Skip to main content
CVE-2026-40414 HIGH PATCH This Week

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

Denial Of Service Microsoft Null Pointer Dereference
NVD VulDB
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-34647 HIGH This Week

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.

SSRF Adobe
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-41107 HIGH PATCH Exploit Unlikely This Week

External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Google
NVD VulDB
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-8051 HIGH This Week

Remote code execution in Ivanti Virtual Traffic Manager allows authenticated administrators to execute arbitrary OS commands via command injection. Affects all versions before 22.9r4. Attack requires network access and administrative credentials but has low complexity (CVSS AC:L). No active exploitation confirmed at time of analysis, though administrative access requirement significantly limits attack surface compared to unauthenticated RCE vulnerabilities.

RCE Command Injection Ivanti
NVD VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2026-41610 MEDIUM PATCH Exploit Unlikely This Month

Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

XSS Visual Studio Code
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-42498 HIGH PATCH GHSA This Week

Information disclosure in Apache Tomcat versions 7.0.83 through 11.0.21 exposes HTTP authentication headers to unintended hosts during WebSocket authentication handshakes, enabling credential leakage to third-party endpoints. The flaw carries a CVSS 7.3 score with partial confidentiality, integrity, and availability impact, and no public exploit identified at time of analysis. EPSS probability is very low (0.03%) but SSVC marks the issue as automatable, indicating that scripted exploitation is feasible if attacker positioning is achieved.

Information Disclosure Apache Tomcat Apache Tomcat Red Hat
NVD VulDB HeroDevs
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-8390 HIGH PATCH This Week

Memory corruption in Mozilla Firefox's WebAssembly JavaScript engine component allows remote attackers to trigger a use-after-free condition via crafted web content, with limited impact across confidentiality, integrity, and availability. The flaw affects Firefox versions prior to 150.0.3 and has no public exploit identified at time of analysis, though SSVC indicates the issue is automatable. EPSS scoring (0.02%, 5th percentile) suggests very low near-term exploitation probability despite the network-reachable attack vector.

Information Disclosure Use After Free Memory Corruption Mozilla
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-5089 HIGH PATCH This Week

Buffer underflow in YAML::Syck for Perl versions before 1.38 allows remote unauthenticated attackers to trigger out-of-bounds memory reads when parsing specially crafted base60 (sexagesimal) YAML values. The vulnerability affects both integer and floating-point base60 handlers in perl_syck.h, where processing leftmost colon-separated segments causes a pointer to decrement past allocated buffer boundaries. EPSS exploitation probability is minimal (0.01%, 3rd percentile) with no active exploitation or public weaponized exploit identified. Vendor-released patch available in version 1.38, confirmed by CPANSec and upstream commit.

Buffer Overflow Yaml Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-44412 HIGH CISA This Week

Stack-based buffer overflow in Siemens Solid Edge SE2026 allows arbitrary code execution when users open malicious PAR files. Attackers must deliver a weaponized PAR file and convince the user to open it, after which code executes with user's privileges. All versions prior to V226.0 Update 5 are vulnerable. No active exploitation confirmed (not in CISA KEV), but the attack relies on user interaction with a common CAD file format, making social engineering feasible in engineering/manufacturing environments.

Stack Overflow Buffer Overflow Solid Edge Se2026
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-44854 HIGH This Week

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a privileged user.

Command Injection RCE Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2026-44853 HIGH This Week

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a privileged user.

Command Injection RCE Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2026-44872 HIGH This Week

A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbitrary files on the underlying filesystem of the affected device.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-43685 HIGH PATCH This Week

Remote code execution in Claris FileMaker Cloud allows authenticated administrators to execute arbitrary operating system commands via command injection in the External ODBC Data Source connection test feature. The vulnerability requires Admin Console privileges (PR:H) but no user interaction, enabling complete system compromise with high impact to confidentiality, integrity, and availability. No public exploit identified at time of analysis. EPSS score of 0.23% (46th percentile) indicates low observed exploitation probability despite the RCE capability. Fixed in FileMaker Cloud version 2.22.0.5.

Command Injection RCE Filemaker Cloud
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-44870 HIGH This Week

Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-23823 HIGH This Week

A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. NOTE: This vulnerability only impacts Access Points running AOS-10.7.x.x and above. AOS-10.4 AP and AOS-8 Instant software branches are not affected by this vulnerability.

Command Injection Arubaos Aos
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-44869 HIGH This Week

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-44868 HIGH This Week

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-44867 HIGH This Week

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-44866 HIGH This Week

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD VulDB
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-44865 HIGH This Week

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-43680 HIGH PATCH This Week

Authenticated administrators with Admin Console access to FileMaker Cloud can execute arbitrary operating system commands on the underlying host by bypassing front-end restrictions on OS Script schedule types. This vulnerability affects all FileMaker Cloud versions prior to 2.22.0.5 and requires high-privilege administrative credentials to exploit. Despite the network attack vector and total technical impact (full system compromise), the low EPSS score (0.13%, 32nd percentile) and SSVC assessment indicating no observed exploitation suggest this is not being actively exploited in the wild, likely due to the high privilege requirement limiting the attacker pool to malicious insiders or compromised admin accounts.

Code Injection RCE Filemaker Cloud
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-23821 HIGH This Week

A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing conditions. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. Note: Access Points running AOS-8 Instant software are not affected by this vulnerability.

Command Injection Arubaos Aos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-23820 HIGH This Week

A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands in a restricted shell environment. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.

Command Injection Arubaos Aos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-44852 HIGH This Week

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting improper input validation in the file path parameter. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system as a privileged user.

RCE Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-6690 HIGH This Week

Stored XSS in LifePress WordPress plugin allows unauthenticated remote attackers to inject malicious scripts that execute in administrator contexts when viewing the plugin's settings page. The vulnerability affects all versions through 2.2.2 and stems from a publicly-accessible AJAX endpoint (lp_update_mds) that lacks both nonce verification and capability checks, combined with improper input sanitization of the 'n' parameter. The CVSS score of 7.2 reflects network-based exploitation requiring no authentication or user interaction, with changed scope enabling cross-context attacks. EPSS and KEV data not available; exploitation probability depends on attacker knowledge of the specific AJAX action endpoint.

XSS WordPress
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-44859 HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-44858 HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-44857 HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-44856 HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-44855 HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-44871 HIGH This Week

Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-53681 HIGH This Week

SQL injection in FortiMail 7.2.0-7.2.8, 7.4.0-7.4.5, and 7.6.0-7.6.3 allows authenticated privileged administrators to execute arbitrary code or commands via crafted HTTP/HTTPS requests. The vulnerability requires high-privilege authentication (administrator role) and affects all recent major versions, with exploitation confirmed possible through network-accessible admin interfaces.

Fortinet SQLi
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-44246 HIGH PATCH This Week

nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable to Agentic Workflow Injection. The workflow sets allowed_non_write_users: ${{ github.event.issue.user.login }}, which means any logged-in GitHub user who opens an issue can reach this agentic workflow with attacker-controlled content. Untrusted issue title and body content are embedded directly into the prompt of anthropics/claude-code-action, and the workflow then runs a command-capable Claude agent with permission to comment on and relabel the current issue via gh. Because this workflow is triggered automatically on issues.opened, an external attacker can submit a crafted issue that steers the agent beyond its intended issue-triage purpose and influences authenticated issue actions. This vulnerability is fixed in 2.4.1.

Code Injection Nnunet
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-45225 HIGH PATCH This Week

Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in the upload_file() handler to bypass path restrictions and write, read, or delete files outside the intended storage directory.

File Upload Path Traversal Heym
NVD GitHub VulDB
CVSS 4.0
7.2
EPSS
0.0%
CVE-2026-44864 HIGH This Week

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.

SQLi Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-44863 HIGH This Week

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.

SQLi Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-44862 HIGH This Week

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.

SQLi Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-44861 HIGH This Week

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.

SQLi Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-44860 HIGH This Week

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.

SQLi Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-40946 HIGH CISA This Week

Predictable Technical Service credentials derived from CRC16-based algorithm and device serial number enable authentication bypass in Siemens blueplanet solar inverters and hybrid systems. Remote adjacent network attackers without authentication can calculate valid service credentials from publicly-observable serial numbers, gaining unauthorized administrative access to compromise device integrity and availability. Affects 23 blueplanet product families including TL3, NX3, NH3, and gridsafe variants across industrial solar installations. Patches released for GEN2 models (V6.1.4.9) and gridsafe variants (V3.91), but legacy TL3/NX3/NH3 first-generation models remain unpatched with no vendor-provided fix versions.

Authentication Bypass Blueplanet 100 Nx3 M8 Blueplanet 100 Tl3 Gen2 Blueplanet 105 Tl3 Blueplanet 105 Tl3 Gen2 +26
NVD VulDB
CVSS 4.0
7.2
EPSS
0.0%
CVE-2026-42156 HIGH This Week

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an arbitrary Cypher query. This vulnerability is fixed in 1.2.3.

Information Disclosure Nosql Injection
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-40401 HIGH PATCH This Week

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.

Denial Of Service Microsoft Null Pointer Dereference
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-41101 HIGH PATCH This Week

Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-5371 HIGH This Week

The MonsterInsights - Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability checks on the get_ads_access_token() and reset_experience() functions in all versions up to, and including, 10.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve live Google OAuth access tokens and reset Plugins's Google Ads integration.

Authentication Bypass WordPress Google
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-45430 HIGH PATCH NEWS This Week

CSRF vulnerability in Backdrop CMS Salesforce module versions prior to 1.x-1.0.1 allows network attackers to hijack OAuth authorization flows. By exploiting the missing random state parameter in the OAuth implementation, attackers can trick authenticated users into authorizing malicious Salesforce integrations, leading to high confidentiality and integrity impact on integrated Salesforce data. CVSS 7.1 (High) reflects network vector with high attack complexity requiring user interaction. No CISA KEV listing or public exploit identified at time of analysis, with EPSS data unavailable for comprehensive risk scoring.

CSRF Backdrop Contrib Salesforce
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-30810 HIGH This Week

Server-Side Request Forgery (SSRF) in Pandora FMS versions 777-800 enables authenticated attackers to escalate privileges through the API Checker extension. Attackers with low-privilege network access can force the server to make arbitrary requests, potentially accessing internal resources and escalating to higher confidentiality impact (CVSS VC:H). EPSS data not available; no confirmed active exploitation (not in CISA KEV). Vendor has acknowledged the issue per PandoraFMS security advisory, indicating patch development is likely underway.

Privilege Escalation SSRF Pandora Fms
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-35504 MEDIUM CISA This Month

PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication.

Code Injection Powersystem Center 2020 Powersystem Center 2024 Powersystem Center 2026
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-30807 HIGH This Week

Cross-Site Request Forgery in Pandora FMS versions 777 through 800 enables attackers to execute unauthorized administrative actions through victim interaction with malicious web pages. The network-accessible attack requires no authentication but depends on user interaction (CVSS AV:N/PR:N/UI:P), allowing high integrity impact (VI:H) with limited confidentiality exposure (VC:L). No active exploitation confirmed (CISA KEV not listed), EPSS data not available for assessment. Vendor Pandora FMS has acknowledged the vulnerability with public disclosure.

CSRF Pandora Fms
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-6865 HIGH CISA This Week

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) vulnerability that could cause unauthorized access to sensitive files when user-supplied input is improperly handled during server-side file path processing.

Authentication Bypass Path Traversal Easylogic T150 Formerly Saitel Dr Remote Terminal Unit Controller Saitel Dp Remote Terminal Unit Controller
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-34341 HIGH PATCH Exploit Unlikely This Week

Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
Prev Page 7 of 11 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy