Skip to main content
CVE-2026-40370 HIGH POC PATCH Exploit Unlikely This Week

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.

Information Disclosure Microsoft Sql Server 2016 Service Pack 3 Gdr Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack Microsoft Sql Server 2017 Cu 31 Microsoft Sql Server 2017 Gdr +6
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-42899 HIGH POC PATCH GHSA This Week

Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.

Denial Of Service Net 10 0 Net 8 0 Net 9 0
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-43983 HIGH POC PATCH This Week

Pocket ID OIDC provider fails to validate user authorization state during refresh token exchange, allowing revoked, disabled, or unauthorized users to obtain fresh access tokens indefinitely. Affects all versions prior to 2.6.0. Publicly available exploit code exists via GitHub security advisory GHSA-w6p7-2fxx-4f44. Attack requires low privileges and user interaction (CVSS 8.5) but enables persistent unauthorized access even after administrative revocation actions. Fixed in version 2.6.0.

Authentication Bypass Pocket Id
NVD GitHub
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-35433 HIGH POC PATCH GHSA This Week

Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.

Authentication Bypass Net 10 0 Net 8 0 Net 9 0
NVD VulDB GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-32177 HIGH POC PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft .NET Framework (versions 3.5 through 10.0) and Visual Studio 2017 occurs through heap-based buffer overflow exploitation requiring user interaction with a malicious file. Attackers without initial privileges can achieve high-level code execution and data access by convincing a user to open a specially crafted document or application. Microsoft has released patches across all affected .NET versions per MSRC advisory, indicating this is a vendor-confirmed issue requiring immediate remediation for systems where users process untrusted .NET content.

Heap Overflow Buffer Overflow Net 10 0 Net 8 0 Net 9 0 +11
NVD VulDB GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-40949 HIGH CISA Act Now

Command injection in Siemens RUGGEDCOM ROX industrial router series allows high-privileged authenticated remote attackers to execute arbitrary commands with root privileges on the underlying operating system. Affects all MX5000/MX5000RE/RX1400/RX1500/RX1501/RX1510/RX1511/RX1512/RX1524/RX1536/RX5000 models running firmware versions below V2.17.1. The vulnerability exists in the Scheduler functionality of the Web UI due to improper input sanitization (CWE-78). CVSS v4.0 score of 8.9 reflects high impact across confidentiality, integrity, and availability with network attack vector but requires high-privilege authentication. No public exploit identified at time of analysis, and EPSS data not available for this recently published CVE.

Command Injection Ruggedcom Rox Mx5000 Ruggedcom Rox Mx5000Re Ruggedcom Rox Rx1400 Ruggedcom Rox Rx1500 +7
NVD
CVSS 4.0
8.9
EPSS
0.2%
CVE-2026-22924 HIGH CISA Act Now

Remote unauthenticated attackers can exhaust resources and bypass authentication controls in Siemens SIMATIC CN 4100 versions before V5.0, enabling denial of service conditions and unauthorized actions that compromise system availability and integrity. The vulnerability stems from improper connection validation (CWE-306), allowing network-based exploitation without any user interaction or privileges. Siemens has released V5.0 to address this flaw, documented in security advisory SSA-032379.

Authentication Bypass Denial Of Service Simatic Cn 4100
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-22925 HIGH CISA Act Now

Siemens SIMATIC CN 4100 versions prior to V5.0 can be rendered unavailable through TCP SYN flood attacks, allowing remote unauthenticated attackers to exhaust system resources and cause complete service disruption. The CVSS 4.0 score of 8.7 reflects the high availability impact (VA:H) combined with network-accessible attack vector requiring no privileges or user interaction. No active exploitation (CISA KEV) or public exploit code has been identified at time of analysis, though SYN flood techniques are well-documented and trivial to execute.

Denial Of Service Simatic Cn 4100
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-40833 HIGH CISA Act Now

Denial of service in Siemens industrial networking equipment allows remote unauthenticated attackers to crash affected devices via specially crafted IPv4 packets, requiring manual restart for recovery. This vulnerability affects over 200 Siemens industrial automation products including SCALANCE switches/routers, SIMATIC PLCs, SINAMICS drives, and RUGGEDCOM devices. CVSS 4.0 score of 8.7 reflects high availability impact (VA:H) with network-accessible attack vector requiring low complexity and no privileges (AV:N/AC:L/PR:N). No public exploit code or CISA KEV listing identified at time of analysis, though the straightforward network-based attack and widespread product exposure warrant priority patching for operational technology environments where uptime is critical.

Denial Of Service Null Pointer Dereference Ie Pb Link Ha Ie Pb Link Pn Io Ruggedcom Rm1224 Lte 4G Eu +240
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-33893 HIGH CISA Act Now

Hardcoded cryptographic keys in Siemens Teamcenter PLM software enable remote attackers to bypass authentication and gain unauthorized access to confidential product lifecycle management data. The vulnerability affects multiple Teamcenter versions (V2312, V2406, V2412, V2506, V2512) and is remotely exploitable without authentication (CVSS:4.0 AV:N/AC:L/PR:N). While no active exploitation or public POC has been identified at time of analysis, the straightforward nature of hardcoded credential extraction (AC:L) combined with the criticality of Teamcenter as an enterprise PLM platform housing intellectual property makes this a high-priority remediation target for manufacturing and engineering organizations.

Authentication Bypass Teamcenter V2312 Teamcenter V2406 Teamcenter V2412 Teamcenter V2506 +1
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-33862 HIGH CISA Act Now

Stored cross-site scripting (XSS) in Siemens Teamcenter allows authenticated attackers with low privileges to inject malicious JavaScript that executes in other users' browser sessions, enabling session hijacking, credential theft, or unauthorized actions within the product lifecycle management platform. Affects Teamcenter versions V2312 through V2512 with vendor patches released for all branches. CVSS v4.0 scores 8.5 (High) due to network attack vector with low complexity, though exploitation requires user interaction and authenticated access. No public exploit code or CISA KEV listing identified at time of analysis.

XSS Teamcenter V2312 Teamcenter V2406 Teamcenter V2412 Teamcenter V2506 +1
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-26289 HIGH CISA Act Now

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only.

Authentication Bypass Powersystem Center 2020 Powersystem Center 2024 Powersystem Center 2026
NVD GitHub
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-6866 HIGH CISA Act Now

Schneider Electric EcoStruxure Panel Server can revert credentials to insecure default values under rare circumstances, allowing remote unauthenticated attackers to gain unauthorized access using known factory credentials. This CWE-1188 vulnerability enables complete confidential information disclosure (CVSS 8.2 High). Exploitation requires specific timing conditions (AT:P - Attack Timing: Present) to catch the window when credentials reset. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis, suggesting targeted rather than widespread exploitation risk.

Information Disclosure Ecostruxure Panel Server
NVD VulDB
CVSS 4.0
8.2
EPSS
0.1%
CVE-2026-40357 HIGH PATCH Exploit Unlikely This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Deserialization
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-33112 HIGH PATCH Exploit Unlikely This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Deserialization
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-33110 HIGH PATCH Exploit Unlikely This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Deserialization
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-35439 HIGH PATCH Exploit Unlikely This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Deserialization
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-41109 HIGH PATCH Exploit Unlikely This Week

Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.

Authentication Bypass Visual Studio Code
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-41094 HIGH PATCH Exploit Unlikely This Week

Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.

Microsoft Code Injection RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-41613 HIGH PATCH Exploit Unlikely This Week

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

Authentication Bypass Session Fixation
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-41086 HIGH PATCH Exploit Unlikely This Week

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-40365 HIGH PATCH NEWS Exploit Unlikely This Week

Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8108 HIGH CISA Act Now

The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions.

Information Disclosure Tellus
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-40947 HIGH CISA Act Now

Command injection in Siemens RUGGEDCOM ROX industrial network devices enables authenticated remote attackers to execute arbitrary commands with root privileges during feature key installation. The vulnerability affects multiple ROX product lines (MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000) running firmware versions below V2.17.1. While exploitation requires low-level authentication and higher attack complexity (CVSS 4.0: AV:N/AC:H/PR:L), successful exploitation grants complete control over critical industrial network infrastructure. No public exploit identified at time of analysis, and EPSS data not available for this recently disclosed vulnerability.

Command Injection RCE Ruggedcom Rox Mx5000 Ruggedcom Rox Mx5000Re Ruggedcom Rox Rx1400 +8
NVD
CVSS 4.0
7.7
EPSS
0.2%
CVE-2026-40364 HIGH PATCH NEWS Exploit Likely This Week

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Authentication Bypass Microsoft Memory Corruption
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-40361 HIGH PATCH NEWS Exploit Likely This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-40367 HIGH PATCH NEWS This Week

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-40358 HIGH PATCH NEWS Exploit Unlikely This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-40366 HIGH PATCH NEWS Exploit Unlikely This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-40363 HIGH PATCH NEWS Exploit Unlikely This Week

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-12659 HIGH CISA Act Now

The affected applications contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-27349, ZDI-CAN-27389)

Heap Overflow Buffer Overflow Simcenter Femap
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-44411 HIGH CISA Act Now

Uninitialized pointer access in Siemens Solid Edge SE2026 enables arbitrary code execution when processing malicious PAR files. Attackers must deliver a crafted PAR file and convince users to open it (CVSS:4.0 AV:L/UI:P), achieving full compromise of the victim's workstation with high confidentiality, integrity, and availability impact. No active exploitation confirmed at time of analysis, though the local attack vector and user interaction requirement limit automated mass exploitation. EPSS data not available for risk calibration.

Information Disclosure Memory Corruption Solid Edge Se2026
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-25789 HIGH CISA Act Now

Cross-site scripting (XSS) in Siemens SIMATIC S7-1500 PLC family firmware upload interface allows authenticated attackers to execute malicious JavaScript in administrator sessions via crafted filenames. This stored XSS requires social engineering to trick authenticated users into selecting the attacker-supplied firmware file on the web-based management interface. Successful exploitation enables session hijacking and credential theft without requiring the malicious file to be uploaded. EPSS data not provided, no CISA KEV status confirmed, affecting industrial automation controllers widely deployed in critical infrastructure environments.

XSS Simatic Drive Controller Cpu 1504D Tf Simatic Drive Controller Cpu 1507D Tf Simatic Et 200Sp Cpu 1510Sp F 1 Pn Simatic Et 200Sp Cpu 1510Sp 1 Pn +95
NVD VulDB
CVSS 4.0
7.2
EPSS
0.1%
CVE-2026-33833 HIGH PATCH Exploit Unlikely This Week

Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.

Authentication Bypass Microsoft Azure Machine Learning
NVD VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-40368 HIGH PATCH Exploit Unlikely This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Deserialization
NVD VulDB
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-35555 HIGH CISA Act Now

PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups.

Authentication Bypass Powersystem Center 2024 Powersystem Center 2026
NVD GitHub
CVSS 4.0
7.0
EPSS
0.0%
CVE-2026-7256 HIGH This Week

Command injection in Zyxel WRE6505 v2 firmware V1.00(ABDV.3)C0 allows unauthenticated adjacent network attackers to execute arbitrary operating system commands via crafted HTTP requests to the CGI interface. This vulnerability affects an end-of-life product with no vendor support, meaning no security patches will be released. Exploitation requires adjacent network access (same LAN segment) but no authentication, making it exploitable by any device on the local network including compromised IoT devices or malicious insiders.

Zyxel Command Injection
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2026-20887 HIGH This Week

Improper access control for some Intel Vision software for all versions within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable remote code execution. This result may potentially occur via network access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (low) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Authentication Bypass Denial Of Service Intel RCE
NVD
CVSS 4.0
8.8
EPSS
0.2%
CVE-2026-23819 HIGH This Week

A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to compromise user data and potentially manipulate device configuration settings.

XSS Arubaos Aos
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-34344 HIGH PATCH Exploit Unlikely This Week

Type confusion vulnerability in Windows Ancillary Function Driver for WinSock enables local authenticated users to escalate privileges to SYSTEM level on Windows 10 (versions 1607-22H2), Windows 11 (versions 22H3-26H1), and Windows Server 2012. Microsoft has released patches through their March 2026 security update cycle. The vulnerability requires low-privilege local access but no user interaction, making it a high-value target for post-compromise lateral movement and persistence. CVSS 7.8 reflects complete system compromise potential, though EPSS data and KEV status are not available for this future-dated CVE.

Microsoft Information Disclosure Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-34329 HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Windows Message Queuing (MSMQ) allows remote unauthenticated attackers on adjacent networks to execute arbitrary code with high impact to confidentiality, integrity, and availability across multiple Windows versions. Microsoft released patches via their May 2026 security update. The vulnerability requires adjacent network access (same subnet/VLAN) but no authentication, user interaction, or special configuration, making it exploitable against default Windows installations where MSMQ service is enabled. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-31225 HIGH GHSA This Week

Remote code execution in superduper (Python library) through version 0.10.0 allows unauthenticated network attackers to execute arbitrary system commands by submitting malicious query strings with embedded Python code. The _parse_op_part() function in query.py uses unsafe eval() with inadequate context restrictions, enabling attackers to import modules (such as os) and achieve complete server compromise. EPSS score is low (0.07%, 20th percentile) and no active exploitation is confirmed (CISA KEV absent), but SSVC framework rates technical impact as total. User interaction is required (CVSS UI:R), reducing automated exploitation risk. Authentication requirements not confirmed from available data - CVSS vector shows PR:N (no privileges required) but UI:R suggests user-triggered queries.

Python Code Injection RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-41088 HIGH PATCH This Week

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-32204 HIGH PATCH Exploit Unlikely This Week

Path traversal in Azure Monitor Agent enables low-privileged local attackers to escalate to SYSTEM/root privileges via malicious file path manipulation. Microsoft has released security patches. Attack vector is local (AV:L) with low complexity (AC:L), requiring only basic local credentials (PR:L) but no user interaction. EPSS exploitation probability is 0.04% (4th percentile), indicating low likelihood of mass exploitation, though the attack is straightforward once local access is obtained.

Microsoft Information Disclosure Azure Monitor
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-31222 HIGH GHSA This Week

Arbitrary code execution in Snorkel machine learning library (≤v0.10.0) occurs when users load malicious model checkpoint files through the Trainer.load() method. The vulnerability stems from unsafe PyTorch deserialization that processes untrusted Pickle objects without the weights_only security parameter. Attackers can embed malicious Python code in model files distributed through repositories, shared datasets, or social engineering campaigns. Despite the 8.8 CVSS score indicating critical severity, EPSS scoring at 0.06% (19th percentile) suggests very low real-world exploitation probability, and no active exploitation or public proof-of-concept has been identified at time of analysis.

Checkpoint Python RCE Deserialization
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-31219 HIGH This Week

Insecure deserialization in Optimate's neural_magic_training.py script enables remote code execution when loading PyTorch model files. The _load_model() function uses torch.load() without the weights_only=True security parameter, allowing attackers with low privileges to execute arbitrary Python code by providing malicious .pt or .pth files via the --model command-line argument. EPSS indicates low exploitation probability at 0.06% with no active exploitation confirmed.

Python RCE Deserialization N A
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-31223 HIGH GHSA This Week

Arbitrary code execution in Snorkel library (Python) through version 0.10.0 enables remote attackers to execute code by supplying malicious pickle files to the BaseLabeler.load() method. The vulnerability stems from unsafe deserialization using pickle.load() without input validation, allowing attackers to craft serialized objects that execute arbitrary commands during deserialization. With EPSS at 6th percentile, exploitation probability remains relatively low despite the critical CVSS score, and no active exploitation (KEV) or public proof-of-concept has been identified at time of analysis.

Python RCE Deserialization
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-31224 HIGH GHSA This Week

Remote code execution in Snorkel machine learning library (≤v0.10.0) occurs when users load untrusted model files via MultitaskClassifier.load(). The vulnerability exploits insecure Python object deserialization through torch.load(), allowing attackers to embed malicious code in model weight files that executes upon loading. EPSS score of 0.06% (19th percentile) suggests low observed exploitation probability in the wild, though SSVC framework indicates total technical impact once exploited. No public exploit code or active exploitation confirmed at time of analysis, but exploitation requires only that a data scientist or ML engineer load a malicious .pkl model file.

Python RCE Deserialization N A
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-31218 HIGH This Week

Remote code execution in Optimate's neural_magic_training.py script allows authenticated attackers to execute arbitrary code via malicious PyTorch model files. The vulnerability stems from unsafe deserialization when loading model state dictionaries without PyTorch's weights_only=True security flag, enabling pickle-based arbitrary object execution. With an EPSS score of 0.06% and no confirmed exploitation, this represents a moderate risk primarily in environments where users can upload or specify model files.

Python RCE Deserialization N A
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-40362 HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy