Skip to main content
CVE-2026-40359 HIGH PATCH Exploit Unlikely This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-42831 HIGH PATCH NEWS This Week

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-40360 HIGH PATCH This Week

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-31232 HIGH This Week

The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading process. When loading model files (.pt) from a user-specified directory (via the --model_dir argument), the code uses torch.load() without the security-restrictive weights_only=True parameter. This allows the deserialization of arbitrary Python objects via the Pickle module. An attacker can exploit this by providing a maliciously crafted model directory containing .pt files with embedded pickle payloads. When a victim loads this directory using CosyVoice's web interface, the malicious payload is executed, leading to remote code execution on the victim's system.

Python RCE Deserialization N A
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-41611 HIGH PATCH Exploit Unlikely This Week

Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.

XSS Visual Studio Code
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-41095 HIGH PATCH Exploit Unlikely This Week

Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.

Denial Of Service Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40419 HIGH PATCH Exploit Unlikely This Week

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-35420 HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34343 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Application Identity (AppID) Subsystem allows low-privileged authenticated users to execute code as SYSTEM via heap buffer overflow. Microsoft has released security patches across Windows 10 (versions 1607-22H2), Windows 11 (versions 22H3-26H1), and Windows Server 2012. CVSS 7.8 score reflects high impact to confidentiality, integrity, and availability. EPSS data not available; no confirmed active exploitation or public POC identified at time of analysis. Requires existing local access with standard user privileges, limiting remote attack surface.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33841 HIGH PATCH Exploit Likely This Week

Local privilege escalation in Windows Kernel across Windows 10, Windows 11 (versions 22H3 through 26H1), and Windows Server 2022 allows authenticated local attackers to gain SYSTEM-level privileges through heap corruption. Microsoft has released patches addressing this CWE-122 heap-based buffer overflow. EPSS data not available for risk quantification, and no CISA KEV listing indicates exploitation has not been publicly confirmed, though the vulnerability's low attack complexity (AC:L) and minimal prerequisites (PR:L) make it attractive for post-compromise privilege escalation in targeted attacks.

Heap Overflow Microsoft Buffer Overflow Windows 10 Version 21H2 Windows 10 Version 22H2 +9
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43892 HIGH PATCH This Week

AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16.

XSS
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-40381 HIGH PATCH Exploit Unlikely This Week

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40420 HIGH PATCH Exploit Unlikely This Week

Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-35436 HIGH PATCH Exploit Unlikely This Week

Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-40417 HIGH PATCH Exploit Unlikely This Week

Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.

Information Disclosure Microsoft Dynamics 365 Business Central 2024 Release Wave 2 Microsoft Dynamics 365 Business Central 2026 Release Wave 1 Microsoft Dynamics 365 Business Central Release Wave 1 2025 Microsoft Dynamics 365 Business Central Release Wave 2 2025
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-2465 HIGH PATCH This Week

Privilege escalation in Turboard FOR-S allows remote unauthenticated attackers to gain elevated access by exploiting incorrect authorization checks, requiring only user interaction. The vulnerability affects versions 7.01.2026 through 17.02.2026, with fix available in version 18.02.2026. Turkish national CERT (TR-CERT) reported this authorization bypass vulnerability (CWE-863), which enables attackers to compromise confidentiality, integrity, and availability of the affected business intelligence platform.

Authentication Bypass Privilege Escalation Turboard For S
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6001 HIGH This Week

Authorization bypass in BAPSİS web application enables unauthenticated remote attackers to exploit trusted identifiers through user-controlled keys when victims interact with crafted requests. ABIS Technology's BAPSİS platform (versions before v.202604152042) contains a CWE-639 flaw where authorization checks rely on client-controlled key values, allowing attackers to manipulate trust relationships and gain unauthorized access with high impact to confidentiality, integrity, and availability. TR-CERT published advisory but no public exploit code identified at time of analysis, with CVSS 8.8 reflecting network-exploitable attack requiring only user interaction.

Authentication Bypass Bapsi S
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-40398 HIGH PATCH Exploit Likely This Week

Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-7474 HIGH PATCH GHSA This Week

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability (CVE-2026-7474) is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11.

RCE Hashicorp Path Traversal
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-40369 HIGH PATCH Exploit Likely This Week

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-53844 HIGH This Week

Remote code execution in Fortinet FortiOS 7.2.0-7.2.11, 7.4.0-7.4.8, and 7.6.0-7.6.3 enables authenticated attackers to execute arbitrary code via malformed network packets. The out-of-bounds write vulnerability (CWE-787) affects FortiOS firewall appliances and requires only low-privilege credentials to exploit over the network. Fortinet published advisory FG-IR-26-123 confirming the vulnerability. No CISA KEV listing or public exploit code identified at time of analysis, though the straightforward network attack vector (AV:N/AC:L) suggests moderate weaponization potential once details emerge.

Fortinet Memory Corruption Buffer Overflow
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-40403 HIGH PATCH NEWS Exploit Unlikely This Week

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-8389 HIGH PATCH This Week

Memory corruption in Mozilla Firefox versions prior to 150.0.3 stems from a JIT (Just-In-Time) compiler miscompilation in the JavaScript engine, allowing remote attackers to trigger high-impact compromise of confidentiality, integrity, and availability when a user visits a malicious web page. The flaw carries a CVSS score of 8.8 and requires user interaction (loading attacker-controlled JavaScript), but no authentication. There is no public exploit identified at time of analysis, though a GitHub repository referenced from NVD suggests early proof-of-concept research, and EPSS scores the exploitation probability at only 0.02% despite the high CVSS severity.

Buffer Overflow Mozilla
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-42289 HIGH This Week

ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user account creation and permission updates entirely through $_POST parameters with no CSRF token validation. An unauthenticated attacker can craft a malicious HTML page that, when visited by an authenticated administrator, silently elevates any low-privilege user to full administrator or creates a new admin backdoor account without the victim's knowledge This vulnerability is fixed in 7.3.2.

Privilege Escalation PHP CSRF
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-43524 HIGH PATCH This Week

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox.

Authentication Bypass Apple
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-8111 HIGH This Week

SQL injection in Ivanti Endpoint Manager web console enables authenticated remote attackers to execute arbitrary code on the server. Affects all versions prior to 2024 SU6. Attack requires only low-privilege authenticated access (CVSS PR:L) with low complexity (AC:L), making exploitation straightforward for any authenticated user. Ivanti has released patched version 2024 SU6 per vendor advisory dated May 2026. No CISA KEV listing or public exploit code identified at time of analysis, indicating exploitation not yet confirmed in the wild despite high severity score.

RCE SQLi Ivanti
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-8429 HIGH PATCH This Week

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections.

Code Injection RCE Spip
NVD VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-8449 HIGH PATCH This Week

Linux ksmbd contains a remote memory corruption vulnerability in the ACL inheritance path that allows remote clients with directory creation permissions to trigger a heap out-of-bounds read and subsequent heap corruption by setting a crafted DACL with a malformed SID containing an inflated num_subauth field. Attackers can exploit this vulnerability by creating a directory, setting the malicious DACL via SMB2_SET_INFO, and creating child entries to cause kernel instability, denial of service, or potentially achieve privilege escalation to kernel code execution.

Denial Of Service Buffer Overflow RCE Linux Privilege Escalation +3
NVD GitHub
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-34653 HIGH This Week

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system read and write. An authenticated attacker with administrative privileges could exploit this vulnerability to read or write files outside the restricted directory. Exploitation of this issue does not require user interaction. Scope is changed.

Adobe Path Traversal
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2026-8053 HIGH PATCH This Week

Out-of-bounds memory write in MongoDB Server's time-series collection feature enables arbitrary code execution by authenticated users with database write privileges. Affects all active release branches (5.0 through 8.3) when exploiting field-name-to-index mapping inconsistencies in the time-series bucket catalog. EPSS score of 0.06% (20th percentile) suggests low widespread exploitation probability despite high CVSS 8.7, but requires authentication and database privileges, limiting attack surface to insider threats or compromised application credentials. No public exploit code or CISA KEV listing identified at time of analysis.

Memory Corruption Buffer Overflow RCE Mongodb Server
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-44593 HIGH PATCH GHSA This Week

### Impact - Arbitrary File Write - An attacker can cause the server to write data to any file path it has write permission for. - Privilege Escalation / RCE - By overwriting critical binaries or scripts, the attacker can execute arbitrary code with the server’s privileges. ### Exploit The legacy router first retrieves a response from `legacyServer`, parses the incoming request path, and ultimately writes the data to storage via `buildStorage.Put` (see <https://github.com/esm-dev/esm.sh/blob/4312ae93e518121e764a18bb521af12e490ef137/server/legacy_router.go#L291>). For a URL such as: ``` http://ESM_SH_HOST/v111/react@19.2.0/esnext/..%2f..%2f..%2fgh/<attacker>/exp@1171e85d5d/foo.md%23%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2ftmp%2fpwned ``` the router concatenates the path components without sanitizing them, producing a storage key like: ``` legacy/v111/react@19.2.0/esnext/../../../gh/<attacker>/exp@1171e85d5d/foo.md#/../../../../../../../../../../tmp/pwned ``` When this key is used, the underlying file system resolves the relative segments and writes the file to `/tmp/pwned`. Thus an attacker can craft a request that writes data to arbitrary locations on the server. ### Details 1. **URL Construction** A crafted request is sent to the server: ``` http://ESM_SH_HOST/v111/react@19.2.0/esnext/..%2f..%2f..%2fgh/<attacker>/exp@1171e85d5d/foo.md%23%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2ftmp%2fpwned ``` 2. **Proxy to Legacy Server** The request is forwarded to: ``` http://legacy.esm.sh/v111/react@19.2.0/esnext/../../../gh/<attacker>/exp@1171e85d5d/foo.md#/../../../../../../../tmp/pwned ``` which resolves to: ``` http://legacy.esm.sh/gh/<attacker>/exp@1171e85d5d/foo.md ``` 3. **File Retrieval** The server fetches `foo.md` from the GitHub repository `https://github.com/<attacker>/exp`. 4. **Path Normalisation & Storage** The storage path derived from the request is: ``` legacy/v111/react@19.2.0/esnext/../../../gh/<attacker>/exp@1171e85d5d/foo.md#/../../../../../../../../../../tmp/pwned ``` Normalising this path yields `/tmp/pwned`. The retrieved file content is then written to that location. 5. **Result** By repeating this pattern, an attacker can overwrite arbitrary binaries or scripts on the server, paving the way for remote code execution. ### Credit Discovery To splitline (@\_splitline\_) from DEVCORE Research Team

Privilege Escalation RCE Path Traversal
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-4827 HIGH CISA This Week

Weak session token generation in Schneider Electric industrial protection relays and energy management systems allows remote attackers to hijack authenticated user sessions via network-based prediction attacks. Affects 36 product variants across Easergy MiCOM P30/P40/C264, PowerLogic P5/P7/T-series, EcoStruxure Power Automation/Operation platforms, and iPMFLS systems. CVSS 8.7 reflects high confidentiality and integrity impact with user interaction required. No active exploitation confirmed (not in CISA KEV), but authentication bypass via session prediction enables privilege escalation in critical infrastructure environments. EPSS data not provided - risk assessment relies on CVSS vector and operational technology context.

Authentication Bypass Easergy Micom C264 Easergy C5 Easergy Micom P30 Easergy Micom P40 +10
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-5029 HIGH This Week

A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply arbitrary source code and execute it via child_process.exec() using the specified language interpreter. This allows execution of arbitrary code with the privileges of the user running the server. This vulnerability has not been fixed and might affect the project in all versions.

Authentication Bypass RCE Code Runner Mcp Server
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-45227 HIGH PATCH This Week

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted __import__ function, import blocked modules such as os and subprocess, and access inherited backend environment variables containing database credentials and encryption keys to execute arbitrary host commands as the backend service user.

Authentication Bypass Python Heym
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-33821 HIGH PATCH NEWS This Week

Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.

Privilege Escalation Microsoft
NVD VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-42832 HIGH PATCH This Week

Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-43916 HIGH PATCH This Week

Heap buffer over-read in pam_authnft allows remote denial-of-service via crafted netlink messages. pam_authnft < 0.2.0-alpha contains a CWE-125 buffer over-read in the peer_lookup_tcp function when parsing NETLINK_SOCK_DIAG replies, allowing unauthenticated network attackers to trigger crashes by sending malformed netlink diagnostic messages that bypass message-size validation. This PAM module binds nftables firewall rules to authenticated sessions, so exploitation disrupts authentication infrastructure. Vendor-released patch: 0.2.0-alpha (GitHub PR #10). No public exploit identified at time of analysis.

Information Disclosure Buffer Overflow Pam Authnft
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-44660 HIGH PATCH GHSA This Week

### Summary When `ujson.dump()` writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operation leaks the full size of the serialized payload. Code that uses `ujson.dumps()` rather than `ujson.dump()` or only JSON load/decode methods is unaffected. ### Details **Vulnerability Location:** - `src/ujson/python/objToJSON.c:913` - `objToJSONFile()` function start - `src/ujson/python/objToJSON.c:931` - Error return on write failure - `src/ujson/python/objToJSON.c:942` - Early return without cleanup **Root Cause:** The `objToJSONFile()` function allocates a Python string object via `ujson_dumps_internal()`, calls the file's `write()` method, and returns early if `write()` raises an exception-but never calls `Py_DECREF(string)` on the early exit path. ### PoC ```python import gc, tracemalloc, ujson class BadFile: def write(self, s): raise RuntimeError("boom") obj = {"x": "A" * 200000} def run(): try: ujson.dump(obj, BadFile()) except RuntimeError: pass run() tracemalloc.start() gc.collect() base = tracemalloc.get_traced_memory()[0] for i in range(5): run() gc.collect() cur = tracemalloc.get_traced_memory()[0] print(i, cur - base) ``` ### Impact Any application that serializes data through `ujson.dump()` to an attacker-influenced file-like object that can fail can be driven into linear memory growth. An attacker can quickly use up all the memory of say a web server that sends JSON responses using `ujson.dump()` by repeatedly making requests then closing the connection mid response. ### Remediation The missing dec-refs were added in 82af1d0ac01d09aa40c887b460d44b9d9f4bccd9. We recommend upgrading to [UltraJSON 5.12.1](https://github.com/ultrajson/ultrajson/releases/tag/5.12.1). ### Workarounds Replacing `ujson.dump(obj, file)` with `file.write(ujson.dumps(obj))` is equivalent (contrary to popular misconception, there are no streaming benefits to using `ujson.dump()`) and will avoid the memory leak.

Python Information Disclosure Red Hat
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-44295 HIGH PATCH GHSA This Week

Code injection in protobufjs-cli's pbjs static generator allows attackers who control protocol buffer schemas to inject malicious JavaScript code into generated output files. The vulnerability affects npm packages protobufjs-cli versions ≤1.2.0 and 2.0.0-2.0.1, with patches released in versions 1.2.1 and 2.0.2. Exploitation requires low complexity with authenticated network access and user interaction (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C), achieving high confidentiality and integrity impact but no availability impact. No CISA KEV listing or public exploit code identified at time of analysis, though GitHub advisory confirms the vulnerability with released patches.

Code Injection RCE
NVD GitHub VulDB
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-35990 HIGH This Week

Improper input validation for some Intel Endpoint Management Assistant (EMA) software before version 1.14.5 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via adjacent access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Privilege Escalation Intel
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-20753 HIGH This Week

Integer overflow in the UEFI firmware for the Slim Bootloader may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (high) impacts.

Integer Overflow Privilege Escalation RCE Slim Bootloader May Allow An Escalation Of Privilege System Software Adversary With A Privileged User Combined With A Low Complexity Attack May Enable Local Code Execution This Result May Potentially Occur Via Local Access When Attack Requirements Are Present Without Special Internal Knowledge And Requires No User Interaction The Potential Vulnerability May Impact The Confidentiality High Integrity High And Availability High Of The Vulnerable System Resulting In Subsequent System Confidentiality High Integrity High And Availability High Impacts
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-34686 HIGH This Week

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session. Scope is changed.

XSS Adobe
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-44403 HIGH POC This Week

Wing FTP Server 8.1.2 contains an authenticated remote code execution vulnerability in the session serialization mechanism that allows authenticated administrators to inject arbitrary Lua code through the domain admin mydirectory field. Attackers can exploit unsafe serialization of session values into Lua source code without proper escaping of closing delimiters, causing the injected code to be executed when the poisoned session is loaded via loadfile().

Code Injection RCE Wing Ftp Server
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.1%
CVE-2026-44224 HIGH PATCH This Week

Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, the users.update GraphQL mutation accepts an arbitrary groups array and applies it directly to the database with no validation of the group IDs supplied. The resolver passes the caller's arguments straight to the model without any ownership check or restriction on which groups can be assigned. A user with manage:users - a permission typically delegated to wiki moderators for account management - can set groups:[1] on their own account to self-assign to the Administrators group. After re-authentication, the fresh JWT carries manage:system, granting full site administrator access in a single mutation call. This vulnerability is fixed in 2.5.313.

Privilege Escalation Node.js
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-45214 HIGH This Week

Blind SQL injection in Xpro Elementor Addons allows authenticated attackers to extract sensitive database contents including user credentials and site configurations. The vulnerability affects WordPress sites running plugin versions up to 1.5.1 and requires only low-privileged authenticated access (CVSS PR:L) with no user interaction. EPSS data not available, but the low attack complexity (AC:L) combined with changed scope (S:C) indicates potential for cross-boundary impact beyond the vulnerable plugin. No active exploitation confirmed in CISA KEV at time of analysis.

SQLi Xpro Elementor Addons Elementor
NVD VulDB
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-45211 HIGH This Week

Blind SQL injection in APIExperts Square for WooCommerce (WooSquare) plugin versions up to 4.7.1 allows authenticated attackers with low-level privileges to extract sensitive database contents including customer data, order information, and potentially administrative credentials. The vulnerability enables scope escalation from the WordPress application context to the underlying database layer (S:C in CVSS vector), representing a significant data breach risk for WooCommerce stores. Reported by Patchstack, a WordPress vulnerability intelligence provider. No active exploitation confirmed in CISA KEV at time of analysis.

SQLi WordPress
NVD VulDB
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-42742 HIGH This Week

Blind SQL injection in Views for WPForms WordPress plugin (versions ≤3.4.6) allows authenticated low-privilege attackers with network access to extract sensitive database contents. The vulnerability enables cross-scope compromise with high confidentiality impact and limited availability disruption. Patchstack reported this SQLi flaw; no public exploit identified at time of analysis. EPSS data not available, suggesting lower immediate exploitation probability, though the low attack complexity (AC:L) makes exploitation straightforward once authenticated access is obtained.

SQLi Views For Wpforms
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-42741 HIGH This Week

Blind SQL injection in Ninja Forms Views plugin (versions ≤3.3.2) allows authenticated attackers with low-level privileges to extract sensitive database information via specially crafted queries. The vulnerability carries an 8.5 CVSS score with scope change, enabling attackers to access data beyond the plugin's normal authorization boundaries. Reported by Patchstack with detailed vendor advisory available, though no public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.

SQLi Ninja Forms Views 8211 Display Amp Edit Ninja Forms Submissions On Your Site Frontend
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-44015 HIGH GHSA This Week

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery (SSRF) by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwards these requests to the attacker-specified internal address, bypassing network segmentation and enabling access to services bound to localhost or internal networks.

SSRF Nginx
NVD GitHub VulDB
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-20767 HIGH This Week

Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Privilege Escalation Microsoft Intel
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
Prev Page 2 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy