0 through 2.11.4 allow unauthenticated requests to permanently disable CSRF protection on endpoints for the lifetime of the server process by triggering a state mutation in the flask-wtf CSRFProtect middleware. Combined with cross-site scripting, an attacker can exploit this to perform authenticated actions using other users' credentials. The vulnerability affects network-accessible CKAN instances with default configurations and has CVSS 6.1 with user interaction required.
XSS
Python
CSRF
-
CVE-2026-41132
MEDIUM
CVSS 6.6
CKAN fails to validate SMTP server certificates, allowing attackers to spoof the configured mail server with any certificate including self-signed ones and intercept SMTP credentials and email content via man-in-the-middle attack. Versions below 2.10.10 and 2.11.0 through 2.11.4 are affected. Vendor-released patches are available in CKAN 2.10.10 and 2.11.5.
Information Disclosure
-
CVE-2026-40230
MEDIUM
CVSS 4.8
Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc.This issue affects helpy: 2.8.0.
XSS
-
CVE-2026-40229
MEDIUM
CVSS 5.1
Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML notifica...
XSS
-
CVE-2026-38993
MEDIUM
CVSS 6.5
Cockpit CMS versions 2.13.5 and earlier allow authenticated attackers to write files to arbitrary locations within the uploads directory or overwrite assets via directory traversal in the Buckets component. The vulnerability requires valid user authentication and does not impact confidentiality, but enables integrity compromise through malicious file placement or asset replacement. A proof-of-concept exists, though the SSVC framework rates automatable exploitation as unlikely, suggesting manual attack steps are required.
Path Traversal
Red Hat
-
CVE-2026-28221
MEDIUM
CVSS 6.5
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in print_hex_string() in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintf(dst_buf...
Buffer Overflow
Stack Overflow
Wazuh
-
CVE-2026-27105
MEDIUM
CVSS 6.3
Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write
Information Disclosure
Dell
-
CVE-2026-26206
MEDIUM
CVSS 6.5
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security/user/authenticate can be bypassed by sending concurrent authentication requests. Although the config...
Authentication Bypass
Wazuh
-
CVE-2026-26204
MEDIUM
CVSS 4.4
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, resulting in writing a NULL byte exactly 1 byte before the start of the buffer allocated by strdup. Due ...
Buffer Overflow
Denial Of Service
Wazuh
-
CVE-2026-25852
MEDIUM
CVSS 6.7
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212.
Privilege Escalation
Microsoft
-
CVE-2026-23773
MEDIUM
CVSS 4.3
Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.
SSRF
Dell
-
CVE-2026-22745
MEDIUM
CVSS 5.3
Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources.
More precisely, an application can be vulnerable when all the following are true:
* the application is using Spring MVC or Spring WebFlux
* the application is serving static reso...
Denial Of Service
Java
Microsoft
Red Hat
-
CVE-2026-22740
MEDIUM
CVSS 6.5
A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space.
Older, unsupported versions are al...
Denial Of Service
Red Hat
-
CVE-2026-21023
MEDIUM
CVSS 6.9
Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local attackers to modify the installation restriction of specific application.
Information Disclosure
-
CVE-2026-7443
MEDIUM
CVSS 5.5
A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzz_domain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched r...
Command Injection
-
CVE-2026-7439
MEDIUM
CVSS 4.8
AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boundary enforcement on sensitive operations. Attackers can exploit this content-type validation weakness...
Information Disclosure
-
CVE-2026-7426
MEDIUM
CVSS 6.1
Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by sending a crafted Router Advertisement with a prefix length value exceeding the maximum valid length...
Buffer Overflow
Memory Corruption
-
CVE-2026-7425
MEDIUM
CVSS 6.0
Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service (device crash) by sending a crafted Router Advertisement with a truncated PREFIX_INFORMATION option that is smalle...
Buffer Overflow
Denial Of Service
Information Disclosure
-
CVE-2026-7423
MEDIUM
CVSS 6.0
Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service (device crash) when outgoing ping support is enabled, because header sizes are subtracted from a packet length field without validat...
Buffer Overflow
Denial Of Service
Integer Overflow
-
CVE-2026-7417
MEDIUM
CVSS 5.5
A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhs_publish_content of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument media_paths results in server-side request forgery. The attack may be initiated remotely....
SSRF
-
CVE-2026-7416
MEDIUM
CVSS 5.5
OS command injection in PolarVista xcode-mcp-server 1.0.0 allows remote unauthenticated attackers to execute arbitrary system commands via crafted MCP requests to the build_project or run_tests functions. The vulnerability stems from insufficient input validation in src/index.ts when processing Request parameters. A publicly available exploit code exists (GitHub), and the vendor has not responded to early vulnerability disclosure attempts, leaving users without an official patch. EPSS data not available, but public exploit combined with network-accessible attack vector (CVSS AV:N/AC:L/PR:N) indicates elevated real-world risk for exposed instances.
Command Injection
-
CVE-2026-7404
MEDIUM
CVSS 5.5
Path traversal in mcpo-simple-server 0.2.0 and earlier enables unauthenticated remote attackers to delete arbitrary files via the delete_shared_prompt function. The vulnerability affects the prompt_manager module's base_manager.py file, where improper validation of the 'detail' parameter allows directory traversal sequences. A public proof-of-concept exploit exists (GitHub issue #4), making this an immediate threat to internet-exposed instances. EPSS data not available, but the combination of network exploitability (AV:N), no authentication required (PR:N), and public POC significantly elevates real-world risk despite moderate CVSS 7.3 score. Vendor has not responded to early disclosure.
Path Traversal
-
CVE-2026-7403
MEDIUM
CVSS 5.5
Path traversal in geldata gel-mcp 0.1.0 allows remote unauthenticated attackers to read arbitrary files via manipulation of the rule_name argument in the list_rules and fetch_rule functions. The vulnerability has a CVSS score of 5.3 (Low confidentiality impact) with network accessibility and no authentication requirements. Public exploit code exists and the vendor has not responded to early disclosure.
Path Traversal
-
CVE-2026-7400
MEDIUM
CVSS 5.5
A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function is_path_allowed of the file server.py of the component read_file_tool/write_file_tool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit has...
Path Traversal
-
CVE-2026-7398
MEDIUM
CVSS 5.5
A weakness has been identified in florensiawidjaja BioinfoMCP up to 7ada7918b9e515604d3c0ae264d3a9af10bf6e54. This vulnerability affects the function Upload of the file bioinfo_mcp_platform/app.py of the component Upload Endpoint. This manipulation of the argument Name causes path traversal. The att...
Path Traversal
-
CVE-2026-7396
MEDIUM
CVSS 5.5
A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Adapter. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The ...
Path Traversal
-
CVE-2026-7389
MEDIUM
CVSS 5.5
A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of the argument sort_asc leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and ...
PHP
SQLi
-
CVE-2026-7386
MEDIUM
CVSS 5.5
A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affected is an unknown function of the file src/mail_mcp_server.py. Executing a manipulation of the argument message_ids can lead to path traversal. The attack can be executed remotely. The exploit has been published and may be used. Up...
Path Traversal
-
CVE-2026-7384
MEDIUM
CVSS 5.5
A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function search_papers of the file research_server.py. Performing a manipulation of the argument topic results in path traversal. Remote exploitati...
Path Traversal
-
CVE-2026-6915
MEDIUM
CVSS 5.3
An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account.
Information Disclosure
Red Hat
-
CVE-2026-4019
MEDIUM
CVSS 5.3
The Complianz - GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/complianz/v1/consent-area/{post_id}/{block_id} using __return_true as the permission_callback, allowing...
WordPress
Authentication Bypass
-
CVE-2026-2902
MEDIUM
CVSS 6.1
The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'frontend_rewrite' function's 'WPMETEOR[N]WPMETEOR' placeholder content in all versions up to, and including, 3.4.16 due to insufficient input sanitization and output escaping. Th...
WordPress
XSS
-
CVE-2026-2810
MEDIUM
CVSS 6.8
Netskope was notified about a potential gap in the Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow an unprivileged user to trigger an out-of-bounds read within a driver, leading to a Blue-Screen-of-Death (BSOD). Successful expl...
Buffer Overflow
Information Disclosure
Microsoft
-
CVE-2026-1858
MEDIUM
CVSS 4.8
GNU wget2 incorrectly validates TLS server certificates, accepting certificates with improper Key Usage (KU) or Extended Key Usage (EKU) attributes. This allows attackers who have compromised certificates issued for non-server purposes to impersonate legitimate servers in TLS connections, enabling man-in-the-middle attacks that leak sensitive information such as authentication credentials or request/response data.
Information Disclosure
-
CVE-2026-0206
MEDIUM
CVSS 4.9
A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.
Buffer Overflow
Stack Overflow
-
CVE-2026-0205
MEDIUM
CVSS 6.8
A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.
Path Traversal
-
CVE-2025-56537
MEDIUM
CVSS 6.1
A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the virtual network template parameter.
XSS
-
CVE-2025-56536
MEDIUM
CVSS 6.1
A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter.
XSS
-
CVE-2025-56535
MEDIUM
CVSS 6.1
A cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter.
XSS
-
CVE-2025-56534
MEDIUM
CVSS 6.1
A cross-site scripting (XSS) vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
XSS
-
CVE-2025-10503
MEDIUM
CVSS 6.1
The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting.
An attacker can leverage this vulnerabilit...
XSS
-
CVE-2026-41663
LOW
CVSS 3.5
## Summary
Several administrative operations in Admidio's preferences module (database backup, test email, htaccess generation) fire via GET requests with no CSRF token validation. Because `SameSite=Lax` cookies travel with top-level GET navigations, an attacker forces an authenticated admin to tri...
PHP
CSRF
-
CVE-2026-41659
LOW
CVSS 2.7
Admidio members_assignment_data.php endpoint leaks hidden profile field values through a blind search oracle attack. Role leaders with ROLE_LEADER_MEMBERS_ASSIGN permissions can infer exact values of hidden PII fields (birthdays, street addresses, cities, postal codes, countries) by observing which users appear in search results, despite these fields being suppressed from JSON output. The vulnerability affects Admidio versions up to 5.0.8 and is fixed in 5.0.9.
PHP
Information Disclosure
Oracle
-
CVE-2026-22741
LOW
CVSS 3.1
Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.
More precisely, an application can be vulnerable when all the following are true:
* the application is using Spring MVC or Spring WebFlux
* the application is configuring the resource cha...
Denial Of Service
Java
-
CVE-2026-7445
LOW
CVSS 2.1
Path traversal in ZMCPTools up to version 0.2.2 allows authenticated remote attackers to read or manipulate files outside intended directories via the dirname argument in the MCP Log Resource Handler component. The vulnerability is exploitable over the network by authenticated users with low privileges, has publicly available exploit code, and carries a CVSS score of 2.1 reflecting low confidentiality and integrity impact with no scope expansion.
Path Traversal
-
CVE-2026-7410
LOW
CVSS 2.1
SQL injection in SourceCodester Pizzafy Ecommerce System 1.0 allows authenticated remote attackers to execute arbitrary SQL commands via the pid parameter in /admin/ajax.php?action=add_to_cart, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has publicly available exploit code and may be actively exploited.
PHP
SQLi
-
CVE-2026-7409
LOW
CVSS 2.0
SQL injection in SourceCodester Pizzafy Ecommerce System 1.0 allows authenticated remote attackers with high privileges to manipulate the save_user function in /admin/ajax.php via crafted input, enabling data exfiltration and modification. The vulnerability requires administrative credentials, has publicly available exploit code, and poses moderate risk (CVSS 4.7) primarily to systems where admin accounts are compromised or weak.
PHP
SQLi
-
CVE-2026-7408
LOW
CVSS 2.0
SQL injection in SourceCodester Pizzafy Ecommerce System 1.0 allows authenticated high-privilege attackers to manipulate the save_menu function via the /admin/ajax.php endpoint, enabling database queries with limited confidentiality and integrity impact. The vulnerability requires administrative credentials and carries a moderate CVSS score of 4.7; publicly available exploit code exists but active exploitation at scale has not been confirmed.
PHP
SQLi
-
CVE-2026-7407
LOW
CVSS 2.0
SQL injection in SourceCodester Pizzafy Ecommerce System 1.0 allows authenticated high-privilege users to manipulate the save_settings function via the /pizzafy/admin/ajax.php endpoint, enabling database query modification with confidentiality, integrity, and availability impact. The vulnerability requires high-level authentication and is not remotely exploitable by unauthenticated attackers despite network-accessible endpoint; publicly available exploit code exists and the vulnerability has been disclosed.
PHP
SQLi
-
CVE-2026-7401
LOW
CVSS 2.1
A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=register of the component Registration. The manipulation of the argument student_id/full_name/section/username results i...
PHP
XSS
-
CVE-2026-7397
LOW
CVSS 1.9
A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function _check_sensitive_path of the file tools/file_tools.py. The manipulation results in symlink following. Attacking locally is a requirement. The exploit has been released to the public and may be used for ...
Information Disclosure
-
CVE-2026-7394
LOW
CVSS 2.0
A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/view_order.php of the component GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may be...
PHP
SQLi
-
CVE-2026-7393
LOW
CVSS 2.0
A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function save_menu of the file /admin/admin_class_novo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be car...
PHP
File Upload
-
CVE-2026-7392
LOW
CVSS 2.1
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function delete_supplier of the file /ajax.php?action=delete_supplier. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been dis...
PHP
SQLi
-
CVE-2026-7391
LOW
CVSS 2.1
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function save_supplier of the file /ajax.php?action=save_supplier. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publishe...
PHP
SQLi
-
CVE-2026-7390
LOW
CVSS 2.0
A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is now p...
PHP
XSS
-
CVE-2026-7388
LOW
CVSS 2.0
A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been mad...
PHP
RCE
Code Injection