Skip to main content
CVE-2026-8429 HIGH PATCH This Week

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections.

Code Injection RCE Spip
NVD VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-8449 HIGH PATCH This Week

Linux ksmbd contains a remote memory corruption vulnerability in the ACL inheritance path that allows remote clients with directory creation permissions to trigger a heap out-of-bounds read and subsequent heap corruption by setting a crafted DACL with a malformed SID containing an inflated num_subauth field. Attackers can exploit this vulnerability by creating a directory, setting the malicious DACL via SMB2_SET_INFO, and creating child entries to cause kernel instability, denial of service, or potentially achieve privilege escalation to kernel code execution.

Denial Of Service Buffer Overflow RCE Linux Privilege Escalation +3
NVD GitHub
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-34653 HIGH This Week

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system read and write. An authenticated attacker with administrative privileges could exploit this vulnerability to read or write files outside the restricted directory. Exploitation of this issue does not require user interaction. Scope is changed.

Adobe Path Traversal
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2026-8053 HIGH PATCH This Week

Out-of-bounds memory write in MongoDB Server's time-series collection feature enables arbitrary code execution by authenticated users with database write privileges. Affects all active release branches (5.0 through 8.3) when exploiting field-name-to-index mapping inconsistencies in the time-series bucket catalog. EPSS score of 0.06% (20th percentile) suggests low widespread exploitation probability despite high CVSS 8.7, but requires authentication and database privileges, limiting attack surface to insider threats or compromised application credentials. No public exploit code or CISA KEV listing identified at time of analysis.

Memory Corruption Buffer Overflow RCE Mongodb Server
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-44593 HIGH PATCH GHSA This Week

### Impact - Arbitrary File Write - An attacker can cause the server to write data to any file path it has write permission for. - Privilege Escalation / RCE - By overwriting critical binaries or scripts, the attacker can execute arbitrary code with the server’s privileges. ### Exploit The legacy router first retrieves a response from `legacyServer`, parses the incoming request path, and ultimately writes the data to storage via `buildStorage.Put` (see <https://github.com/esm-dev/esm.sh/blob/4312ae93e518121e764a18bb521af12e490ef137/server/legacy_router.go#L291>). For a URL such as: ``` http://ESM_SH_HOST/v111/react@19.2.0/esnext/..%2f..%2f..%2fgh/<attacker>/exp@1171e85d5d/foo.md%23%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2ftmp%2fpwned ``` the router concatenates the path components without sanitizing them, producing a storage key like: ``` legacy/v111/react@19.2.0/esnext/../../../gh/<attacker>/exp@1171e85d5d/foo.md#/../../../../../../../../../../tmp/pwned ``` When this key is used, the underlying file system resolves the relative segments and writes the file to `/tmp/pwned`. Thus an attacker can craft a request that writes data to arbitrary locations on the server. ### Details 1. **URL Construction** A crafted request is sent to the server: ``` http://ESM_SH_HOST/v111/react@19.2.0/esnext/..%2f..%2f..%2fgh/<attacker>/exp@1171e85d5d/foo.md%23%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2ftmp%2fpwned ``` 2. **Proxy to Legacy Server** The request is forwarded to: ``` http://legacy.esm.sh/v111/react@19.2.0/esnext/../../../gh/<attacker>/exp@1171e85d5d/foo.md#/../../../../../../../tmp/pwned ``` which resolves to: ``` http://legacy.esm.sh/gh/<attacker>/exp@1171e85d5d/foo.md ``` 3. **File Retrieval** The server fetches `foo.md` from the GitHub repository `https://github.com/<attacker>/exp`. 4. **Path Normalisation & Storage** The storage path derived from the request is: ``` legacy/v111/react@19.2.0/esnext/../../../gh/<attacker>/exp@1171e85d5d/foo.md#/../../../../../../../../../../tmp/pwned ``` Normalising this path yields `/tmp/pwned`. The retrieved file content is then written to that location. 5. **Result** By repeating this pattern, an attacker can overwrite arbitrary binaries or scripts on the server, paving the way for remote code execution. ### Credit Discovery To splitline (@\_splitline\_) from DEVCORE Research Team

