Skip to main content
CVE-2026-7926 HIGH PATCH This Week

Remote code execution in Google Chrome prior to version 148.0.7778.96 allows attackers to execute arbitrary code within the browser's sandbox by exploiting a use-after-free vulnerability in the Presentation API through a specially crafted HTML page. User interaction is required (visiting a malicious webpage). EPSS data not available for this recent CVE. No public exploit confirmed at time of analysis, though the vulnerability has been patched by Google in the stable channel release.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7921 HIGH PATCH This Week

Remote code execution in Google Chrome prior to 148.0.7778.96 enables attackers to execute arbitrary code by exploiting a use-after-free vulnerability in the Passwords component through a malicious HTML page. User interaction (visiting the crafted page) is required. CVSS score of 8.8 reflects network-based attack requiring no authentication but requiring user interaction, with high impact to confidentiality, integrity, and availability. Vendor patch available in Chrome 148.0.7778.96. No public exploitation confirmed at time of analysis.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7907 HIGH PATCH This Week

Remote code execution within Chrome's sandbox affects all versions prior to 148.0.7778.96 via crafted HTML pages exploiting a use-after-free vulnerability in DOM handling. Remote unauthenticated attackers can achieve arbitrary code execution with high integrity and confidentiality impact by convincing users to visit a malicious webpage. Vendor patch released (Chrome 148.0.7778.96). No confirmed active exploitation (not in CISA KEV), but the low attack complexity (AC:L) and publicly disclosed bug tracker entry (Chromium issue 496292089) increase exploitation risk. EPSS data not provided but RCE in widely-deployed browser warrants immediate patching despite sandbox containment limiting full system compromise.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7906 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.96 allows attackers to execute arbitrary code within the browser's sandbox through a use-after-free vulnerability in SVG rendering. User interaction (visiting a malicious webpage) is required, but no authentication is needed. Vendor-released patch available in Chrome 148.0.7778.96. No public exploit identified at time of analysis, though CVSS score of 8.8 reflects high impact if successfully exploited.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7902 HIGH PATCH This Week

Remote code execution within Chrome's V8 sandbox affects all versions prior to 148.0.7778.96 when users visit malicious web pages. The out-of-bounds memory access vulnerability in V8 JavaScript engine enables arbitrary code execution with user interaction (visiting crafted HTML), rated high severity by Chromium team. EPSS and KEV data not available, but Google confirmed the vulnerability and released patches. Attack complexity is low (CVSS AC:L) with no authentication required, making this exploitable at scale once proof-of-concept becomes public.

RCE Google Memory Corruption Buffer Overflow Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7901 HIGH PATCH This Week

Remote code execution in Google Chrome for macOS (versions prior to 148.0.7778.96) allows attackers to execute arbitrary code within the browser's sandbox by exploiting a use-after-free vulnerability in the ANGLE graphics library through a malicious HTML page. The vulnerability requires user interaction (visiting a crafted webpage) but can be exploited remotely without authentication. Google has released Chrome 148.0.7778.96 to address this high-severity memory corruption issue, which affects the confidentiality, integrity, and availability of sandboxed browser processes.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7899 HIGH PATCH This Week

Out-of-bounds memory access in Chrome's V8 JavaScript engine enables remote code execution within the browser sandbox when users visit malicious websites. Affects all Chrome versions prior to 148.0.7778.96 across Windows, macOS, and Linux. Google released patches in the stable channel update (build 148.0.7778.96) per May 2026 advisory. No active exploitation confirmed at time of analysis, but CVSS 8.8 indicates high severity and the vulnerability requires only user interaction (visiting a crafted webpage) with no authentication needed.

Google Information Disclosure RCE Buffer Overflow Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7898 HIGH PATCH This Week

Remote code execution in Google Chrome's Chromoting component (remote desktop feature) on Linux allows unauthenticated attackers to execute arbitrary code through specially crafted network packets when a user interacts with a malicious remote desktop session. Fixed in Chrome 148.0.7778.96. Vendor rates severity as Critical. No public exploit code identified at time of analysis, but the use-after-free class (CWE-416) is well-understood and exploitable. CVSS 8.8 reflects network attack vector with low complexity requiring only user interaction, enabling full system compromise (high confidentiality, integrity, and availability impact).

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8016 HIGH PATCH This Week

Remote code execution within Chrome's sandbox allows arbitrary code execution via a malicious HTML page exploiting a use-after-free vulnerability in WebRTC. Affects Chrome versions prior to 148.0.7778.96. Despite high CVSS 8.8 scoring and RCE capability, exploitation requires user interaction (visiting a crafted page) and is confined to Chrome's sandbox, limiting system-level impact. Vendor patch released in Chrome 148.0.7778.96. No evidence of active exploitation (not in CISA KEV) or public POC at time of analysis, though Chromium security team rated this as Low severity internally, suggesting limited real-world exploitability despite the technical impact.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7988 HIGH PATCH This Week

Remote code execution in Google Chrome's WebRTC implementation (versions prior to 148.0.7778.96) allows attackers to execute arbitrary code within the browser sandbox through a malicious HTML page exploiting type confusion in WebRTC. Patch available via Chrome 148.0.7778.96. Requires user interaction (visiting crafted page) but no authentication. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability within sandbox constraints. No confirmed active exploitation or public POC identified at time of analysis.

Memory Corruption Google RCE Red Hat Suse +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7987 HIGH PATCH This Week

Remote code execution in Google Chrome's WebRTC component (versions prior to 148.0.7778.96) allows attackers to execute arbitrary code within the browser's sandbox by exploiting a use-after-free memory corruption vulnerability via a malicious HTML page. While sandboxed, successful exploitation achieves high confidentiality, integrity, and availability impact within the renderer process. EPSS data unavailable; not listed in CISA KEV, indicating no confirmed widespread exploitation at time of analysis. Vendor patch released as Chrome 148.0.7778.96.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7980 HIGH PATCH This Week

Remote code execution in Google Chrome's WebAudio implementation (versions before 148.0.7778.96) allows attackers to execute arbitrary code within the browser sandbox by exploiting a use-after-free vulnerability through a malicious HTML page. The vulnerability requires user interaction (visiting a crafted page) but no authentication. Google has released Chrome 148.0.7778.96 to address this issue. EPSS data not available; no KEV listing or public POC identified at time of analysis, suggesting limited real-world exploitation observed despite the high CVSS score.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7928 HIGH PATCH This Week

Remote code execution in Google Chrome for Windows below version 148.0.7778.96 allows unauthenticated attackers to execute arbitrary code within Chrome's sandbox via specially crafted HTML pages exploiting a use-after-free vulnerability in the WebRTC implementation. CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability. EPSS data not provided, but Google's 'High' severity classification and immediate patch release indicate active concern. No CISA KEV listing or public POC identified at time of analysis, though the vulnerability is already patched.

Denial Of Service Microsoft Use After Free Memory Corruption RCE +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7973 HIGH PATCH This Week

Integer overflow in Chrome's Dawn graphics API (WebGPU) enables sandbox escape on Windows systems when users visit attacker-controlled web pages. Affects all Chrome versions prior to 148.0.7778.96 on Windows platforms. Vendor-released patch available in Chrome 148.0.7778.96 (confirmed by Google Stable Channel release). CVSS 8.8 reflects high impact but requires user interaction. No public exploit code or CISA KEV listing identified at time of analysis, indicating targeted or proof-of-concept stage exploitation risk rather than widespread active exploitation.

Microsoft Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7903 HIGH PATCH This Week

Integer overflow in Chrome's ANGLE graphics layer (Mac/Windows) enables heap corruption via malicious web pages. Remote attackers can achieve arbitrary code execution by tricking users into visiting crafted HTML content. Google patched this in Chrome 148.0.7778.96, marking it high severity. Users must interact with the malicious page, but no authentication is required. EPSS data not available; no CISA KEV listing indicates exploitation not yet confirmed in the wild, though the Chromium bug tracker may contain additional context.

Microsoft Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7896 HIGH PATCH This Week

Heap corruption in Google Chrome prior to 148.0.7778.96 allows remote attackers to execute arbitrary code via a maliciously crafted HTML page exploiting an integer overflow in the Blink rendering engine. The vulnerability requires user interaction (visiting a malicious webpage) but no authentication, enabling drive-by attacks against default Chrome installations. Google has assigned this a Critical severity rating and released version 148.0.7778.96 to address the issue. No active exploitation (CISA KEV) or public POC has been identified at time of analysis, though the technical details are publicly documented in the Chromium issue tracker.

Buffer Overflow Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-42550 HIGH PATCH GHSA This Week

SQL injection in Flight PHP framework's SimplePdo database helpers allows privilege escalation through crafted array keys. Applications forwarding user-controlled request data shapes to insert(), update(), or delete() methods enable remote authenticated attackers to inject arbitrary SQL, create administrative accounts, modify sensitive columns, or exfiltrate data. Vendor-released patch in version 3.18.1 validates identifiers with safe-identifier regex. Publicly available proof-of-concept demonstrates privilege escalation via malicious JSON request keys. Researcher @Rootingg discovered and reported through GitHub Security Advisory GHSA-xwqr-rcqg-22mr.

Privilege Escalation PHP SQLi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-43283 HIGH PATCH This Week

Improper DMA buffer unmapping in the Linux kernel ec_bhf Ethernet driver allows local authenticated attackers with low privileges to trigger memory corruption, potentially achieving arbitrary code execution, information disclosure, or denial of service with container escape capability (scope change). The vulnerability exists in error path handling where dma_free_coherent() receives the wrong DMA handle parameter (alloc_len instead of alloc_phys), causing incorrect buffer unmapping. Patches available across multiple stable kernel versions (5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0). EPSS score of 0.02% (7th percentile) indicates very low probability of exploitation in the wild, and no public exploit identified at time of analysis.

Information Disclosure Linux Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-43232 HIGH PATCH This Week

Use-after-free in Linux kernel farsync driver allows remote code execution when FarSync T-series WAN cards are detached while tasklets remain active. The vulnerability occurs when fst_tx_task or fst_int_task continue executing after fst_card_info is freed in fst_remove_one(), causing the kernel to access deallocated memory. Despite the CVSS 8.8 score with network vector, the EPSS score is extremely low (0.02%, 7th percentile), suggesting minimal real-world exploitation likelihood. No active exploitation confirmed (not in CISA KEV). Patches available across multiple stable kernel versions (5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0).

Information Disclosure Linux Memory Corruption Use After Free Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-43187 HIGH PATCH This Week

Data loss and memory corruption in Linux kernel XFS filesystem implementation allows authenticated users with ability to set extended attributes to corrupt xattr leaf blocks and overwrite entries array. The vulnerability stems from improper freemap management when xattr entries array expands, leaving zero-length freemap entries with nonzero base values that can overlap with legitimate freemap entries. Subsequent setxattr operations can allocate namevalue entries on top of the entries array, leading to filesystem data loss. EPSS score of 0.02% suggests low widespread exploitation probability, and no active exploitation is confirmed (not in CISA KEV). Patches are vendor-released for stable kernel versions 5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, and mainline 7.0.

Information Disclosure Linux Integer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-43158 HIGH PATCH This Week

Memory corruption in Linux kernel XFS filesystem allows authenticated users with write access to trigger kernel assertion failures and system shutdowns via crafted extended attribute operations. The vulnerability stems from incorrect freemap adjustment logic when adding xattrs to leaf blocks, causing the entries array and free space tracking to claim overlapping memory regions. This results in firstused pointer corruption where the name area starts below the end of the entries array. Vendor-released patches are available across multiple stable kernel branches (5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0). Low EPSS score (0.02%, 7th percentile) and no CISA KEV listing indicate no widespread exploitation observed, though the high CVSS 8.8 reflects severe impact on availability and potential for data corruption in XFS filesystems.

Linux Memory Corruption Buffer Overflow
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-43172 HIGH PATCH This Week

Array bounds overflow in Linux kernel iwlwifi driver for Intel 22000 series wireless chipsets allows adjacent network attackers to achieve arbitrary memory corruption leading to code execution, privilege escalation, or denial of service. The vulnerability stems from insufficient validation of firmware-reported LMAC (Lower MAC) counts in SMEM parsing code, where malicious or corrupted firmware reporting three LMACs (exceeding the hardware-supported two) triggers out-of-bounds array access in fwrt->smem_cfg.lmac[2]. Patches available for kernel 6.18.16, 6.19.6, and mainline 7.0. EPSS exploitation probability is low (0.02%, 5th percentile) with no public exploits or CISA KEV listing, but CVSS 8.8 reflects high impact if exploited through compromised WiFi firmware or adjacent network position.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-7940 HIGH PATCH This Week

Use-after-free in Chrome's V8 JavaScript engine enables remote code execution inside the sandbox when users install a malicious extension. Google Chrome versions prior to 148.0.7778.96 are vulnerable to arbitrary code execution through specially crafted Chrome Extensions exploiting memory corruption in V8. CVSS rates this 8.8 (High) with network attack vector requiring user interaction. Vendor-released patch available in Chrome 148.0.7778.96 per Google's May 2026 stable channel update. EPSS and KEV data not provided; exploitation requires social engineering to install malicious extension, limiting automated exploitation scenarios.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-43249 HIGH PATCH This Week

Double-free memory corruption in Linux kernel's Xen 9P filesystem driver (9p/xen) allows adjacent network attackers to crash the kernel or potentially execute arbitrary code. The xenwatch thread racing with back-end state changes triggers use-after-free during teardown of xen_9pfs_front_free(), causing general protection faults. Vendor patches available for mainline 7.0 and stable branches 6.19.6, 6.18.16, and 6.12.75. EPSS score of 0.02% (5th percentile) suggests low exploitation probability in the wild; no public exploit or CISA KEV listing at time of analysis.

Canonical Denial Of Service Linux Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-43239 HIGH PATCH This Week

Race condition in Linux kernel SMB client allows concurrent query interface work items to corrupt network interface state. Affects mainline Linux kernel and stable branches 6.6.x through 7.0. Exploitation requires user interaction (likely mounting/accessing SMB shares) but enables remote attackers to achieve high confidentiality, integrity, and availability impacts. Vendor patches available across multiple stable kernel branches (6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0). EPSS exploitation probability extremely low (0.02%, 5th percentile), no active exploitation confirmed, POC status unknown.

Information Disclosure Linux Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-43215 HIGH PATCH This Week

A race condition in the Linux kernel CIFS (Common Internet File System) implementation allows attackers to exploit improper locking of tcon (tree connection) fields, potentially achieving high confidentiality, integrity, and availability impact. The vulnerability stems from legacy use of cifs_tcp_ses_lock instead of the more granular tc_lock for protecting tcon structure fields, creating synchronization gaps that could be exploited through crafted SMB operations requiring user interaction. Vendor patches are available across multiple stable kernel branches (6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0), with EPSS indicating low exploitation probability (0.02%, 5th percentile) and no confirmed active exploitation at time of analysis.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-43113 HIGH PATCH This Week

Out-of-bounds array indexing in Linux kernel's wl1251 wireless driver allows adjacent network attackers to achieve high-impact memory corruption without authentication. The wl1251_tx_packet_cb() function uses untrusted firmware completion IDs directly to index a fixed 16-entry tx_frames array without bounds validation, enabling attackers on the same wireless network segment to read/write arbitrary kernel memory. Vendor patches available across multiple stable kernel branches (6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0). EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability, and no active exploitation or public POC identified. However, CVSS 8.8 reflects genuine risk for systems with wl1251 hardware on untrusted networks.

Linux Null Pointer Dereference Denial Of Service
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-43112 HIGH PATCH This Week

Out-of-bounds read in Linux kernel CIFS client allows network attackers to achieve high-severity impacts including potential code execution, information disclosure, or denial of service when users access maliciously crafted SMB shares. The vulnerability resides in cifs_sanitize_prepath() which improperly handles empty strings or delimiter-only paths, triggering memory access violations confirmed via AddressSanitizer testing. Vendor patches available across multiple stable kernel branches (6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0). EPSS score of 0.02% (5th percentile) indicates low predicted exploitation probability despite high CVSS 8.8, and no active exploitation or public POC identified at time of analysis.

Buffer Overflow Linux Information Disclosure
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-43110 HIGH PATCH This Week

Adjacent network attackers can achieve remote code execution, information disclosure, or denial of service against Linux systems using Broadcom FullMAC wireless drivers by sending malicious WiFi interface events with out-of-bounds bsscfg indices. The brcmfmac driver's firmware event handler fails to validate array indices before accessing the driver's interface list, enabling memory corruption attacks. Vendor patches are available across multiple stable kernel branches (6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0). EPSS exploitation probability is low (0.02%, 5th percentile) and no active exploitation or public POC is identified at time of analysis, but the adjacent network attack vector and high impact warrant priority patching for systems with Broadcom WiFi hardware.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-42503 HIGH PATCH This Week

Adjacent network code execution in gopls language server occurs when developers use debugging flags -listen or -port without explicit host specification. The Go language server (gopls) binds to all network interfaces (0.0.0.0) instead of localhost when these debugging flags are used, enabling unauthenticated remote code execution from adjacent network attackers. No public exploit identified at time of analysis, though the attack vector is straightforward for developers who enable network debugging in shared network environments like coffee shops or corporate LANs. EPSS data not available for this recent CVE.

Information Disclosure Golang Org X Tools Gopls
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-43176 HIGH PATCH This Week

Improper validation in the rtw89 PCI WiFi driver allows adjacent network attackers to trigger kernel crashes via malformed TX release reports on RTL8922DE wireless chipsets. The vulnerability stems from insufficient content validation of release reports before use, which can cause kernel panics when malformed SKB (socket buffer) release reports are processed. EPSS score of 0.02% and absence from CISA KEV suggest limited real-world exploitation, though the 8.8 CVSS reflects the potential for complete system compromise via adjacent network access without authentication. Patches available across multiple stable kernel branches (6.18.16, 6.19.6, 7.0).

Denial Of Service Linux Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-42559 HIGH POC PATCH GHSA This Week

DNS rebinding in rmcp Rust crate allows malicious websites to control local MCP servers and achieve arbitrary code execution through exposed developer tools. Fixed in version 1.4.0 via Host header validation with loopback-only default allowlist. The vulnerability affects Streamable HTTP server transport only (stdio and child-process transports unaffected). Vendor-released patch available (PR #764, commit 8e22aa2). Similar vulnerabilities patched across TypeScript, Python, Go, and Java MCP SDKs indicate coordinated disclosure. CVSS 8.8 (network vector, low complexity, requires user interaction) reflects browser-mediated attack requiring victim to visit attacker site.

Python RCE Java Nginx
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-31951 HIGH This Week

Command injection in HCL BigFix RunBookAI 11.2 allows authenticated remote attackers to execute arbitrary operating system commands. The vulnerability stems from unvalidated input handling in a component that processes commands, enabling command smuggling techniques to bypass input validation. HCL has released a vendor advisory (KB0130444) addressing this issue, which poses significant risk given the product's role in IT automation and runbook orchestration across enterprise environments.

Command Injection Bigfix Runbookai
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-44307 HIGH PATCH GHSA This Week

Path traversal in Mako Templates (Python library) on Windows platforms allows attackers to read arbitrary files outside configured template directories via backslash-based directory traversal sequences. Affects Mako versions ≤1.3.11 when applications accept user-controlled template names on Windows systems. Vendor-released patch available in version 1.3.12 (confirmed by GitHub commit 72e10c5). No public exploit code identified at time of analysis, though exploitation conditions are straightforward when prerequisites are met.

Python Microsoft Path Traversal Suse Red Hat
NVD GitHub
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-43584 HIGH PATCH GHSA This Week

Environment variable injection in OpenClaw before 2026.4.10 allows authenticated remote attackers to hijack interpreter execution behavior through insufficient filtering of high-risk startup variables (VIMINIT, EXINIT, LUA_INIT, HOSTALIASES). The vulnerability enables code execution by manipulating how downstream interpreters (Vim, ex, Lua) initialize and resolve hostnames. Patched in version 2026.4.10 following coordinated disclosure by Tencent zhuque Lab. No public exploit identified at time of analysis, though CVSS 8.7 reflects network-exploitable attack surface with low complexity requiring only low-privilege authentication.

Information Disclosure Openclaw
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-44115 HIGH PATCH This Week

Shell expansion injection in OpenClaw's exec allowlist validation allows authenticated attackers to bypass command approval controls and execute arbitrary system commands. The vulnerability affects OpenClaw versions prior to 2026.4.22 through improper parsing of unquoted heredoc bodies, where shell expansion tokens ($VAR, $(), etc.) are treated as literal text during allowlist analysis but expanded at runtime. This enables attackers to embed unapproved commands within ostensibly safe allowlisted commands. VulnCheck disclosed this vulnerability, and a proof-of-concept fix commit is publicly available. CVSS 8.7 reflects high impact across confidentiality, integrity, and availability with low attack complexity.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-44232 HIGH PATCH GHSA This Week

The dssrf Node.js library (versions < 1.3.0) allows Server-Side Request Forgery (SSRF) protection bypass through IPv6 addresses targeting internal resources. Attackers can craft HTTP requests using IPv6 loopback (::1), unique local addresses (fc00::/7), link-local addresses (fe80::/10), IPv4-mapped IPv6 addresses (::ffff:127.0.0.1, ::ffff:169.254.169.254), NAT64 prefixes, and other IPv6 categories to access internal services, cloud metadata endpoints (IMDS), and private networks that the library was explicitly designed to block. The vulnerability directly contradicts dssrf documentation claiming IPv6 is disabled entirely, and a publicly available exploit code (POC) demonstrates all affected IPv6 categories. Patch available in version 1.3.0.

SSRF Node.js
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-6210 HIGH PATCH This Week

Type confusion in Qt SVG renderer allows remote denial of service through malicious SVG images. Attackers can craft SVG files with self-referencing marker elements that trigger out-of-bounds heap reads and infinite recursion, crashing applications that parse the SVG. Affects Qt 6.7.0-6.8.7 and 6.9.0-6.11.0. Vendor patch available via code review platform. CVSS 8.7 reflects network delivery vector with no authentication required, though actual exploitation requires victim to open or render the crafted SVG file.

Denial Of Service Memory Corruption Suse Red Hat
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-42844 HIGH PATCH GHSA This Week

Privilege escalation in Grav CMS 2.0.0-beta.2 allows authenticated API users with minimal media.write permissions to fabricate super-admin accounts via arbitrary YAML file upload. The /api/v1/blueprint-upload endpoint accepts attacker-controlled destination and scope parameters that, when combined with specific values (destination=self@: and scope=users/anything), write files directly into user/accounts/. Because Grav parses YAML files in this directory as authoritative user accounts and accepts plaintext passwords on first login, attackers craft a new account with api.super privileges, then authenticate as that account to gain full administrative control. Publicly available exploit code exists (detailed PoC in vendor advisory). Vendor-released patch restricts accounts directory uploads to image-only extensions and blocks config-bearing file types (YAML, JSON, Twig) across all blueprint-upload targets.

Privilege Escalation PHP RCE
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-33079 HIGH PATCH GHSA This Week

Regular Expression Denial of Service in mistune's link title parser enables attackers to freeze Python applications with 58-byte Markdown payloads. The LINK_TITLE_RE regex in mistune 3.0.0a1 through 3.2.0 exhibits catastrophic backtracking (O(2^N) time complexity) when parsing link titles with repeated escaped punctuation patterns, blocking a parser thread for approximately 6 seconds on modern hardware with exponential growth per additional byte pair. Publicly available exploit code exists (demonstrated in the GitHub advisory with working PoC), enabling trivial weaponization against web applications, documentation systems, Jupyter tooling, and API endpoints that process user-supplied Markdown. CVSS 8.7 (CVSS:4.0/AV:N/AC:L/PR:N/UI:N/VA:H) reflects the network-accessible, zero-prerequisite nature of the attack, though the High availability impact assumes single-threaded parsing or resource-constrained environments.

Denial Of Service Apple Python
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-40325 HIGH PATCH This Week

Cross-site request forgery (CSRF) in Masa CMS 7.5.2 and earlier allows remote attackers to restore deleted content through administrator sessions. By tricking an authenticated administrator into clicking a malicious link, attackers can restore previously deleted items from trash and relocate them anywhere in the site structure via the parentid parameter. This enables exposure of sensitive documents by moving them to public areas, restoration of malicious content, or disruption of site integrity. Fixed versions 7.2.10, 7.3.15, 7.4.10, and 7.5.3 are available. EPSS data not available; no confirmed active exploitation (CISA KEV) at time of analysis.

CSRF
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-41938 HIGH PATCH This Week

Remote code execution in Vvveb CMS versions before 1.0.8.2 allows authenticated users with media-upload permissions to execute arbitrary PHP code with web server privileges via a two-stage attack: uploading a malicious .htaccess file to map .phtml extensions to the PHP handler, then uploading a .phtml file containing PHP code. Exploitation requires only low-privileged authentication (CVSS PR:L) and no user interaction (UI:N), making post-authentication compromise straightforward. Vendor-released patch available in version 1.0.8.2 per GitHub security advisory GHSA-wwmv-4g9g-p48g and commit 54a9e846. VulnCheck advisory provides detailed technical analysis of the bypass technique.

PHP RCE File Upload
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-41934 HIGH PATCH This Week

Remote code execution in Vvveb CMS versions before 1.0.8.2 enables low-privilege authenticated users (editor, author, contributor, or site_admin roles) to escalate privileges and execute arbitrary PHP code. Attackers exploit the admin code editor's insufficient file extension validation by first uploading a malicious .htaccess file that maps arbitrary extensions to the PHP handler, then uploading PHP code disguised with that extension. Once uploaded, the PHP code executes with web server privileges when accessed via HTTP, effectively bypassing authentication and achieving full system compromise. The vulnerability requires only low-privilege access (PR:L) with no attack complexity or user interaction (AC:L/UI:N), and vendor-released patch version 1.0.8.2 is confirmed available via GitHub. No public exploit code or active exploitation (KEV) confirmed at time of analysis.

PHP RCE Vvveb
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.4%
CVE-2026-42557 HIGH PATCH GHSA This Week

JupyterLab's CommandLinker executes arbitrary commands via single-click social engineering when users open malicious notebooks shared through email, GitHub, or Binder links. Attackers embed deceptive HTML buttons with allowlisted data-commandlinker-* attributes in pre-saved notebook output cells to trigger commands without code execution submission, enabling immediate arbitrary code execution in available kernels, silent file deletion, or resource exhaustion in multi-tenant deployments. The patched version 4.5.7 was released by the JupyterLab team through GitHub advisory GHSA-mqcg-5x36-vfcg. Chromium browser users face expanded terminal access risk through multi-click clipboard permission abuse. Third-party JupyterLab extensions increase attack surface by exposing additional commands to exploitation.

XSS RCE Google
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-71261 HIGH PATCH GHSA This Week

Man-in-the-middle attacks and denial of service against SUSE Harvester (SUSE Virtualization) affect all versions prior to 1.8.0 due to disabled TLS certificate verification in the Rancher integration registration client. Network-positioned attackers can intercept cluster registration traffic to steal credentials or trigger memory buffer overflow crashes. The vulnerability is limited to the initial cluster registration phase and does not affect ongoing operational connectivity between Harvester and Rancher Manager. Vendor-released patch available in version 1.8.0 with full certificate validation enabled by default. No active exploitation confirmed; no public exploit code identified at time of analysis.

Denial Of Service Buffer Overflow Suse
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-44011 HIGH POC PATCH GHSA This Week

Remote code execution in Craft CMS allows any authenticated user to execute arbitrary system commands via malicious Yii object configuration. This vulnerability exploits uncleansed field layout data in the condition handling path, bypassing previous CVE-2024-4990 mitigations. Attackers can inject behaviors through POST requests to admin endpoints like /admin/actions/element-search/search, triggering command execution via AttributeTypecastBehavior abuse. Publicly available exploit code exists in the GitHub advisory (GHSA-qrgm-p9w5-rrfw) with detailed proof-of-concept. Affects Craft CMS 4.0.0-RC1 through 4.16.16 and 5.0.0-RC1 through 5.8.20. Vendor-released patches: 4.16.17 and 5.8.21.

Mozilla CSRF
NVD GitHub
CVSS 4.0
8.6
EPSS
0.1%
CVE-2026-42548 HIGH PATCH GHSA This Week

Reflected cross-site scripting in Flight PHP framework's JSONP endpoint implementation allows remote attackers to execute arbitrary JavaScript in victim browsers by injecting malicious code through unvalidated callback parameters. Flight PHP versions prior to 3.18.1 concatenate user-supplied `jsonp` query parameters directly into JavaScript responses without identifier validation, enabling cookie theft and session hijacking when vulnerable endpoints are embedded via script tags. The vulnerability was patched in version 3.18.1 (commit b8dd23a) with regex validation limiting callbacks to legal JavaScript identifiers. A working proof-of-concept demonstrates cookie exfiltration via crafted callback parameters.

XSS PHP
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-43139 HIGH PATCH This Week

Uninitialized memory use in Linux Kernel's xfrm6_get_saddr() function allows remote attackers to trigger information disclosure and system instability via crafted IPv6 traffic. The vulnerability affects multiple Long-Term Support (LTS) branches from 2.6.19 through 6.19.6, with vendor-released patches available for 5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, and 7.0. EPSS score of 0.02% indicates low observed exploitation probability despite the network-accessible attack vector and lack of required authentication. Not listed in CISA KEV, and no public exploit code identified at time of analysis.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-6691 HIGH This Week

Heap buffer overflow in MongoDB C Driver's Cyrus SASL integration allows local attackers to achieve code execution before authentication by providing a maliciously crafted username in a MongoDB URI with GSSAPI authentication. The vulnerability triggers during username canonicalization via unsafe string copying, requiring no privileges or user interaction. Exploitable against any application using the affected driver that processes untrusted MongoDB connection strings. No active exploitation confirmed (not in CISA KEV). EPSS data not provided. Vendor has acknowledged the issue via JIRA tracking (CDRIVER-6134).

Buffer Overflow Mongodb C Driver
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-41936 HIGH PATCH This Week

XML external entity injection in Vvveb CMS versions before 1.0.8.2 allows authenticated site_admin users to read arbitrary server files and overwrite administrator password hashes via the admin Tools/Import feature. The vulnerability resides in system/import/xml.php where LIBXML_NOENT flag enabled external entity resolution, allowing injection of file:// and php://filter protocols. Attackers with low-privilege admin accounts can escalate to full administrator access by replacing password hashes in the database. Vendor-released patch version 1.0.8.2 removes LIBXML_NOENT flag. No active exploitation confirmed by CISA KEV at time of analysis.

XXE Privilege Escalation PHP
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
Prev Page 2 of 11 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy