521 CVEs tracked today. 72 Critical, 271 High, 166 Medium, 12 Low.
-
CVE-2026-45393
CRITICAL
CVSS 9.8
Remote code execution in Cribl Edge versions prior to 4.17.1 allows unauthenticated network attackers to execute arbitrary code, compromise data confidentiality and integrity, and disrupt service availability without user interaction. The vulnerability achieves maximum CVSS severity (9.8) with network vector requiring no privileges, despite low EPSS score (0.02%, 5th percentile) suggesting minimal observed exploitation activity. Vendor-released patch available in version 4.17.1 addresses the flaw. No active exploitation or public exploit code confirmed at time of analysis.
Information Disclosure
-
CVE-2026-45392
CRITICAL
CVSS 9.8
Remote unauthenticated attackers can achieve complete system compromise of Cribl Stream instances prior to version 4.17.1 through improper input validation (CWE-20). The CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates trivial exploitation requiring no authentication or user interaction against network-accessible deployments. Vendor-released patch available in Stream 4.17.1. Despite critical CVSS 9.8 score, EPSS probability remains extremely low at 0.02% (5th percentile), and no active exploitation has been confirmed (not in CISA KEV). This suggests either limited deployment exposure or vulnerability characteristics that reduce practical exploitation likelihood.
Information Disclosure
Cribl Stream
-
CVE-2026-45391
CRITICAL
CVSS 9.8
Cribl Edge versions prior to 4.17.1 allow remote unauthenticated attackers to achieve complete system compromise through improper input validation (CWE-20). Vendor-released patch version 4.17.1 addresses this critical flaw. CVSS 9.8 severity indicates network-accessible attack with no authentication required, enabling high impact to confidentiality, integrity, and availability. EPSS exploitation probability remains low at 0.02% (5th percentile), suggesting limited observed targeting despite critical rating. No active exploitation confirmed (not in CISA KEV catalog). Publicly available exploit code status unknown at time of analysis.
Information Disclosure
Cribl Edge
-
CVE-2026-45321
CRITICAL
CVSS 9.6
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actions exploitation. Attackers combined pull_request_target misconfiguration, Actions cache poisoning, and OIDC token memory extraction to publish malicious code under the legitimate TanStack identity. Installing any affected version executes a 2.3 MB obfuscated payload that exfiltrates AWS/GCP/Kubernetes credentials, npm tokens, GitHub secrets, SSH keys, and HashiCorp Vault tokens over encrypted Session/Oxen messenger infrastructure. The payload propagates by republishing victim-maintained packages with identical injection. Socket.dev and the TanStack team confirmed the incident via GHSA-g7cv-rxg3-hmpx. No EPSS or CISA KEV data available for this recent supply-chain attack. CVSS 9.6 reflects the cross-scope credential theft impact (S:C/C:H/I:H), though exploitation requires user-initiated package installation (UI:R).
Information Disclosure
Kubernetes
Node.js
Hashicorp
-
CVE-2026-45185
CRITICAL
CVSS 9.8
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to hea...
RCE
Use After Free
Memory Corruption
-
CVE-2026-45091
CRITICAL
CVSS 9.1
Plaintext TOTP secret exposure in sealed-env enterprise mode allows remote unauthenticated attackers to extract operator authentication credentials from base64-decoded JWS tokens. Versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embed literal TOTP secrets in every minted unseal token's JWS payload without encryption, enabling credential harvesting from CI logs, container environments, monitoring tools, and log aggregators. Fixed in version 0.1.0-alpha.4. CVSS 9.1 (Critical) with network vector and no authentication required. No CISA KEV listing or public exploit code identified at time of analysis, but exploitation requires only base64 decoding of observable tokens.
Java
Information Disclosure
Node.js
-
CVE-2026-45087
CRITICAL
CVSS 10.0
Unauthenticated remote code execution in Dalfox REST API server mode (versions ≤2.12.0) allows network attackers to execute arbitrary OS commands by injecting shell payloads via the `found-action` parameter in POST /scan requests. The server binds to 0.0.0.0:6664 by default with no API key enforcement unless explicitly configured, and deserializes attacker-controlled JSON directly into execution-control options without sanitization. Attackers trivially guarantee exploitation by hosting a reflective XSS endpoint to trigger the injected command. Fixed in version 2.13.0. CVSS 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). EPSS data not available; no CISA KEV listing at time of analysis. Public exploit code exists (detailed proof-of-concept published in GitHub advisory GHSA-v25v-m36w-jp4h).
XSS
Authentication Bypass
RCE
Denial Of Service
Command Injection
-
CVE-2026-44650
CRITICAL
CVSS 9.1
## Summary
`POST /api/extensions/delete` endpoint accepts `extensionName: "."` which bypasses
`sanitize-filename` validation, causing the entire user extensions directory to be
recursively deleted. No authentication is required in the default configuration.
## Affected File
`src/endpoints/exten...
Path Traversal
CSRF
Node.js
Microsoft
-
CVE-2026-44649
CRITICAL
CVSS 9.8
## Resolution
SillyTavern 1.18.0 now includes a configuration option to limit which IP addresses can authorize using SSO headers, limiting to just loopback addresses by default. A setting can be customized according to user's needs.
Documentation: https://docs.sillytavern.app/administration/sso/
...
Authentication Bypass
CSRF
-
CVE-2026-44547
CRITICAL
CVSS 9.6
ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any 7.2.x tag was cut. Every shipped 7.2.x release there...
PHP
Authentication Bypass
-
CVE-2026-44343
CRITICAL
CVSS 9.3
WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2.
Authentication Bypass
-
CVE-2026-44277
CRITICAL
CVSS 9.8
Critical unauthenticated access control bypass in Fortinet FortiAuthenticator versions 6.5.0-6.5.6, 6.6.0-6.6.8, 8.0.0, and 8.0.2 enables remote code execution without authentication. The CVSS score of 9.8 with AV:N/AC:L/PR:N/UI:N indicates trivial remote exploitation against default configurations. While the vendor advisory (FG-IR-26-128) confirms this vulnerability, the incomplete description placeholder ('<insert attack vector here>') suggests the advisory may contain additional details not yet published in CVE records. No public exploit code or active exploitation confirmed at time of analysis, though the authentication bypass nature and maximum CVSS scores make this a priority patching target for organizations running FortiAuthenticator.
Authentication Bypass
Fortinet
-
CVE-2026-44258
CRITICAL
CVSS 9.3
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfinder_checkRisk function validates target and targets for path traversal and home containment, but does not validate the dst (destination) parameter used by elfinder_paste. An attacker can copy or move files from within the home di...
Path Traversal
Command Injection
-
CVE-2026-44257
CRITICAL
CVSS 9.3
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new File(baseDir, zipEntry.getName()) with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomc...
Command Injection
Tomcat
Canonical
-
CVE-2026-44225
CRITICAL
CVSS 9.3
Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath() function is supposed to sandbox this access, but its blocklist is...
Path Traversal
-
CVE-2026-44196
CRITICAL
CVSS 9.1
Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and password to skip the second-factor authentication (TOTP) requirement entirely. Although, an attacker ...
Authentication Bypass
-
CVE-2026-44183
CRITICAL
CVSS 9.8
Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entry of the X-Forwarded-For header as the client IP. That entry ...
Authentication Bypass
-
CVE-2026-43992
CRITICAL
CVSS 9.8
JunoClaw agentic AI platform exposes BIP-39 wallet mnemonics in plaintext through LLM tool-call parameters, leaking cryptocurrency private keys to logs, telemetry, and transport channels between AI providers and blockchain execution. Every blockchain write operation (token transfers, smart contract deployment, IBC transactions) required the 12- or 24-word seed phrase as a JSON parameter visible to the language model, API logs, and any middleware. Version 0.x.y-security-1 eliminates mnemonic exposure by introducing a wallet registry with AES-256-GCM encrypted storage and opaque wallet_id references. EPSS data not available for this recent CVE; no public exploit identified at time of analysis.
Information Disclosure
-
CVE-2026-43515
CRITICAL
CVSS 9.1
Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0....
Authentication Bypass
Apache
Tomcat
Suse
-
CVE-2026-43512
CRITICAL
CVSS 9.8
DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0.
Older unsupported version...
Authentication Bypass
Apache
Tomcat
Suse
-
CVE-2026-42898
CRITICAL
CVSS 9.9
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
RCE
Microsoft
Code Injection
-
CVE-2026-42889
CRITICAL
CVSS 9.1
Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated as having full serve...
Authentication Bypass
-
CVE-2026-42854
CRITICAL
CVSS 9.8
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array (VLA) on the stack whose size is derived from an attacker-controlled HTTP heade...
RCE
Buffer Overflow
Stack Overflow
-
CVE-2026-42833
CRITICAL
CVSS 9.1
Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
Privilege Escalation
Microsoft
-
CVE-2026-42823
CRITICAL
CVSS 9.9
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
Authentication Bypass
Microsoft
-
CVE-2026-42288
CRITICAL
CVSS 10.0
ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is incomplete. The pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard via unsanitized DB_PASSWORD remains fully exploitable This vulnerability is fixed in 7.3.2.
RCE
Code Injection
-
CVE-2026-42074
CRITICAL
Remote code execution in OpenClaude npm package allows LLM prompt injection to escape sandbox confinement via model-controlled dangerouslyDisableSandbox parameter. Confirmed actively exploited (CISA KEV). Vendor-released patch available (version 0.5.1). The vulnerability allows an attacker who controls LLM prompts (via content injection) to execute arbitrary bash commands on the host system outside the intended sandbox, enabling credential theft, data exfiltration, and lateral movement. GitHub advisory GHSA-m77w-p5jj-xmhg confirms the flaw affects all versions < 0.5.1 with default configuration where allowUnsandboxedCommands defaults to true.
Authentication Bypass
RCE
Python
Information Disclosure
Docker
-
CVE-2026-41872
CRITICAL
CVSS 9.1
Man-in-the-middle attacks against Kura Sushi Official App for Android and iOS allow complete interception and modification of push notification traffic due to improper SSL/TLS certificate validation. Attackers on the network path between the mobile app and EPG's notification server can read confidential data (VC:H) and inject arbitrary notifications or commands (VI:H) without authentication or user interaction. The vulnerability affects both Android and iOS versions of the official ordering app from Japanese restaurant chain Kura Sushi. EPSS and KEV data not available; exploitation requires network position but no special credentials or app configuration.
Information Disclosure
-
CVE-2026-41551
CRITICAL
CVSS 9.3
Remote path traversal in Siemens ROS# versions prior to V2.2.2 enables unauthenticated attackers to read arbitrary files from affected systems due to insufficient input sanitization. The vulnerability affects the ROS# library, a C# .NET implementation for Robot Operating System communication, with CVSS 9.3 critical severity. No active exploitation or public exploit code has been identified at time of analysis, though the network-accessible attack vector and lack of authentication requirements present significant risk for robotics systems using this library.
Path Traversal
-
CVE-2026-41293
CRITICAL
CVSS 9.8
Improper Input Validation vulnerability in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27.
Older, end of support versions may also be affected.
Users are recommended to u...
Apache
Information Disclosure
Tomcat
Suse
-
CVE-2026-41103
CRITICAL
CVSS 9.1
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
Authentication Bypass
Microsoft
Atlassian
-
CVE-2026-41096
CRITICAL
CVSS 9.8
Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.
Buffer Overflow
Heap Overflow
Microsoft
-
CVE-2026-41089
CRITICAL
CVSS 9.8
Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.
Buffer Overflow
Microsoft
Stack Overflow
-
CVE-2026-40402
CRITICAL
CVSS 9.3
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
Denial Of Service
Use After Free
Memory Corruption
Microsoft
-
CVE-2026-35555
HIGH
CVSS 7.0
PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups.
Authentication Bypass
-
CVE-2026-34660
CRITICAL
CVSS 9.3
Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially ga...
Authentication Bypass
RCE
Adobe
-
CVE-2026-34659
CRITICAL
CVSS 9.6
Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to execute arbitrary code. Exploitation of this is...
RCE
Deserialization
Adobe
-
CVE-2026-34263
CRITICAL
CVSS 9.6
Arbitrary server-side code execution in SAP Commerce Cloud via unauthenticated malicious configuration upload and code injection. Attackers can remotely exploit a misconfigured Spring Security framework to upload crafted configuration files and inject code without authentication, requiring only that a user interact with malicious content (CVSS:3.1/AV:N/AC:L/PR:N/UI:R). The vulnerability affects SAP Commerce Cloud Configuration with critical impact across confidentiality, integrity, and availability. No public exploit code or CISA KEV listing identified at time of analysis, though EPSS data unavailable. Patch details available in SAP Security Note 3733064.
RCE
Java
SAP
-
CVE-2026-34260
CRITICAL
CVSS 9.6
SQL injection in SAP S/4HANA Enterprise Search for ABAP allows authenticated attackers to extract sensitive database information and crash the application via malicious SQL statements injected through improperly validated user input. The scope change (S:C) indicates potential lateral movement beyond the vulnerable component. SAP has released security patches (SAP Note 3724838) for this critical vulnerability with CVSS 9.6. No active exploitation confirmed at time of analysis, though the authentication bypass tag suggests potential credential bypass implications.
Authentication Bypass
SQLi
SAP
-
CVE-2026-33893
HIGH
CVSS 8.7
Hardcoded cryptographic keys in Siemens Teamcenter PLM software enable remote attackers to bypass authentication and gain unauthorized access to confidential product lifecycle management data. The vulnerability affects multiple Teamcenter versions (V2312, V2406, V2412, V2506, V2512) and is remotely exploitable without authentication (CVSS:4.0 AV:N/AC:L/PR:N). While no active exploitation or public POC has been identified at time of analysis, the straightforward nature of hardcoded credential extraction (AC:L) combined with the criticality of Teamcenter as an enterprise PLM platform housing intellectual property makes this a high-priority remediation target for manufacturing and engineering organizations.
Authentication Bypass
-
CVE-2026-33862
HIGH
CVSS 8.5
Stored cross-site scripting (XSS) in Siemens Teamcenter allows authenticated attackers with low privileges to inject malicious JavaScript that executes in other users' browser sessions, enabling session hijacking, credential theft, or unauthorized actions within the product lifecycle management platform. Affects Teamcenter versions V2312 through V2512 with vendor patches released for all branches. CVSS v4.0 scores 8.5 (High) due to network attack vector with low complexity, though exploitation requires user interaction and authenticated access. No public exploit code or CISA KEV listing identified at time of analysis.
XSS
-
CVE-2026-33117
CRITICAL
CVSS 9.1
Authentication bypass in Microsoft Azure SDK for Java allows remote unauthenticated attackers to circumvent security controls over the network without user interaction. The vulnerability exposes confidentiality and integrity of Azure services to unauthorized access, with confirmed vendor patch available. CVSS 9.1 reflects critical network-based exploitation against default configurations, though no active exploitation (CISA KEV) or public POC has been identified at time of analysis.
Authentication Bypass
Microsoft
-
CVE-2026-31242
CRITICAL
CVSS 9.1
Unauthenticated remote attackers can completely destroy the mem0 v1.0.0 memory database by sending a DELETE request to the /memories endpoint, which executes DROP TABLE SQL statements without authentication or authorization checks. This causes irreversible data loss and total service denial for all users. EPSS score of 0.03% suggests low observed exploitation probability despite the CVSS 9.1 critical rating, likely due to mem0's limited deployment footprint. No public exploit code or active exploitation (CISA KEV) confirmed at time of analysis, but SSVC indicates the vulnerability is automatable with a single HTTP request.
Authentication Bypass
Denial Of Service
-
CVE-2026-31239
CRITICAL
CVSS 9.8
Remote code execution in Mamba language model framework (through version 2.2.6) allows unauthenticated attackers to execute arbitrary Python code by publishing malicious models on HuggingFace Hub. When victims call MambaLMHeadModel.from_pretrained() on a weaponized model repository, insecure pickle deserialization executes attacker-controlled code in the context of the victim's process. Despite the critical CVSS 9.8 score and network attack vector requiring no authentication, EPSS probability remains extremely low (0.02%, 5th percentile), suggesting limited real-world exploitation to date. No CISA KEV listing or public POC identified at time of analysis.
RCE
Python
Deserialization
N A
-
CVE-2026-31238
CRITICAL
CVSS 9.8
Remote code execution in Ludwig framework ≤0.10.4 allows unauthenticated network attackers to execute arbitrary code by supplying a malicious PyTorch model file to the ludwig serve endpoint. The vulnerability stems from unsafe deserialization in the model loading component, which uses torch.load() without the weights_only=True safety parameter. With CVSS 9.8 (critical network vector, no authentication required) but only 0.02% EPSS, this represents a high-severity issue in vulnerable deployments, though widespread exploitation has not been observed. No CISA KEV listing or public POC identified at time of analysis.
RCE
Python
Deserialization
N A
-
CVE-2026-31237
CRITICAL
CVSS 9.8
Arbitrary code execution in Ludwig framework ≤0.10.4 occurs when attackers supply malicious pickle files to the predict() method, which deserializes untrusted data without validation using pandas.read_pickle(). Remote unauthenticated attackers can achieve full system compromise by exploiting the automatic file format detection mechanism that processes .pkl files through Python's unsafe pickle module. EPSS score of 0.06% (19th percentile) suggests low current exploitation likelihood despite the critical CVSS 9.8 rating, though no public exploit code or active exploitation has been identified at time of analysis.
RCE
Python
Deserialization
N A
-
CVE-2026-31236
CRITICAL
CVSS 9.8
Arbitrary code execution occurs in the llm CLI tool (versions through 0.27.1) when attackers social-engineer victims into running crafted commands containing malicious Python code in the --functions argument. The tool directly executes this code via unsafe exec() without sanitization, enabling full system compromise. CVSS 9.8 assigns network attack vector and no authentication, but real-world exploitation requires local command execution by a tricked user, creating a significant disparity between the vector and actual attack prerequisites. EPSS score of 0.02% (5th percentile) suggests minimal automated exploitation risk, and no active exploitation or public POC has been identified at time of analysis.
RCE
Python
Code Injection
N A
-
CVE-2026-31235
CRITICAL
CVSS 9.8
Arbitrary code execution in imgaug library (versions through 0.4.0) occurs when the BackgroundAugmenter class deserializes malicious pickle payloads without validation in its multiprocessing worker method. Attackers who can influence queue data-through compromised shared queues, malicious input scripts, or social engineering-can achieve remote or local code execution depending on deployment context. CVSS 9.8 critical severity reflects network-based exploitation without authentication, though EPSS probability is low (0.02%, 6th percentile), indicating limited observed exploitation activity. No CISA KEV listing or public exploit code identified at time of analysis.
RCE
Python
Deserialization
N A
-
CVE-2026-31234
CRITICAL
CVSS 9.8
Remote code execution in Horovod distributed training framework (versions through 0.28.1) allows unauthenticated network attackers to execute arbitrary code on worker nodes by injecting malicious pickle payloads into the KVStore HTTP server. The vulnerability combines unauthenticated write access to the KVStore coordination server with unsafe deserialization using cloudpickle.loads(), enabling trivial exploitation against any reachable Horovod cluster. EPSS score of 0.12% (31st percentile) suggests low widespread exploitation probability despite critical CVSS 9.8 rating, and no active exploitation confirmed (not in CISA KEV). Public exploit development is highly feasible given the straightforward attack path and publicly documented details.
RCE
Deserialization
N A
-
CVE-2026-31233
CRITICAL
CVSS 9.8
Remote code execution in Guardrails AI through version 0.6.7 occurs when installing validator packages via the Hub mechanism. The guardrails hub install command dynamically executes post-installation scripts from Hub manifests without validating the script path or content, allowing attackers who publish malicious packages to achieve arbitrary code execution on victim systems during package installation. With CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) but only 0.06% EPSS (18th percentile), this represents a supply chain attack requiring user-initiated installation rather than widespread automated exploitation. No active exploitation confirmed (not in CISA KEV), and patch availability not confirmed from available data.
RCE
Code Injection
N A
-
CVE-2026-31231
CRITICAL
CVSS 9.8
Remote code execution in Cognee v0.4.0 and earlier allows unauthenticated attackers to execute arbitrary Python code via the notebook cell execution API endpoint. The vulnerability stems from unsafe use of Python's exec() function without sandboxing or validation, enabling complete system compromise with server process privileges. While not actively exploited (not in KEV), the vulnerability is automatable with total technical impact per SSVC framework, though EPSS indicates low exploitation probability at 0.06%.
RCE
Python
Code Injection
N A
-
CVE-2026-31230
CRITICAL
CVSS 9.8
Command injection in Adversarial Robustness Toolbox (ART) up to version 1.20.1 enables remote code execution through unsafe eval() usage in Kubeflow pipeline components. The robustness_evaluation_fgsm_pytorch.py script directly evaluates user-controlled --clip_values and --input_shape arguments without sanitization, allowing Python code injection. With CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) indicating network-exploitable unauthenticated access, this represents critical risk in automated ML pipeline environments where attackers can control pipeline configurations. EPSS score of 0.02% (5th percentile) suggests low observed exploitation activity, though the attack vector and ML tooling context create significant supply chain risk in CI/CD and research environments.
RCE
Python
N A
-
CVE-2026-31229
CRITICAL
CVSS 9.8
Remote code execution in Adversarial Robustness Toolbox (ART) through version 1.20.1 allows unauthenticated network attackers to execute arbitrary Python code by uploading malicious PyTorch model files to pipeline-accessible object storage locations. The vulnerability stems from unsafe use of torch.load() without the weights_only=True parameter in the Kubeflow component's model loading process, enabling Pickle deserialization of arbitrary objects. With CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) but only 0.06% EPSS exploitation probability (19th percentile), this represents a critical-severity issue with low observed real-world targeting, likely due to the specialized nature of ML robustness evaluation deployments. No active exploitation confirmed (not in CISA KEV) and no public exploit code identified at time of analysis.
RCE
Python
Deserialization
N A
-
CVE-2026-31228
CRITICAL
CVSS 9.8
Remote code execution in Adversarial Robustness Toolbox (ART) versions through 1.20.1 allows unauthenticated network attackers to execute arbitrary Python code via unsafe eval() usage in the Kubeflow robustness evaluation component. The vulnerability accepts unsanitized user input for LossFn and Optimizer parameters in PyTorch model evaluations, enabling complete system compromise. With CVSS 9.8 but only 0.06% EPSS score (18th percentile), this represents a severe theoretical risk that has not yet manifested in widespread exploitation. No public exploit code identified at time of analysis, and the vulnerability requires specific deployment of ART's Kubeflow integration component.
RCE
Python
Code Injection
-
CVE-2026-31226
CRITICAL
CVSS 9.8
Remote code execution in TinyZero's HDFS utilities allows unauthenticated attackers to execute arbitrary OS commands via crafted file paths passed through the Hydra configuration framework. The vulnerability stems from unsanitized user input directly interpolated into os.system() shell commands within the _copy() function, affecting all deployments through commit 6652a63c57fa. No active exploitation confirmed at time of analysis, but EPSS score of 0.14% (33rd percentile) suggests below-average likelihood despite CVSS:9.8 critical rating. The attack requires network access to the TinyZero training process and ability to control path parameters via configuration.
RCE
Command Injection
-
CVE-2026-31220
CRITICAL
CVSS 9.8
Remote code execution in PySyft Datasite/Server versions 0.9.5 and earlier allows unauthenticated attackers to execute arbitrary Python code on the server through the function submission mechanism. The vulnerability stems from insufficient validation and sandboxing of user-submitted Python functions decorated with @sy.syft_function(), which are executed using unsafe exec() and eval() calls after approval. With an EPSS score of 0.04% and no current KEV listing, this appears to be a high-severity vulnerability without confirmed active exploitation.
RCE
Python
Code Injection
N A
-
CVE-2026-31217
CRITICAL
CVSS 9.8
Arbitrary code execution in optimate's neural_magic_training.py allows remote attackers to execute Python code by supplying a malicious directory path containing a crafted module.py file. The _load_model() function directly executes file contents via Python's exec() without validation. CVSS 9.8 reflects network vector with no authentication, but EPSS score of 0.02% (5th percentile) indicates very low observed exploitation probability. No active exploitation confirmed (not in CISA KEV). Vulnerability exists in commit a6d302f912b481c94370811af6b11402f51d377f from July 2024. Affects organizations using optimate for neural network model optimization.
RCE
Python
Code Injection
-
CVE-2026-31216
CRITICAL
CVSS 9.1
Unauthenticated remote attackers can delete arbitrary files from nexent v1.7.5.2's MinIO storage backend via an unprotected DELETE endpoint, leading to data loss and denial of service. The /storage/{object_name:path} API lacks authentication, authorization, and input validation (CWE-552). CVSS 9.1 reflects critical severity, though EPSS score of 0.08% (23rd percentile) and SSVC 'exploitation: none' indicate no observed active exploitation or public exploit code at time of analysis. SSVC marks this as 'automatable: yes' with 'technical impact: partial', suggesting straightforward exploitation once discovered but limited scope beyond data integrity/availability impacts.
Denial Of Service
Information Disclosure
Path Traversal
-
CVE-2026-31215
CRITICAL
CVSS 9.1
Remote unauthenticated attackers can delete arbitrary ElasticSearch documents and MinIO storage files in nexent v1.7.5.2 via the unprotected DELETE /{index_name}/documents endpoint. The backend service fails to authenticate requests or validate the path_or_url parameter, enabling mass data destruction and denial of service. EPSS probability (0.12%) indicates low predicted exploitation likelihood, and no active exploitation or public exploit code has been identified at time of analysis, though the CVSS 9.1 reflects the severe impact of unauthenticated remote data deletion.
Denial Of Service
Information Disclosure
Path Traversal
Elastic
-
CVE-2026-31214
CRITICAL
CVSS 9.8
Arbitrary code execution via torch-checkpoint-shrink.py script in ml-engineering project allows remote attackers to execute malicious Python code by providing crafted PyTorch checkpoint files. The vulnerability stems from insecure deserialization where torch.load() processes .pt files without the weights_only=True safeguard, enabling pickle-based arbitrary object instantiation. Despite a critical CVSS 9.8 score, EPSS probability is low (0.06%, 19th percentile) and no public exploit or active exploitation is confirmed, suggesting limited real-world targeting to date. SSVC assessment indicates total technical impact with automatable exploitation potential, making this a priority for organizations using ml-engineering scripts in production environments.
RCE
Python
Deserialization
N A
Checkpoint
-
CVE-2026-30805
CRITICAL
CVSS 9.1
Authentication bypass in Pandora FMS versions 777-800 allows remote attackers to gain unauthorized API access via insecure default resource initialization. The vulnerability stems from CWE-1188 (default credentials or configuration), enabling attackers to bypass authentication mechanisms and access the API with high confidentiality and integrity impact. CVSS 4.0 scores this at 9.1 CRITICAL due to network attack vector requiring no privileges or user interaction, though attack complexity is high and specific timing conditions apply (AT:P). No CISA KEV listing or public POC identified at time of analysis, suggesting exploitation requires vendor-specific knowledge of the insecure defaults.
Authentication Bypass
-
CVE-2026-29204
CRITICAL
CVSS 9.1
Insufficient ownership checks in `clientarea.php` allow an authenticated client area user to submit requests using another user’s `addonId` without any ownership validation leading to unauthorized access to the victim's resources and their cPanel account.
PHP
Authentication Bypass
-
CVE-2026-26289
HIGH
CVSS 8.4
PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only.
Authentication Bypass
-
CVE-2026-26083
CRITICAL
CVSS 9.8
Remote code execution in Fortinet FortiSandbox 4.4.x through 5.0.x (on-premises, Cloud, and PaaS deployments) allows unauthenticated attackers to execute arbitrary code or commands via crafted HTTP requests. This CWE-862 missing authorization flaw affects sandbox analysis appliances across multiple deployment models with CVSS 9.8 (critical) severity. Fortinet has published vendor advisory FG-IR-26-136. No CISA KEV listing or public POC identified at time of analysis, though the trivial attack complexity (AC:L) and network vector without authentication (PR:N) indicate high exploitability if technical details emerge.
Authentication Bypass
Fortinet
-
CVE-2026-25787
CRITICAL
CVSS 9.3
Stored cross-site scripting (XSS) in Siemens SIMATIC S7-1500 and ET 200SP controller families allows authenticated attackers with high privileges to inject malicious scripts via Technology Object (TO) names when downloading TIA Portal projects. The scripts execute when authorized users access the Motion Control Diagnostics web interface page, enabling session hijacking, credential theft, or privileged actions performed under the victim's context. This affects over 100 product variants across industrial automation controllers, software controllers, and open controllers. No active exploitation confirmed (not in CISA KEV). EPSS score not provided in dataset. CVSS 4.0 score of 9.3 reflects high impact across confidentiality, integrity, and availability in both vulnerable and subsequent systems.
XSS
-
CVE-2026-25786
CRITICAL
CVSS 9.3
Stored cross-site scripting in Siemens SIMATIC S7-1500 controller family web interface allows authenticated high-privilege attackers to inject malicious code via crafted PLC/station names in TIA project files. When users with appropriate rights later access the communication parameters page, injected scripts execute in their session context with high impact to confidentiality, integrity, and availability across system boundaries (CVSS 9.3, CVSS:4.0 S:H). No public exploit identified at time of analysis, but CVSS vector indicates low attack complexity (AC:L) once attacker gains privileged project upload access.
XSS
-
CVE-2026-20794
CRITICAL
CVSS 9.3
Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This ...
Privilege Escalation
RCE
Buffer Overflow
VMware
Intel
-
CVE-2026-8431
CRITICAL
CVSS 9.4
An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax.
This issue affects all MongoDB Ops Manager 7.0 versions and MongoDB Ops Manager versions 8.0.22 and prior.
Command Injection
-
CVE-2026-8430
CRITICAL
CVSS 9.2
SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx configuratio...
RCE
Code Injection
Nginx
-
CVE-2026-8401
CRITICAL
CVSS 9.8
Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3.
Information Disclosure
Red Hat
Mozilla
Suse
-
CVE-2026-8108
HIGH
CVSS 7.8
The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions.
Information Disclosure
-
CVE-2026-8072
CRITICAL
CVSS 9.2
Weak credential generation in Ingeteam's Ingecon Sun EMS Board Technical Support access mechanism allows remote privilege escalation via cryptographic weakness. The SAT (Technical Support) access feature generates credentials using a weak hashing algorithm instead of cryptographically secure methods, enabling attackers to predict or derive privileged access credentials. CVSS 9.2 reflects network-accessible attack with high complexity but no authentication required. INCIBE coordinated disclosure confirms vendor patch availability, and a practical analysis of the vulnerability has been published by ReverseMode, indicating detailed technical understanding exists in the research community.
Privilege Escalation
-
CVE-2026-8043
CRITICAL
CVSS 9.6
Path traversal in Ivanti Xtraction enables remote authenticated attackers with low-level privileges to read sensitive system files and inject arbitrary HTML into web-accessible directories, creating risks of credential theft, configuration exposure, and client-side attacks against other users. CVSS 9.6 severity driven by scope change (S:C) indicates the attacker can impact resources beyond the vulnerable component. No public exploit or CISA KEV listing identified, but vendor advisory confirms the vulnerability affects all versions prior to 2026.2.
Information Disclosure
Ivanti
-
CVE-2026-7428
CRITICAL
CVSS 9.2
Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database.
Exploitation required n...
Information Disclosure
PostgreSQL
Google
Hashicorp
-
CVE-2025-65719
CRITICAL
CVSS 9.8
Remote code execution in Kubectl MCP Server v1.1.1 allows unauthenticated network attackers to execute arbitrary commands on systems running the vulnerable server through crafted HTML-based exploitation vectors. Despite a critical 9.8 CVSS score, EPSS rates exploitation likelihood at only 0.02% (4th percentile), suggesting limited real-world targeting thus far. The vulnerability is classified as CWE-94 (Code Injection), affecting an open-source Model Context Protocol (MCP) server implementation for Kubernetes management. No CISA KEV listing indicates absence of confirmed widespread exploitation at time of analysis.
RCE
Code Injection
N A
-
CVE-2025-6577
CRITICAL
CVSS 9.8
SQL injection in Akilli Commerce E-Commerce Website versions before 4.5.001 allows remote unauthenticated attackers to execute arbitrary SQL commands with complete database access. The vulnerability permits extraction of sensitive customer and transaction data, modification of product catalogs and pricing, and potential complete system compromise. CVSS score of 9.8 (Critical) reflects network-accessible exploitation requiring no authentication or user interaction, though no active exploitation has been reported in CISA KEV and EPSS data is not available.
SQLi
-
CVE-2026-40379
CRITICAL
CVSS 9.3
Spoofing vulnerability in Microsoft Azure Entra ID (formerly Azure Active Directory) enables remote unauthenticated attackers to obtain sensitive authentication information via network-based attacks requiring user interaction. The vulnerability affects Microsoft Enterprise Security Token Service (ESTS), the authentication backbone of Azure Entra ID, with scope change indicating potential cross-domain impact. Microsoft has released a patch per MSRC advisory. CVSS 9.3 (Critical) reflects network accessibility, low complexity, and high confidentiality/integrity impact with changed scope.
Information Disclosure
Microsoft
-
CVE-2026-45430
HIGH
CVSS 7.1
CSRF vulnerability in Backdrop CMS Salesforce module versions prior to 1.x-1.0.1 allows network attackers to hijack OAuth authorization flows. By exploiting the missing random state parameter in the OAuth implementation, attackers can trick authenticated users into authorizing malicious Salesforce integrations, leading to high confidentiality and integrity impact on integrated Salesforce data. CVSS 7.1 (High) reflects network vector with high attack complexity requiring user interaction. No CISA KEV listing or public exploit identified at time of analysis, with EPSS data unavailable for comprehensive risk scoring.
CSRF
-
CVE-2026-45227
HIGH
CVSS 8.7
Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted __impo...
Authentication Bypass
Python
-
CVE-2026-45226
HIGH
CVSS 7.6
Heym before 0.0.21 contains an authorization bypass vulnerability in workflow execution that allows authenticated users to execute arbitrary workflows by referencing victim workflow UUIDs without proper access validation. Attackers can create workflows with execute nodes or agent subWorkflowIds poin...
Authentication Bypass
-
CVE-2026-45225
HIGH
CVSS 7.2
Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in the u...
Path Traversal
File Upload
-
CVE-2026-45218
HIGH
CVSS 7.7
Blind SQL injection in WP Travel plugin versions ≤11.4.0 allows authenticated attackers with low-level privileges to extract sensitive database contents through time-based or boolean queries. The vulnerability enables cross-scope confidentiality breach with high impact (CVSS:C:H), permitting unauthorized access to all WordPress database information including user credentials, private travel booking details, and payment data. EPSS data unavailable; no CISA KEV listing indicates exploitation remains targeted rather than widespread. Patchstack's inclusion in their vulnerability database suggests active researcher interest and potential proof-of-concept development.
SQLi
-
CVE-2026-45214
HIGH
CVSS 8.5
Blind SQL injection in Xpro Elementor Addons allows authenticated attackers to extract sensitive database contents including user credentials and site configurations. The vulnerability affects WordPress sites running plugin versions up to 1.5.1 and requires only low-privileged authenticated access (CVSS PR:L) with no user interaction. EPSS data not available, but the low attack complexity (AC:L) combined with changed scope (S:C) indicates potential for cross-boundary impact beyond the vulnerable plugin. No active exploitation confirmed in CISA KEV at time of analysis.
SQLi
-
CVE-2026-45213
HIGH
CVSS 7.6
Blind SQL injection in BEAR woo-bulk-editor plugin for WordPress up to version 1.1.7.1 allows high-privilege authenticated administrators to extract database contents through specially crafted SQL queries. The scope change in CVSS (S:C) indicates potential impact beyond the plugin itself, enabling access to other WordPress data or resources. No public exploit code or active exploitation indicators identified at time of analysis, but Patchstack public disclosure increases weaponization risk.
SQLi
-
CVE-2026-45211
HIGH
CVSS 8.5
Blind SQL injection in APIExperts Square for WooCommerce (WooSquare) plugin versions up to 4.7.1 allows authenticated attackers with low-level privileges to extract sensitive database contents including customer data, order information, and potentially administrative credentials. The vulnerability enables scope escalation from the WordPress application context to the underlying database layer (S:C in CVSS vector), representing a significant data breach risk for WooCommerce stores. Reported by Patchstack, a WordPress vulnerability intelligence provider. No active exploitation confirmed in CISA KEV at time of analysis.
WordPress
SQLi
-
CVE-2026-45090
HIGH
CVSS 7.5
Complete process crash in Dalfox REST server v2.12.0 and earlier allows remote unauthenticated attackers to terminate the entire scan engine via a single HTTP request. The flaw stems from a closed-channel write panic in pkg/scanning/parameterAnalysis.go where two sequential worker stages share a single results channel, causing a Go runtime panic when the second stage attempts to write to the already-closed channel. Default deployments run without authentication (no --api-key), making the vulnerability remotely exploitable. CVSS 7.5 (High). Patched in v2.13.0 per GitHub advisory GHSA-2g4x-fq3j-cgq4. No CISA KEV listing or public exploit code identified at time of analysis.
XSS
Docker
Race Condition
-
CVE-2026-45089
HIGH
CVSS 8.2
Arbitrary file creation and corruption in dalfox v2 REST API server mode allows unauthenticated remote attackers to write log-formatted data to any filesystem path accessible to the dalfox process. The server exposes output, output-all, and debug JSON fields from the API request directly to the logger's file-write path without validation, and the default configuration omits API key authentication entirely. The vulnerability is fixed in dalfox v2.13.0, released 2025-01-20, which strips all filesystem-dangerous fields from API-sourced requests before passing them to the scan engine. GitHub advisory GHSA-8hf9-3q64-q2qf confirms the issue; no public exploit code is identified at time of analysis, and CISA KEV does not list this CVE.
Authentication Bypass
File Upload
-
CVE-2026-45088
HIGH
CVSS 7.5
Unauthenticated arbitrary file read in dalfox REST API server mode allows remote attackers to exfiltrate sensitive files from the host filesystem. The vulnerability chains two flaws: missing authentication middleware when no API key is set (default configuration), and unsanitized deserialization of the `custom-payload-file` JSON parameter directly into the scan engine. Remote attackers can supply any file path (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, cloud credential files) and the engine reads each line, embeds it as an XSS payload, and transmits it to an attacker-controlled HTTP endpoint via dalfox's own scan traffic. No exploit code is publicly identified at time of analysis; vendor-released patch available in version 2.13.0.
XSS
Authentication Bypass
Privilege Escalation
-
CVE-2026-44872
HIGH
CVSS 7.2
A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbitrary files on the underlying filesystem of the affected device.
Command Injection
-
CVE-2026-44871
HIGH
CVSS 7.2
Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying opera...
Command Injection
-
CVE-2026-44870
HIGH
CVSS 7.2
Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying opera...
Command Injection
-
CVE-2026-44869
HIGH
CVSS 7.2
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.
Command Injection
-
CVE-2026-44868
HIGH
CVSS 7.2
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.
Command Injection
-
CVE-2026-44867
HIGH
CVSS 7.2
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.
Command Injection
-
CVE-2026-44866
HIGH
CVSS 7.2
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.
Command Injection
-
CVE-2026-44865
HIGH
CVSS 7.2
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.
Command Injection
-
CVE-2026-44864
HIGH
CVSS 7.2
SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters...
SQLi
-
CVE-2026-44863
HIGH
CVSS 7.2
SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters...
SQLi
-
CVE-2026-44862
HIGH
CVSS 7.2
SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters...
SQLi
-
CVE-2026-44861
HIGH
CVSS 7.2
SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters...
SQLi
-
CVE-2026-44860
HIGH
CVSS 7.2
SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters...
SQLi
-
CVE-2026-44859
HIGH
CVSS 7.2
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending special...
RCE
Buffer Overflow
Stack Overflow
-
CVE-2026-44858
HIGH
CVSS 7.2
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending special...
RCE
Buffer Overflow
Stack Overflow
-
CVE-2026-44857
HIGH
CVSS 7.2
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending special...
RCE
Buffer Overflow
Stack Overflow
-
CVE-2026-44856
HIGH
CVSS 7.2
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending special...
RCE
Buffer Overflow
Stack Overflow
-
CVE-2026-44855
HIGH
CVSS 7.2
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending special...
RCE
Buffer Overflow
Stack Overflow
-
CVE-2026-44854
HIGH
CVSS 7.2
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a pr...
RCE
Command Injection
-
CVE-2026-44853
HIGH
CVSS 7.2
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a pr...
RCE
Command Injection
-
CVE-2026-44852
HIGH
CVSS 7.2
An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting imp...
RCE
-
CVE-2026-44660
HIGH
CVSS 8.7
### Summary
When `ujson.dump()` writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operation leaks the full size of the serialized payload.
Code that uses `ujson.dumps()` rather than `ujs...
Python
Information Disclosure
-
CVE-2026-44648
HIGH
CVSS 7.5
### Summary
Changing a user’s password does not invalidate existing sessions, allowing an attacker with a stolen cookie to retain access even after the victim resets their password.
### Details
SillyTavern relies on cookie-session for authentication, storing all session data (user handle, permissio...
XSS
Google
Mozilla
-
CVE-2026-44594
HIGH
CVSS 7.5
### Summary
A Local File Inclusion (LFI) vulnerability exists in the esbuild plugin's handling of the `browser` field in `package.json`. An attacker can publish an npm package that causes the server to read and return arbitrary files from the host filesystem during the build process.
### Details
...
Path Traversal
Node.js
Debian
Oracle
Ubuntu
-
CVE-2026-44593
HIGH
CVSS 8.7
### Impact
- Arbitrary File Write - An attacker can cause the server to write data to any file path it has write permission for.
- Privilege Escalation / RCE - By overwriting critical binaries or scripts, the attacker can execute arbitrary code with the server’s privileges.
### Exploit
The legacy ...
Privilege Escalation
RCE
Path Traversal
-
CVE-2026-44548
HIGH
CVSS 8.1
ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDelete.php causes a logged-in ChurchCRM user with the relevant role to silently delete records, including...
PHP
CSRF
-
CVE-2026-44412
HIGH
CVSS 7.3
Stack-based buffer overflow in Siemens Solid Edge SE2026 allows arbitrary code execution when users open malicious PAR files. Attackers must deliver a weaponized PAR file and convince the user to open it, after which code executes with user's privileges. All versions prior to V226.0 Update 5 are vulnerable. No active exploitation confirmed (not in CISA KEV), but the attack relies on user interaction with a common CAD file format, making social engineering feasible in engineering/manufacturing environments.
Buffer Overflow
Stack Overflow
-
CVE-2026-44411
HIGH
CVSS 7.3
Uninitialized pointer access in Siemens Solid Edge SE2026 enables arbitrary code execution when processing malicious PAR files. Attackers must deliver a crafted PAR file and convince users to open it (CVSS:4.0 AV:L/UI:P), achieving full compromise of the victim's workstation with high confidentiality, integrity, and availability impact. No active exploitation confirmed at time of analysis, though the local attack vector and user interaction requirement limit automated mass exploitation. EPSS data not available for risk calibration.
Information Disclosure
Memory Corruption
-
CVE-2026-44403
HIGH
CVSS 8.6
Wing FTP Server 8.1.2 contains an authenticated remote code execution vulnerability in the session serialization mechanism that allows authenticated administrators to inject arbitrary Lua code through the domain admin mydirectory field. Attackers can exploit unsafe serialization of session values in...
RCE
Code Injection
-
CVE-2026-44296
HIGH
CVSS 7.5
Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service (DoS) vulnerability affects Deskflow servers running with TLS enabled (the default). When any TCP peer connects to the listening port and its first bytes do not parse as a valid TLS ClientH...
Denial Of Service
Suse
-
CVE-2026-44295
HIGH
CVSS 8.7
Code injection in protobufjs-cli's pbjs static generator allows attackers who control protocol buffer schemas to inject malicious JavaScript code into generated output files. The vulnerability affects npm packages protobufjs-cli versions ≤1.2.0 and 2.0.0-2.0.1, with patches released in versions 1.2.1 and 2.0.2. Exploitation requires low complexity with authenticated network access and user interaction (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C), achieving high confidentiality and integrity impact but no availability impact. No CISA KEV listing or public exploit code identified at time of analysis, though GitHub advisory confirms the vulnerability with released patches.
RCE
Code Injection
-
CVE-2026-44293
HIGH
CVSS 7.7
Remote code execution in protobufjs (npm package) versions ≤7.5.5 and 8.0.0-8.0.1 allows attackers to inject and execute arbitrary JavaScript by supplying a malicious protobuf schema with crafted default values in bytes fields. When applications load untrusted protobuf descriptors and call toObject() with defaults enabled, attacker-controlled expressions are emitted into generated conversion functions and executed in the application context. Vendor-released patches are available in versions 7.5.6 and 8.0.2. No public exploit code identified at time of analysis, though the vulnerability is straightforward to weaponize given the clear preconditions in the advisory.
RCE
Code Injection
-
CVE-2026-44291
HIGH
CVSS 8.1
Prototype pollution in protobuf.js type lookup tables enables remote code execution via code injection into generated encode/decode functions. Affects npm package protobuf.js versions ≤7.5.5 and 8.0.0-8.0.1. Exploitation requires chaining with a separate prototype pollution vulnerability-applications must first allow Object.prototype pollution, then invoke protobufjs code generation on attacker-influenced schemas. Vendor-released patches available (v7.5.6, v8.0.2). CVSS 8.1 (High) reflects network vector but high attack complexity (AC:H) due to multi-step prerequisite. No evidence of active exploitation (not in CISA KEV), public exploit code not identified at time of analysis.
RCE
Code Injection
-
CVE-2026-44290
HIGH
CVSS 7.5
Prototype pollution in protobufjs allows denial of service through corrupted JavaScript built-ins when parsing untrusted schemas. Attackers who control protobuf schemas or JSON descriptors can write to inherited object properties on global constructors, causing process-wide state corruption that persists until restart. CVSS 7.5 (High) with network vector and no authentication required, but real-world risk is limited to applications parsing schemas from untrusted sources-applications only decoding untrusted message payloads with trusted schemas are not affected. Vendor-released patches available: v7.5.6 and v8.0.2. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis.
RCE
Denial Of Service
Prototype Pollution
-
CVE-2026-44289
HIGH
CVSS 7.5
Remote denial of service in protobuf.js (npm package) allows unauthenticated attackers to crash Node.js processes by sending crafted protobuf payloads with deeply nested structures. The vulnerability affects the binary decoding path where unbounded recursion exhausts the JavaScript call stack. Version 7.5.6 and 8.0.2 patches are available. Applications decoding untrusted protobuf data over network APIs, message queues, or file uploads are at immediate risk. CVSS 7.5 (High) reflects network attack vector with no authentication required.
Denial Of Service
-
CVE-2026-44260
HIGH
CVSS 8.1
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the <efw:elFinder> JSP tag is intended to prevent file modifications. When protected=true, elfinder_checkRisk enforces that the client sends readonly=true (matching the session value), but no event handler checks ...
Authentication Bypass
-
CVE-2026-44246
HIGH
CVSS 7.2
nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable to Agentic Workflow Injection. The workflow sets allowed_non_write_users: ${{ github.event.issue.use...
Code Injection
-
CVE-2026-44224
HIGH
CVSS 8.6
Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, the users.update GraphQL mutation accepts an arbitrary groups array and applies it directly to the database with no validation of the group IDs supplied. The resolver passes the caller's arguments straight to the model without an...
Privilege Escalation
Node.js
-
CVE-2026-44184
HIGH
CVSS 8.0
Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, Cleanuparr's global CORS policy reflects every request Origin and combines it with AllowCredentials(). When DisableAuthForLocalAddresses ...
Information Disclosure
-
CVE-2026-44015
HIGH
CVSS 8.5
Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery (SSRF) by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forward...
SSRF
Nginx
-
CVE-2026-43993
HIGH
CVSS 8.2
Server-Side Request Forgery in JunoClaw's WAVS bridge allows remote attackers to exploit the computeDataVerify function, which fetched agent-supplied URLs without validating scheme, port, or resolved IP addresses. Attackers can trick the bridge into accessing internal cloud metadata services (AWS, GCP), RFC 1918 private networks, databases, and admin APIs running on non-standard ports. Exploitation requires user interaction (UI:R) but no authentication (PR:N), with cross-scope impact (S:C) allowing high confidentiality breach and low availability impact. Fixed in version 0.x.y-security-1 via commit a168608, which implements a comprehensive SSRF guard with scheme/port allowlists, DNS private-IP blocking for both IPv4 and IPv6 ranges, request timeouts, and body size caps. No CISA KEV listing or public exploit code identified at time of analysis.
SSRF
-
CVE-2026-43991
HIGH
CVSS 8.4
Command injection in JunoClaw's plugin-shell allowed adversarial argument construction to bypass the substring-based blocklist and achieve unauthorized command execution on the host when the unsafe-shell feature was enabled. Attackers could craft commands with special tokens or argument patterns to evade blocklist checks that scanned raw command strings instead of parsed first tokens. The vulnerability required local access but no authentication or user interaction (CVSS AV:L/AC:L/PR:N/UI:N) with high impact across confidentiality, integrity, and availability. No public exploit code or CISA KEV listing identified at time of analysis. Fixed in version 0.x.y-security-1 by replacing the blocklist with a strict allowlist on parsed command tokens and removing shell wrapper metacharacter expansion.
Command Injection
-
CVE-2026-43990
HIGH
CVSS 8.4
Command injection in JunoClaw agentic AI platform versions prior to 0.x.y-security-1 allows local attackers to execute arbitrary shell commands with high integrity and confidentiality impact. The plugin-shell component wrapped agent-supplied commands in 'sh -c' or 'cmd /C' without sanitizing shell metacharacters, enabling malicious AI agents or compromised agent inputs to break out of intended command boundaries. CISA KEV status: not listed. Public exploit code: GitHub commit 2bc54f6 demonstrates the vulnerable code path and fix implementation. EPSS data: not available. The vendor-released patch (0.x.y-security-1) removes the shell wrapper entirely and implements a strict allowlist plus compile-time feature gate.
Command Injection
-
CVE-2026-43989
HIGH
CVSS 8.5
Arbitrary file read in JunoClaw's MCP upload_wasm tool allows local attackers to exfiltrate any file accessible to the agent process by providing crafted filesystem paths. The vulnerability affects all JunoClaw versions prior to 0.x.y-security-1 when an AI agent is induced to accept a malicious path parameter, enabling read access to sensitive files including configuration secrets, private keys, or source code. No active exploitation confirmed via CISA KEV, but the CVSS 8.5 HIGH score reflects significant confidentiality and integrity impact with changed scope. Fixed version 0.x.y-security-1 introduces comprehensive path validation including directory containment checks, symlink resolution guards, file size limits, and WebAssembly magic number verification.
Information Disclosure
-
CVE-2026-43983
HIGH
CVSS 8.5
Pocket ID OIDC provider fails to validate user authorization state during refresh token exchange, allowing revoked, disabled, or unauthorized users to obtain fresh access tokens indefinitely. Affects all versions prior to 2.6.0. Publicly available exploit code exists via GitHub security advisory GHSA-w6p7-2fxx-4f44. Attack requires low privileges and user interaction (CVSS 8.5) but enables persistent unauthorized access even after administrative revocation actions. Fixed in version 2.6.0.
Authentication Bypass
-
CVE-2026-43916
HIGH
CVSS 8.7
Heap buffer over-read in pam_authnft allows remote denial-of-service via crafted netlink messages. pam_authnft < 0.2.0-alpha contains a CWE-125 buffer over-read in the peer_lookup_tcp function when parsing NETLINK_SOCK_DIAG replies, allowing unauthenticated network attackers to trigger crashes by sending malformed netlink diagnostic messages that bypass message-size validation. This PAM module binds nftables firewall rules to authenticated sessions, so exploitation disrupts authentication infrastructure. Vendor-released patch: 0.2.0-alpha (GitHub PR #10). No public exploit identified at time of analysis.
Buffer Overflow
Information Disclosure
-
CVE-2026-43892
HIGH
CVSS 8.8
AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16.
XSS
-
CVE-2026-43685
HIGH
CVSS 7.2
Remote code execution in Claris FileMaker Cloud allows authenticated administrators to execute arbitrary operating system commands via command injection in the External ODBC Data Source connection test feature. The vulnerability requires Admin Console privileges (PR:H) but no user interaction, enabling complete system compromise with high impact to confidentiality, integrity, and availability. No public exploit identified at time of analysis. EPSS score of 0.23% (46th percentile) indicates low observed exploitation probability despite the RCE capability. Fixed in FileMaker Cloud version 2.22.0.5.
RCE
Command Injection
-
CVE-2026-43680
HIGH
CVSS 7.2
Authenticated administrators with Admin Console access to FileMaker Cloud can execute arbitrary operating system commands on the underlying host by bypassing front-end restrictions on OS Script schedule types. This vulnerability affects all FileMaker Cloud versions prior to 2.22.0.5 and requires high-privilege administrative credentials to exploit. Despite the network attack vector and total technical impact (full system compromise), the low EPSS score (0.13%, 32nd percentile) and SSVC assessment indicating no observed exploitation suggest this is not being actively exploited in the wild, likely due to the high privilege requirement limiting the attacker pool to malicious insiders or compromised admin accounts.
RCE
Code Injection
-
CVE-2026-43513
HIGH
CVSS 7.5
Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109.
Older unsupported versions m...
Apache
Information Disclosure
Tomcat
Suse
-
CVE-2026-42899
HIGH
CVSS 7.5
Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
Denial Of Service
-
CVE-2026-42896
HIGH
CVSS 7.8
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Buffer Overflow
Integer Overflow
Microsoft
-
CVE-2026-42893
HIGH
CVSS 7.4
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.
Command Injection
-
CVE-2026-42855
HIGH
CVSS 7.5
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header, witho...
Authentication Bypass
-
CVE-2026-42832
HIGH
CVSS 7.7
Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.
Authentication Bypass
Microsoft
-
CVE-2026-42831
HIGH
CVSS 7.8
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Buffer Overflow
Heap Overflow
Microsoft
-
CVE-2026-42825
HIGH
CVSS 7.0
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
Denial Of Service
Use After Free
Memory Corruption
Microsoft
-
CVE-2026-42742
HIGH
CVSS 8.5
Blind SQL injection in Views for WPForms WordPress plugin (versions ≤3.4.6) allows authenticated low-privilege attackers with network access to extract sensitive database contents. The vulnerability enables cross-scope compromise with high confidentiality impact and limited availability disruption. Patchstack reported this SQLi flaw; no public exploit identified at time of analysis. EPSS data not available, suggesting lower immediate exploitation probability, though the low attack complexity (AC:L) makes exploitation straightforward once authenticated access is obtained.
SQLi
-
CVE-2026-42741
HIGH
CVSS 8.5
Blind SQL injection in Ninja Forms Views plugin (versions ≤3.3.2) allows authenticated attackers with low-level privileges to extract sensitive database information via specially crafted queries. The vulnerability carries an 8.5 CVSS score with scope change, enabling attackers to access data beyond the plugin's normal authorization boundaries. Reported by Patchstack with detailed vendor advisory available, though no public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.
SQLi
-
CVE-2026-42290
HIGH
CVSS 7.8
Command injection in protobufjs-cli pbts tool allows arbitrary shell command execution when processing file paths with shell metacharacters. The pbts utility builds JSDoc commands by concatenating unsanitized file paths into shell strings executed via child_process.exec. Affects protobufjs-cli versions ≤1.2.0 and 2.0.0-2.0.1. Vendor-released patches available (1.2.1 and 2.0.2). CVSS 7.8 (High) but requires local access with user interaction (AV:L/UI:R), limiting remote exploitation. No EPSS data or KEV listing indicates this is not yet widely exploited despite public disclosure and available fixes.
Command Injection
-
CVE-2026-42289
HIGH
CVSS 8.8
ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user account creation and permission updates entirely through $_POST parameters with no CSRF token validation. An unauthenticated attacker can craft a malicious HTML page that, when visited by an authentic...
PHP
Privilege Escalation
CSRF
-
CVE-2026-42268
HIGH
CVSS 8.2
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception (std::out_of_range) caused by unsigned integer underflow in libmodsecurity3 if the user (administrator) uses a rule any of @veri...
Apache
Information Disclosure
Integer Overflow
Nginx
Red Hat
-
CVE-2026-42156
HIGH
CVSS 7.1
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an arbitrary Cypher query....
Information Disclosure
Nosql Injection
-
CVE-2026-42141
HIGH
CVSS 7.7
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fro...
SSRF
Microsoft
-
CVE-2026-41713
HIGH
CVSS 8.2
Conversation memory poisoning in VMware Spring AI allows remote unauthenticated attackers to inject malicious input that persists across conversation turns and manipulates AI model behavior. The vulnerability achieves high integrity impact (CVSS 8.2) through stored prompt injection, enabling attackers to alter model responses, extract sensitive context, or bypass application logic without authentication. No active exploitation confirmed at time of analysis, but the network-accessible attack surface and low complexity make this a priority for applications processing user-generated conversational input.
Information Disclosure
Ssti
-
CVE-2026-41712
HIGH
CVSS 7.5
Remote unauthenticated attackers can access confidential data from other users' chat sessions in Spring AI applications due to insecure default configuration in the chat memory component. The vulnerability allows network-based exploitation with no authentication required (CVSS:3.1 AV:N/AC:L/PR:N/UI:N) and impacts confidentiality only (C:H/I:N/A:N), enabling cross-user data leakage in multi-tenant AI chat implementations. Reported by VMware, affecting Java-based Spring AI deployments where developers have not explicitly configured chat memory isolation.
Privilege Escalation
Java
Information Disclosure
-
CVE-2026-41613
HIGH
CVSS 8.8
Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
Authentication Bypass
Session Fixation
-
CVE-2026-41611
HIGH
CVSS 7.8
Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.
XSS
-
CVE-2026-41109
HIGH
CVSS 8.8
Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.
Authentication Bypass
-
CVE-2026-41107
HIGH
CVSS 7.4
External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
Information Disclosure
Google
Microsoft
-
CVE-2026-41102
HIGH
CVSS 7.1
Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.
Authentication Bypass
Microsoft
-
CVE-2026-41101
HIGH
CVSS 7.1
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
Authentication Bypass
Microsoft
-
CVE-2026-41095
HIGH
CVSS 7.8
Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.
Denial Of Service
Use After Free
Memory Corruption
-
CVE-2026-41094
HIGH
CVSS 8.8
Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.
RCE
Microsoft
Code Injection
-
CVE-2026-41088
HIGH
CVSS 7.8
External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Information Disclosure
Microsoft
-
CVE-2026-41086
HIGH
CVSS 8.8
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
Authentication Bypass
Microsoft
-
CVE-2026-40420
HIGH
CVSS 8.8
Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
Authentication Bypass
Microsoft
-
CVE-2026-40419
HIGH
CVSS 7.8
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
Denial Of Service
Use After Free
Memory Corruption
Microsoft
-
CVE-2026-40418
HIGH
CVSS 7.8
Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
Denial Of Service
Use After Free
Memory Corruption
Microsoft
-
CVE-2026-40417
HIGH
CVSS 7.8
Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.
Information Disclosure
-
CVE-2026-40415
HIGH
CVSS 8.1
Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
Denial Of Service
Use After Free
Memory Corruption
Microsoft
-
CVE-2026-40414
HIGH
CVSS 7.4
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.
Denial Of Service
Null Pointer Dereference
Microsoft
-
CVE-2026-40413
HIGH
CVSS 7.4
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.
Denial Of Service
Null Pointer Dereference
Microsoft
-
CVE-2026-40410
HIGH
CVSS 7.0
Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.
Denial Of Service
Use After Free
Memory Corruption
Microsoft
-
CVE-2026-40408
HIGH
CVSS 7.8
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
Denial Of Service
Use After Free
Memory Corruption
Microsoft
-
CVE-2026-40407
HIGH
CVSS 7.8
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Buffer Overflow
Heap Overflow
Microsoft
-
CVE-2026-40406
HIGH
CVSS 7.5
Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.
Denial Of Service
Use After Free
Memory Corruption
Microsoft
-
CVE-2026-40405
HIGH
CVSS 7.5
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.
Denial Of Service
Null Pointer Dereference
Microsoft
-
CVE-2026-40403
HIGH
CVSS 8.8
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
Buffer Overflow
Heap Overflow
Microsoft
-
CVE-2026-40401
HIGH
CVSS 7.1
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.
Denial Of Service
Null Pointer Dereference
Microsoft
-
CVE-2026-40399
HIGH
CVSS 7.8
Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
Buffer Overflow
Microsoft
Stack Overflow
-
CVE-2026-40398
HIGH
CVSS 7.8
Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
Buffer Overflow
Heap Overflow
Microsoft
-
CVE-2026-40397
HIGH
CVSS 7.8
Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Information Disclosure
Integer Overflow
Microsoft
-
CVE-2026-40382
HIGH
CVSS 7.8
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
Denial Of Service
Use After Free
Memory Corruption
Microsoft
-
CVE-2026-40381
HIGH
CVSS 7.8
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
Authentication Bypass
Microsoft
-
CVE-2026-40377
HIGH
CVSS 7.8
Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
Buffer Overflow
Heap Overflow
Microsoft
-
CVE-2026-40370
HIGH
CVSS 8.8
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
Information Disclosure
-
CVE-2026-40369
HIGH
CVSS 7.8
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
Information Disclosure
Microsoft
-
CVE-2026-40368
HIGH
CVSS 8.0
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Deserialization
Microsoft
-
CVE-2026-40367
HIGH
CVSS 8.4
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Authentication Bypass
Microsoft
-
CVE-2026-40366
HIGH
CVSS 8.4
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Denial Of Service
Use After Free
Memory Corruption
Microsoft
-
CVE-2026-40365
HIGH
CVSS 8.8
Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Information Disclosure
Microsoft
-
CVE-2026-40364
HIGH
CVSS 8.4
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Authentication Bypass
Memory Corruption
Microsoft
-
CVE-2026-40363
HIGH
CVSS 8.4
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Buffer Overflow
Heap Overflow
Microsoft
-
CVE-2026-40362
HIGH
CVSS 7.8
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Buffer Overflow
Heap Overflow
Microsoft
-
CVE-2026-40361
HIGH
CVSS 8.4
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Denial Of Service
Use After Free
Memory Corruption
Microsoft
-
CVE-2026-40360
HIGH
CVSS 7.8
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Buffer Overflow
Information Disclosure
Microsoft
-
CVE-2026-40359
HIGH
CVSS 7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Denial Of Service
Use After Free
Memory Corruption
Microsoft
-
CVE-2026-40358
HIGH
CVSS 8.4
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Denial Of Service
Use After Free
Memory Corruption
Microsoft
-
CVE-2026-40357
HIGH
CVSS 8.8
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Deserialization
Microsoft
-
CVE-2026-39432
HIGH
CVSS 8.2
Missing authorization in Timetics WordPress plugin through version 1.0.53 allows unauthenticated remote attackers to bypass access controls and access sensitive administrative functions or data. With CVSS 8.2 (High), the vulnerability enables high confidentiality impact and low integrity impact against network-accessible instances. Patchstack reported this broken access control flaw, indicating potential exposure of booking systems, customer data, or administrative operations to unauthorized access without authentication.
Authentication Bypass
-
CVE-2026-35439
HIGH
CVSS 8.8
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Deserialization
Microsoft
-
CVE-2026-35438
HIGH
CVSS 8.3
Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
Authentication Bypass
Microsoft
-
CVE-2026-35436
HIGH
CVSS 8.8
Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
Information Disclosure
Microsoft
-
CVE-2026-35433
HIGH
CVSS 7.3
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
Authentication Bypass
-
CVE-2026-35424
HIGH
CVSS 7.5
Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
Authentication Bypass
Microsoft
-
CVE-2026-35421
HIGH
CVSS 7.8
Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.
Buffer Overflow
Heap Overflow
Microsoft
-
CVE-2026-35420
HIGH
CVSS 7.8
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
Buffer Overflow
Heap Overflow
Microsoft
-
CVE-2026-35418
HIGH
CVSS 7.8
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Denial Of Service
Use After Free
Memory Corruption
Microsoft
-
CVE-2026-35417
HIGH
CVSS 7.8
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Information Disclosure
Memory Corruption
Microsoft
-
CVE-2026-35416
HIGH
CVSS 7.0
Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows low-privileged authenticated users to execute arbitrary code with SYSTEM privileges via use-after-free memory corruption. Microsoft has released patches addressing Windows 10 (versions 1607 through 22H2), Windows 11 (versions 22H3 through 26H1), and Windows Server 2012. CVSS base score is 7.0 (High) with local attack vector and high attack complexity. EPSS data not available; no CISA KEV listing at time of analysis, suggesting exploitation has not been observed in the wild despite public disclosure.
Denial Of Service
Use After Free
Memory Corruption
Microsoft
-
CVE-2026-35415
HIGH
CVSS 7.8
Local privilege escalation in Windows Storage Spaces Controller enables authenticated users with low-level access to gain SYSTEM-level privileges by exploiting an integer overflow that leads to memory corruption. Affects Windows 10 (1607 through 22H2), Windows 11 (all versions through 26H1), and Windows Server 2012 R2. Microsoft has released security updates through their March 2026 Patch Tuesday. No active exploitation confirmed in CISA KEV at time of analysis, though the combination of low attack complexity (AC:L) and no user interaction requirement (UI:N) makes post-compromise exploitation straightforward for attackers who have already obtained initial access.
Buffer Overflow
Integer Overflow
Microsoft
-
CVE-2026-35227
HIGH
CVSS 8.2
TCP connection exhaustion in CODESYS Modbus TCP Server allows remote unauthenticated attackers to trigger a race condition in connection handling, depleting all available TCP connections and denying service to legitimate industrial automation clients. CVSS 8.2 (High) reflects high availability impact. No active exploitation confirmed (not in CISA KEV), but attack complexity is low with present race condition opportunity (AT:P). Patch available from vendor for versions prior to 4.6.0.0.
Information Disclosure
-
CVE-2026-35071
HIGH
CVSS 8.2
OS command injection in Dell PowerScale InsightIQ 6.0.0 through 6.2.0 allows high-privileged local administrators to execute arbitrary system commands with elevated privileges, achieving container escape (scope change) on the storage cluster management platform. Dell published security advisory DSA-2026-208 addressing this vulnerability. EPSS data not available; no CISA KEV listing indicates targeted rather than widespread exploitation at time of analysis.
Command Injection
Dell
-
CVE-2026-34690
HIGH
CVSS 7.8
After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RCE
Buffer Overflow
Stack Overflow
-
CVE-2026-34687
HIGH
CVSS 7.8
Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RCE
Buffer Overflow
Heap Overflow
Illustrator
-
CVE-2026-34686
HIGH
CVSS 8.7
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may b...
XSS
Adobe
-
CVE-2026-34684
HIGH
CVSS 7.8
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RCE
Buffer Overflow
Memory Corruption
-
CVE-2026-34683
HIGH
CVSS 7.8
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RCE
Buffer Overflow
Memory Corruption
-
CVE-2026-34682
HIGH
CVSS 7.8
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RCE
Buffer Overflow
Memory Corruption
-
CVE-2026-34681
HIGH
CVSS 7.8
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RCE
Buffer Overflow
Memory Corruption
-
CVE-2026-34676
HIGH
CVSS 7.8
Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RCE
Buffer Overflow
Memory Corruption
Substance 3d Painter
-
CVE-2026-34675
HIGH
CVSS 7.8
Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RCE
Buffer Overflow
Memory Corruption
Substance 3d Painter
-
CVE-2026-34665
HIGH
CVSS 7.5
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service cond...
Denial Of Service
-
CVE-2026-34661
HIGH
CVSS 7.8
Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RCE
Buffer Overflow
Memory Corruption
Illustrator
-
CVE-2026-34653
HIGH
CVSS 8.7
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system read and write. An authenticated attacker wi...
Path Traversal
Adobe
-
CVE-2026-34652
HIGH
CVSS 7.5
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the applica...
Denial Of Service
Adobe
-
CVE-2026-34651
HIGH
CVSS 7.5
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resultin...
Denial Of Service
Adobe
-
CVE-2026-34650
HIGH
CVSS 7.5
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resultin...
Denial Of Service
Adobe
-
CVE-2026-34649
HIGH
CVSS 7.5
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resultin...
Denial Of Service
Adobe
-
CVE-2026-34648
HIGH
CVSS 7.5
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resultin...
Denial Of Service
Adobe
-
CVE-2026-34647
HIGH
CVSS 7.4
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain u...
SSRF
Adobe
-
CVE-2026-34646
HIGH
CVSS 7.5
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorize...
Authentication Bypass
Adobe
-
CVE-2026-34645
HIGH
CVSS 7.5
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorize...
Authentication Bypass
Adobe
-
CVE-2026-34644
HIGH
CVSS 7.8
After Effects versions 26.0, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RCE
Integer Overflow
-
CVE-2026-34643
HIGH
CVSS 7.8
After Effects versions 26.0, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RCE
Buffer Overflow
Memory Corruption
-
CVE-2026-34642
HIGH
CVSS 7.8
After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RCE
Buffer Overflow
Heap Overflow
-
CVE-2026-34640
HIGH
CVSS 7.8
Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RCE
Integer Overflow
-
CVE-2026-34639
HIGH
CVSS 7.8
Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RCE
Buffer Overflow
Memory Corruption
-
CVE-2026-34638
HIGH
CVSS 7.8
Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RCE
Denial Of Service
Use After Free
Memory Corruption
-
CVE-2026-34637
HIGH
CVSS 7.8
Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RCE
Buffer Overflow
Memory Corruption
-
CVE-2026-34636
HIGH
CVSS 7.8
Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RCE
Buffer Overflow
Memory Corruption
-
CVE-2026-34351
HIGH
CVSS 7.8
Local privilege escalation in Windows TCP/IP stack affects Windows 10 (1607-22H2), Windows 11 (22H3-26H1), and Windows Server 2012 through a race condition vulnerability. Low-complexity exploitation requires only low-privilege authenticated access with no user interaction (CVSS 7.8, AV:L/AC:L/PR:L/UI:N). Vendor-released patch available from Microsoft Security Response Center. No public exploit code or active exploitation confirmed at time of analysis, though the low attack complexity and local vector suggest feasibility for post-compromise privilege escalation in enterprise environments.
Information Disclosure
Race Condition
Microsoft
-
CVE-2026-34347
HIGH
CVSS 7.0
Local privilege escalation in Windows Win32K graphics subsystem (Win32K - GRFX) allows authenticated users with low privileges to achieve SYSTEM-level access through a use-after-free memory corruption vulnerability. Affects multiple Windows 10, Windows 11, and Windows Server 2012 versions. Microsoft has released patches through their March 2026 security updates. The CVSS 7.0 (High) rating reflects high attack complexity (AC:H), requiring specific race condition timing or system state manipulation, though EPSS data is not yet available for this recently disclosed CVE.
Denial Of Service
Use After Free
Memory Corruption
Microsoft
-
CVE-2026-34345
HIGH
CVSS 7.0
Race condition in Windows Ancillary Function Driver for WinSock (AFD.sys) enables local privilege escalation for low-privileged authenticated users across Windows 10 (1607-22H2), Windows 11 (22H3-26H1), and Windows Server 2016. Microsoft confirmed the vulnerability and released patches via their March 2026 security updates. The flaw requires high attack complexity (CVSS AC:H), suggesting exploitation depends on winning a narrow timing window in concurrent socket operations. EPSS data unavailable, no CISA KEV listing at time of analysis, but Microsoft's rapid patch indicates credible exploit risk.
Information Disclosure
Race Condition
Microsoft
-
CVE-2026-34344
HIGH
CVSS 7.8
Type confusion vulnerability in Windows Ancillary Function Driver for WinSock enables local authenticated users to escalate privileges to SYSTEM level on Windows 10 (versions 1607-22H2), Windows 11 (versions 22H3-26H1), and Windows Server 2012. Microsoft has released patches through their March 2026 security update cycle. The vulnerability requires low-privilege local access but no user interaction, making it a high-value target for post-compromise lateral movement and persistence. CVSS 7.8 reflects complete system compromise potential, though EPSS data and KEV status are not available for this future-dated CVE.
Information Disclosure
Memory Corruption
Microsoft
-
CVE-2026-34343
HIGH
CVSS 7.8
Local privilege escalation in Windows Application Identity (AppID) Subsystem allows low-privileged authenticated users to execute code as SYSTEM via heap buffer overflow. Microsoft has released security patches across Windows 10 (versions 1607-22H2), Windows 11 (versions 22H3-26H1), and Windows Server 2012. CVSS 7.8 score reflects high impact to confidentiality, integrity, and availability. EPSS data not available; no confirmed active exploitation or public POC identified at time of analysis. Requires existing local access with standard user privileges, limiting remote attack surface.
Buffer Overflow
Heap Overflow
Microsoft
-
CVE-2026-34342
HIGH
CVSS 7.0
Local privilege escalation in Windows Print Spooler Components affects Windows 10, Windows 11, and Windows Server 2012 through race condition exploitation. Authenticated low-privileged attackers can elevate to SYSTEM privileges via concurrent resource access attacks, though attack complexity is rated high (AC:H). Vendor-released patch available from Microsoft Security Response Center. No active exploitation confirmed in CISA KEV at time of analysis, but Print Spooler remains a historically attractive target with established attack patterns (PrintNightmare, SpoolFool precedents).
Information Disclosure
Race Condition
Microsoft
-
CVE-2026-34341
HIGH
CVSS 7.0
Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.
Information Disclosure
Microsoft
-
CVE-2026-34340
HIGH
CVSS 7.0
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
Denial Of Service
Use After Free
Memory Corruption
Microsoft
-
CVE-2026-34338
HIGH
CVSS 7.8
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
Denial Of Service
Use After Free
Memory Corruption
Microsoft
-
CVE-2026-34337
HIGH
CVSS 7.8
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Denial Of Service
Use After Free
Memory Corruption
Microsoft
-
CVE-2026-34336
HIGH
CVSS 7.8
Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
Buffer Overflow
Microsoft
-
CVE-2026-34334
HIGH
CVSS 7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
Information Disclosure
Race Condition
Microsoft
-
CVE-2026-34333
HIGH
CVSS 7.8
Local privilege escalation in Windows Win32K graphics subsystem affects Windows 10 (1607 through 22H2), Windows 11 (all versions including 26H1 preview), and Windows Server 2012 through authenticated low-privileged local users exploiting a use-after-free memory corruption flaw. Microsoft has released security updates addressing this CWE-416 vulnerability with CVSS 7.8 severity. The local attack vector and low complexity (AC:L) indicate straightforward exploitation once local access is achieved, though no public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.
Denial Of Service
Use After Free
Memory Corruption
Microsoft
-
CVE-2026-34332
HIGH
CVSS 8.0
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.
Denial Of Service
Use After Free
Memory Corruption
Microsoft
-
CVE-2026-34331
HIGH
CVSS 7.0
Race condition in Windows Win32K graphics subsystem enables authenticated local users with low privileges to escalate to SYSTEM-level access on Windows 10 (1607 through 22H2), Windows 11 (all versions through 26H1), and Windows Server 2012. Microsoft has released patches through their monthly security update cycle (MSRC advisory CVE-2026-34331). EPSS data unavailable; no CISA KEV listing or public POC identified at time of analysis. The CVSS 7.0 score reflects high attack complexity (AC:H) requiring precise timing to exploit the synchronization flaw, reducing practical exploit reliability compared to simpler privilege escalation vectors.
Information Disclosure
Race Condition
Microsoft
-
CVE-2026-34330
HIGH
CVSS 7.8
Local privilege escalation in Windows Win32K graphics subsystem allows authenticated users to gain SYSTEM-level access via integer overflow exploitation. Affects all supported Windows 10, Windows 11, and Windows Server 2012 versions. Microsoft has released patches through their March 2026 security update (MSRC guide confirms vendor-released fix). CVSS 7.8 reflects high impact across confidentiality, integrity, and availability. No public exploit code identified at time of analysis, and not listed in CISA KEV, indicating limited or no active exploitation despite the severity of potential impact.
Buffer Overflow
Integer Overflow
Microsoft
-
CVE-2026-34329
HIGH
CVSS 8.8
Heap-based buffer overflow in Windows Message Queuing (MSMQ) allows remote unauthenticated attackers on adjacent networks to execute arbitrary code with high impact to confidentiality, integrity, and availability across multiple Windows versions. Microsoft released patches via their May 2026 security update. The vulnerability requires adjacent network access (same subnet/VLAN) but no authentication, user interaction, or special configuration, making it exploitable against default Windows installations where MSMQ service is enabled. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis.
Buffer Overflow
Heap Overflow
Microsoft
-
CVE-2026-34259
HIGH
CVSS 8.2
OS command injection in SAP Forecasting & Replenishment allows authenticated administrators to execute arbitrary system commands through abuse of a non-remote-enabled function, leading to complete system compromise. The vulnerability enables full read/write access to system data and potential system shutdown, though exploitation is constrained to local attack vectors and requires high-privilege administrative access (CVSS 8.2). No public exploit code or active exploitation confirmed at time of analysis, with vendor patch available via SAP Security Patch Day.
Command Injection
SAP
-
CVE-2026-34187
HIGH
CVSS 7.6
SQL injection in Pandora FMS versions 777-800 allows authenticated attackers with low privileges to exfiltrate or manipulate database contents via the graph container parameter. Attack complexity is high with present attack techniques, requiring specific timing conditions. No active exploitation confirmed per CISA KEV, and EPSS data not provided. Vendor advisory available from PandoraFMS confirms the vulnerability affecting a narrow version range spanning approximately builds 777 through 800.
SQLi
-
CVE-2026-33841
HIGH
CVSS 7.8
Local privilege escalation in Windows Kernel across Windows 10, Windows 11 (versions 22H3 through 26H1), and Windows Server 2022 allows authenticated local attackers to gain SYSTEM-level privileges through heap corruption. Microsoft has released patches addressing this CWE-122 heap-based buffer overflow. EPSS data not available for risk quantification, and no CISA KEV listing indicates exploitation has not been publicly confirmed, though the vulnerability's low attack complexity (AC:L) and minimal prerequisites (PR:L) make it attractive for post-compromise privilege escalation in targeted attacks.
Buffer Overflow
Heap Overflow
Microsoft
-
CVE-2026-33840
HIGH
CVSS 7.8
Privilege escalation in Windows Win32K ICOMP component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 via a use-after-free memory corruption flaw. Low-privileged authenticated local attackers can exploit this to gain SYSTEM-level privileges with low attack complexity and no user interaction required. Microsoft has released patches addressing this vulnerability, tracked under MSRC guidance. No active exploitation or public exploit code has been identified at time of analysis, with EPSS data not yet available for this recent CVE.
Denial Of Service
Use After Free
Memory Corruption
Microsoft
-
CVE-2026-33839
HIGH
CVSS 7.0
Local privilege escalation in Windows Win32K GRFX component allows authenticated low-privilege users to gain SYSTEM-level access through race condition exploitation. Affects Windows 10 (1809, 21H2, 22H2), Windows 11 (22H3 through 26H1), and Windows Server 2019 including Server Core installations. Microsoft has released patches via their May 2026 security updates. Attack complexity is high (AC:H), requiring precise timing to win the race condition, limiting widespread automated exploitation despite the severe impact on confidentiality, integrity, and availability.
Information Disclosure
Race Condition
Microsoft
-
CVE-2026-33838
HIGH
CVSS 7.8
Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.
Information Disclosure
Microsoft
-
CVE-2026-33837
HIGH
CVSS 7.8
Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
Buffer Overflow
Heap Overflow
Microsoft
-
CVE-2026-33835
HIGH
CVSS 7.8
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Denial Of Service
Use After Free
Memory Corruption
Microsoft
-
CVE-2026-33834
HIGH
CVSS 7.8
Windows Event Logging Service privilege escalation allows local authenticated attackers with low-level privileges to gain SYSTEM-level control across Windows 10, Windows 11, and Windows Server 2012+ environments. The vulnerability requires no user interaction and has low attack complexity (AC:L), making exploitation straightforward once initial access is obtained. Microsoft has released patches via their March 2026 security updates, and exploitation requires only standard user credentials on vulnerable systems. CVSS 7.8 HIGH severity with complete compromise of confidentiality, integrity, and availability upon successful exploitation.
Authentication Bypass
Microsoft
-
CVE-2026-33833
HIGH
CVSS 8.2
Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
Authentication Bypass
Microsoft
-
CVE-2026-33821
HIGH
CVSS 7.7
Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.
Privilege Escalation
Microsoft
-
CVE-2026-33112
HIGH
CVSS 8.8
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Deserialization
Microsoft
-
CVE-2026-33110
HIGH
CVSS 8.8
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Deserialization
Microsoft
-
CVE-2026-32687
HIGH
CVSS 7.5
SQL injection in the Elixir postgrex library allows local attackers with control over PostgreSQL LISTEN/UNLISTEN channel names to execute arbitrary SQL commands including DDL and DML operations. The Postgrex.Notifications module (versions 0.16.0 through 0.22.1) fails to escape double-quote characters in channel arguments, enabling attackers to break out of quoted identifiers and chain multi-statement payloads such as DROP TABLE commands. Vendor patch available in version 0.22.2 per GitHub advisory GHSA-r73h-97w8-m54h. No public exploit code or CISA KEV listing identified at time of analysis, though the technical details and patch diff are publicly disclosed.
SQLi
PostgreSQL
-
CVE-2026-32204
HIGH
CVSS 7.8
Path traversal in Azure Monitor Agent enables low-privileged local attackers to escalate to SYSTEM/root privileges via malicious file path manipulation. Microsoft has released security patches. Attack vector is local (AV:L) with low complexity (AC:L), requiring only basic local credentials (PR:L) but no user interaction. EPSS exploitation probability is 0.04% (4th percentile), indicating low likelihood of mass exploitation, though the attack is straightforward once local access is obtained.
Information Disclosure
Microsoft
-
CVE-2026-32177
HIGH
CVSS 7.3
Local privilege escalation in Microsoft .NET Framework (versions 3.5 through 10.0) and Visual Studio 2017 occurs through heap-based buffer overflow exploitation requiring user interaction with a malicious file. Attackers without initial privileges can achieve high-level code execution and data access by convincing a user to open a specially crafted document or application. Microsoft has released patches across all affected .NET versions per MSRC advisory, indicating this is a vendor-confirmed issue requiring immediate remediation for systems where users process untrusted .NET content.
Buffer Overflow
Heap Overflow
-
CVE-2026-32161
HIGH
CVSS 7.5
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.
Authentication Bypass
Race Condition
Microsoft
-
CVE-2026-31240
HIGH
CVSS 7.5
Unauthenticated remote attackers can modify or delete arbitrary memory records in mem0 1.0.0 server by directly calling unprotected API endpoints including PUT /memories/{memory_id}. The vulnerability stems from complete absence of authentication and authorization controls on critical memory management functions, allowing data manipulation and loss without any verification of requester identity. EPSS score of 0.06% (18th percentile) indicates low exploitation probability in the wild, and no public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.
Authentication Bypass
N A
-
CVE-2026-31232
HIGH
CVSS 8.8
The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading process. When loading model files (.pt) from a user-specified directory (via the --model_dir argument), the code uses torch.load()...
RCE
Python
Deserialization
N A
-
CVE-2026-31225
HIGH
CVSS 8.8
Remote code execution in superduper (Python library) through version 0.10.0 allows unauthenticated network attackers to execute arbitrary system commands by submitting malicious query strings with embedded Python code. The _parse_op_part() function in query.py uses unsafe eval() with inadequate context restrictions, enabling attackers to import modules (such as os) and achieve complete server compromise. EPSS score is low (0.07%, 20th percentile) and no active exploitation is confirmed (CISA KEV absent), but SSVC framework rates technical impact as total. User interaction is required (CVSS UI:R), reducing automated exploitation risk. Authentication requirements not confirmed from available data - CVSS vector shows PR:N (no privileges required) but UI:R suggests user-triggered queries.
RCE
Python
Code Injection
-
CVE-2026-31224
HIGH
CVSS 8.8
Remote code execution in Snorkel machine learning library (≤v0.10.0) occurs when users load untrusted model files via MultitaskClassifier.load(). The vulnerability exploits insecure Python object deserialization through torch.load(), allowing attackers to embed malicious code in model weight files that executes upon loading. EPSS score of 0.06% (19th percentile) suggests low observed exploitation probability in the wild, though SSVC framework indicates total technical impact once exploited. No public exploit code or active exploitation confirmed at time of analysis, but exploitation requires only that a data scientist or ML engineer load a malicious .pkl model file.
RCE
Python
Deserialization
N A
-
CVE-2026-31223
HIGH
CVSS 8.8
Arbitrary code execution in Snorkel library (Python) through version 0.10.0 enables remote attackers to execute code by supplying malicious pickle files to the BaseLabeler.load() method. The vulnerability stems from unsafe deserialization using pickle.load() without input validation, allowing attackers to craft serialized objects that execute arbitrary commands during deserialization. With EPSS at 6th percentile, exploitation probability remains relatively low despite the critical CVSS score, and no active exploitation (KEV) or public proof-of-concept has been identified at time of analysis.
RCE
Python
Deserialization
-
CVE-2026-31222
HIGH
CVSS 8.8
Arbitrary code execution in Snorkel machine learning library (≤v0.10.0) occurs when users load malicious model checkpoint files through the Trainer.load() method. The vulnerability stems from unsafe PyTorch deserialization that processes untrusted Pickle objects without the weights_only security parameter. Attackers can embed malicious Python code in model files distributed through repositories, shared datasets, or social engineering campaigns. Despite the 8.8 CVSS score indicating critical severity, EPSS scoring at 0.06% (19th percentile) suggests very low real-world exploitation probability, and no active exploitation or public proof-of-concept has been identified at time of analysis.
RCE
Python
Deserialization
Checkpoint
-
CVE-2026-31221
HIGH
CVSS 7.8
Arbitrary code execution occurs in PyTorch Lightning 2.6.0 and earlier when loading malicious checkpoint files. The LightningModule.load_from_checkpoint() method deserializes untrusted Pickle data without security restrictions, allowing attackers to execute arbitrary Python code when victims open crafted .ckpt files. EPSS score of 0.06% (19th percentile) indicates low observed exploitation probability, and no public exploit code or CISA KEV listing exists at time of analysis. Attack requires local access and user interaction (opening a malicious checkpoint), limiting remote attack scenarios to social engineering or supply chain compromise.
RCE
Python
Deserialization
Checkpoint
-
CVE-2026-31219
HIGH
CVSS 8.8
Insecure deserialization in Optimate's neural_magic_training.py script enables remote code execution when loading PyTorch model files. The _load_model() function uses torch.load() without the weights_only=True security parameter, allowing attackers with low privileges to execute arbitrary Python code by providing malicious .pt or .pth files via the --model command-line argument. EPSS indicates low exploitation probability at 0.06% with no active exploitation confirmed.
RCE
Python
Deserialization
N A
-
CVE-2026-31218
HIGH
CVSS 8.8
Remote code execution in Optimate's neural_magic_training.py script allows authenticated attackers to execute arbitrary code via malicious PyTorch model files. The vulnerability stems from unsafe deserialization when loading model state dictionaries without PyTorch's weights_only=True security flag, enabling pickle-based arbitrary object execution. With an EPSS score of 0.06% and no confirmed exploitation, this represents a moderate risk primarily in environments where users can upload or specify model files.
RCE
Python
Deserialization
N A
-
CVE-2026-30810
HIGH
CVSS 7.1
Server-Side Request Forgery (SSRF) in Pandora FMS versions 777-800 enables authenticated attackers to escalate privileges through the API Checker extension. Attackers with low-privilege network access can force the server to make arbitrary requests, potentially accessing internal resources and escalating to higher confidentiality impact (CVSS VC:H). EPSS data not available; no confirmed active exploitation (not in CISA KEV). Vendor has acknowledged the issue per PandoraFMS security advisory, indicating patch development is likely underway.
Privilege Escalation
SSRF
-
CVE-2026-30808
HIGH
CVSS 7.6
Session fixation in Pandora FMS versions 777-800 enables session hijacking when attackers supply crafted session IDs to users. Successful exploitation grants attackers complete access to victim user sessions with high confidentiality and integrity impact. No public exploit code identified at time of analysis, though attack complexity is low with network-based delivery requiring only user interaction (CVSS 7.6).
Information Disclosure
Session Fixation
-
CVE-2026-30807
HIGH
CVSS 7.1
Cross-Site Request Forgery in Pandora FMS versions 777 through 800 enables attackers to execute unauthorized administrative actions through victim interaction with malicious web pages. The network-accessible attack requires no authentication but depends on user interaction (CVSS AV:N/PR:N/UI:P), allowing high integrity impact (VI:H) with limited confidentiality exposure (VC:L). No active exploitation confirmed (CISA KEV not listed), EPSS data not available for assessment. Vendor Pandora FMS has acknowledged the vulnerability with public disclosure.
CSRF
-
CVE-2026-27851
HIGH
CVSS 7.4
Improper neutralization in OX Dovecot Pro's safe filter allows injection attacks when variable expansion is used, bypassing input sanitization on subsequent pipelines. Network-accessible attackers can exploit this filter logic flaw to inject malicious SQL or LDAP queries during authentication workflows, potentially enabling unauthorized access or data exfiltration. CVSS 7.4 with network vector but high complexity. No public exploit code identified at time of analysis, though vendor advisory confirms the vulnerability enables SQL/LDAP injection in authentication contexts.
Code Injection
Suse
-
CVE-2026-27662
HIGH
CVSS 7.0
Local unauthenticated attackers can access the web browser on Siemens SIMATIC HMI Unified Comfort and Comfort Pro panels (all models <V21) via the Control Panel when security mechanisms are not configured. The CVSS v4.0 score of 7.0 reflects high integrity and availability impact (VI:H/VA:H) with local attack vector (AV:L), low complexity (AC:L), and no authentication required (PR:N). The vulnerability is classified as CWE-1188 (Initialization of a Resource with an Insecure Default) and tagged as Authentication Bypass. No public exploit or active exploitation confirmed at time of analysis, but the local access requirement and lack of default protections significantly lower the attack bar in environments where physical or local system access is feasible, such as industrial control settings.
Authentication Bypass
-
CVE-2026-25789
HIGH
CVSS 7.2
Cross-site scripting (XSS) in Siemens SIMATIC S7-1500 PLC family firmware upload interface allows authenticated attackers to execute malicious JavaScript in administrator sessions via crafted filenames. This stored XSS requires social engineering to trick authenticated users into selecting the attacker-supplied firmware file on the web-based management interface. Successful exploitation enables session hijacking and credential theft without requiring the malicious file to be uploaded. EPSS data not provided, no CISA KEV status confirmed, affecting industrial automation controllers widely deployed in critical infrastructure environments.
XSS
-
CVE-2026-23827
HIGH
CVSS 7.5
A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a privileged user o...
RCE
Buffer Overflow
Heap Overflow
-
CVE-2026-23826
HIGH
CVSS 7.5
A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition. Successful exploitation ...
Denial Of Service
-
CVE-2026-23825
HIGH
CVSS 7.5
Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may term...
Information Disclosure
-
CVE-2026-23824
HIGH
CVSS 7.5
Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may term...
Denial Of Service
-
CVE-2026-23823
HIGH
CVSS 7.2
A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.
NOTE: This vulnerability only im...
Command Injection
-
CVE-2026-23821
HIGH
CVSS 7.2
A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing conditions. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operati...
Command Injection
-
CVE-2026-23820
HIGH
CVSS 7.2
A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands in a restricted shell environment. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying o...
Command Injection
-
CVE-2026-23819
HIGH
CVSS 8.8
A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to compromi...
XSS
-
CVE-2026-22925
HIGH
CVSS 8.7
Siemens SIMATIC CN 4100 versions prior to V5.0 can be rendered unavailable through TCP SYN flood attacks, allowing remote unauthenticated attackers to exhaust system resources and cause complete service disruption. The CVSS 4.0 score of 8.7 reflects the high availability impact (VA:H) combined with network-accessible attack vector requiring no privileges or user interaction. No active exploitation (CISA KEV) or public exploit code has been identified at time of analysis, though SYN flood techniques are well-documented and trivial to execute.
Denial Of Service
-
CVE-2026-22924
HIGH
CVSS 8.8
Remote unauthenticated attackers can exhaust resources and bypass authentication controls in Siemens SIMATIC CN 4100 versions before V5.0, enabling denial of service conditions and unauthorized actions that compromise system availability and integrity. The vulnerability stems from improper connection validation (CWE-306), allowing network-based exploitation without any user interaction or privileges. Siemens has released V5.0 to address this flaw, documented in security advisory SSA-032379.
Authentication Bypass
Denial Of Service
-
CVE-2026-20887
HIGH
CVSS 8.8
Improper access control for some Intel Vision software for all versions within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable remote code execution. This result may potentially occ...
Authentication Bypass
RCE
Denial Of Service
Intel
-
CVE-2026-20879
HIGH
CVSS 8.3
Out-of-bounds write for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data corruption. This result m...
Buffer Overflow
Denial Of Service
Memory Corruption
VMware
Intel
-
CVE-2026-20767
HIGH
CVSS 8.5
Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege....
Privilege Escalation
Microsoft
Intel
-
CVE-2026-20753
HIGH
CVSS 8.7
Integer overflow in the UEFI firmware for the Slim Bootloader may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are ...
Privilege Escalation
RCE
Integer Overflow
-
CVE-2026-20751
HIGH
CVSS 8.3
Out-of-bounds read for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data exposure. This result may ...
Buffer Overflow
Denial Of Service
Information Disclosure
VMware
Intel
-
CVE-2026-20738
HIGH
CVSS 8.5
Untrusted pointer dereference for some Intel(R) QuickAssist Adapter 8960 software before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privi...
Privilege Escalation
Intel
-
CVE-2026-20714
HIGH
CVSS 8.5
Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This r...
Privilege Escalation
Buffer Overflow
Memory Corruption
Microsoft
Intel
-
CVE-2026-8449
HIGH
CVSS 8.7
Linux ksmbd contains a remote memory corruption vulnerability in the ACL inheritance path that allows remote clients with directory creation permissions to trigger a heap out-of-bounds read and subsequent heap corruption by setting a crafted DACL with a malformed SID containing an inflated num_subau...
Privilege Escalation
RCE
Buffer Overflow
Denial Of Service
Information Disclosure
-
CVE-2026-8429
HIGH
CVSS 8.7
SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections.
RCE
Code Injection
-
CVE-2026-8162
HIGH
CVSS 7.5
Denial of service crashes multiparty Node.js parser versions ≤4.2.3 when processing malformed percent-encoded filename* parameters in multipart/form-data uploads. Attackers can remotely crash any Node.js service using vulnerable multiparty versions by sending a single crafted HTTP request with no authentication required (CVSS:3.1 AV:N/AC:L/PR:N/UI:N). No public exploit identified at time of analysis, but exploitation is trivial given the straightforward attack vector. Vendor-released patch: multiparty@4.3.0.
Denial Of Service
-
CVE-2026-8161
HIGH
CVSS 7.5
Denial of service in multiparty (Node.js multipart/form-data parser) versions ≤4.2.3 crashes Node.js processes when attackers send crafted form uploads with field names matching JavaScript Object prototype properties (__proto__, constructor, toString). CVSS 7.5 (High) with network vector and no authentication required. No public exploit code identified at time of analysis, but exploitation is trivial given the straightforward prototype pollution attack pattern. Services accepting file uploads via multiparty are immediately affected until upgraded to 4.3.0+.
Denial Of Service
-
CVE-2026-8159
HIGH
CVSS 7.5
Regular expression denial of service in multiparty (npm package) versions 4.2.3 and below allows remote unauthenticated attackers to block the Node.js event loop for seconds via crafted Content-Disposition headers in multipart uploads. The vulnerability triggers catastrophic backtracking in the filename parameter parser with headers as small as 8 KB. Fixed in multiparty 4.3.0. EPSS data not available; no active exploitation confirmed at time of analysis, but the low complexity (AV:N/AC:L/PR:N/UI:N) and availability of detailed public advisory increase weaponization risk for any web service accepting file uploads through this library.
Denial Of Service
-
CVE-2026-8111
HIGH
CVSS 8.8
SQL injection in Ivanti Endpoint Manager web console enables authenticated remote attackers to execute arbitrary code on the server. Affects all versions prior to 2024 SU6. Attack requires only low-privilege authenticated access (CVSS PR:L) with low complexity (AC:L), making exploitation straightforward for any authenticated user. Ivanti has released patched version 2024 SU6 per vendor advisory dated May 2026. No CISA KEV listing or public exploit code identified at time of analysis, indicating exploitation not yet confirmed in the wild despite high severity score.
RCE
SQLi
Ivanti
-
CVE-2026-8110
HIGH
CVSS 7.8
Local privilege escalation in Ivanti Endpoint Manager agent allows authenticated users to gain SYSTEM-level privileges via incorrect file or registry permissions. Affects all versions prior to 2024 SU6. Vendor has released a patch (version 2024 SU6). No evidence of active exploitation or public POC identified at time of analysis, though EPSS data not available. Organizations running EPM agents on managed endpoints should prioritize patching given the high CVSS score (7.8) and potential for lateral movement across enterprise environments.
Privilege Escalation
Ivanti
-
CVE-2026-8053
HIGH
CVSS 8.7
Out-of-bounds memory write in MongoDB Server's time-series collection feature enables arbitrary code execution by authenticated users with database write privileges. Affects all active release branches (5.0 through 8.3) when exploiting field-name-to-index mapping inconsistencies in the time-series bucket catalog. EPSS score of 0.06% (20th percentile) suggests low widespread exploitation probability despite high CVSS 8.7, but requires authentication and database privileges, limiting attack surface to insider threats or compromised application credentials. No public exploit code or CISA KEV listing identified at time of analysis.
RCE
Buffer Overflow
Memory Corruption
-
CVE-2026-8051
HIGH
CVSS 7.2
Remote code execution in Ivanti Virtual Traffic Manager allows authenticated administrators to execute arbitrary OS commands via command injection. Affects all versions before 22.9r4. Attack requires network access and administrative credentials but has low complexity (CVSS AC:L). No active exploitation confirmed at time of analysis, though administrative access requirement significantly limits attack surface compared to unauthenticated RCE vulnerabilities.
RCE
Command Injection
Ivanti
-
CVE-2026-7474
HIGH
CVSS 8.8
HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability (CVE-2026-7474) is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11.
RCE
Path Traversal
Hashicorp
-
CVE-2026-7432
HIGH
CVSS 7.8
Race condition in Ivanti Secure Access Client enables local privilege escalation to SYSTEM from low-privileged accounts. Affects versions before 22.8R6. An authenticated local user can exploit timing vulnerabilities in the client software to gain complete system control. While limited to local attack vector (requires existing access to the target system), the low attack complexity (AC:L) and lack of user interaction requirement (UI:N) make this exploitable once local access is achieved. No public exploit code identified at time of analysis, and EPSS risk scoring not yet available for this 2026 CVE.
Privilege Escalation
Race Condition
Ivanti
-
CVE-2026-7287
HIGH
CVSS 7.5
Remote unauthenticated attackers can crash Zyxel NWA1100-N access points running customized firmware version 1.00(AACE.1)C0 by sending malformed HTTP requests that trigger buffer overflows in five distinct web server functions (formWep, formWlAc, formPasswordSetup, formUpgradeCert, formDelcert). The vulnerability enables denial-of-service attacks with high CVSS 7.5 severity but is limited to an end-of-life product according to Zyxel's reference documentation. No public exploit code identified at time of analysis, and EPSS data is unavailable for this recent CVE.
Buffer Overflow
Zyxel
-
CVE-2026-7256
HIGH
CVSS 8.8
Command injection in Zyxel WRE6505 v2 firmware V1.00(ABDV.3)C0 allows unauthenticated adjacent network attackers to execute arbitrary operating system commands via crafted HTTP requests to the CGI interface. This vulnerability affects an end-of-life product with no vendor support, meaning no security patches will be released. Exploitation requires adjacent network access (same LAN segment) but no authentication, making it exploitable by any device on the local network including compromised IoT devices or malicious insiders.
Command Injection
Zyxel
-
CVE-2026-6866
HIGH
CVSS 8.2
Schneider Electric EcoStruxure Panel Server can revert credentials to insecure default values under rare circumstances, allowing remote unauthenticated attackers to gain unauthorized access using known factory credentials. This CWE-1188 vulnerability enables complete confidential information disclosure (CVSS 8.2 High). Exploitation requires specific timing conditions (AT:P - Attack Timing: Present) to catch the window when credentials reset. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis, suggesting targeted rather than widespread exploitation risk.
Information Disclosure
-
CVE-2026-6865
HIGH
CVSS 7.1
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) vulnerability that could cause unauthorized access to sensitive files when user-supplied input is improperly handled during server-side file path processing.
Authentication Bypass
Path Traversal
-
CVE-2026-6690
HIGH
CVSS 7.2
Stored XSS in LifePress WordPress plugin allows unauthenticated remote attackers to inject malicious scripts that execute in administrator contexts when viewing the plugin's settings page. The vulnerability affects all versions through 2.2.2 and stems from a publicly-accessible AJAX endpoint (lp_update_mds) that lacks both nonce verification and capability checks, combined with improper input sanitization of the 'n' parameter. The CVSS score of 7.2 reflects network-based exploitation requiring no authentication or user interaction, with changed scope enabling cross-context attacks. EPSS and KEV data not available; exploitation probability depends on attacker knowledge of the specific AJAX action endpoint.
WordPress
XSS
-
CVE-2026-6001
HIGH
CVSS 8.8
Authorization bypass in BAPSİS web application enables unauthenticated remote attackers to exploit trusted identifiers through user-controlled keys when victims interact with crafted requests. ABIS Technology's BAPSİS platform (versions before v.202604152042) contains a CWE-639 flaw where authorization checks rely on client-controlled key values, allowing attackers to manipulate trust relationships and gain unauthorized access with high impact to confidentiality, integrity, and availability. TR-CERT published advisory but no public exploit code identified at time of analysis, with CVSS 8.8 reflecting network-exploitable attack requiring only user interaction.
Authentication Bypass
-
CVE-2026-5371
HIGH
CVSS 7.1
The MonsterInsights - Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability checks on the get_ads_access_token() and reset_experience() functions in all versions up to, and inc...
WordPress
Authentication Bypass
Google
-
CVE-2026-5089
HIGH
CVSS 7.3
Buffer underflow in YAML::Syck for Perl versions before 1.38 allows remote unauthenticated attackers to trigger out-of-bounds memory reads when parsing specially crafted base60 (sexagesimal) YAML values. The vulnerability affects both integer and floating-point base60 handlers in perl_syck.h, where processing leftmost colon-separated segments causes a pointer to decrement past allocated buffer boundaries. EPSS exploitation probability is minimal (0.01%, 3rd percentile) with no active exploitation or public weaponized exploit identified. Vendor-released patch available in version 1.38, confirmed by CPANSec and upstream commit.
Buffer Overflow
Red Hat
Suse
Yaml
-
CVE-2026-5029
HIGH
CVSS 8.7
A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply arbitrary source code and exec...
Authentication Bypass
RCE
-
CVE-2026-4827
HIGH
CVSS 8.7
Weak session token generation in Schneider Electric industrial protection relays and energy management systems allows remote attackers to hijack authenticated user sessions via network-based prediction attacks. Affects 36 product variants across Easergy MiCOM P30/P40/C264, PowerLogic P5/P7/T-series, EcoStruxure Power Automation/Operation platforms, and iPMFLS systems. CVSS 8.7 reflects high confidentiality and integrity impact with user interaction required. No active exploitation confirmed (not in CISA KEV), but authentication bypass via session prediction enables privilege escalation in critical infrastructure environments. EPSS data not provided - risk assessment relies on CVSS vector and operational technology context.
Authentication Bypass
-
CVE-2026-2993
HIGH
CVSS 7.5
SQL injection in the AIWU AI Chatbot WordPress plugin (versions ≤1.4.17) allows remote unauthenticated attackers to extract sensitive database contents via the getListForTbl() function due to unsanitized user input in SQL queries. Partial mitigation exists in version 1.4.11+ through administrator-only nonce protection, but the underlying SQL injection vulnerability persists. CVSS 7.5 (High) reflects network-accessible unauthenticated exploitation with high confidentiality impact. Wordfence provides detailed vulnerable code references across multiple plugin files including controller.php, req.php, and model.php. No evidence of active exploitation (not in CISA KEV) at time of analysis.
WordPress
SQLi
-
CVE-2026-2465
HIGH
CVSS 8.8
Privilege escalation in Turboard FOR-S allows remote unauthenticated attackers to gain elevated access by exploiting incorrect authorization checks, requiring only user interaction. The vulnerability affects versions 7.01.2026 through 17.02.2026, with fix available in version 18.02.2026. Turkish national CERT (TR-CERT) reported this authorization bypass vulnerability (CWE-863), which enables attackers to compromise confidentiality, integrity, and availability of the affected business intelligence platform.
Authentication Bypass
Privilege Escalation
-
CVE-2026-1250
HIGH
CVSS 7.5
The Court Reservation - Manage Your Court Bookings Online plugin for WordPress is vulnerable to generic SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.10.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...
WordPress
SQLi
-
CVE-2025-65088
HIGH
CVSS 8.4
An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed.
RCE
Buffer Overflow
Information Disclosure
-
CVE-2025-65087
HIGH
CVSS 8.4
An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed.
RCE
Buffer Overflow
Information Disclosure
-
CVE-2025-65086
HIGH
CVSS 8.4
An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to execute arbitrary code when a specially crafted VC6 file is being parsed.
RCE
Buffer Overflow
Memory Corruption
-
CVE-2025-53844
HIGH
CVSS 8.8
Remote code execution in Fortinet FortiOS 7.2.0-7.2.11, 7.4.0-7.4.8, and 7.6.0-7.6.3 enables authenticated attackers to execute arbitrary code via malformed network packets. The out-of-bounds write vulnerability (CWE-787) affects FortiOS firewall appliances and requires only low-privilege credentials to exploit over the network. Fortinet published advisory FG-IR-26-123 confirming the vulnerability. No CISA KEV listing or public exploit code identified at time of analysis, though the straightforward network attack vector (AV:N/AC:L) suggests moderate weaponization potential once details emerge.
Buffer Overflow
Fortinet
Memory Corruption
-
CVE-2025-53681
HIGH
CVSS 7.2
SQL injection in FortiMail 7.2.0-7.2.8, 7.4.0-7.4.5, and 7.6.0-7.6.3 allows authenticated privileged administrators to execute arbitrary code or commands via crafted HTTP/HTTPS requests. The vulnerability requires high-privilege authentication (administrator role) and affects all recent major versions, with exploitation confirmed possible through network-accessible admin interfaces.
Fortinet
SQLi
-
CVE-2025-46311
HIGH
CVSS 7.5
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access sensitive user data.
Information Disclosure
Apple
Ipados
Iphone Os
-
CVE-2025-43524
HIGH
CVSS 8.8
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox.
Authentication Bypass
Apple
-
CVE-2025-40949
HIGH
CVSS 8.9
Command injection in Siemens RUGGEDCOM ROX industrial router series allows high-privileged authenticated remote attackers to execute arbitrary commands with root privileges on the underlying operating system. Affects all MX5000/MX5000RE/RX1400/RX1500/RX1501/RX1510/RX1511/RX1512/RX1524/RX1536/RX5000 models running firmware versions below V2.17.1. The vulnerability exists in the Scheduler functionality of the Web UI due to improper input sanitization (CWE-78). CVSS v4.0 score of 8.9 reflects high impact across confidentiality, integrity, and availability with network attack vector but requires high-privilege authentication. No public exploit identified at time of analysis, and EPSS data not available for this recently published CVE.
Command Injection
-
CVE-2025-40947
HIGH
CVSS 7.7
Command injection in Siemens RUGGEDCOM ROX industrial network devices enables authenticated remote attackers to execute arbitrary commands with root privileges during feature key installation. The vulnerability affects multiple ROX product lines (MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000) running firmware versions below V2.17.1. While exploitation requires low-level authentication and higher attack complexity (CVSS 4.0: AV:N/AC:H/PR:L), successful exploitation grants complete control over critical industrial network infrastructure. No public exploit identified at time of analysis, and EPSS data not available for this recently disclosed vulnerability.
RCE
Command Injection
-
CVE-2025-40946
HIGH
CVSS 7.2
Predictable Technical Service credentials derived from CRC16-based algorithm and device serial number enable authentication bypass in Siemens blueplanet solar inverters and hybrid systems. Remote adjacent network attackers without authentication can calculate valid service credentials from publicly-observable serial numbers, gaining unauthorized administrative access to compromise device integrity and availability. Affects 23 blueplanet product families including TL3, NX3, NH3, and gridsafe variants across industrial solar installations. Patches released for GEN2 models (V6.1.4.9) and gridsafe variants (V3.91), but legacy TL3/NX3/NH3 first-generation models remain unpatched with no vendor-provided fix versions.
Authentication Bypass
-
CVE-2025-40833
HIGH
CVSS 8.7
Denial of service in Siemens industrial networking equipment allows remote unauthenticated attackers to crash affected devices via specially crafted IPv4 packets, requiring manual restart for recovery. This vulnerability affects over 200 Siemens industrial automation products including SCALANCE switches/routers, SIMATIC PLCs, SINAMICS drives, and RUGGEDCOM devices. CVSS 4.0 score of 8.7 reflects high availability impact (VA:H) with network-accessible attack vector requiring low complexity and no privileges (AV:N/AC:L/PR:N). No public exploit code or CISA KEV listing identified at time of analysis, though the straightforward network-based attack and widespread product exposure warrant priority patching for operational technology environments where uptime is critical.
Denial Of Service
Null Pointer Dereference
-
CVE-2025-35990
HIGH
CVSS 8.7
Improper input validation for some Intel Endpoint Management Assistant (EMA) software before version 1.14.5 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable escalation ...
Privilege Escalation
Intel
-
CVE-2025-12659
HIGH
CVSS 7.3
The affected applications contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-27349, ZDI-CAN-27389)
Buffer Overflow
Heap Overflow
-
CVE-2026-45215
MEDIUM
CVSS 5.3
WP EasyPay plugin through version 4.3.0 exposes sensitive information in sent data, allowing unauthenticated remote attackers to retrieve embedded data without user interaction. The vulnerability stems from improper handling of sensitive data during transmission, classified as an information disclosure issue with a CVSS score of 5.3 (network-accessible, low complexity). No active exploitation has been confirmed in CISA KEV at the time of analysis.
Information Disclosure
-
CVE-2026-45212
MEDIUM
CVSS 5.3
Unauthenticated remote attackers can trigger a denial-of-service condition against Asset CleanUp: Page Speed Booster (WordPress plugin) versions up to 1.4.0.3 by exploiting missing authorization controls that incorrectly configure access restrictions. The vulnerability allows attackers to perform actions intended for authenticated administrators without proper authentication, resulting in availability impact through the ability to modify or disable asset optimization features.
Authentication Bypass
-
CVE-2026-45210
MEDIUM
CVSS 5.4
Missing authorization in Broadstreet Ads WordPress plugin through version 1.52.2 allows authenticated users to bypass access controls and modify data, resulting in integrity and availability impact. The vulnerability stems from incorrectly configured access control security levels that fail to properly validate user permissions before executing sensitive operations. Exploitation requires valid user authentication but no special configuration or interaction.
Authentication Bypass
-
CVE-2026-44874
MEDIUM
CVSS 4.9
A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system inform...
Authentication Bypass
-
CVE-2026-44873
MEDIUM
CVSS 5.4
A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated when credentials are revoked, enabling continued access until session expiration. An attacker with comp...
Authentication Bypass
-
CVE-2026-44652
MEDIUM
## Resolution
SillyTavern 1.18.0 added a generic server-side request filter (Private Request Whitelisting). Since we expect users to use the application in a trusted environment, the filter is disabled by default, however it is strongly advised to be enabled and properly configured when an instance...
SSRF
-
CVE-2026-44651
MEDIUM
## Resolution
Fixed in SillyTavern 1.18.0: a user-provided URL is no longer reflected in the HTTP response body.
## Overview
- Vulnerability Type: XSS
- Affected Location: `src/middleware/corsProxy.js:40`
- Trigger Scenario: reflected XSS in CORS proxy error response
## Root Cause
When `fetch(url...
XSS
-
CVE-2026-44352
MEDIUM
CVSS 5.3
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Broken Access Control allows reading of sketch logs from any user. This vulnerability is fixed in 1.2.3.
Authentication Bypass
-
CVE-2026-44347
MEDIUM
CVSS 5.8
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on the ...
Information Disclosure
CSRF
-
CVE-2026-44341
MEDIUM
CVSS 5.3
GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. The endpoint lacks proper authentication and authorization checks, resulting in unauthorized access to ...
Authentication Bypass
-
CVE-2026-44294
MEDIUM
CVSS 5.3
Denial of service in protobufjs allows remote attackers to crash runtime code generation by providing crafted protobuf schemas or JSON descriptors containing unescaped control characters in field names. When affected message types perform encode, decode, verify, or conversion operations, the generated JavaScript code fails to compile, rendering those types unusable. This affects applications that load untrusted schemas; those using only application-defined schemas are not impacted. No code execution is known to occur.
RCE
Denial Of Service
-
CVE-2026-44292
MEDIUM
CVSS 5.3
Prototype injection in protobufjs generated message constructors allows attackers controlling plain objects passed to message constructors to modify the prototype chain of individual message instances via an enumerable `__proto__` property. Affects protobufjs versions 7.5.5 and earlier, and 8.0.0-8.0.1. This is a per-instance prototype pollution issue (not global) with impact dependent on downstream application behavior such as inherited property reliance or `instanceof` checks. No active exploitation confirmed; no public exploit identified at time of analysis.
RCE
Prototype Pollution
-
CVE-2026-44288
MEDIUM
CVSS 5.3
protobufjs versions 7.5.5 and earlier, and 8.0.0-8.0.1 accept overlong UTF-8 byte sequences in the minimal UTF-8 decoder used by non-Node and fallback decoding paths, allowing attackers to bypass byte-level filtering and decode strings containing characters that were not present in the raw protobuf binary input. This integrity issue affects applications that rely on pre-decoding byte validation before using protobuf strings in security-sensitive contexts. Patch versions 7.5.6 and 8.0.2 are available; Node.js Buffer-backed paths are not directly affected.
Information Disclosure
Node.js
Canonical
-
CVE-2026-44279
MEDIUM
CVSS 5.5
Improper export of Android application components in Fortinet FortiToken Android 5.2, 6.1, and 6.2 allows local authenticated attackers to gain unauthorized access to sensitive information via exposed application components that lack proper access control. The vulnerability has a CVSS score of 5.0 with local attack vector and requires low privileges, enabling information disclosure without user interaction. No public exploit code has been identified, and the vulnerability is not listed in active exploitation databases at the time of analysis.
Information Disclosure
Fortinet
Google
-
CVE-2026-44259
MEDIUM
CVSS 4.6
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security headers. Files with .html, .htm, or .svg extensions are served as text/html or image/svg+xml respectively,...
XSS
-
CVE-2026-44215
MEDIUM
CVSS 4.4
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of the w...
Buffer Overflow
Memory Corruption
-
CVE-2026-44204
MEDIUM
CVSS 6.5
Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user (any role) to execute arbitrary SQL and read data from any table in the database, including data belonging to o...
SQLi
-
CVE-2026-42891
MEDIUM
CVSS 6.5
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Authentication Bypass
Google
Microsoft
-
CVE-2026-42838
MEDIUM
CVSS 5.4
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.
Authentication Bypass
Google
Microsoft
-
CVE-2026-42830
MEDIUM
CVSS 6.5
Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Information Disclosure
Microsoft
-
CVE-2026-42446
MEDIUM
CVSS 4.4
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-bounds read exists in the ZealFS filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted ZealFS v1 filesystem image. An attacker-controlled BitmapSize field in the fil...
Buffer Overflow
Information Disclosure
-
CVE-2026-42177
MEDIUM
CVSS 5.3
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO_URL + "/*", i.e. "https://login.microsoftonline.com/*". Chrome's urlFilter without a |...
Authentication Bypass
Google
Microsoft
Mozilla
-
CVE-2026-42157
MEDIUM
CVSS 5.1
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a map node with a malicious label that contains arbitrary HTML. When the map tab is selected and a map node marker is selecte...
XSS
-
CVE-2026-42073
MEDIUM
CVSS 6.5
OpenClaude MCP's OAuth callback handler in Node.js can be shut down via CSRF attack by sending a request with any `error` query parameter, bypassing state validation entirely without knowledge of the CSRF token. The vulnerability allows unauthenticated remote attackers to terminate a user's active authentication session and force server shutdown due to a logic flaw where the `error` parameter check precedes and disables the state validation check. Vendor-released patch version 0.5.1 available.
Denial Of Service
CSRF
Node.js
-
CVE-2026-42006
MEDIUM
CVSS 4.3
OX Dovecot Pro allows authenticated attackers to cause uncontrolled memory consumption and denial of service via excessive open braces in IMAP commands, bypassing the incomplete fix from CVE-2026-27857 which only blocked closing braces. An attacker with valid IMAP credentials can exhaust server memory up to the configured vsz_limit, crashing the IMAP process and disrupting mail service.
Denial Of Service
Suse
-
CVE-2026-41614
MEDIUM
CVSS 6.2
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
Authentication Bypass
-
CVE-2026-41612
MEDIUM
CVSS 5.5
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.
Path Traversal
-
CVE-2026-41610
MEDIUM
CVSS 6.3
Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
XSS
-
CVE-2026-41530
MEDIUM
CVSS 4.6
Path traversal vulnerability in Lhaz and Lhaz+ archive extraction allows local users to write files to unintended directories when the automatic folder creation feature is enabled and a crafted archive is extracted. The vulnerability requires user interaction (extracting a malicious archive) and affects only the integrity of file placement, not confidentiality or availability. CVSS score is 3.3 (low); no public exploit code or active exploitation has been identified.
Path Traversal
-
CVE-2026-41513
MEDIUM
CVSS 4.8
Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects.
Open Redirect
-
CVE-2026-41195
MEDIUM
CVSS 5.0
mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and do...
SSRF
Oracle
-
CVE-2026-41125
MEDIUM
CVSS 5.9
SQL injection in KACO Meteor server affecting all versions of blueplanet inverter product line allows authorized attackers on the local network to elevate privileges and modify system data. The vulnerability requires high-privilege credentials and abnormal configuration access (AC:H), limiting exploitation to insider threats or attackers who have already compromised administrative access. CVSS 6.0 with integrity and availability impact reflects significant risk within trusted network environments.
SQLi
-
CVE-2026-41100
MEDIUM
CVSS 4.4
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
Authentication Bypass
-
CVE-2026-41097
MEDIUM
CVSS 6.7
Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
Authentication Bypass
Microsoft
-
CVE-2026-40638
MEDIUM
CVSS 6.7
Local privilege escalation in Dell PowerScale InsightIQ versions 5.0.0 through 6.2.0 allows high-privileged attackers to execute code with unnecessary elevated privileges, potentially escalating to full system compromise. The vulnerability requires existing local access and high privilege level on the affected system; no public exploit has been identified at time of analysis.
Privilege Escalation
Dell
-
CVE-2026-40421
MEDIUM
CVSS 4.3
External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.
Information Disclosure
Microsoft
-
CVE-2026-40416
MEDIUM
CVSS 4.3
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Authentication Bypass
Google
Microsoft
-
CVE-2026-40380
MEDIUM
CVSS 6.2
Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.
Buffer Overflow
Heap Overflow
-
CVE-2026-40374
MEDIUM
CVSS 6.5
Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.
Information Disclosure
-
CVE-2026-40300
MEDIUM
CVSS 6.0
Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "moves", /api/v1/messages/{id}/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This vulner...
Authentication Bypass
-
CVE-2026-40137
MEDIUM
CVSS 6.1
SAP Business Server Pages TAF_APPLAUNCHER contains a cross-site scripting vulnerability that allows unauthenticated attackers to craft malicious links redirecting users to attacker-controlled sites, potentially exposing or altering sensitive information. The vulnerability requires user interaction (clicking the link) and affects confidentiality and integrity with a CVSS score of 6.1. No active exploitation has been publicly confirmed at time of analysis.
XSS
SAP
-
CVE-2026-40136
MEDIUM
CVSS 4.3
SAP Financial Consolidation permits authenticated attackers to forcibly terminate other users' sessions, temporarily denying them access to the application. The vulnerability has limited impact, affecting only availability through session disconnection while leaving the application itself and all data integrity and confidentiality intact. CVSS score of 4.3 reflects low severity, and no public exploit code or active exploitation has been identified.
Information Disclosure
SAP
-
CVE-2026-40135
MEDIUM
CVSS 6.5
OS command injection in SAP NetWeaver Application Server for ABAP and ABAP Platform allows authenticated administrators to execute arbitrary shell commands on the server while bypassing audit logging. The vulnerability affects integrity and availability but not confidentiality, and requires high-privilege administrative access over the network with no user interaction. CVSS 6.5 reflects the high-privilege requirement despite severe impact potential.
Command Injection
SAP
-
CVE-2026-40134
MEDIUM
CVSS 4.3
Insufficient authorization checks in SAP Incentive and Commission Management allow authenticated users to invoke remote-enabled function modules and perform unauthorized table update operations, compromising data integrity. The vulnerability requires valid user credentials and network access but has limited scope - no confidentiality or availability impact. CVSS 4.3 (low) reflects the authentication requirement and integrity-only impact; no active exploitation or public POC identified at analysis time.
Authentication Bypass
SAP
-
CVE-2026-40133
MEDIUM
CVSS 6.3
Missing authorization checks in SAP S/4HANA Condition Maintenance allow authenticated attackers to view and modify condition table records they should not have access to, compromising data confidentiality and integrity while potentially denying legitimate users access to those same records. The vulnerability requires valid user credentials but affects all versions of the affected module, with CVSS 6.3 reflecting its multi-faceted impact across three security dimensions.
Authentication Bypass
SAP
-
CVE-2026-40132
MEDIUM
CVSS 5.4
Missing authorization checks in SAP Strategic Enterprise Management's Scorecard Wizard (Business Server Pages application) allow authenticated users to access restricted information and modify risk evaluation settings without proper authorization. An attacker with valid credentials can view confidential data and alter default configuration values, artificially reducing assessed risk levels to deceive risk assessment processes. No patch availability or active exploitation has been confirmed.
Authentication Bypass
SAP
-
CVE-2026-40129
MEDIUM
CVSS 4.3
Code injection in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform allows authenticated attackers to execute arbitrary code for subscribed channel users by sending specially crafted inputs. The vulnerability has low integrity impact with no confidentiality or availability consequences. CVSS 4.3 (low severity) reflects the requirement for authenticated access, but the ability to affect other users elevates practical risk in multi-tenant environments.
RCE
SAP
Code Injection
-
CVE-2026-40016
MEDIUM
CVSS 5.3
OX Dovecot Pro allows authenticated users to upload malicious Sieve scripts via ManageSieve protocol or local access that bypass configured CPU time limits by up to 130 times, enabling denial of service through server performance degradation. The vulnerability requires low-privilege authenticated access and medium attack complexity, affecting availability without compromising confidentiality or integrity. No public exploit code has been identified at the time of analysis.
Denial Of Service
Red Hat
Suse
-
CVE-2026-35504
MEDIUM
CVSS 5.1
PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication.
Code Injection
-
CVE-2026-35440
MEDIUM
CVSS 5.5
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Information Disclosure
Path Traversal
Microsoft
-
CVE-2026-35429
MEDIUM
CVSS 4.3
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
Authentication Bypass
Google
Microsoft
-
CVE-2026-35423
MEDIUM
CVSS 5.4
Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.
Buffer Overflow
Information Disclosure
-
CVE-2026-35422
MEDIUM
CVSS 6.5
Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.
Authentication Bypass
Microsoft
-
CVE-2026-35419
MEDIUM
CVSS 5.5
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
Buffer Overflow
Information Disclosure
Microsoft
-
CVE-2026-34688
MEDIUM
CVSS 6.2
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation o...
Denial Of Service
-
CVE-2026-34680
MEDIUM
CVSS 6.2
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitat...
Denial Of Service
Integer Overflow
-
CVE-2026-34679
MEDIUM
CVSS 6.2
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation o...
Denial Of Service
-
CVE-2026-34678
MEDIUM
CVSS 6.2
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service cond...
Denial Of Service
-
CVE-2026-34677
MEDIUM
CVSS 6.2
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service cond...
Denial Of Service
-
CVE-2026-34673
MEDIUM
CVSS 6.2
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service cond...
Denial Of Service
-
CVE-2026-34672
MEDIUM
CVSS 6.2
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. E...
Denial Of Service
Integer Overflow
-
CVE-2026-34671
MEDIUM
CVSS 6.2
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitat...
Denial Of Service
Integer Overflow
-
CVE-2026-34670
MEDIUM
CVSS 6.2
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation o...
Denial Of Service
-
CVE-2026-34669
MEDIUM
CVSS 6.2
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation o...
Denial Of Service
-
CVE-2026-34668
MEDIUM
CVSS 6.2
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation o...
Denial Of Service
-
CVE-2026-34667
MEDIUM
CVSS 6.2
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. E...
Denial Of Service
Integer Overflow
-
CVE-2026-34666
MEDIUM
CVSS 6.2
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation o...
Denial Of Service
-
CVE-2026-34664
MEDIUM
CVSS 6.3
Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories out...
Path Traversal
-
CVE-2026-34663
MEDIUM
CVSS 5.5
Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim ...
Buffer Overflow
Information Disclosure
Illustrator
-
CVE-2026-34662
MEDIUM
CVSS 5.5
Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue re...
Denial Of Service
Null Pointer Dereference
Illustrator
-
CVE-2026-34658
MEDIUM
CVSS 4.8
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may ...
XSS
Adobe
-
CVE-2026-34656
MEDIUM
CVSS 4.3
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized...
Authentication Bypass
Adobe
-
CVE-2026-34655
MEDIUM
CVSS 4.8
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may ...
XSS
Adobe
-
CVE-2026-34654
MEDIUM
CVSS 5.3
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the applica...
Denial Of Service
Adobe
-
CVE-2026-34350
MEDIUM
CVSS 6.5
Null pointer dereference in Windows Storport Miniport Driver allows remote attackers to trigger denial of service over a network with user interaction. The vulnerability affects Windows Server 2025 and exists in the storage port driver architecture, requiring the attacker to send a specially crafted network request that causes the driver to dereference a null pointer, resulting in service interruption or system instability. No public exploit code or active exploitation has been confirmed.
Denial Of Service
Null Pointer Dereference
Microsoft
-
CVE-2026-34339
MEDIUM
CVSS 5.5
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.
Denial Of Service
Null Pointer Dereference
Microsoft
-
CVE-2026-34258
MEDIUM
CVSS 4.7
SAPUI5 Search UI allows unauthenticated attackers to manipulate URL parameters to inject malicious content, potentially deceiving users into accessing attacker-controlled pages. The vulnerability requires user interaction (clicking a crafted link) and has low confidentiality impact with no effect on integrity or availability. No active exploitation has been confirmed at the time of this analysis.
Information Disclosure
-
CVE-2026-33603
MEDIUM
CVSS 6.8
Man-in-the-middle attackers positioned between OX Dovecot Pro and clients can forge SCRAM TLS channel binding via specially crafted base64 exchanges, allowing eavesdropping on encrypted communications. The attack requires network-level access and knowledge of channel binding mechanics but yields complete confidentiality compromise. No public exploit code is known, and patched versions are available from Open-Xchange.
Information Disclosure
Microsoft
Red Hat
Suse
-
CVE-2026-33570
MEDIUM
CVSS 6.9
PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions.
Authentication Bypass
-
CVE-2026-32209
MEDIUM
CVSS 4.4
Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.
Authentication Bypass
Microsoft
-
CVE-2026-32185
MEDIUM
CVSS 5.5
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
Information Disclosure
Path Traversal
Microsoft
-
CVE-2026-32175
MEDIUM
CVSS 4.3
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the dest...
Information Disclosure
-
CVE-2026-32170
MEDIUM
CVSS 6.7
Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.
Information Disclosure
Microsoft
-
CVE-2026-31245
MEDIUM
CVSS 5.3
mem0 1.0.0 server accepts unauthenticated POST requests to the /memories endpoint, allowing remote attackers to inject arbitrary memory records without identity verification or authorization checks. This authentication bypass enables data pollution and unauthorized modification of the memory database with spoofed entries. EPSS exploitation probability is low (0.05th percentile), and no active exploitation has been confirmed, but the vulnerability is automatable and affects default configurations.
Authentication Bypass
-
CVE-2026-31244
MEDIUM
CVSS 6.5
Unauthenticated deletion of arbitrary memory records in mem0 1.0.0 allows remote attackers to remove any database entry without credentials, causing unauthorized data loss and potential denial of service. The DELETE /memories/{memory_id} endpoint completely lacks authentication and authorization controls, exposing all memory records to deletion by any network-accessible attacker. No public exploit code has been identified, but the vulnerability is trivial to exploit given the straightforward API design.
Authentication Bypass
Denial Of Service
-
CVE-2026-31243
MEDIUM
CVSS 6.5
mem0 1.0.0 server allows unauthenticated remote attackers to trigger memory reset and table re-creation via unprotected DELETE /memories endpoint, causing schema disruption, data loss, and denial of service. The vulnerability exploits missing authentication and authorization controls on a database management operation accessible over the network without credentials.
Authentication Bypass
Denial Of Service
-
CVE-2026-31241
MEDIUM
CVSS 6.5
mem0 1.0.0 server exposes an unauthenticated memory deletion API endpoint (DELETE /memories) that allows remote attackers to delete arbitrary user memory records by specifying user identifiers in query parameters, resulting in unauthorized data loss and denial of service. No authentication or authorization validation is performed before processing deletion requests, enabling any network-accessible attacker to target any user's data without credentials.
Authentication Bypass
Denial Of Service
-
CVE-2026-27682
MEDIUM
CVSS 4.7
Reflected cross-site scripting (XSS) in SAP NetWeaver Application Server ABAP (Business Server Pages) allows unauthenticated attackers to inject malicious scripts via unprotected URL parameters. Successful exploitation requires victim interaction (clicking a crafted link) and affects confidentiality and integrity of application data. No public exploit code or active exploitation reported at time of analysis.
XSS
SAP
-
CVE-2026-25690
MEDIUM
CVSS 4.3
Argument injection in Fortinet FortiDeceptor 5.0 through 6.0.2 allows authenticated administrators with read-only permissions to read arbitrary log files via crafted HTTP requests, exposing sensitive system and audit logs. The vulnerability requires valid admin credentials but no elevated privileges, making it accessible to lower-privileged authenticated users. No public exploit code or active exploitation has been confirmed at time of analysis.
Fortinet
Code Injection
-
CVE-2026-25431
MEDIUM
CVSS 5.3
WPMU DEV Hustle plugin versions through 7.8.10.1 allow unauthenticated remote attackers to modify sensitive data via missing authorization controls on access-restricted functionality. The vulnerability exploits incorrectly configured access control security levels, enabling attackers to bypass authentication mechanisms without user interaction. No public exploit code or active exploitation has been confirmed at the time of analysis.
Authentication Bypass
-
CVE-2026-25088
MEDIUM
CVSS 5.4
SQL injection in Fortinet FortiNDR 7.0 through 7.6.2 allows authenticated attackers to execute unauthorized code or commands via crafted HTTP requests. The vulnerability affects multiple versions across the 7.x branch and has an EPSS exploitation probability indicator (E:P in CVSS), suggesting feasible attack conditions despite moderate CVSS score (5.1). Patch availability and active exploitation status require confirmation from vendor advisory.
Fortinet
SQLi
-
CVE-2026-23822
MEDIUM
CVSS 5.3
A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could allow an attacker to cause excessive resource consumption upon user interaction, leading to service disruption o...
Information Disclosure
-
CVE-2026-21530
MEDIUM
CVSS 6.7
Double free vulnerability in Windows Rich Text Edit component allows local authenticated attackers to escalate privileges on Windows 10 and Windows 11 systems through a specially crafted interaction. The flaw requires local access with standard user privileges and user interaction, but enables full system compromise including code execution and privilege elevation. Microsoft has released a vendor patch to address this issue.
Information Disclosure
Microsoft
-
CVE-2026-20914
MEDIUM
CVSS 6.8
Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result ...
Denial Of Service
Null Pointer Dereference
Microsoft
Intel
-
CVE-2026-20905
MEDIUM
CVSS 6.9
Improper input validation for some Intel(R) QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result m...
Denial Of Service
Microsoft
Intel
-
CVE-2026-20881
MEDIUM
CVSS 6.8
Divide by zero for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potenti...
Denial Of Service
Microsoft
Intel
-
CVE-2026-20793
MEDIUM
CVSS 4.8
Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may...
Denial Of Service
Microsoft
Intel
-
CVE-2026-20782
MEDIUM
CVSS 6.9
Buffer overflow for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potent...
Buffer Overflow
Denial Of Service
Microsoft
Intel
-
CVE-2026-20772
MEDIUM
CVSS 5.4
Uncontrolled search path for some Intel(R) Connectivity Performance Suite software installers before version 50.25.1121.193 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may ena...
Privilege Escalation
Intel
-
CVE-2026-20771
MEDIUM
CVSS 6.9
Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result m...
Denial Of Service
Null Pointer Dereference
Microsoft
Intel
-
CVE-2026-20754
MEDIUM
CVSS 6.9
Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via l...
Denial Of Service
Intel
-
CVE-2026-20718
MEDIUM
CVSS 5.4
Incorrect default permissions for some Intel(R) NPU Driver software installers before version 32.0.100.4511 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation o...
Privilege Escalation
Intel
-
CVE-2026-20717
MEDIUM
CVSS 6.9
Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result ...
Denial Of Service
Microsoft
Intel
-
CVE-2026-8407
MEDIUM
CVSS 4.3
Missing authorization in the PAM module of Devolutions Server allows authenticated users with a PAM license to retrieve OTP secret keys and recovery codes without additional permissions, leading to account compromise through crafted API requests. Affected versions include Devolutions Server 2025.3.16.0 and earlier, plus 2026.1.6.0 through 2026.1.11.0. No public exploit code or active exploitation has been identified; however, the low CVSS score and minimal EPSS percentile suggest limited real-world attack incentive despite the confidentiality impact.
Authentication Bypass
-
CVE-2026-8391
MEDIUM
CVSS 5.3
Information disclosure vulnerability in Firefox's JavaScript Engine allows remote unauthenticated attackers to leak sensitive memory contents over the network without user interaction. The vulnerability affects Firefox versions prior to 150.0.3 and has a low EPSS score (0.02%) despite the network-based attack vector, suggesting limited real-world exploitation pressure despite the modest CVSS score of 5.3.
Information Disclosure
Red Hat
Mozilla
Suse
-
CVE-2026-8388
MEDIUM
CVSS 6.5
Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.
Buffer Overflow
Red Hat
Mozilla
Suse
-
CVE-2026-8368
MEDIUM
CVSS 6.5
Credential leakage in LWP::UserAgent before 6.83 (Perl) exposes Authorization and Proxy-Authorization headers to attacker-controlled redirect targets across cross-origin 3xx redirects. The library's redirect handler stripped only Host and Cookie on follow-up requests, leaving credential headers intact even when the redirect crossed a scheme, host, or port boundary. Authenticated Perl HTTP clients - including server-side applications, crawlers, API integrators, and automation tooling - are affected whenever caller-supplied credentials are passed to a UserAgent instance that can be redirected. No public exploit has been independently confirmed beyond the proof-of-concept submitted with the vulnerability report, and CISA KEV does not list this CVE; however, the exploitation pattern is straightforward and mirrors a well-documented class of credential-leakage flaws in HTTP client libraries.
Information Disclosure
Red Hat
Suse
Lwp
-
CVE-2026-8109
MEDIUM
CVSS 6.5
Remote authenticated attackers can exploit an exposed dangerous method on the Core Server of Ivanti Endpoint Manager versions before 2024 SU6 to leak access credentials. The vulnerability requires valid authentication credentials to exploit and does not allow code execution or system modification, but compromises confidentiality by exposing sensitive authentication material that could facilitate lateral movement or account takeover.
Information Disclosure
Ivanti
-
CVE-2026-8052
MEDIUM
CVSS 6.0
HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-8052) is fixed in version 0.1.2 of the exec2 task driver.
Information Disclosure
Hashicorp
-
CVE-2026-7661
MEDIUM
CVSS 6.4
Stored cross-site scripting in the Bootstrap Shortcode plugin for WordPress allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript into pages via the `box` shortcode, executing malicious scripts whenever users view affected pages. The vulnerability exists in all versions up to 1.0 due to insufficient input sanitization and output escaping. No public exploit code or active exploitation has been identified at this time.
WordPress
XSS
-
CVE-2026-7659
MEDIUM
CVSS 6.4
Stored cross-site scripting in the Advanced Social Media Icons WordPress plugin through version 1.2 allows authenticated contributors and above to inject arbitrary JavaScript via insufficiently sanitized shortcode attributes, with execution occurring whenever any user views an affected page. The vulnerability affects all installations of the plugin up to and including version 1.2 and requires only Contributor-level WordPress access to exploit, making it a significant risk for multi-author sites.
WordPress
XSS
-
CVE-2026-7626
MEDIUM
CVSS 5.3
Slek Gateway for WooCommerce plugin version 1.0 exposes merchant API credentials (slek_key and slek_secret) to unauthenticated attackers through client-side HTML forms and plaintext GET parameters. An attacker who places an order on an affected WooCommerce store can extract the merchant's secret credentials by inspecting the HTML source or using browser developer tools on the order-pay page before JavaScript auto-submission occurs, compromising the merchant's Slek payment processing account.
WordPress
Information Disclosure
-
CVE-2026-7616
MEDIUM
CVSS 4.3
Cross-Site Request Forgery in the Zawgyi Embed WordPress plugin versions up to 2.1.1 allows unauthenticated attackers to modify the plugin's zawgyi_forceCSS setting by tricking a site administrator into clicking a malicious link. The vulnerability stems from missing nonce validation in the zawgyi_adminpage function, enabling attackers to submit forged POST requests to the plugin's settings page without the administrator's knowledge.
PHP
WordPress
CSRF
-
CVE-2026-7562
MEDIUM
CVSS 4.3
Cross-Site Request Forgery in WP-Redirection plugin for WordPress versions up to 1.0.3 allows unauthenticated attackers to trick logged-in administrators into modifying redirection rules by clicking a crafted link, enabling unauthorized creation, modification, or deletion of URL redirects without consent. The vulnerability stems from missing nonce validation in the admin settings form handler, affecting all installations running vulnerable versions.
WordPress
CSRF
-
CVE-2026-7561
MEDIUM
CVSS 6.1
Cross-Site Request Forgery (CSRF) in Tm - WordPress Redirection plugin for WordPress versions up to 1.2 allows unauthenticated attackers to update plugin settings and inject malicious web scripts by tricking a site administrator into clicking a malicious link. The vulnerability stems from missing or incorrect nonce validation on sensitive functions, enabling attackers to forge requests that execute administrative actions without the admin's explicit consent. CVSS score is 6.1 with network attack vector and low complexity, though exploitation requires user interaction (tricking administrator). No public exploit code or active exploitation has been identified at the time of analysis.
WordPress
CSRF
-
CVE-2026-7464
MEDIUM
CVSS 6.1
Reflected Cross-Site Scripting (XSS) in WP Google Maps Integration plugin for WordPress versions up to 1.2 allows unauthenticated attackers to inject arbitrary web scripts via the `page` parameter due to insufficient input sanitization and output escaping. Exploitation requires tricking an administrator into clicking a malicious link, but successful attacks can hijack admin sessions, modify site content, or steal credentials with medium attack complexity and limited immediate confidentiality and integrity impact.
WordPress
XSS
Google
-
CVE-2026-7437
MEDIUM
CVSS 6.1
Reflected Cross-Site Scripting in AzonPost WordPress plugin versions up to 1.3 allows unauthenticated attackers to inject arbitrary JavaScript via the `editpos_hidden` parameter, executing in the browsers of administrators who click malicious links. The vulnerability stems from insufficient input sanitization and output escaping, requiring user interaction but affecting all versions of the plugin without requiring authentication or special configuration.
WordPress
XSS
-
CVE-2026-7431
MEDIUM
CVSS 4.4
Ivanti Secure Access Client before version 22.8R6 allows local authenticated users to read or modify sensitive log data through write access to a shared memory section due to incorrect permission assignments on a critical resource. With a CVSS score of 4.4 and a local attack vector requiring authentication, this vulnerability poses a moderate risk to users whose systems are accessed by multiple authenticated accounts. No active exploitation has been publicly confirmed, but the simplicity of the attack (local, low complexity) makes this a practical concern for multi-user systems.
Information Disclosure
Ivanti
-
CVE-2026-7257
MEDIUM
CVSS 4.4
Zyxel WRE6505 v2 firmware stores sensitive configuration data in an insecure manner, allowing local administrators to download and decrypt backup configuration files, leading to disclosure of confidential credentials and network settings. The vulnerability affects firmware version V1.00(ABDV.3)C0 and requires local access with administrative privileges. No public exploit code or active exploitation has been identified; however, the product is no longer supported by Zyxel, limiting patch availability.
Information Disclosure
Zyxel
-
CVE-2026-7255
MEDIUM
CVSS 6.5
Brute-force password attacks against the web management interface of Zyxel WRE6505 v2 firmware V1.00(ABDV.3)C0 succeed due to improper rate-limiting on authentication attempts, allowing adjacent LAN attackers to bypass authentication and gain administrative access without requiring valid credentials. The vulnerability affects a legacy wireless range extender model marked as end-of-life by Zyxel, with CVSS 6.5 reflecting high confidentiality impact but local network scope.
Authentication Bypass
Zyxel
-
CVE-2026-7050
MEDIUM
CVSS 4.3
Forms Rb plugin for WordPress versions up to 1.1.9 contains an authorization bypass vulnerability allowing authenticated contributors and above to read, modify, and delete form submission records and configuration belonging to forms they do not own. The vulnerability stems from insufficient authorization checks in API endpoints (CWE-862), affecting all installations with the plugin active. CVSS score of 4.3 reflects low attack complexity and network accessibility, though impact is limited to integrity and information disclosure within WordPress administrative contexts.
WordPress
Authentication Bypass
-
CVE-2026-6959
MEDIUM
CVSS 6.0
HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-6959) is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11.
Information Disclosure
Hashicorp
-
CVE-2026-6932
MEDIUM
CVSS 4.3
Cross-Site Request Forgery in WooCommerce Minimum Weight plugin for WordPress up to version 3.0.1 allows unauthenticated attackers to modify minimum order weight settings by tricking site administrators into clicking malicious links or visiting attacker-controlled pages. The vulnerability stems from missing nonce verification in the settings update handler, enabling forged POST requests to alter critical e-commerce configuration without admin consent. No public exploit code or active exploitation has been identified at time of analysis.
PHP
WordPress
CSRF
-
CVE-2026-6913
MEDIUM
CVSS 6.4
Stored cross-site scripting in Shortcodely WordPress plugin versions up to 1.0.1 allows authenticated contributors and above to inject arbitrary JavaScript into pages via the 'widget_area' parameter, with scripts executing whenever users access affected pages. The vulnerability stems from insufficient input sanitization and output escaping, affecting all installations with vulnerable plugin versions active. CVSS 6.4 reflects the cross-site scope and information disclosure potential, though exploitation requires authenticated contributor-level access.
WordPress
XSS
-
CVE-2026-6813
MEDIUM
CVSS 4.4
Stored cross-site scripting (XSS) in the Continually WordPress plugin versions up to 4.3.1 allows authenticated administrators to inject arbitrary web scripts into admin settings that execute whenever users access affected pages. The vulnerability requires high-privilege administrator access and is limited to multisite WordPress installations or sites with unfiltered_html disabled, resulting in low CVSS impact (4.4) despite network accessibility. No public exploit code or active exploitation has been identified at this time.
WordPress
XSS
-
CVE-2026-6808
MEDIUM
CVSS 6.1
Reflected Cross-Site Scripting in Pricing Tables for WP plugin allows unauthenticated attackers to inject arbitrary JavaScript via the 'page' parameter. The vulnerability affects all versions up to 1.1.0 due to insufficient input sanitization and output escaping. Exploitation requires social engineering (e.g., tricking an administrator into clicking a malicious link), but no public exploit code or active exploitation has been identified at time of analysis.
WordPress
XSS
-
CVE-2026-6800
MEDIUM
CVSS 4.4
Stored Cross-Site Scripting in FastBots plugin for WordPress up to version 1.0.12 allows authenticated administrators to inject arbitrary JavaScript into admin settings that executes when any user accesses affected pages. The vulnerability requires high-privilege administrator access and affects only multi-site WordPress installations or single-site installations with the unfiltered_html capability disabled. No public exploit code or active exploitation has been identified at time of analysis.
WordPress
XSS
-
CVE-2026-6710
MEDIUM
CVSS 4.3
Cross-Site Request Forgery (CSRF) in the Skysa Text Ticker App plugin for WordPress affects all versions up to 1.4, allowing unauthenticated attackers to modify plugin settings including scrolling message text and URLs by tricking site administrators into clicking a malicious link. The vulnerability stems from missing nonce validation in the SkysaApps_Admin_AppPage function, enabling attackers to alter ticker content without authentication but requiring user interaction via social engineering.
WordPress
CSRF
-
CVE-2026-6709
MEDIUM
CVSS 4.3
Authenticated attackers with Subscriber-level WordPress access can overwrite the Coinbase Commerce API key in versions up to 1.1.2 of the Coinbase Commerce for Contact Form 7 WordPress plugin due to missing capability checks and nonce verification in the save_settings() function. The vulnerability allows privilege escalation and potential compromise of payment processing by replacing the legitimate API key with an attacker-controlled value via a crafted POST request to /wp-admin/admin-post, affecting all WordPress sites running this plugin with that version or earlier.
WordPress
Authentication Bypass
-
CVE-2026-6708
MEDIUM
CVSS 5.3
Unauthenticated attackers can delete any classroom record in the HEL Online Classroom WordPress plugin (versions up to 1.0.3) via a REST API endpoint that bypasses all WordPress authentication checks through a permission_callback set to '__return_true', resulting in permanent data loss. The vulnerability affects the plugin's core functionality and requires only network access with no user interaction, though the CVSS score of 5.3 reflects limited confidentiality impact (integrity modification only, no information disclosure).
WordPress
Authentication Bypass
-
CVE-2026-6663
MEDIUM
CVSS 4.8
Unauthenticated remote code execution in GWD Connect WordPress plugin versions up to 2.9 allows attackers to execute arbitrary PHP code on unregistered installations via the update_agent action in standalone agent endpoints (gwd-backup.php and gwd-logs.php) when the API key is not configured. The vulnerability exploits a missing authorization check that occurs only when the authentication key has not been set up, affecting default installations. No public exploit code or active exploitation has been confirmed at this time.
PHP
WordPress
Authentication Bypass
RCE
-
CVE-2026-6402
MEDIUM
CVSS 5.3
Cross-origin source code exposure in webpack-dev-server up to 5.2.3 allows attackers controlling a malicious website to steal bundled application source code when a developer runs the dev server over non-trustworthy HTTP origins. The vulnerability exploits the omission of Sec-Fetch-Mode and Sec-Fetch-Site headers on non-HTTPS connections, enabling script injection and cross-origin code exfiltration. Chromium-based browsers Chrome 142+ are exempt due to local network access restrictions. CVSS 5.3 (AC:H due to user requirement to visit attacker site; High confidentiality impact). Fix: upgrade to webpack-dev-server 5.2.4 or later.
Information Disclosure
Google
Red Hat
Suse
-
CVE-2026-6256
MEDIUM
CVSS 6.4
Stored Cross-Site Scripting in Credits Shortcode WordPress plugin up to version 1.2 allows authenticated contributors and above to inject arbitrary JavaScript via the 'link' attribute of the credits shortcode, which executes when other users view affected pages. The vulnerability stems from insufficient input sanitization and output escaping on user-supplied shortcode attributes. CVSS 6.4 reflects moderate risk with network vector and limited scope impact, though real-world risk depends on site contributor population and user awareness.
WordPress
XSS
-
CVE-2026-6247
MEDIUM
CVSS 6.4
Stored Cross-Site Scripting in Scratchblocks for WP plugin for WordPress allows authenticated contributors and above to inject arbitrary JavaScript through the 'element' attribute of the 'scratchblocks' shortcode due to insufficient input sanitization and output escaping. The vulnerability affects all versions up to 1.0.1 and enables malicious scripts to execute in the browsers of all users viewing affected pages, with cross-site scope impact.
WordPress
XSS
-
CVE-2026-6237
MEDIUM
CVSS 6.4
Stored cross-site scripting in Quick Table plugin for WordPress allows authenticated contributors and above to inject malicious scripts via the 'style' attribute of the 'qtbl' shortcode, which execute when any user views the affected page. The vulnerability affects all versions up to 1.0.0 due to insufficient input sanitization and output escaping. No public exploit code or active exploitation has been identified at time of analysis.
WordPress
XSS
-
CVE-2026-5715
MEDIUM
CVSS 6.4
Stored Cross-Site Scripting in Voyage Plus WordPress plugin versions up to 1.0.6 allows authenticated contributors and above to inject malicious scripts via the 'class' attribute of the 'post-content' shortcode due to insufficient input sanitization and output escaping. Injected scripts execute in the browsers of all users viewing affected pages, enabling credential theft, session hijacking, or malware distribution. No public exploit code or active KEV listing identified at time of analysis, but the vulnerability requires only contributor-level access and no user interaction, making it practical for insider threats or compromised contributor accounts.
WordPress
XSS
-
CVE-2026-5693
MEDIUM
CVSS 5.3
Unauthenticated attackers can cancel arbitrary bookings in the Smart Appointment & Booking WordPress plugin versions up to 1.0.8 due to a logic flaw in nonce validation that uses AND instead of OR, combined with a missing capability check in the saab_cancel_booking() function. By supplying any value for the security parameter and a predictable booking ID, attackers can modify or delete booking records without authentication or user interaction.
WordPress
Authentication Bypass
-
CVE-2026-5340
MEDIUM
CVSS 6.4
Stored Cross-Site Scripting in Fancy Image Show plugin for WordPress up to version 9.1 allows authenticated contributors and above to inject arbitrary JavaScript via the `fancy-img-show` shortcode due to insufficient input sanitization and output escaping. The injected scripts execute in the context of any user viewing the affected page, affecting site integrity and potentially compromising administrative accounts. No public exploit code or active exploitation has been confirmed at time of analysis.
WordPress
XSS
-
CVE-2026-5146
MEDIUM
CVSS 4.3
Unauthenticated attackers can modify or delete arbitrary user notification records in Devolutions Server due to missing session validation in notification management endpoints. The vulnerability affects Devolutions Server 2025.3.19.0 and earlier, plus versions 2026.1.6.0 through 2026.1.15.0. CVSS 4.3 indicates low-to-moderate risk, but the EPSS percentile of 4% suggests this is not a high-priority target for automated exploitation despite the authentication bypass tag.
Authentication Bypass
-
CVE-2026-5061
MEDIUM
CVSS 4.7
Sandbox path bypass in consul-template before 0.42.0 allows local authenticated users to read files outside the intended sandbox via symlink attack in the file template helper. The vulnerability requires local access and elevated privileges but grants high confidentiality impact. Vendor-released patch available in version 0.42.0.
Authentication Bypass
-
CVE-2026-5028
MEDIUM
CVSS 6.5
Time-based blind SQL injection in the Eight Day Week Print Workflow WordPress plugin (versions up to 1.2.6) via the 'title' parameter in the pp-get-articles AJAX action allows authenticated attackers with Subscriber-level access to extract sensitive database information. The vulnerability stems from insufficient escaping and lack of prepared statement usage, enabling attackers to append arbitrary SQL queries to extract confidential data with high confidentiality impact.
WordPress
SQLi
-
CVE-2026-4920
MEDIUM
CVSS 6.4
Stored Cross-Site Scripting in Next Date WordPress plugin (all versions up to 1.0) allows authenticated contributors and above to inject arbitrary JavaScript into pages via the 'default' shortcode attribute due to insufficient input sanitization and output escaping. Injected scripts execute in the context of any user viewing the affected page, potentially compromising site visitors and administrators. No public exploit code or active exploitation has been identified at time of analysis.
WordPress
XSS
-
CVE-2026-4859
MEDIUM
CVSS 6.4
SP Blog Designer plugin for WordPress versions up to 1.0.0 allows authenticated attackers with Contributor-level access to inject arbitrary web scripts via the 'design' attribute of the wpsbd_post_carousel shortcode, resulting in stored cross-site scripting (XSS) that executes for all users viewing affected pages. The vulnerability stems from insufficient input sanitization and output escaping in shortcode handling. No public exploit code or active exploitation has been confirmed at time of analysis.
WordPress
XSS
-
CVE-2026-4663
MEDIUM
CVSS 5.3
Unauthenticated attackers can modify critical payment gateway settings in the iPOSpays Gateways WC WordPress plugin through an exposed REST API endpoint lacking authorization checks, enabling them to overwrite live API keys, secret keys, and payment tokens. Affected versions up to 1.3.7 permit unrestricted access to the /wp-json/ipospays/v1/save_settings endpoint due to a permission_callback set to '__return_true' with no nonce verification, allowing complete compromise of payment processing credentials without authentication. This is a high-integrity attack vector against e-commerce sites using the plugin.
WordPress
Authentication Bypass
-
CVE-2026-4301
MEDIUM
CVSS 4.3
Authenticated attackers with Subscriber-level access can modify arbitrary WordPress post content, metadata, author assignment, and post type through missing authorization checks in the Rate Star Review Vote AJAX handler, allowing full post content takeover via the 'rating_id' parameter when the 'form' parameter is set to 'update'. The vulnerability affects all versions up to 1.6.4 and requires only basic user authentication (not administrator privileges), making it exploitable by any registered site user.
WordPress
Authentication Bypass
-
CVE-2026-3604
MEDIUM
CVSS 4.9
Stored Cross-Site Scripting (XSS) in WP SEO Structured Data Schema plugin for WordPress versions up to 2.8.1 allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript via the `_kcseo_ative_tab` parameter, which executes in the browsers of users viewing affected pages. The vulnerability stems from insufficient input sanitization and output escaping in the plugin's metadata handling. No public exploit code or active exploitation has been identified at time of analysis.
WordPress
XSS
-
CVE-2026-2300
MEDIUM
CVSS 6.4
Stored Cross-Site Scripting in BJ Lazy Load plugin for WordPress versions up to 1.0.9 allows authenticated attackers with Contributor-level access to inject arbitrary web scripts via regex-based HTML attribute manipulation in the `filter_images()` function. The vulnerability exploits improper handling of HTML attribute boundaries during `src` attribute replacement, enabling attackers to promote malicious content from class attribute values into executable DOM attributes. When victims access injected pages, the injected scripts execute in their browsers with the privileges of the compromised site.
WordPress
XSS
-
CVE-2026-1934
MEDIUM
CVSS 4.3
Authenticated users with Subscriber-level access can bypass PayPal payment verification in the Motors - Car Dealership & Classified Listings WordPress plugin (versions up to 1.4.103) by directly modifying their stm_payment_status user meta field to 'completed', gaining access to paid Dealer membership features without completing any transaction. The vulnerability exists in the stm_save_user_extra_fields() function, which fails to validate permission for sensitive meta field modifications during profile updates. While CVSS 4.3 reflects low severity, the integrity impact is direct-payment systems are completely circumvented for any authenticated user.
WordPress
Authentication Bypass
-
CVE-2026-1681
MEDIUM
CVSS 6.1
Stack overflow in Zephyr RTOS network stack allows local attackers to trigger a denial of service by issuing an ICMP ping to the device's own IPv4 address via the `net ping` shell command, causing recursive re-entry of the input path on the same work-queue stack and exhausting stack memory. The vulnerability requires local access and user interaction to execute the shell command, affecting systems with Zephyr network functionality enabled.
Buffer Overflow
-
CVE-2026-1185
MEDIUM
CVSS 5.4
Improper input validation in an Axis OS configuration file allows authenticated SSH users to execute code and potentially escalate privileges. The vulnerability requires valid SSH credentials but affects all Axis OS versions, making it a significant risk for organizations running Axis network devices with SSH access exposed or shared credentials.
Privilege Escalation
RCE
-
CVE-2026-0804
MEDIUM
CVSS 6.7
Privilege escalation in Axis OS via path traversal in ACAP configuration files allows high-privileged local attackers to achieve code execution with elevated permissions. The vulnerability requires the device to be configured for unsigned ACAP application installation and the attacker to socially engineer a user into installing a malicious ACAP application. CVSS 6.7 reflects high confidentiality, integrity, and availability impact, but exploitation is constrained by high-privilege requirement and user interaction. No public exploit code or active exploitation has been identified at time of analysis.
Privilege Escalation
Path Traversal
-
CVE-2026-0802
MEDIUM
CVSS 6.0
Command injection in Axis OS ACAP configuration file processing allows privilege escalation when unsigned ACAP applications are enabled and a user installs a malicious application. The vulnerability requires high-privileged user interaction and local access but bypasses normal code signing protections to achieve code execution with elevated privileges.
Privilege Escalation
Command Injection
-
CVE-2026-0541
MEDIUM
CVSS 6.7
Axis OS allows privilege escalation via improper input validation during ACAP application installation when unsigned applications are permitted, enabling authenticated attackers with high privileges to gain elevated system access. The vulnerability requires explicit administrative configuration allowing unsigned ACAP installations and victim interaction to install a malicious application. No public exploit code or active exploitation has been confirmed at time of analysis.
Privilege Escalation
-
CVE-2026-0502
MEDIUM
CVSS 5.4
Cross-site request forgery (CSRF) in SAP BusinessObjects Business Intelligence Platform allows unauthenticated attackers to trick authenticated users into sending unintended requests to the web server, resulting in low-impact modifications to application integrity and availability. The vulnerability requires user interaction (clicking a malicious link) and affects all versions of the platform due to insufficient CSRF token validation. No confidentiality impact is present, limiting the attack surface to state-changing operations.
CSRF
SAP
-
CVE-2025-70842
MEDIUM
CVSS 5.4
Stored cross-site scripting (XSS) in FluentCMS 1.2.3 File Management module allows authenticated administrators to upload SVG files with embedded malicious JavaScript that executes when any user-including unauthenticated visitors-accesses the image URL directly. The vulnerability has public proof-of-concept code available via GitHub pull request, and CISA SSVC framework confirms exploitability is feasible but requires user interaction and is not automatable. CVSS 5.4 reflects the attack complexity introduced by authentication requirement and user interaction, but the cross-origin scope and ability to affect multiple users elevates real-world risk.
XSS
-
CVE-2025-67604
MEDIUM
CVSS 5.3
Denial-of-service attacks against Fortinet FortiAnalyzer and FortiManager 6.4 through 7.6.4 allow authenticated attackers to trigger system hangs via specially crafted HTTP requests that exploit a use of potentially dangerous function vulnerability (CWE-676). The crash occurs only when internal lock alignment conditions are met, making exploitation dependent on timing and system state rather than attacker control. CVSS 5.2 reflects medium severity with high attack complexity and low availability impact; active exploitation is not confirmed.
Denial Of Service
Fortinet
-
CVE-2025-53870
MEDIUM
CVSS 6.7
OS command injection in Fortinet FortiAP and FortiAP-W2 access points allows authenticated administrators to execute arbitrary code or commands via specially crafted CLI commands. Affected versions span FortiAP 6.4 through 7.6.2 and FortiAP-W2 7.0 through 7.4.4. The vulnerability requires high-privilege administrative access and does not require user interaction, making it exploitable by rogue administrators or accounts with compromised credentials. No public exploit code or active exploitation has been identified at time of analysis.
Fortinet
Command Injection