Privilege Escalation RCE Path Traversal
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-4827 HIGH CISA This Week

Weak session token generation in Schneider Electric industrial protection relays and energy management systems allows remote attackers to hijack authenticated user sessions via network-based prediction attacks. Affects 36 product variants across Easergy MiCOM P30/P40/C264, PowerLogic P5/P7/T-series, EcoStruxure Power Automation/Operation platforms, and iPMFLS systems. CVSS 8.7 reflects high confidentiality and integrity impact with user interaction required. No active exploitation confirmed (not in CISA KEV), but authentication bypass via session prediction enables privilege escalation in critical infrastructure environments. EPSS data not provided - risk assessment relies on CVSS vector and operational technology context.

Authentication Bypass Easergy Micom C264 Easergy C5 Easergy Micom P30 Easergy Micom P40 +10
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-5029 HIGH This Week

A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply arbitrary source code and execute it via child_process.exec() using the specified language interpreter. This allows execution of arbitrary code with the privileges of the user running the server. This vulnerability has not been fixed and might affect the project in all versions.

Authentication Bypass RCE Code Runner Mcp Server
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-45227 HIGH PATCH This Week

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted __import__ function, import blocked modules such as os and subprocess, and access inherited backend environment variables containing database credentials and encryption keys to execute arbitrary host commands as the backend service user.

Authentication Bypass Python Heym
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-33821 HIGH PATCH NEWS This Week

Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.

Privilege Escalation Microsoft
NVD VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-42832 HIGH PATCH This Week

Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-43916 HIGH PATCH This Week

Heap buffer over-read in pam_authnft allows remote denial-of-service via crafted netlink messages. pam_authnft < 0.2.0-alpha contains a CWE-125 buffer over-read in the peer_lookup_tcp function when parsing NETLINK_SOCK_DIAG replies, allowing unauthenticated network attackers to trigger crashes by sending malformed netlink diagnostic messages that bypass message-size validation. This PAM module binds nftables firewall rules to authenticated sessions, so exploitation disrupts authentication infrastructure. Vendor-released patch: 0.2.0-alpha (GitHub PR #10). No public exploit identified at time of analysis.

Information Disclosure Buffer Overflow Pam Authnft
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-44660 HIGH PATCH GHSA This Week

### Summary When `ujson.dump()` writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operation leaks the full size of the serialized payload. Code that uses `ujson.dumps()` rather than `ujson.dump()` or only JSON load/decode methods is unaffected. ### Details **Vulnerability Location:** - `src/ujson/python/objToJSON.c:913` - `objToJSONFile()` function start - `src/ujson/python/objToJSON.c:931` - Error return on write failure - `src/ujson/python/objToJSON.c:942` - Early return without cleanup **Root Cause:** The `objToJSONFile()` function allocates a Python string object via `ujson_dumps_internal()`, calls the file's `write()` method, and returns early if `write()` raises an exception-but never calls `Py_DECREF(string)` on the early exit path. ### PoC ```python import gc, tracemalloc, ujson class BadFile: def write(self, s): raise RuntimeError("boom") obj = {"x": "A" * 200000} def run(): try: ujson.dump(obj, BadFile()) except RuntimeError: pass run() tracemalloc.start() gc.collect() base = tracemalloc.get_traced_memory()[0] for i in range(5): run() gc.collect() cur = tracemalloc.get_traced_memory()[0] print(i, cur - base) ``` ### Impact Any application that serializes data through `ujson.dump()` to an attacker-influenced file-like object that can fail can be driven into linear memory growth. An attacker can quickly use up all the memory of say a web server that sends JSON responses using `ujson.dump()` by repeatedly making requests then closing the connection mid response. ### Remediation The missing dec-refs were added in 82af1d0ac01d09aa40c887b460d44b9d9f4bccd9. We recommend upgrading to [UltraJSON 5.12.1](https://github.com/ultrajson/ultrajson/releases/tag/5.12.1). ### Workarounds Replacing `ujson.dump(obj, file)` with `file.write(ujson.dumps(obj))` is equivalent (contrary to popular misconception, there are no streaming benefits to using `ujson.dump()`) and will avoid the memory leak.

Python Information Disclosure Red Hat
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-44295 HIGH PATCH GHSA This Week

Code injection in protobufjs-cli's pbjs static generator allows attackers who control protocol buffer schemas to inject malicious JavaScript code into generated output files. The vulnerability affects npm packages protobufjs-cli versions ≤1.2.0 and 2.0.0-2.0.1, with patches released in versions 1.2.1 and 2.0.2. Exploitation requires low complexity with authenticated network access and user interaction (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C), achieving high confidentiality and integrity impact but no availability impact. No CISA KEV listing or public exploit code identified at time of analysis, though GitHub advisory confirms the vulnerability with released patches.

Code Injection RCE
NVD GitHub VulDB
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-35990 HIGH This Week

Improper input validation for some Intel Endpoint Management Assistant (EMA) software before version 1.14.5 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via adjacent access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Privilege Escalation Intel
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-20753 HIGH This Week

Integer overflow in the UEFI firmware for the Slim Bootloader may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (high) impacts.

Integer Overflow Privilege Escalation RCE Slim Bootloader May Allow An Escalation Of Privilege System Software Adversary With A Privileged User Combined With A Low Complexity Attack May Enable Local Code Execution This Result May Potentially Occur Via Local Access When Attack Requirements Are Present Without Special Internal Knowledge And Requires No User Interaction The Potential Vulnerability May Impact The Confidentiality High Integrity High And Availability High Of The Vulnerable System Resulting In Subsequent System Confidentiality High Integrity High And Availability High Impacts
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-34686 HIGH This Week

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session. Scope is changed.

XSS Adobe
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-44403 HIGH POC This Week

Wing FTP Server 8.1.2 contains an authenticated remote code execution vulnerability in the session serialization mechanism that allows authenticated administrators to inject arbitrary Lua code through the domain admin mydirectory field. Attackers can exploit unsafe serialization of session values into Lua source code without proper escaping of closing delimiters, causing the injected code to be executed when the poisoned session is loaded via loadfile().

Code Injection RCE Wing Ftp Server
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.1%
CVE-2026-44224 HIGH PATCH This Week

Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, the users.update GraphQL mutation accepts an arbitrary groups array and applies it directly to the database with no validation of the group IDs supplied. The resolver passes the caller's arguments straight to the model without any ownership check or restriction on which groups can be assigned. A user with manage:users - a permission typically delegated to wiki moderators for account management - can set groups:[1] on their own account to self-assign to the Administrators group. After re-authentication, the fresh JWT carries manage:system, granting full site administrator access in a single mutation call. This vulnerability is fixed in 2.5.313.

Privilege Escalation Node.js
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-45214 HIGH This Week

Blind SQL injection in Xpro Elementor Addons allows authenticated attackers to extract sensitive database contents including user credentials and site configurations. The vulnerability affects WordPress sites running plugin versions up to 1.5.1 and requires only low-privileged authenticated access (CVSS PR:L) with no user interaction. EPSS data not available, but the low attack complexity (AC:L) combined with changed scope (S:C) indicates potential for cross-boundary impact beyond the vulnerable plugin. No active exploitation confirmed in CISA KEV at time of analysis.

SQLi Xpro Elementor Addons Elementor
NVD VulDB
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-45211 HIGH This Week

Blind SQL injection in APIExperts Square for WooCommerce (WooSquare) plugin versions up to 4.7.1 allows authenticated attackers with low-level privileges to extract sensitive database contents including customer data, order information, and potentially administrative credentials. The vulnerability enables scope escalation from the WordPress application context to the underlying database layer (S:C in CVSS vector), representing a significant data breach risk for WooCommerce stores. Reported by Patchstack, a WordPress vulnerability intelligence provider. No active exploitation confirmed in CISA KEV at time of analysis.

SQLi WordPress
NVD VulDB
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-42742 HIGH This Week

Blind SQL injection in Views for WPForms WordPress plugin (versions ≤3.4.6) allows authenticated low-privilege attackers with network access to extract sensitive database contents. The vulnerability enables cross-scope compromise with high confidentiality impact and limited availability disruption. Patchstack reported this SQLi flaw; no public exploit identified at time of analysis. EPSS data not available, suggesting lower immediate exploitation probability, though the low attack complexity (AC:L) makes exploitation straightforward once authenticated access is obtained.

SQLi Views For Wpforms
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-42741 HIGH This Week

Blind SQL injection in Ninja Forms Views plugin (versions ≤3.3.2) allows authenticated attackers with low-level privileges to extract sensitive database information via specially crafted queries. The vulnerability carries an 8.5 CVSS score with scope change, enabling attackers to access data beyond the plugin's normal authorization boundaries. Reported by Patchstack with detailed vendor advisory available, though no public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.

SQLi Ninja Forms Views 8211 Display Amp Edit Ninja Forms Submissions On Your Site Frontend
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-44015 HIGH GHSA This Week

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery (SSRF) by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwards these requests to the attacker-specified internal address, bypassing network segmentation and enabling access to services bound to localhost or internal networks.

SSRF Nginx
NVD GitHub VulDB
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-20767 HIGH This Week

Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Privilege Escalation Microsoft Intel
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-45393 HIGH PATCH This Week

Local privilege-bound input validation flaw in Cribl Edge versions prior to 4.17.1 allows an authenticated low-privileged local user to achieve high impact on confidentiality, integrity, and availability of the affected node. The issue is tracked as CWE-20 (Improper Input Validation) and was reported by Cribl itself with a vendor patch already available; no public exploit identified at time of analysis and EPSS is very low at 0.02%.

Information Disclosure Cribl Edge
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-45391 HIGH PATCH This Week

Local privilege-context input validation flaw in Cribl Edge versions prior to 4.17.1 allows an authenticated local user with low privileges to compromise confidentiality, integrity, and availability of the Edge node. Tagged as an information disclosure issue by the vendor, the vulnerability scores CVSS 4.0 8.5 (high) but carries a very low EPSS of 0.02%, and no public exploit identified at time of analysis. A vendor patch is available and the issue is tracked as EUVD-2026-29355.

Information Disclosure Cribl Edge
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-43989 HIGH This Week

Arbitrary file read in JunoClaw's MCP upload_wasm tool allows local attackers to exfiltrate any file accessible to the agent process by providing crafted filesystem paths. The vulnerability affects all JunoClaw versions prior to 0.x.y-security-1 when an AI agent is induced to accept a malicious path parameter, enabling read access to sensitive files including configuration secrets, private keys, or source code. No active exploitation confirmed via CISA KEV, but the CVSS 8.5 HIGH score reflects significant confidentiality and integrity impact with changed scope. Fixed version 0.x.y-security-1 introduces comprehensive path validation including directory containment checks, symlink resolution guards, file size limits, and WebAssembly magic number verification.

Information Disclosure Junoclaw
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-20714 HIGH This Week

Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Microsoft Buffer Overflow Memory Corruption Privilege Escalation Intel
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-20738 HIGH This Week

Untrusted pointer dereference for some Intel(R) QuickAssist Adapter 8960 software before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Privilege Escalation Intel
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-42893 HIGH PATCH Exploit Unlikely This Week

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.

Command Injection Microsoft Outlook For Ios
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-43991 HIGH This Week

Command injection in JunoClaw's plugin-shell allowed adversarial argument construction to bypass the substring-based blocklist and achieve unauthorized command execution on the host when the unsafe-shell feature was enabled. Attackers could craft commands with special tokens or argument patterns to evade blocklist checks that scanned raw command strings instead of parsed first tokens. The vulnerability required local access but no authentication or user interaction (CVSS AV:L/AC:L/PR:N/UI:N) with high impact across confidentiality, integrity, and availability. No public exploit code or CISA KEV listing identified at time of analysis. Fixed in version 0.x.y-security-1 by replacing the blocklist with a strict allowlist on parsed command tokens and removing shell wrapper metacharacter expansion.

Command Injection Junoclaw
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-43990 HIGH This Week

Command injection in JunoClaw agentic AI platform versions prior to 0.x.y-security-1 allows local attackers to execute arbitrary shell commands with high integrity and confidentiality impact. The plugin-shell component wrapped agent-supplied commands in 'sh -c' or 'cmd /C' without sanitizing shell metacharacters, enabling malicious AI agents or compromised agent inputs to break out of intended command boundaries. CISA KEV status: not listed. Public exploit code: GitHub commit 2bc54f6 demonstrates the vulnerable code path and fix implementation. EPSS data: not available. The vendor-released patch (0.x.y-security-1) removes the shell wrapper entirely and implements a strict allowlist plus compile-time feature gate.

Command Injection Junoclaw
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-45392 HIGH PATCH This Week

Information disclosure in Cribl Stream versions prior to 4.17.1 allows authenticated remote attackers with low privileges to obtain sensitive data when a user interacts with attacker-supplied content, per CVSS 4.0 vector AV:N/AC:L/PR:L/UI:A. The flaw, classified as CWE-20 (Improper Input Validation), carries a CVSS base score of 8.4 reflecting high confidentiality and integrity impact, but EPSS is only 0.02% (5th percentile) and CISA SSVC reports no observed exploitation. No public exploit identified at time of analysis.

Information Disclosure Cribl Stream
NVD VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-65088 HIGH This Week

An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed.

Information Disclosure RCE Buffer Overflow Cobalt Xenon +3
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-65087 HIGH This Week

An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed.

Information Disclosure RCE Buffer Overflow Cobalt Xenon +3
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-65086 HIGH This Week

An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to execute arbitrary code when a specially crafted VC6 file is being parsed.

Memory Corruption Buffer Overflow RCE Cobalt Xenon +3
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-35438 HIGH PATCH Exploit Unlikely This Week

Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-20879 HIGH This Week

Out-of-bounds write for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data corruption. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (high) and availability (high) impacts.

Denial Of Service Buffer Overflow VMware Memory Corruption Intel
NVD
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-20751 HIGH This Week

Out-of-bounds read for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (high) impacts.

Denial Of Service Buffer Overflow VMware Intel Information Disclosure
NVD
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-35227 HIGH PATCH This Week

TCP connection exhaustion in CODESYS Modbus TCP Server allows remote unauthenticated attackers to trigger a race condition in connection handling, depleting all available TCP connections and denying service to legitimate industrial automation clients. CVSS 8.2 (High) reflects high availability impact. No active exploitation confirmed (not in CISA KEV), but attack complexity is low with present race condition opportunity (AT:P). Patch available from vendor for versions prior to 4.6.0.0.

Information Disclosure Codesys Modbus
NVD
CVSS 4.0
8.2
EPSS
0.1%
CVE-2026-42268 HIGH PATCH This Week

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception (std::out_of_range) caused by unsigned integer underflow in libmodsecurity3 if the user (administrator) uses a rule any of @verifySSN, @verifyCPF, or @verifySVNR. This vulnerability is fixed in 3.0.15.

Integer Overflow Apache Information Disclosure Nginx Red Hat +1
NVD GitHub
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-43993 HIGH This Week

Server-Side Request Forgery in JunoClaw's WAVS bridge allows remote attackers to exploit the computeDataVerify function, which fetched agent-supplied URLs without validating scheme, port, or resolved IP addresses. Attackers can trick the bridge into accessing internal cloud metadata services (AWS, GCP), RFC 1918 private networks, databases, and admin APIs running on non-standard ports. Exploitation requires user interaction (UI:R) but no authentication (PR:N), with cross-scope impact (S:C) allowing high confidentiality breach and low availability impact. Fixed in version 0.x.y-security-1 via commit a168608, which implements a comprehensive SSRF guard with scheme/port allowlists, DNS private-IP blocking for both IPv4 and IPv6 ranges, request timeouts, and body size caps. No CISA KEV listing or public exploit code identified at time of analysis.

SSRF Junoclaw
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-41713 HIGH PATCH GHSA This Week

Conversation memory poisoning in VMware Spring AI allows remote unauthenticated attackers to inject malicious input that persists across conversation turns and manipulates AI model behavior. The vulnerability achieves high integrity impact (CVSS 8.2) through stored prompt injection, enabling attackers to alter model responses, extract sensitive context, or bypass application logic without authentication. No active exploitation confirmed at time of analysis, but the network-accessible attack surface and low complexity make this a priority for applications processing user-generated conversational input.

Information Disclosure Ssti
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-39432 HIGH This Week

Missing authorization in Timetics WordPress plugin through version 1.0.53 allows unauthenticated remote attackers to bypass access controls and access sensitive administrative functions or data. With CVSS 8.2 (High), the vulnerability enables high confidentiality impact and low integrity impact against network-accessible instances. Patchstack reported this broken access control flaw, indicating potential exposure of booking systems, customer data, or administrative operations to unauthorized access without authentication.

Authentication Bypass Timetics
NVD VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-34259 HIGH This Week

OS command injection in SAP Forecasting & Replenishment allows authenticated administrators to execute arbitrary system commands through abuse of a non-remote-enabled function, leading to complete system compromise. The vulnerability enables full read/write access to system data and potential system shutdown, though exploitation is constrained to local attack vectors and requires high-privilege administrative access (CVSS 8.2). No public exploit code or active exploitation confirmed at time of analysis, with vendor patch available via SAP Security Patch Day.

Command Injection SAP
NVD VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-45089 HIGH PATCH GHSA This Week

Arbitrary file creation and corruption in dalfox v2 REST API server mode allows unauthenticated remote attackers to write log-formatted data to any filesystem path accessible to the dalfox process. The server exposes output, output-all, and debug JSON fields from the API request directly to the logger's file-write path without validation, and the default configuration omits API key authentication entirely. The vulnerability is fixed in dalfox v2.13.0, released 2025-01-20, which strips all filesystem-dangerous fields from API-sourced requests before passing them to the scan engine. GitHub advisory GHSA-8hf9-3q64-q2qf confirms the issue; no public exploit code is identified at time of analysis, and CISA KEV does not list this CVE.

Authentication Bypass File Upload
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-35071 HIGH PATCH This Week

OS command injection in Dell PowerScale InsightIQ 6.0.0 through 6.2.0 allows high-privileged local administrators to execute arbitrary system commands with elevated privileges, achieving container escape (scope change) on the storage cluster management platform. Dell published security advisory DSA-2026-208 addressing this vulnerability. EPSS data not available; no CISA KEV listing indicates targeted rather than widespread exploitation at time of analysis.

Dell Command Injection
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-40415 HIGH PATCH This Week

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-41102 HIGH PATCH This Week

Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-40948 MEDIUM CISA This Month

Authenticated remote attackers can read arbitrary files from the operating system filesystem with root privileges on affected RUGGEDCOM ROX devices due to improper input validation in the JSON-RPC web server interface. All versions of ROX MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000 below V2.17.1 are affected. No public exploit code has been identified at time of analysis.

Information Disclosure Ruggedcom Rox Mx5000 Ruggedcom Rox Mx5000Re Ruggedcom Rox Rx1400 Ruggedcom Rox Rx1500 +7
NVD
CVSS 4.0
6.1
EPSS
0.0%
Prev Page 4 of 11 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy