Skip to main content
CVE-2026-26083 CRITICAL NEWS Act Now

Remote code execution in Fortinet FortiSandbox 4.4.x through 5.0.x (on-premises, Cloud, and PaaS deployments) allows unauthenticated attackers to execute arbitrary code or commands via crafted HTTP requests. This CWE-862 missing authorization flaw affects sandbox analysis appliances across multiple deployment models with CVSS 9.8 (critical) severity. Fortinet has published vendor advisory FG-IR-26-136. No CISA KEV listing or public POC identified at time of analysis, though the trivial attack complexity (AC:L) and network vector without authentication (PR:N) indicate high exploitability if technical details emerge.

Authentication Bypass Fortinet Fortisandbox Cloud Fortisandbox Fortisandbox Paas
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-44183 CRITICAL PATCH Act Now

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entry of the X-Forwarded-For header as the client IP. That entry is attacker-controlled - X-Forwarded-For is append-only, so the leftmost value is whatever the original HTTP client claimed. By sending a spoofed local IP in the header, an unauthenticated remote attacker passes the trusted-network check and is logged in as the Cleanuparr administrator. This vulnerability is fixed in 2.9.10.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31220 CRITICAL GHSA Act Now

Remote code execution in PySyft Datasite/Server versions 0.9.5 and earlier allows unauthenticated attackers to execute arbitrary Python code on the server through the function submission mechanism. The vulnerability stems from insufficient validation and sandboxing of user-submitted Python functions decorated with @sy.syft_function(), which are executed using unsafe exec() and eval() calls after approval. With an EPSS score of 0.04% and no current KEV listing, this appears to be a high-severity vulnerability without confirmed active exploitation.

Python RCE Code Injection N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-43512 CRITICAL PATCH GHSA Act Now

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported versions any also be affect Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

Authentication Bypass Apache Tomcat Suse Red Hat
NVD VulDB HeroDevs
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-41293 CRITICAL PATCH GHSA Act Now

Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end of support versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.

Apache Tomcat Information Disclosure Suse Red Hat
NVD VulDB HeroDevs
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-43992 CRITICAL Act Now

JunoClaw agentic AI platform exposes BIP-39 wallet mnemonics in plaintext through LLM tool-call parameters, leaking cryptocurrency private keys to logs, telemetry, and transport channels between AI providers and blockchain execution. Every blockchain write operation (token transfers, smart contract deployment, IBC transactions) required the 12- or 24-word seed phrase as a JSON parameter visible to the language model, API logs, and any middleware. Version 0.x.y-security-1 eliminates mnemonic exposure by introducing a wallet registry with AES-256-GCM encrypted storage and opaque wallet_id references. EPSS data not available for this recent CVE; no public exploit identified at time of analysis.

Information Disclosure Junoclaw
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-6577 CRITICAL PATCH Act Now

SQL injection in Akilli Commerce E-Commerce Website versions before 4.5.001 allows remote unauthenticated attackers to execute arbitrary SQL commands with complete database access. The vulnerability permits extraction of sensitive customer and transaction data, modification of product catalogs and pricing, and potential complete system compromise. CVSS score of 9.8 (Critical) reflects network-accessible exploitation requiring no authentication or user interaction, though no active exploitation has been reported in CISA KEV and EPSS data is not available.

SQLi E Commerce Website
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31238 CRITICAL GHSA Act Now

Remote code execution in Ludwig framework ≤0.10.4 allows unauthenticated network attackers to execute arbitrary code by supplying a malicious PyTorch model file to the ludwig serve endpoint. The vulnerability stems from unsafe deserialization in the model loading component, which uses torch.load() without the weights_only=True safety parameter. With CVSS 9.8 (critical network vector, no authentication required) but only 0.02% EPSS, this represents a high-severity issue in vulnerable deployments, though widespread exploitation has not been observed. No CISA KEV listing or public POC identified at time of analysis.

Python RCE Deserialization N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31235 CRITICAL GHSA Act Now

Arbitrary code execution in imgaug library (versions through 0.4.0) occurs when the BackgroundAugmenter class deserializes malicious pickle payloads without validation in its multiprocessing worker method. Attackers who can influence queue data-through compromised shared queues, malicious input scripts, or social engineering-can achieve remote or local code execution depending on deployment context. CVSS 9.8 critical severity reflects network-based exploitation without authentication, though EPSS probability is low (0.02%, 6th percentile), indicating limited observed exploitation activity. No CISA KEV listing or public exploit code identified at time of analysis.

Python RCE Deserialization N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31239 CRITICAL GHSA Act Now

Remote code execution in Mamba language model framework (through version 2.2.6) allows unauthenticated attackers to execute arbitrary Python code by publishing malicious models on HuggingFace Hub. When victims call MambaLMHeadModel.from_pretrained() on a weaponized model repository, insecure pickle deserialization executes attacker-controlled code in the context of the victim's process. Despite the critical CVSS 9.8 score and network attack vector requiring no authentication, EPSS probability remains extremely low (0.02%, 5th percentile), suggesting limited real-world exploitation to date. No CISA KEV listing or public POC identified at time of analysis.

Python RCE Deserialization N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31236 CRITICAL GHSA Act Now

Arbitrary code execution occurs in the llm CLI tool (versions through 0.27.1) when attackers social-engineer victims into running crafted commands containing malicious Python code in the --functions argument. The tool directly executes this code via unsafe exec() without sanitization, enabling full system compromise. CVSS 9.8 assigns network attack vector and no authentication, but real-world exploitation requires local command execution by a tricked user, creating a significant disparity between the vector and actual attack prerequisites. EPSS score of 0.02% (5th percentile) suggests minimal automated exploitation risk, and no active exploitation or public POC has been identified at time of analysis.

Python Code Injection RCE N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31230 CRITICAL Act Now

Command injection in Adversarial Robustness Toolbox (ART) up to version 1.20.1 enables remote code execution through unsafe eval() usage in Kubeflow pipeline components. The robustness_evaluation_fgsm_pytorch.py script directly evaluates user-controlled --clip_values and --input_shape arguments without sanitization, allowing Python code injection. With CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) indicating network-exploitable unauthenticated access, this represents critical risk in automated ML pipeline environments where attackers can control pipeline configurations. EPSS score of 0.02% (5th percentile) suggests low observed exploitation activity, though the attack vector and ML tooling context create significant supply chain risk in CI/CD and research environments.

Python RCE N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31217 CRITICAL Act Now

Arbitrary code execution in optimate's neural_magic_training.py allows remote attackers to execute Python code by supplying a malicious directory path containing a crafted module.py file. The _load_model() function directly executes file contents via Python's exec() without validation. CVSS 9.8 reflects network vector with no authentication, but EPSS score of 0.02% (5th percentile) indicates very low observed exploitation probability. No active exploitation confirmed (not in CISA KEV). Vulnerability exists in commit a6d302f912b481c94370811af6b11402f51d377f from July 2024. Affects organizations using optimate for neural network model optimization.

Python Code Injection RCE
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-8401 CRITICAL PATCH Act Now

Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3.

Mozilla Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-65719 CRITICAL PATCH GHSA Act Now

Remote code execution in Kubectl MCP Server v1.1.1 allows unauthenticated network attackers to execute arbitrary commands on systems running the vulnerable server through crafted HTML-based exploitation vectors. Despite a critical 9.8 CVSS score, EPSS rates exploitation likelihood at only 0.02% (4th percentile), suggesting limited real-world targeting thus far. The vulnerability is classified as CWE-94 (Code Injection), affecting an open-source Model Context Protocol (MCP) server implementation for Kubernetes management. No CISA KEV listing indicates absence of confirmed widespread exploitation at time of analysis.

Code Injection RCE N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-8108 HIGH CISA Act Now

The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions.

Information Disclosure Tellus
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-40947 HIGH CISA Act Now

Command injection in Siemens RUGGEDCOM ROX industrial network devices enables authenticated remote attackers to execute arbitrary commands with root privileges during feature key installation. The vulnerability affects multiple ROX product lines (MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000) running firmware versions below V2.17.1. While exploitation requires low-level authentication and higher attack complexity (CVSS 4.0: AV:N/AC:H/PR:L), successful exploitation grants complete control over critical industrial network infrastructure. No public exploit identified at time of analysis, and EPSS data not available for this recently disclosed vulnerability.

Command Injection RCE Ruggedcom Rox Mx5000 Ruggedcom Rox Mx5000Re Ruggedcom Rox Rx1400 +8
NVD
CVSS 4.0
7.7
EPSS
0.2%
CVE-2026-8043 CRITICAL Act Now

Path traversal in Ivanti Xtraction enables remote authenticated attackers with low-level privileges to read sensitive system files and inject arbitrary HTML into web-accessible directories, creating risks of credential theft, configuration exposure, and client-side attacks against other users. CVSS 9.6 severity driven by scope change (S:C) indicates the attacker can impact resources beyond the vulnerable component. No public exploit or CISA KEV listing identified, but vendor advisory confirms the vulnerability affects all versions prior to 2026.2.

Information Disclosure Ivanti
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-44547 CRITICAL Act Now

ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any 7.2.x tag was cut. Every shipped 7.2.x release therefore remains exploitable by the PoC published with the original advisory. This vulnerability is fixed in 7.3.1.

Authentication Bypass PHP
NVD GitHub
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-34263 CRITICAL NEWS Act Now

Arbitrary server-side code execution in SAP Commerce Cloud via unauthenticated malicious configuration upload and code injection. Attackers can remotely exploit a misconfigured Spring Security framework to upload crafted configuration files and inject code without authentication, requiring only that a user interact with malicious content (CVSS:3.1/AV:N/AC:L/PR:N/UI:R). The vulnerability affects SAP Commerce Cloud Configuration with critical impact across confidentiality, integrity, and availability. No public exploit code or CISA KEV listing identified at time of analysis, though EPSS data unavailable. Patch details available in SAP Security Note 3733064.

RCE Java SAP
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-34260 CRITICAL NEWS Act Now

SQL injection in SAP S/4HANA Enterprise Search for ABAP allows authenticated attackers to extract sensitive database information and crash the application via malicious SQL statements injected through improperly validated user input. The scope change (S:C) indicates potential lateral movement beyond the vulnerable component. SAP has released security patches (SAP Note 3724838) for this critical vulnerability with CVSS 9.6. No active exploitation confirmed at time of analysis, though the authentication bypass tag suggests potential credential bypass implications.

Authentication Bypass SQLi SAP
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-40364 HIGH PATCH NEWS Exploit Likely This Week

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Authentication Bypass Microsoft Memory Corruption
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-40361 HIGH PATCH NEWS Exploit Likely This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-8431 CRITICAL PATCH Act Now

An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax.  This issue affects all MongoDB Ops Manager 7.0 versions and MongoDB Ops Manager versions 8.0.22 and prior.

Command Injection Ops Manager
NVD
CVSS 4.0
9.4
EPSS
0.1%
CVE-2026-40367 HIGH PATCH NEWS This Week

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-40358 HIGH PATCH NEWS Exploit Unlikely This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-40366 HIGH PATCH NEWS Exploit Unlikely This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-40363 HIGH PATCH NEWS Exploit Unlikely This Week

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-34660 CRITICAL Act Now

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.

Authentication Bypass Adobe RCE
NVD
CVSS 3.1
9.3
EPSS
0.5%
CVE-2026-44257 CRITICAL PATCH Act Now

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new File(baseDir, zipEntry.getName()) with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomcat process can write - including the servlet context root. Combined with the framework's multipart /uploadServlet and an event that calls file.saveUploadFiles + FileManager.unZip, a remote attacker with no credentials drops a JSP webshell and executes arbitrary commands as the Tomcat user. This vulnerability is fixed in 4.08.010.

Canonical Command Injection Tomcat
NVD GitHub
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-44343 CRITICAL PATCH Act Now

WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2.

Authentication Bypass Wgdashboard
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-32175 MEDIUM POC PATCH GHSA Exploit Unlikely This Month

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.

Information Disclosure Net 10 0 Net 8 0 Net 9 0 Microsoft Visual Studio 2017 Version 15 9 Includes 15 0 15 8 +4
NVD VulDB GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-42074 CRITICAL PATCH GHSA Act Now

Sandbox escape in OpenClaude (npm package openclaude) versions before 0.5.1 allows a prompt-injected LLM to disable host sandboxing by setting the model-controlled `dangerouslyDisableSandbox: true` flag in any Bash tool_use call, yielding full unsandboxed command execution on the host. CVSS 4.0 scores this 9.3 Critical (AV:N/AC:L/PR:N/UI:N, VC/VI/VA:H); no public exploit identified at time of analysis beyond the reporter's PoC, but the upstream fix has been merged. The flaw is especially severe because it is reachable under default settings (`allowUnsandboxedCommands` defaults to true).

Kubernetes Information Disclosure Authentication Bypass Python RCE +2
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-41551 CRITICAL CISA Act Now

Remote path traversal in Siemens ROS# versions prior to V2.2.2 enables unauthenticated attackers to read arbitrary files from affected systems due to insufficient input sanitization. The vulnerability affects the ROS# library, a C# .NET implementation for Robot Operating System communication, with CVSS 9.3 critical severity. No active exploitation or public exploit code has been identified at time of analysis, though the network-accessible attack vector and lack of authentication requirements present significant risk for robotics systems using this library.

Path Traversal Ros
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-44258 CRITICAL PATCH Act Now

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfinder_checkRisk function validates target and targets for path traversal and home containment, but does not validate the dst (destination) parameter used by elfinder_paste. An attacker can copy or move files from within the home directory to any arbitrary destination by setting dst to a base64-encoded traversal path. This bypasses the protected=true security control. This vulnerability is fixed in 4.08.010.

Command Injection Path Traversal Efw4 X
NVD GitHub
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-44225 CRITICAL POC PATCH Act Now

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath() function is supposed to sandbox this access, but its blocklist is incomplete. Any web app packaged with Pulpy can read and write arbitrary files in the user's home directory - including ~/.ssh/id_rsa, ~/.aws/credentials, and ~/Library/Keychains/. This vulnerability is fixed in 0.1.1.

Path Traversal Pulpy
NVD GitHub Exploit-DB
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-6402 MEDIUM POC PATCH GHSA This Month

Cross-origin source code exposure in webpack-dev-server up to 5.2.3 allows attackers controlling a malicious website to steal bundled application source code when a developer runs the dev server over non-trustworthy HTTP origins. The vulnerability exploits the omission of Sec-Fetch-Mode and Sec-Fetch-Site headers on non-HTTPS connections, enabling script injection and cross-origin code exfiltration. Chromium-based browsers Chrome 142+ are exempt due to local network access restrictions. CVSS 5.3 (AC:H due to user requirement to visit attacker site; High confidentiality impact). Fix: upgrade to webpack-dev-server 5.2.4 or later.

Information Disclosure Google Red Hat Suse Chrome
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-12659 HIGH CISA Act Now

The affected applications contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-27349, ZDI-CAN-27389)

Heap Overflow Buffer Overflow Simcenter Femap
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-20794 CRITICAL Act Now

Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (high) impacts.

Buffer Overflow VMware RCE Privilege Escalation Intel
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-44411 HIGH CISA Act Now

Uninitialized pointer access in Siemens Solid Edge SE2026 enables arbitrary code execution when processing malicious PAR files. Attackers must deliver a crafted PAR file and convince users to open it (CVSS:4.0 AV:L/UI:P), achieving full compromise of the victim's workstation with high confidentiality, integrity, and availability impact. No active exploitation confirmed at time of analysis, though the local attack vector and user interaction requirement limit automated mass exploitation. EPSS data not available for risk calibration.

Information Disclosure Memory Corruption Solid Edge Se2026
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-8430 CRITICAL PATCH Act Now

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx configuration scenarios to achieve code execution, and this issue is not mitigated by the SPIP security screen.

Nginx Code Injection RCE
NVD VulDB
CVSS 4.0
9.2
EPSS
0.2%
CVE-2026-25789 HIGH CISA Act Now

Cross-site scripting (XSS) in Siemens SIMATIC S7-1500 PLC family firmware upload interface allows authenticated attackers to execute malicious JavaScript in administrator sessions via crafted filenames. This stored XSS requires social engineering to trick authenticated users into selecting the attacker-supplied firmware file on the web-based management interface. Successful exploitation enables session hijacking and credential theft without requiring the malicious file to be uploaded. EPSS data not provided, no CISA KEV status confirmed, affecting industrial automation controllers widely deployed in critical infrastructure environments.

XSS Simatic Drive Controller Cpu 1504D Tf Simatic Drive Controller Cpu 1507D Tf Simatic Et 200Sp Cpu 1510Sp F 1 Pn Simatic Et 200Sp Cpu 1510Sp 1 Pn +95
NVD VulDB
CVSS 4.0
7.2
EPSS
0.1%
CVE-2026-33833 HIGH PATCH Exploit Unlikely This Week

Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.

Authentication Bypass Microsoft Azure Machine Learning
NVD VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-7428 CRITICAL PATCH Act Now

Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database. Exploitation required network access to the AlloyDB cluster and was limited to Terraform or the REST API, as other clients blocked it.

Hashicorp Information Disclosure PostgreSQL Google
NVD
CVSS 4.0
9.2
EPSS
0.0%
CVE-2026-8072 CRITICAL PATCH Act Now

Weak credential generation in Ingeteam's Ingecon Sun EMS Board Technical Support access mechanism allows remote privilege escalation via cryptographic weakness. The SAT (Technical Support) access feature generates credentials using a weak hashing algorithm instead of cryptographically secure methods, enabling attackers to predict or derive privileged access credentials. CVSS 9.2 reflects network-accessible attack with high complexity but no authentication required. INCIBE coordinated disclosure confirms vendor patch availability, and a practical analysis of the vulnerability has been published by ReverseMode, indicating detailed technical understanding exists in the research community.

Privilege Escalation Ingecon Sun Ems Board
NVD
CVSS 4.0
9.2
EPSS
0.0%
CVE-2026-31215 CRITICAL Act Now

{index_name}/documents endpoint. The backend service fails to authenticate requests or validate the path_or_url parameter, enabling mass data destruction and denial of service. EPSS probability (0.12%) indicates low predicted exploitation likelihood, and no active exploitation or public exploit code has been identified at time of analysis, though the CVSS 9.1 reflects the severe impact of unauthenticated remote data deletion.

Denial Of Service Information Disclosure Elastic Path Traversal
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-31216 CRITICAL Act Now

{object_name:path} API lacks authentication, authorization, and input validation (CWE-552). CVSS 9.1 reflects critical severity, though EPSS score of 0.08% (23rd percentile) and SSVC 'exploitation: none' indicate no observed active exploitation or public exploit code at time of analysis. SSVC marks this as 'automatable: yes' with 'technical impact: partial', suggesting straightforward exploitation once discovered but limited scope beyond data integrity/availability impacts.

Denial Of Service Information Disclosure Path Traversal
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-42889 CRITICAL PATCH Act Now

Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated as having full server permissions. An unauthenticated network attacker who knows or guesses a document ID could connect to the document sync WebSocket and read or modify document contents without a valid document token. This vulnerability is fixed in 0.9.7.

Authentication Bypass Relay Server
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-44196 CRITICAL PATCH Act Now

Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and password to skip the second-factor authentication (TOTP) requirement entirely. Although, an attacker still needs the user's password to reach this stage. This vulnerability is fixed in 1.16.3.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-29204 CRITICAL PATCH Act Now

Insufficient ownership checks in `clientarea.php` allow an authenticated client area user to submit requests using another user’s `addonId` without any ownership validation leading to unauthorized access to the victim's resources and their cPanel account.

Authentication Bypass PHP
NVD
CVSS 3.1
9.1
EPSS
0.0%
Prev Page 2 of 11 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy